SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Router Security
Start Test
Study First
Subject
:
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. 33400-34400
HTTP Vulnerability
syslog
TCP/UDP Echo Vulnerability
UDP Traceroute Port Range
2. TCP and UDP Port 162
Secure Shell (SSH)
SNMP Trap
Rerouting
Outside Global Address
3. Commands to disable Finger Server
no ip finger - no service finger
TCP Intercept Watch Mode
IP Source Routing
Overloading
4. Buffer Overflow
Outside Global Address
TCP/UDP Chargen Vulnerability
Second Part of IOS Version
Authentication Header (AH)
5. Rewrites the and/or destination IP address of IP packets as they pass through a router or firewall from private to public addresses
Network Address Translation (NAT)
HTTP Identifier
Authenticating Peers
IP Source Routing Vulnerabilities
6. Uses only host keys to authenticate systems
Static NAT
HTTP Operating Layer
SSH2
Reflexive ACL
7. Attack that involves sending a large amount of UDP Echo packets to a subnet's broadcast address with a spoofed source IP address from that subnet
Dynamic NAT
IP Unreachable Vulnerabilities
IP Directed Broadcast
Fraggle Attack
8. Enterprise
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
9. No Known Vulnerability
TCP/UDP Discard Vulnerability
no cdp run
ACL to block IP multicast
no ip finger - no service finger
10. DENY IP 127.0.0.0 0.255.255.255 ANY
Dynamic NAT
no ip unreachable
ACL to block incoming loopback packets
Fifth Part of the IOS Version
11. This layer controls user and workgroup acess to the Internetwork resources at the local level using segmentation of networks to create separate collision domains - AKA an organization's trusted network
UDP Traceroute Port Range
TLS/SSL Layer
Access Layer
GRE Identifier
12. UDP Port 1701
no cdp run
no service tcp-small-servers
Higher IP Extended ACL Range
L2TP Identifier
13. Privilege levels that can have passwords assigned to them
SSH Operating Layer
IP Spoofing
Privilege Levels 2-13
Sixth (Optional) Part of the IOS Version
14. Command used to disable the ICMP message Address Mask Reply
Train Idenifier 'E'
no ip http server
Distributed Denial of Service Attacks
no ip mask-reply
15. 0x2F - or 47
Smurf Attack
no service udp-small-servers
Outside
GRE Identifier
16. Helps to mitigate problems that are caused by the introduction of malformed or spoofed IP source addresses into a network by discarding packets lacking a verifiable IP source address
TLS/SSL Identifier
Sixth (Optional) Part of the IOS Version
Unicast Reverse-Path Forwarding (uRPF)
Extended IP ACLs
17. Four TCP/UDP Small Server commands recommended to disable
echo - chargen - discard - daytime
TCP SYN Attack
Proxy ARP Vulnerabilities
Authentication Header (AH)
18. Translates multiple local addresses to a pool of global addresses by having the firewall select the first available global address; retains the global address for the duration of the connection
IP Source Routing
Flags used by Established Line
Secure Shell (SSH)
Dynamic NAT
19. Geolocational positioning
Networks
Lower IP Extended ACL Range
TCP/UDP Daytime Vulnerability
Requirements for Reflexive TCP to be removed
20. The communication layer between the two other layers and provides network security - including ACLs - firewalls - any general public access servers and address translation; also known as the isolation LAN or DMZ
Distribution Layer
Train Identifier 'T'
Standard IP ACLs
Layer 2 Tunneling Protocol (L2TP)
21. TCP and UDP Port 161
Access List Rules
Distribution Layer
SNMP
Core Layer
22. These ACLs filter by network or host IP addresses andspecific protocol type or port numbers - filters by source and destination
Inside Global Address
ACL to block telnet
BOOTP
Extended IP ACLs
23. Layer 3
Lower IP Standard ACL Range
IP Unreachable Vulnerabilities
CDP Vulnerabilities
GRE Operating Layer
24. Proprietary - used by Cisco routers and switches use to identify each other on LAN and WAN segments
