SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Router Security
Start Test
Study First
Subject
:
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Startup-config can be deleted - copied - changed
Boot Network Vulnerabilities
Train Identifier 'S'
TLS/SSL Identifier
Devices
2. Two - one Inbound or Evaluated and one Outbound or Reflected
Unauthorized Access
Minimum ACLs Required for Reflexive ACLs
Named ACL
Requirements for Reflexive TCP to be removed
3. Authentication Header (AH) and Encapsulated Security Payload (ESP)
SNMP Vulnerabilities
Two Protocols of Tunnel Mode
Common uses of Access Lists
TLS/SSL Layer
4. An alternative for both standard and extended ACLs that allow you to refer to an ACL by a descriptive name instead of a number
Lower IP Extended ACL Range
SSH Operating Layer
Network-to-Network Communications
Named ACL
5. Router threat that occurs when an attacker manipulates IP packets to falsify IP addresses - causing network disruptions as the router attempts to process the packet
Masquerading
ACL to block spoofed IPs
Encapsulation Security Payload (ESP)
IPSec AH Operating Layer
6. A secure alternative to telnet for remote administration that supported in Enterprise versions of Cisco IOS
ntp disable
Global Addresses
SSH
Fraggle Attack
7. Layer 5
Distributed Denial of Service Attacks
L2TP Operating Layer
General Format of Cisco IOS Version
ACL to block a Land Attack
8. Lists interfaces - routing table - ARP table - physical and network addresses - time last booted
Three Physical Security Vulnerabilities
Boot Network Vulnerabilities
GRE Identifier
SNMP Vulnerabilities
9. Mode where only the payload of the IP packet is encrypted and/or authenticated
ACL to block spoofed IPs
Inside
Encapsulation Security Payload (ESP)
Transport Mode
10. Command to disable TCP small server on a router
no service tcp-small-servers
HTTP Operating Layer
Generic Routing Encapsulation (GRE)
Train Idenifier 'E'
11. Router threat that refers to willful attempts to cause such disruptions by overwhelming the targeted system with improperly formatted traffic
HTTP Identifier
Host-to-Host Communications
Denial of Service (DoS)
TCP/UDP Daytime Vulnerability
12. TCP Port 80
no service tcp-small-servers
HTTP Identifier
Authentication Header (AH)
Unauthorized Access
13. This layer controls user and workgroup acess to the Internetwork resources at the local level using segmentation of networks to create separate collision domains - AKA an organization's trusted network
Layer 2 Tunneling Protocol (L2TP)
Access Layer
Smurf Attack
Generic Routing Encapsulation (GRE)
14. The environment - catastrophic events an unauthorized access
SNMP
Minimum ACLs Required for Reflexive ACLs
Syntax for Reflexive ACLs
Three Physical Security Vulnerabilities
15. Breaks LAN security perimeter extends LAN to Layer 2
Smurf Attack
Access Layer
Proxy ARP Vulnerabilities
Encrypting Traffic
16. Router threat that includes manipulating router updates to cause traffic to flow to unauthorized destinations
Route Injection Attack
Cisco Discovery Protocol (CDP)
Privilege Levels 2-13
Anti-Replay
17. Ip accesslist extended <name1> - permit IP any any reflect <filename> - ip accesslist extended <name2> - evaluate <filename> - int f0/0 - ip access-group <name1> out - ip access-group <name2> in
Syntax for Reflexive ACLs
Overloading
Land Attack
ESP Identifier
18. Protocol used to keep their time-of-day clocks accurate and in sync
Network Time Protocol (NTP)
Train Identifier 'T'
ACL to block a Land Attack
Local Addresses
19. TCP and UDP Port 162
Privilege Level 1
SNMP Trap
Core Layer
Standard IP ACLs
20. Router to Router Denial of Service
TCP/UDP Echo Vulnerability
Extended IP ACLs
no ip finger - no service finger
ESP Operating Layer
21. War dialing
L2TP Identifier
AUX Vulnerability
Anti-Replay
Outside Local Address
22. What Local and Global refer to in NAT
Local Addresses
Three Physical Security Vulnerabilities
Networks
ACL to block a Smurf Attack or Fraggle Attack
23. The communication layer between the two other layers and provides network security - including ACLs - firewalls - any general public access servers and address translation; also known as the isolation LAN or DMZ
no ip finger - no service finger
Distribution Layer
GRE Operating Layer
IP Source Routing Vulnerabilities
24. TCP only - used to filter inbound traffic while allowing return TCP sessions - can be spoofed by attackers and cannot be used with Active FTP
ACL to block incoming loopback packets
HTTP Identifier
Established Line
Minimum ACLs Required for Reflexive ACLs
