SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Router Security
Start Test
Study First
Subject
:
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The host can specify which route to take - which bypasses security
IP Source Routing Vulnerabilities
Cisco Discovery Protocol (CDP)
TLS/SSL Identifier
Named ACL
2. Provides a checksum - ensuring traffic has not been modified along it's path
ACL to block incoming loopback packets
Integrity Validation
Distributed Denial of Service Attacks
Third Part of the IOS Version
3. DENY IP ANY HOST <Broadcast Address>
ACL to block TCP SYN Attack
ACL to block a Smurf Attack or Fraggle Attack
Global Addresses
DNS Lookup Vulnerability
4. Router threat that includes manipulating router updates to cause traffic to flow to unauthorized destinations
Three Physical Security Vulnerabilities
Rerouting
Privilege Level 15
SNMP Trap
5. Command used to disable the ICMP message Host Unreachable
no ip unreachable
AUX Vulnerability
Smurf Attack
SSH
6. TCP and UDP Port 161
no ip unreachable
SNMP
Flags used by Established Line
IP Mask Reply Vulnerabilities
7. Major Version
User Account Vulnerabilites
CDP Vulnerabilities
First Part of IOS Version
HTTP Tunneling
8. Datagram protocol used by some hosts to load their operating system over the network via a central repository of IOS software
Unicast Reverse-Path Forwarding (uRPF)
BOOTP
Inside Local Address
IPSec AH Operating Layer
9. What Local and Global refer to in NAT
Secure Shell (SSH)
Authentication Header (AH)
TLS/SSL Identifier
Networks
10. Mode where the entire packet is encrypted and/or authenticated - requiring a new IP packet to be encapsulated
TCP/UDP Echo Vulnerability
Tunnel Mode
Train Identifier 'S'
Encapsulation Security Payload (ESP)
11. Router threat that occurs when an attacker manipulates IP packets to falsify IP addresses - causing network disruptions as the router attempts to process the packet
Masquerading
Two Protocols of Tunnel Mode
Finger Vulnerabilities
Access Layer
12. Ip accesslist extended <name1> - permit IP any any reflect <filename> - ip accesslist extended <name2> - evaluate <filename> - int f0/0 - ip access-group <name1> out - ip access-group <name2> in
Syntax for Reflexive ACLs
TCP/UDP Discard Vulnerability
Tunnel Mode
Authenticating Peers
13. Dialer List - Routing Maps - Dynamic Routing Protocols - Controlling Remote Access - NAT'ing - Traffic Filtering
Uses for ACLs
Train Identifier 'S'
Network Time Protocol (NTP)
Inside Global Address
14. The communication layer between the two other layers and provides network security - including ACLs - firewalls - any general public access servers and address translation; also known as the isolation LAN or DMZ
Anti-Replay
ESP Identifier
Distribution Layer
Privilege Level 1
15. TCP Port 22
BOOTP
SSH
SSH Identifier
IPSec AH Identifier
16. Layer 3
ESP Operating Layer
HTTP Vulnerability
Standard ACL format
TCP/UDP Discard Vulnerability
17. Attack that involves sending a large amount of ICMP Echo packets to a subnet's broadcast address with a spoofed source IP address from that subnet
TLS/SSL Identifier
Smurf Attack
Tunnel Mode
DNS Lookup Vulnerability
18. Layer 5
Smurf Attack
L2TP Operating Layer
Core Layer
TCP/UDP Chargen Vulnerability
19. War dialing
Network Time Protocol (NTP)
AUX Vulnerability
Common uses of Access Lists
SSH2
20. Access-list <number <deny | permit> source source-wildcard source-qualifier destination dest-wildcard dest-qualifier <log | log-input>
Two Protocols of Tunnel Mode
Outside Global Address
no ip mask-reply
Extended ACL format
21. 0x2F - or 47
Two Types of Router Access
Fifth Part of the IOS Version
GRE Identifier
Smurf Attack
22. Mode where only the payload of the IP packet is encrypted and/or authenticated
Cisco Express Forwarding (CEF)
Transport Mode
Static NAT
ACL to block TCP SYN Attack
23. A method of bypassing firewall or proxy restrictions by making the firewall think that it is getting traffic from a web browser
Layer 2 Tunneling Protocol (L2TP)
Static NAT
HTTP Tunneling
Extended ACL format
24. TCP only - used to filter inbound traffic while allowing return TCP sessions - can be spoofed by attackers and cannot be used with Active FTP
Network-to-Network Communications
SSH Identifier
Three Layers of Hierarchical Model
Established Line
