SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Router Security
Start Test
Study First
Subject
:
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Tunnel Mode Protocol provides integrity - authentication - and non-repudiation and operates directly on top of IP
syslog
no ip mask-reply
Extended ACL format
Authentication Header (AH)
2. Top of the hierarchy - responsible for transporting large amounts of traffic both reliably and quickly and switching traffic as fast as possible throughout the internet
Core Layer
User Account Vulnerabilites
Masquerading
ACL to block incoming loopback packets
3. Mode where only the payload of the IP packet is encrypted and/or authenticated
Train Idenifier 'E'
Transport Mode
Host-to-Host Communications
Requirements for Reflexive TCP to be removed
4. Layer 5
GRE Identifier
SSH1
L2TP Operating Layer
BOOTP
5. TCP only - used to filter inbound traffic while allowing return TCP sessions - can be spoofed by attackers and cannot be used with Active FTP
TCP SYN Attack
Higher IP Standard ACL Range
login local
Established Line
6. Layer 7
Dynamic NAT
Cisco Express Forwarding (CEF)
SSH Operating Layer
HTTP Operating Layer
7. ESP - SSH - SSL/TLP
L2TP Operating Layer
Fraggle Attack
IP Mask Reply Vulnerabilities
Encrypted Tunneling Methods
8. War dialing
Static NAT
TLS/SSL Layer
AUX Vulnerability
Network Time Protocol (NTP)
9. DENY IP HOST <Inbound IP Address> HOST <Inbound IP Address>
ACL to block a Land Attack
Inside Local Address
Anti-Replay
TCP/UDP Daytime Vulnerability
10. Commands to disable Finger Server
no ip bootp server
Overloading
uRPF Strength
no ip finger - no service finger
11. Attack that involves transmitting a volume of connections that cannot be completed at the destination - causing the queue to fill up and denying service to legitimate user
TCP SYN Attack
ACL to block incoming loopback packets
Proxy ARP Vulnerabilities
Smurf Attack
12. Two FIN bits or one RST bit
SSH2
Requirements for Reflexive TCP to be removed
Authenticating Peers
Extended IP ACLs
13. What Inside and Outside refer to in NAT
Encrypted Tunneling Methods
Devices
Host-to-Host Communications
no ip http server
14. Cryptographic protocols that provide secure communications on the Internet for such thing as WWW - email - faxing - IM - and other data transfers
HTTP Tunneling
IP Unreachable Vulnerabilities
Transport Layer Security (TLS) and Secure Sockets Layer (SSL)
Tunnel Mode
15. Datagram protocol used by some hosts to load their operating system over the network via a central repository of IOS software
L2TP Identifier
ACL to block spoofed IPs
BOOTP
no ip bootp server
16. Router threat that involves the unauthorized viewing and collection of network traffic; usually accomplished with a packet sniffing program
Eavesdropping and Information Theft
Named ACL Format
SNMP Vulnerabilities
Authenticating Peers
17. Router to Router Denial of Service
Authentication Header (AH)
UDP Traceroute Port Range
Internet Protocol Security (IPSec)
TCP/UDP Echo Vulnerability
18. Attack that involves sending a packet to the router with the same IP address in the source and destination address fields - as well as the same port number in the source and destination port field - causing a denial of service
Proxy ARP
HTTP Identifier
Land Attack
NTP Vulnerabilities
19. Also known as Configuration Auto-Loading - allows routers to load their startup configuration from the network
Third Part of the IOS Version
Train Idenifier 'E'
ACL to block incoming loopback packets
Boot Network
20. This layer controls user and workgroup acess to the Internetwork resources at the local level using segmentation of networks to create separate collision domains - AKA an organization's trusted network
Access Layer
ACL to block a Land Attack
Global Addresses
TCP/UDP Chargen Vulnerability
21. Command used to disable the ICMP message Host Unreachable
Outside Local Address
no ip unreachable
login local
TCP/UDP Discard Vulnerability
22. DENY TCP ANY HOST <IP Address> EQ 23
ACL to block telnet
ACL to block a Land Attack
Named ACL
Anti-Replay
23. Command to disable UDP small server on a router
no service udp-small-servers
BOOTP Vulnerabilities
login local
Secure Shell (SSH)
24. Command used to disable HTTP Server
IP Source Routing Vulnerabilities
no ip http server