25. Rebuild Number
IP Mask Reply Vulnerabilities
TLS/SSL Identifier
Access Layer
Sixth (Optional) Part of the IOS Version
26. Attack that involves sending a large amount of UDP Echo packets to a subnet's broadcast address with a spoofed source IP address from that subnet
Extended IP ACLs
Syntax for Reflexive ACLs
Route Injection Attack
Fraggle Attack
27. Software that passively monitors the connection requests flowing through the router; if a connection fails - the software sends a Reset to the server to clear up its state
Higher IP Extended ACL Range
Train Identifier 'S'
Fraggle Attack
TCP Intercept Watch Mode
28. Data link layer protocol used for tunneling network traffic between two peers over an existing network - often used with IPsec to secure packets
Anti-Replay
Layer 2 Tunneling Protocol (L2TP)
Named ACL Format
ACL to block a Smurf Attack or Fraggle Attack
29. Proprietary - used by Cisco routers and switches use to identify each other on LAN and WAN segments
Standard IP ACLs
no ip unreachable
Cisco Discovery Protocol (CDP)
Internet Protocol Security (IPSec)
30. Buffer Overflow
TCP/UDP Chargen Vulnerability
SSH2
Encrypting Traffic
TLS/SSL Layer
31. Traffic is passed in plaintext
Distributed Denial of Service Attacks
HTTP Vulnerability
Third Part of the IOS Version
ACL to block telnet
32. Router threat that includes manipulating router updates to cause traffic to flow to unauthorized destinations
Flags used by Established Line
Rerouting
Inside
Overloading
33. 0x33 or 51
IPSec AH Identifier
Encrypting Traffic
TCP/UDP Discard Vulnerability
no ip bootp server
34. This server is used for querying a host about its logged in users
inger Server
Uses for ACLs
Transport Layer Security (TLS) and Secure Sockets Layer (SSL)
IP Unreachable Vulnerabilities
35. Four TCP/UDP Small Server commands recommended to disable
echo - chargen - discard - daytime
SSH
HTTP Operating Layer
SNMP
36. Tunnel Mode Protocol provides integrity - authentication - and non-repudiation and operates directly on top of IP
Uses for ACLs
Authentication Header (AH)
SSH
Generic Routing Encapsulation (GRE)
37. Block spoofed IP packets - block loopback packets - block IP multicast if unused - block ICMP redirects - Block telnet if not used
Common uses of Access Lists
Boot Network Vulnerabilities
GRE Identifier
Boot Network
38. Can discover vulnerabilities - network stats - and firewall discovery
Named ACL
IP Unreachable Vulnerabilities
IP Directed Broadcast
SNMP Vulnerabilities
39. Protocol that allows data to be exchanged using a secure channel between two computers via encryption
Distributed Denial of Service Attacks
no ip http server
Secure Shell (SSH)
Syntax for Reflexive ACLs
40. Attack that involves sending a packet to the router with the same IP address in the source and destination address fields - as well as the same port number in the source and destination port field - causing a denial of service
Static NAT
IP Direct Broadcast Vulnerabilties
SSH1
Land Attack
41. Public IP address before translation
Outside Local Address
Host-to-Host Communications
Outside
GRE Identifier
42. Two FIN bits or one RST bit
Requirements for Reflexive TCP to be removed
Generic Routing Encapsulation (GRE)
no ip http server
Privilege Level 15
43. Interim Build Number
Fourth Part of the IOS Version
Anti-Replay
Fraggle Attack
no ip unreachable
44. Can obtain CIDR and router ID
Unicast Reverse-Path Forwarding (uRPF)
Privilege Levels 2-13
IP Mask Reply Vulnerabilities
TLS/SSL Identifier
45. Major Version - Minor Version - Release - Interim Build - Release Train Identifier
no ip unreachable
Networks
Outside Global Address
General Format of Cisco IOS Version
46. Time can be changed - Routing Table can be killed
NTP Vulnerabilities
uRPF Strength
Privilege Level 0
HTTPS Strength
47. 0x32 - or 50
ESP Identifier
GRE Operating Layer
Second Part of IOS Version
Two Protocols of Tunnel Mode
48. A method of bypassing firewall or proxy restrictions by making the firewall think that it is getting traffic from a web browser
Denial of Service (DoS)
ACL to block spoofed IPs
HTTP Tunneling
no service udp-small-servers
49. DENY IP ANY HOST <Broadcast Address>
IP Direct Broadcast Vulnerabilties
Route Injection Attack
login local
ACL to block a Smurf Attack or Fraggle Attack
50. Allows packets to be filtered based on upper-layer session information - only uses extended temporary ACL's and must be named - applied on border routers
Proxy ARP Vulnerabilities
SNMP Vulnerabilities
IP Direct Broadcast Vulnerabilties
Reflexive ACL
