SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Router Security
Start Test
Study First
Subject
:
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An extension of static mapping which allows for one global address to be mapped to multiple inside addresses; can be used for websites with multiple back end servers
Higher IP Standard ACL Range
Two Types of Router Access
TCP Load Distribution
GRE Identifier
2. Public IP address after translation
Outside Global Address
ACL to block IP multicast
Route Injection Attack
Reflexive ACL
3. Dialer List - Routing Maps - Dynamic Routing Protocols - Controlling Remote Access - NAT'ing - Traffic Filtering
Uses for ACLs
HTTP Identifier
Train Identifier 'T'
Named ACL
4. Software that passively monitors the connection requests flowing through the router; if a connection fails - the software sends a Reset to the server to clear up its state
TCP Intercept Watch Mode
SNMP Trap
SSH Identifier
Sixth (Optional) Part of the IOS Version
5. Buffer Overflow
Denial of Service (DoS)
AUX Vulnerability
Boot Network
TCP/UDP Chargen Vulnerability
6. Attack that involves sending a large amount of ICMP Echo packets to a subnet's broadcast address with a spoofed source IP address from that subnet
Standard ACL format
no service tcp-small-servers
Smurf Attack
ACL to block spoofed IPs
7. Protocol that allows data to be exchanged using a secure channel between two computers via encryption
TLS/SSL Identifier
Requirements for Reflexive TCP to be removed
Two Types of Router Access
Secure Shell (SSH)
8. 1300-1999
Boot Network
Higher IP Standard ACL Range
Second Part of IOS Version
Boot Network Vulnerabilities
9. TCP Port 80
HTTP Tunneling
Core Layer
IPSec AH Operating Layer
HTTP Identifier
10. Data link layer protocol used for tunneling network traffic between two peers over an existing network - often used with IPsec to secure packets
Unicast Reverse-Path Forwarding (uRPF)
Layer 2 Tunneling Protocol (L2TP)
Common uses of Access Lists
TLS/SSL Identifier
11. Release Number
Encrypting Traffic
TLS/SSL Identifier
Third Part of the IOS Version
GRE Operating Layer
12. Software that blocks packets from unreachable hosts - thus allowing only reachable external hosts to initiate connections to a host on an internal network
ACL to block spoofed IPs
TCP Intercept
Extended ACL format
Core Layer
13. No Known Vulnerability
SSH
TCP/UDP Discard Vulnerability
GRE Identifier
ACL to block spoofed IPs
14. Layer 3
IPSec AH Operating Layer
syslog
Authenticating Peers
Smurf Attack
15. Mode where only the payload of the IP packet is encrypted and/or authenticated
Network Time Protocol (NTP)
Unauthorized Access
Secure Shell (SSH)
Transport Mode
16. DENY IP ANY HOST <Broadcast Address>
Train Identifier 'S'
Outside Local Address
ACL to block a Smurf Attack or Fraggle Attack
Fifth Part of the IOS Version
17. Authentication Header (AH) and Encapsulated Security Payload (ESP)
Two Protocols of Tunnel Mode
Unauthorized Access
SSH
BOOTP Vulnerabilities
18. Two - one Inbound or Evaluated and one Outbound or Reflected
HTTP Vulnerability
Minimum ACLs Required for Reflexive ACLs
Inside
TCP Intercept
19. These ACLs filter by network or host IP addresses andspecific protocol type or port numbers - filters by source and destination
Extended IP ACLs
L2TP Operating Layer
no ip finger - no service finger
Sixth (Optional) Part of the IOS Version
20. What Inside and Outside refer to in NAT
Network Time Protocol (NTP)
SSH Operating Layer
Devices
UDP Traceroute Port Range
21. Router threat that occurs when an attacker manipulates IP packets to falsify IP addresses - causing network disruptions as the router attempts to process the packet
TCP Intercept
Route Injection Attack
Masquerading
Train Idenifier 'E'
22. Uses SSL port 443
no cdp run
Fifth Part of the IOS Version
HTTPS Strength
TLS/SSL Identifier
23. A secure alternative to telnet for remote administration that supported in Enterprise versions of Cisco IOS
Established Line
Syntax for Reflexive ACLs
SSH
IPSec AH Identifier
24. A suite of protocols for securing Internet Protocol communications by authenticating and/or encrypting each IP packet in a data stream