L2TP Operating Layer
Cisco Discovery Protocol (CDP)
Outside
ACL to block spoofed IPs
25. Routing mode depended on by uRPF in order to function
Integrity Validation
no ip finger - no service finger
Encapsulation Security Payload (ESP)
Cisco Express Forwarding (CEF)
26. DENY IP HOST <Inbound IP Address> HOST <Inbound IP Address>
L2TP Operating Layer
ACL to block a Land Attack
Global Addresses
TCP Load Distribution
27. Public IP address before translation
Static NAT
Flags used by Established Line
Integrity Validation
Outside Local Address
28. Access - Distribution - Core
IP Spoofing
no cdp run
Three Layers of Hierarchical Model
Requirements for Reflexive TCP to be removed
29. Forces the user to enter both a valid username and password
Encrypting Traffic
TCP Load Distribution
Syntax for Reflexive ACLs
login local
30. Uses server and host keys to authenticate systems
First Part of IOS Version
SSH1
no ip bootp server
Distributed Denial of Service Attacks
31. Service Provider
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
32. Refers to addresses used on the organization's private network
Uses for ACLs
Local Addresses
Anti-Replay
IPSec AH Identifier
33. Release Number
Higher IP Standard ACL Range
Land Attack
Network Time Protocol (NTP)
Third Part of the IOS Version
34. DENY IP <Network ID> <Network WC Mask> ANY
Minimum ACLs Required for Reflexive ACLs
Internet Protocol Security (IPSec)
no ip redirect
ACL to block spoofed IPs
35. Release Train Identifier
no ip unreachable
Fifth Part of the IOS Version
Privilege Level 1
Smurf Attack
36. Layer 3
ntp disable
ESP Operating Layer
Extended IP ACLs
Network-to-Network Communications
37. Transport and Tunnel
Privilege Level 15
Unauthorized Access
Land Attack
Two Modes of IPSec
38. Lists interfaces - routing table - ARP table - physical and network addresses - time last booted
no ip finger - no service finger
SNMP Vulnerabilities
Two Types of Router Access
no ip http server
39. Device - Hostname - IOS - IP Address - Ports - Model
Two Modes of IPSec
Tunneling
Two Protocols of Tunnel Mode
CDP Vulnerabilities
40. Major Version - Minor Version - Release - Interim Build - Release Train Identifier
ACL to block a Smurf Attack or Fraggle Attack
User Account Vulnerabilites
Inside
General Format of Cisco IOS Version
41. Layer 7
Proxy ARP Vulnerabilities
SSH Operating Layer
Outside Global Address
AUX Vulnerability
42. TCP Port 80
Privilege Level 15
NTP Vulnerabilities
no ip redirect
HTTP Identifier
43. Protocol used to keep their time-of-day clocks accurate and in sync
Boot Network
Train Identifier 'B'
Network Time Protocol (NTP)
IP Source Routing
44. Startup-config can be deleted - copied - changed
L2TP Operating Layer
SNMP
Two Types of Router Access
Boot Network Vulnerabilities
45. Privilege level that is restricted to basic level operations
Unicast Reverse-Path Forwarding (uRPF)
Privilege Level 1
no ip mask-reply
Session Hijacking
46. Technology
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
47. Breaks LAN security perimeter extends LAN to Layer 2
Encrypting Traffic
Land Attack
Fifth Part of the IOS Version
Proxy ARP Vulnerabilities
48. Router threat that includes manipulating router updates to cause traffic to flow to unauthorized destinations
Overloading
Route Injection Attack
no ip redirect
Fourth Part of the IOS Version
49. Cryptographic protocols that provide secure communications on the Internet for such thing as WWW - email - faxing - IM - and other data transfers
Transport Layer Security (TLS) and Secure Sockets Layer (SSL)
ACL to block TCP SYN Attack
Privilege Levels 2-13
AUX Vulnerability
50. TCP only - used to filter inbound traffic while allowing return TCP sessions - can be spoofed by attackers and cannot be used with Active FTP
BOOTP
Established Line
General Format of Cisco IOS Version
Requirements for Reflexive TCP to be removed