25. Interim Build Number
Fourth Part of the IOS Version
Dynamic NAT
Train Idenifier 'E'
Generic Routing Encapsulation (GRE)
26. Tunnel Mode Protocol provides integrity - authentication - and non-repudiation and operates directly on top of IP
Inside
Authentication Header (AH)
DNS Lookup Vulnerability
User Account Vulnerabilites
27. ESP - SSH - SSL/TLP
TCP/UDP Echo Vulnerability
Encrypted Tunneling Methods
echo - chargen - discard - daytime
Boot Network
28. Accounts without passwords - Type 7 encryption - account privilege higher than 1 - able to be fingered
Higher IP Extended ACL Range
Flags used by Established Line
User Account Vulnerabilites
echo - chargen - discard - daytime
29. Release Train Identifier
ntp disable
Fifth Part of the IOS Version
GRE Identifier
HTTP Vulnerability
30. DENY IP HOST <Inbound IP Address> HOST <Inbound IP Address>
DNS Lookup Vulnerability
Anti-Replay
HTTPS Strength
ACL to block a Land Attack
31. Lists interfaces - routing table - ARP table - physical and network addresses - time last booted
SNMP Vulnerabilities
Fraggle Attack
General Format of Cisco IOS Version
ACL to block incoming loopback packets
32. Command used to disable NTP on an interface
ntp disable
Secure Shell (SSH)
Outside
TCP/UDP Chargen Vulnerability
33. Attack that involves a multitude of compromised system attack a single target - denying service to it by exploiting one 'master' system that communicates with other 'zombie' systems
SSH
Distributed Denial of Service Attacks
Requirements for Reflexive TCP to be removed
Named ACL
34. Release Number
ESP Identifier
Third Part of the IOS Version
Higher IP Extended ACL Range
Two Types of Router Access
35. Command used to disable HTTP Server
Session Hijacking
no ip http server
Rerouting
Land Attack
36. Protocol used to keep their time-of-day clocks accurate and in sync
Network Time Protocol (NTP)
IP Source Routing Vulnerabilities
Static NAT
Global Addresses
37. Protects against repeating of secure sessions
Anti-Replay
IPSec AH Operating Layer
Eavesdropping and Information Theft
IP Source Routing
38. Ip access-list <standard | extended> name - permit TCP any any established
TCP Load Distribution
Named ACL Format
IP Direct Broadcast Vulnerabilties
Cisco Express Forwarding (CEF)
39. Block spoofed IP packets - block loopback packets - block IP multicast if unused - block ICMP redirects - Block telnet if not used
Common uses of Access Lists
TCP Intercept
Access Layer
TCP/UDP Echo Vulnerability
40. No Known Vulnerability
no ip mask-reply
no ip http server
TCP/UDP Discard Vulnerability
echo - chargen - discard - daytime
41. An alternative for both standard and extended ACLs that allow you to refer to an ACL by a descriptive name instead of a number
ESP Identifier
Generic Routing Encapsulation (GRE)
Named ACL
Distribution Layer
42. Privilege level that is restricted to basic level operations
Privilege Level 1
HTTPS Strength
Dynamic NAT
TCP SYN Attack
43. These ACLs filter by network or host IP address and only filter on source
inger Server
HTTP Operating Layer
Standard IP ACLs
Two Protocols of Tunnel Mode
44. Provides nonrepudiation - ensuring that traffic is from a trusted party
TCP/UDP Discard Vulnerability
Dynamic NAT
Authenticating Peers
Session Hijacking
45. 2000-2699
Distributed Denial of Service Attacks
Authentication Header (AH)
Lower IP Extended ACL Range
Syntax for Reflexive ACLs
46. Minor Version
ACL to block spoofed IPs
Second Part of IOS Version
Outside Local Address
Network-to-Network Communications
47. Authentication Header (AH) and Encapsulated Security Payload (ESP)
General Format of Cisco IOS Version
Session Hijacking
Second Part of IOS Version
Two Protocols of Tunnel Mode
48. Four TCP/UDP Small Server commands recommended to disable
Third Part of the IOS Version
Rerouting
TCP Intercept
echo - chargen - discard - daytime
49. Helps to mitigate problems that are caused by the introduction of malformed or spoofed IP source addresses into a network by discarding packets lacking a verifiable IP source address
Sixth (Optional) Part of the IOS Version
Unicast Reverse-Path Forwarding (uRPF)
no ip finger - no service finger
Standard IP ACLs
50. Local and Remote
Encapsulation Security Payload (ESP)
no cdp run
Two Types of Router Access
Authentication Header (AH)
