SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Router Security
Start Test
Study First
Subject
:
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. TCP Port 80
Privilege Levels 2-13
Boot Network Vulnerabilities
HTTP Identifier
no ip redirect
2. Two FIN bits or one RST bit
Requirements for Reflexive TCP to be removed
Route Injection Attack
ACL to block TCP SYN Attack
Minimum ACLs Required for Reflexive ACLs
3. No Known Vulnerability
ACL to block incoming loopback packets
Outside
TCP/UDP Discard Vulnerability
TCP Intercept
4. Public IP address after translation
login local
Lower IP Standard ACL Range
Outside Global Address
Named ACL Format
5. TCP and UDP Port 162
SNMP Trap
Named ACL
HTTP Vulnerability
Session Hijacking
6. The host can specify which route to take - which bypasses security
Higher IP Extended ACL Range
Train Identifier 'T'
IP Source Routing Vulnerabilities
Inside Local Address
7. Private IP address after translation
Session Hijacking
Inside Global Address
Third Part of the IOS Version
Core Layer
8. A method of bypassing firewall or proxy restrictions by making the firewall think that it is getting traffic from a web browser
SNMP Vulnerabilities
HTTP Tunneling
Denial of Service (DoS)
TCP/UDP Daytime Vulnerability
9. Privilege level that is restricted to basic level operations
Train Identifier 'T'
Outside Local Address
TCP SYN Attack
Privilege Level 1
10. None - uses attach application protocol's layer
Internet Protocol Security (IPSec)
Host-to-Host Communications
Cisco Discovery Protocol (CDP)
TLS/SSL Layer
11. Access-list <number <deny | permit> source source-wildcard source-qualifier destination dest-wildcard dest-qualifier <log | log-input>
Network-to-Network Communications
Outside Local Address
Privilege Level 0
Extended ACL format
12. Command to disable BOOTP Server
no ip bootp server
Outside Global Address
Telnet - HTTP - SNMP Vulnerability
no ip unreachable
13. None - uses attached application protocol's port
Two Types of Router Access
TLS/SSL Identifier
IPSec AH Operating Layer
Local Addresses
14. Proprietary - used by Cisco routers and switches use to identify each other on LAN and WAN segments
Cisco Discovery Protocol (CDP)
Layer 2 Tunneling Protocol (L2TP)
Three Physical Security Vulnerabilities
TCP/UDP Discard Vulnerability
15. Technology
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
16. Command used to disable HTTP Server
Inside
First Part of IOS Version
no ip http server
Syntax for Reflexive ACLs
17. Router threat that includes manipulating router updates to cause traffic to flow to unauthorized destinations
Cisco Express Forwarding (CEF)
Rerouting
Generic Routing Encapsulation (GRE)
Finger Vulnerabilities
18. PERMIT TCP ANY ANY ESTABLISHED
ACL to block TCP SYN Attack
GRE Operating Layer
Network Time Protocol (NTP)
Proxy ARP
19. Software that passively monitors the connection requests flowing through the router; if a connection fails - the software sends a Reset to the server to clear up its state
Extended ACL format
SNMP Trap
Local Addresses
TCP Intercept Watch Mode
20. Mode where only the payload of the IP packet is encrypted and/or authenticated
Layer 2 Tunneling Protocol (L2TP)
Inside Local Address
Transport Mode
Distributed Denial of Service Attacks
21. Two - one Inbound or Evaluated and one Outbound or Reflected
HTTPS Strength
Minimum ACLs Required for Reflexive ACLs
Tunnel Mode
echo - chargen - discard - daytime
22. TCP only - used to filter inbound traffic while allowing return TCP sessions - can be spoofed by attackers and cannot be used with Active FTP
Established Line
inger Server
Networks
no ip bootp server
23. What Inside and Outside refer to in NAT
Host-to-Host Communications
TCP Intercept Watch Mode
Boot Network
Devices
24. Router threat that occurs when an attacker manipulates IP packets to falsify IP addresses - causing network disruptions as the router attempts to process the packet
TLS/SSL Layer
TCP Intercept Watch Mode
Masquerading
Tunnel Mode