IP Unreachable Vulnerabilities
Internet Protocol Security (IPSec)
TLS/SSL Identifier
Secure Shell (SSH)
25. Private IP address after translation
SSH
Boot Network
Inside Global Address
TCP/UDP Chargen Vulnerability
26. Provides a checksum - ensuring traffic has not been modified along it's path
Proxy ARP Vulnerabilities
Integrity Validation
IPSec AH Identifier
ACL to block spoofed IPs
27. Command used to disable HTTP Server
no ip http server
L2TP Identifier
Tunnel Mode
Standard IP ACLs
28. Provides nonrepudiation - ensuring that traffic is from a trusted party
Privilege Level 15
UDP Traceroute Port Range
Authenticating Peers
TCP SYN Attack
29. Tunnel Mode Protocol provides integrity - authentication - and non-repudiation and operates directly on top of IP
Authentication Header (AH)
HTTPS Strength
TCP SYN Attack
Network-to-Network Communications
30. Breaks LAN security perimeter extends LAN to Layer 2
Flags used by Established Line
Proxy ARP Vulnerabilities
Eavesdropping and Information Theft
Global Addresses
31. Four TCP/UDP Small Server commands recommended to disable
echo - chargen - discard - daytime
IP Mask Reply Vulnerabilities
Outside Local Address
Local Addresses
32. Router threat that involves the unauthorized viewing and collection of network traffic; usually accomplished with a packet sniffing program
Unauthorized Access
Transport Mode
Outside
Eavesdropping and Information Theft
33. Layer 5
L2TP Operating Layer
ESP Operating Layer
IP Source Routing Vulnerabilities
ntp disable
34. TCP and UDP Port 162
no ip http server
Authentication Header (AH)
SNMP Trap
Second Part of IOS Version
35. 33400-34400
TCP Load Distribution
Outside
UDP Traceroute Port Range
BOOTP
36. Proprietary - used by Cisco routers and switches use to identify each other on LAN and WAN segments
Lower IP Extended ACL Range
Encrypting Traffic
Cisco Discovery Protocol (CDP)
ESP Identifier
37. This layer controls user and workgroup acess to the Internetwork resources at the local level using segmentation of networks to create separate collision domains - AKA an organization's trusted network
NTP Vulnerabilities
Access Layer
Cisco Discovery Protocol (CDP)
Encapsulation Security Payload (ESP)
38. Command used to disable the ICMP message Redirect
Lower IP Standard ACL Range
no ip redirect
ACL to block telnet
TCP Intercept
39. DENY IP <Network ID> <Network WC Mask> ANY
Lower IP Extended ACL Range
Transport Mode
ACL to block spoofed IPs
L2TP Identifier
40. Can stop spoofed IP addresses
Route Injection Attack
Overloading
Three Layers of Hierarchical Model
uRPF Strength
41. DENY IP 224.0.0.0 15.255.255.255 ANY
ACL to block TCP SYN Attack
ACL to block telnet
ACL to block IP multicast
Authentication Header (AH)
42. Access - Distribution - Core
Proxy ARP
Fraggle Attack
Three Layers of Hierarchical Model
ACL to block IP multicast
43. Privilege levels that can have passwords assigned to them
Privilege Levels 2-13
Network-to-Network Communications
HTTP Vulnerability
HTTP Tunneling
44. Command to disable UDP small server on a router
ACL to block incoming loopback packets
no service tcp-small-servers
no service udp-small-servers
TCP/UDP Chargen Vulnerability
45. Release Train Identifier
Fifth Part of the IOS Version
Outside Global Address
TCP/UDP Chargen Vulnerability
BOOTP Vulnerabilities
46. TCP only - used to filter inbound traffic while allowing return TCP sessions - can be spoofed by attackers and cannot be used with Active FTP
Train Identifier 'B'
Established Line
Requirements for Reflexive TCP to be removed
Higher IP Extended ACL Range
47. Service Provider
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
48. Form of dynamic NAT that maps multiple unregistered IP addresses to a single registered IP address by using different ports; limited to ~64 -000 hosts
Two Types of Router Access
Smurf Attack
Inside
Overloading
49. Privilege level that restricts users to five commands (enable - disable - exit - help quit)
Three Layers of Hierarchical Model
Inside Global Address
Privilege Level 0
SSH Identifier
50. 2000-2699
Uses for ACLs
Privilege Level 1
Higher IP Extended ACL Range
no service tcp-small-servers