Cisco Express Forwarding (CEF)
HTTP Identifier
25. None - uses attached application protocol's port
Named ACL Format
Encrypted Tunneling Methods
TLS/SSL Identifier
Reflexive ACL
26. Data link layer protocol used for tunneling network traffic between two peers over an existing network - often used with IPsec to secure packets
Integrity Validation
Layer 2 Tunneling Protocol (L2TP)
Unicast Reverse-Path Forwarding (uRPF)
Local Addresses
27. Interim Build Number
GRE Identifier
TCP/UDP Echo Vulnerability
Proxy ARP
Fourth Part of the IOS Version
28. Public IP address after translation
Outside
Outside Global Address
General Format of Cisco IOS Version
Inside Local Address
29. Command used to disable the ICMP message Redirect
Fraggle Attack
Lower IP Extended ACL Range
no ip redirect
Privilege Level 0
30. Protocol used to keep their time-of-day clocks accurate and in sync
Proxy ARP
GRE Identifier
Network Address Translation (NAT)
Network Time Protocol (NTP)
31. Forces the user to enter both a valid username and password
Two Protocols of Tunnel Mode
Devices
no ip bootp server
login local
32. Refers to the addresses on the public internet
Internet Protocol Security (IPSec)
SNMP Trap
no cdp run
Outside
33. Startup-config can be deleted - copied - changed
Train Identifier 'T'
Higher IP Standard ACL Range
Encapsulation Security Payload (ESP)
Boot Network Vulnerabilities
34. Traffic is passed in plaintext
Proxy ARP
IPSec AH Operating Layer
Tunneling
HTTP Vulnerability
35. The communication layer between the two other layers and provides network security - including ACLs - firewalls - any general public access servers and address translation; also known as the isolation LAN or DMZ
Unicast Reverse-Path Forwarding (uRPF)
Distribution Layer
TCP/UDP Discard Vulnerability
ntp disable
36. Router threat that includes manipulating router updates to cause traffic to flow to unauthorized destinations
no ip mask-reply
Local Addresses
Route Injection Attack
L2TP Identifier
37. Major Version - Minor Version - Release - Interim Build - Release Train Identifier
Core Layer
General Format of Cisco IOS Version
SSH1
Tunneling
38. A suite of protocols for securing Internet Protocol communications by authenticating and/or encrypting each IP packet in a data stream
UDP Traceroute Port Range
Tunneling
Internet Protocol Security (IPSec)
NTP Vulnerabilities
39. 0x2F - or 47
no ip http server
Encrypted Tunneling Methods
Integrity Validation
GRE Identifier
40. Layer 3
echo - chargen - discard - daytime
IPSec AH Operating Layer
Outside Global Address
no ip finger - no service finger
41. Privilege level that has Global administration capabilities
Train Identifier 'B'
Privilege Level 15
Network Address Translation (NAT)
TCP/UDP Discard Vulnerability
42. Translates multiple local addresses to a pool of global addresses by having the firewall select the first available global address; retains the global address for the duration of the connection
Dynamic NAT
Encrypted Tunneling Methods
Named ACL
no ip finger - no service finger
43. No Known Vulnerability
Unicast Reverse-Path Forwarding (uRPF)
User Account Vulnerabilites
no ip redirect
TCP/UDP Discard Vulnerability
44. Form of dynamic NAT that maps multiple unregistered IP addresses to a single registered IP address by using different ports; limited to ~64 -000 hosts
no ip redirect
TCP Intercept Watch Mode
Overloading
Core Layer
45. Privilege level that restricts users to five commands (enable - disable - exit - help quit)
User Account Vulnerabilites
Privilege Level 0
Devices
Layer 2 Tunneling Protocol (L2TP)
46. These ACLs filter by network or host IP address and only filter on source
Uses for ACLs
no ip finger - no service finger
ACL to block incoming loopback packets
Standard IP ACLs
47. Service Provider
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
48. Time can be changed - Routing Table can be killed
NTP Vulnerabilities
Two Protocols of Tunnel Mode
no cdp run
Train Idenifier 'E'
49. Ip access-list <standard | extended> name - permit TCP any any established
ntp disable
Named ACL Format
no service udp-small-servers
ACL to block incoming loopback packets
50. Breaks LAN security perimeter extends LAN to Layer 2
Inside Local Address
Sixth (Optional) Part of the IOS Version
Two Types of Router Access
Proxy ARP Vulnerabilities