25. Attack that involves a multitude of compromised system attack a single target - denying service to it by exploiting one 'master' system that communicates with other 'zombie' systems
Distributed Denial of Service Attacks
Outside Global Address
DNS Lookup Vulnerability
ACL to block a Smurf Attack or Fraggle Attack
26. Must be made at global config mode - created from CON/VTY session or text file - read top to bottom - applied at the interface and only one ACL per direction - per protocol - per interface
Named ACL
Access List Rules
no ip bootp server
HTTP Identifier
27. The environment - catastrophic events an unauthorized access
Three Physical Security Vulnerabilities
Encrypted Tunneling Methods
no ip unreachable
IP Directed Broadcast
28. When one network protocol called the payload protocol is encapsulated within a different delivery network - or provide a secure path through an untrusted network
Tunneling
Flags used by Established Line
no ip finger - no service finger
IP Source Routing Vulnerabilities
29. Release Number
Rerouting
Third Part of the IOS Version
no ip unreachable
ACL to block spoofed IPs
30. Block spoofed IP packets - block loopback packets - block IP multicast if unused - block ICMP redirects - Block telnet if not used
Extended IP ACLs
Named ACL
Common uses of Access Lists
Network Time Protocol (NTP)
31. ESP - SSH - SSL/TLP
ACL to block IP multicast
Authentication Header (AH)
Encrypted Tunneling Methods
ntp disable
32. War dialing
Telnet - HTTP - SNMP Vulnerability
TLS/SSL Identifier
TCP Intercept
AUX Vulnerability
33. Command to disable CDP on a router
no cdp run
Authentication Header (AH)
Masquerading
Minimum ACLs Required for Reflexive ACLs
34. Attack that involves sending a large amount of ICMP Echo packets to a subnet's broadcast address with a spoofed source IP address from that subnet
Inside Global Address
SSH
Smurf Attack
Lower IP Standard ACL Range
35. TCP Port 22
Finger Vulnerabilities
SSH Identifier
SNMP Trap
NTP Vulnerabilities
36. Commands to disable Finger Server
TCP SYN Attack
no ip finger - no service finger
IP Source Routing
Finger Vulnerabilities
37. Can obtain CIDR and router ID
IP Mask Reply Vulnerabilities
HTTP Identifier
Authenticating Peers
Boot Network
38. Refers to the addresses on the public internet
no ip http server
Reflexive ACL
TCP Load Distribution
Outside
39. UDP Port 1701
IP Source Routing
Layer 2 Tunneling Protocol (L2TP)
L2TP Identifier
Train Identifier 'T'
40. 2000-2699
Lower IP Extended ACL Range
Overloading
HTTPS Strength
Train Identifier 'T'
41. Layer 3
IP Spoofing
Third Part of the IOS Version
IPSec AH Operating Layer
Generic Routing Encapsulation (GRE)
42. Layer 7
SSH Operating Layer
HTTPS Strength
User Account Vulnerabilites
Common uses of Access Lists
43. Release Train Identifier
IPSec AH Operating Layer
Fifth Part of the IOS Version
IP Unreachable Vulnerabilities
Reflexive ACL
44. Top of the hierarchy - responsible for transporting large amounts of traffic both reliably and quickly and switching traffic as fast as possible throughout the internet
no ip mask-reply
Core Layer
Internet Protocol Security (IPSec)
IP Mask Reply Vulnerabilities
45. Plaintext
Transport Mode
Telnet - HTTP - SNMP Vulnerability
SSH2
Unicast Reverse-Path Forwarding (uRPF)
46. Transport and Tunnel
Dynamic NAT
Two Modes of IPSec
ntp disable
Integrity Validation
47. Service Provider
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
48. Attack that involves transmitting a volume of connections that cannot be completed at the destination - causing the queue to fill up and denying service to legitimate user
Local Addresses
TCP SYN Attack
Cisco Discovery Protocol (CDP)
General Format of Cisco IOS Version
49. Allows the source IP host to specify a route through the IP network
TLS/SSL Layer
IP Source Routing
ESP Operating Layer
GRE Identifier
50. Privilege levels that can have passwords assigned to them
Privilege Levels 2-13
IP Source Routing
Internet Protocol Security (IPSec)
TCP Load Distribution
