SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Router Security
Start Test
Study First
Subject
:
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Permits a host on one LAN segment to initiate a physical broadcast on a different LAN segment
no cdp run
Access List Rules
Local Addresses
IP Directed Broadcast
2. Layer 3
Train Identifier 'B'
Unauthorized Access
ESP Operating Layer
Access List Rules
3. These ACLs filter by network or host IP address and only filter on source
Transport Mode
ESP Identifier
Standard IP ACLs
TCP Intercept Watch Mode
4. What Local and Global refer to in NAT
Networks
Telnet - HTTP - SNMP Vulnerability
User Account Vulnerabilites
HTTP Identifier
5. Dialer List - Routing Maps - Dynamic Routing Protocols - Controlling Remote Access - NAT'ing - Traffic Filtering
SSH
BOOTP
TCP/UDP Discard Vulnerability
Uses for ACLs
6. Plaintext
Sixth (Optional) Part of the IOS Version
TCP Load Distribution
BOOTP
Telnet - HTTP - SNMP Vulnerability
7. These ACLs filter by network or host IP addresses andspecific protocol type or port numbers - filters by source and destination
Extended IP ACLs
Overloading
Privilege Level 15
Fourth Part of the IOS Version
8. Allows packets to be filtered based on upper-layer session information - only uses extended temporary ACL's and must be named - applied on border routers
ACL to block telnet
AUX Vulnerability
Reflexive ACL
ACL to block a Smurf Attack or Fraggle Attack
9. Mode where the entire packet is encrypted and/or authenticated - requiring a new IP packet to be encapsulated
echo - chargen - discard - daytime
BOOTP Vulnerabilities
Tunnel Mode
TCP Intercept
10. Allows the source IP host to specify a route through the IP network
Inside Local Address
Named ACL
inger Server
IP Source Routing
11. Ip access-list <standard | extended> name - permit TCP any any established
Tunneling
Flags used by Established Line
Requirements for Reflexive TCP to be removed
Named ACL Format
12. Attack that involves sending a large amount of ICMP Echo packets to a subnet's broadcast address with a spoofed source IP address from that subnet
Named ACL
Two Protocols of Tunnel Mode
TCP/UDP Daytime Vulnerability
Smurf Attack
13. No Known Vulnerability
no ip redirect
TCP/UDP Discard Vulnerability
Common uses of Access Lists
User Account Vulnerabilites
14. Uses only host keys to authenticate systems
Telnet - HTTP - SNMP Vulnerability
SSH2
IP Source Routing
uRPF Strength
15. Also known as Configuration Auto-Loading - allows routers to load their startup configuration from the network
Boot Network
Authentication Header (AH)
Anti-Replay
Standard ACL format
16. DENY IP 127.0.0.0 0.255.255.255 ANY
NTP Vulnerabilities
Fraggle Attack
BOOTP
ACL to block incoming loopback packets
17. Ip accesslist extended <name1> - permit IP any any reflect <filename> - ip accesslist extended <name2> - evaluate <filename> - int f0/0 - ip access-group <name1> out - ip access-group <name2> in
Lower IP Extended ACL Range
Syntax for Reflexive ACLs
AUX Vulnerability
Finger Vulnerabilities
18. Service Provider
19. A secure alternative to telnet for remote administration that supported in Enterprise versions of Cisco IOS
Train Idenifier 'E'
SSH
ACL to block a Smurf Attack or Fraggle Attack
Common uses of Access Lists
20. Protects against repeating of secure sessions
no ip finger - no service finger
Privilege Levels 2-13
Anti-Replay
TCP Intercept
21. Access - Distribution - Core
no service tcp-small-servers
Three Layers of Hierarchical Model
UDP Traceroute Port Range
Encapsulation Security Payload (ESP)
22. Attack that involves transmitting a volume of connections that cannot be completed at the destination - causing the queue to fill up and denying service to legitimate user
Host-to-Host Communications
IP Spoofing
TCP SYN Attack
Third Part of the IOS Version
23. Must be made at global config mode - created from CON/VTY session or text file - read top to bottom - applied at the interface and only one ACL per direction - per protocol - per interface
Devices
SNMP Trap
Access List Rules
Train Identifier 'S'
24. Public IP address before translation
Outside Local Address
Transport Layer Security (TLS) and Secure Sockets Layer (SSL)
TCP/UDP Chargen Vulnerability
Standard IP ACLs
25. Software that blocks packets from unreachable hosts - thus allowing only reachable external hosts to initiate connections to a host on an internal network
L2TP Operating Layer
TCP Intercept
GRE Operating Layer
BOOTP Vulnerabilities
26. Minor Version
Second Part of IOS Version
GRE Operating Layer
Static NAT
no service udp-small-servers
27. What Inside and Outside refer to in NAT
Internet Protocol Security (IPSec)
Devices
Encrypting Traffic
Fraggle Attack
28. The host can specify which route to take - which bypasses security
Three Layers of Hierarchical Model
IP Source Routing Vulnerabilities
Unicast Reverse-Path Forwarding (uRPF)
AUX Vulnerability
29. None - uses attached application protocol's port
echo - chargen - discard - daytime
TLS/SSL Identifier
Inside
Distributed Denial of Service Attacks
30. Privilege level that is restricted to basic level operations
Access Layer
Named ACL Format
Tunneling
Privilege Level 1
31. Data link layer protocol used for tunneling network traffic between two peers over an existing network - often used with IPsec to secure packets
Anti-Replay
Layer 2 Tunneling Protocol (L2TP)
ntp disable
ACL to block a Land Attack
32. Uses SSL port 443
Network-to-Network Communications
ACL to block telnet
HTTPS Strength
Boot Network
33. Forces the user to enter both a valid username and password
syslog
login local
IP Source Routing
Requirements for Reflexive TCP to be removed
34. Command to disable BOOTP Server
no ip bootp server
Two Protocols of Tunnel Mode
Standard ACL format
ACL to block TCP SYN Attack
35. The environment - catastrophic events an unauthorized access
Three Layers of Hierarchical Model
Sixth (Optional) Part of the IOS Version
Three Physical Security Vulnerabilities
Land Attack
36. The communication layer between the two other layers and provides network security - including ACLs - firewalls - any general public access servers and address translation; also known as the isolation LAN or DMZ
ACL to block incoming loopback packets
no ip redirect
Distribution Layer
Higher IP Extended ACL Range
37. Cisco default tunneling protocol that uses multicast addressing without encryption and is designed to encapsulate a wide variety of network layer packets inside IP tunneling packets
TCP/UDP Echo Vulnerability
Generic Routing Encapsulation (GRE)
SSH
Tunnel Mode
38. Lists interfaces - routing table - ARP table - physical and network addresses - time last booted
Outside Global Address
SNMP Vulnerabilities
Train Identifier 'T'
Integrity Validation
39. Broadcast
40. Buffer Overflow
IP Unreachable Vulnerabilities
Telnet - HTTP - SNMP Vulnerability
TCP/UDP Chargen Vulnerability
no ip unreachable
41. Translates multiple local addresses to a pool of global addresses by having the firewall select the first available global address; retains the global address for the duration of the connection
uRPF Strength
Denial of Service (DoS)
Core Layer
Dynamic NAT
42. ESP - SSH - SSL/TLP
Fourth Part of the IOS Version
Syntax for Reflexive ACLs
Second Part of IOS Version
Encrypted Tunneling Methods
43. 0x33 or 51
Outside
Privilege Level 0
uRPF Strength
IPSec AH Identifier
44. When a router acts as an intermediary for ARP queries on selected interfaces and enabling transparent access between multiple LAN segments
Proxy ARP
TCP/UDP Echo Vulnerability
Proxy ARP Vulnerabilities
ESP Operating Layer
45. ACK and RST
Flags used by Established Line
IP Direct Broadcast Vulnerabilties
Privilege Level 0
Tunneling
46. Layer 7
IP Directed Broadcast
IPSec AH Operating Layer
Eavesdropping and Information Theft
HTTP Operating Layer
47. 0x32 - or 50
Cisco Express Forwarding (CEF)
ESP Identifier
TCP Intercept
Tunnel Mode
48. Router to Router Denial of Service
SSH1
TCP/UDP Echo Vulnerability
AUX Vulnerability
TCP/UDP Daytime Vulnerability
49. Accounts without passwords - Type 7 encryption - account privilege higher than 1 - able to be fingered
SNMP Vulnerabilities
User Account Vulnerabilites
Third Part of the IOS Version
Layer 2 Tunneling Protocol (L2TP)
50. TCP and UDP Port 161
IP Directed Broadcast
Integrity Validation
SNMP
Syntax for Reflexive ACLs