SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Router Security
Start Test
Study First
Subject
:
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Tunnel Mode Protocol provides confidentiality - along with authentication and integrity protection with encryption
Encapsulation Security Payload (ESP)
Encrypted Tunneling Methods
inger Server
Tunneling
2. Permits a host on one LAN segment to initiate a physical broadcast on a different LAN segment
IP Directed Broadcast
ESP Identifier
User Account Vulnerabilites
Denial of Service (DoS)
3. Access - Distribution - Core
Extended ACL format
IPSec AH Identifier
no ip bootp server
Three Layers of Hierarchical Model
4. Minor Version
Second Part of IOS Version
TLS/SSL Layer
Inside
login local
5. Local and Remote
Eavesdropping and Information Theft
Train Identifier 'S'
no cdp run
Two Types of Router Access
6. Provides confidentiality - so it cannot be read by unauthorized parties
IP Mask Reply Vulnerabilities
Global Addresses
ACL to block a Land Attack
Encrypting Traffic
7. Mode where the entire packet is encrypted and/or authenticated - requiring a new IP packet to be encapsulated
no service udp-small-servers
Tunnel Mode
Named ACL Format
ACL to block incoming loopback packets
8. No Known Vulnerability
HTTP Identifier
SSH1
TCP/UDP Discard Vulnerability
BOOTP Vulnerabilities
9. Command to disable UDP small server on a router
Train Idenifier 'E'
no cdp run
no service udp-small-servers
Privilege Level 15
10. Commands to disable Finger Server
no ip redirect
no ip finger - no service finger
HTTP Tunneling
Outside
11. These ACLs filter by network or host IP address and only filter on source
Route Injection Attack
Standard IP ACLs
TLS/SSL Layer
Static NAT
12. What Inside and Outside refer to in NAT
Devices
HTTP Identifier
Inside Global Address
Core Layer
13. Form of dynamic NAT that maps multiple unregistered IP addresses to a single registered IP address by using different ports; limited to ~64 -000 hosts
TCP/UDP Echo Vulnerability
inger Server
Established Line
Overloading
14. An extension of static mapping which allows for one global address to be mapped to multiple inside addresses; can be used for websites with multiple back end servers
Syntax for Reflexive ACLs
TCP Load Distribution
TLS/SSL Identifier
HTTP Vulnerability
15. When a router acts as an intermediary for ARP queries on selected interfaces and enabling transparent access between multiple LAN segments
Proxy ARP
ACL to block a Smurf Attack or Fraggle Attack
Local Addresses
ACL to block TCP SYN Attack
16. Allows for a one-to-one translation of local to global addresses; used by web servers and mail servers so that users can connect to them via their global address
Two Types of Router Access
AUX Vulnerability
General Format of Cisco IOS Version
Static NAT
17. Router to Router Denial of Service
Networks
Finger Vulnerabilities
TCP/UDP Echo Vulnerability
IPSec AH Identifier
18. DNS Poisoning
Network Time Protocol (NTP)
Encrypted Tunneling Methods
DNS Lookup Vulnerability
Requirements for Reflexive TCP to be removed
19. Access-list <number> <deny | permit> source source-wildcard log
Standard ACL format
Encrypted Tunneling Methods
BOOTP Vulnerabilities
Generic Routing Encapsulation (GRE)
20. The communication layer between the two other layers and provides network security - including ACLs - firewalls - any general public access servers and address translation; also known as the isolation LAN or DMZ
AUX Vulnerability
Tunneling
Distribution Layer
HTTPS Strength
21. Provides a checksum - ensuring traffic has not been modified along it's path
Integrity Validation
ESP Operating Layer
Boot Network Vulnerabilities
no ip redirect
22. Rewrites the and/or destination IP address of IP packets as they pass through a router or firewall from private to public addresses
Sixth (Optional) Part of the IOS Version
Network Address Translation (NAT)
ACL to block a Land Attack
TCP/UDP Chargen Vulnerability
23. Traffic is passed in plaintext
Rerouting
Generic Routing Encapsulation (GRE)
HTTP Vulnerability
syslog
24. Major Version - Minor Version - Release - Interim Build - Release Train Identifier
General Format of Cisco IOS Version
Privilege Level 1
Fourth Part of the IOS Version
IP Unreachable Vulnerabilities
25. Privilege level that is restricted to basic level operations
Three Physical Security Vulnerabilities
Privilege Level 1
Two Protocols of Tunnel Mode
Transport Mode
26. Geolocational positioning
Lower IP Standard ACL Range
Anti-Replay
TCP/UDP Daytime Vulnerability
Masquerading
27. 0x2F - or 47
GRE Identifier
ACL to block incoming loopback packets
Eavesdropping and Information Theft
ACL to block a Land Attack
28. Interim Build Number
Standard ACL format
syslog
Fourth Part of the IOS Version
Fifth Part of the IOS Version
29. Breaks LAN security perimeter extends LAN to Layer 2
Access Layer
Proxy ARP Vulnerabilities
TLS/SSL Identifier
HTTP Identifier
30. 33400-34400
UDP Traceroute Port Range
Encrypting Traffic
Standard ACL format
syslog
31. Command to disable CDP on a router
TCP/UDP Chargen Vulnerability
no cdp run
Access List Rules
Privilege Level 1
32. Authentication Header (AH) and Encapsulated Security Payload (ESP)
no service udp-small-servers
Two Protocols of Tunnel Mode
Denial of Service (DoS)
Transport Layer Security (TLS) and Secure Sockets Layer (SSL)
33. Uses only host keys to authenticate systems
SSH2
Lower IP Extended ACL Range
SSH1
SNMP Vulnerabilities
34. A secure alternative to telnet for remote administration that supported in Enterprise versions of Cisco IOS
BOOTP Vulnerabilities
Networks
SSH
Layer 2 Tunneling Protocol (L2TP)
35. The host can specify which route to take - which bypasses security
Proxy ARP
TLS/SSL Identifier
Host-to-Host Communications
IP Source Routing Vulnerabilities
36. Layer 3
ESP Operating Layer
echo - chargen - discard - daytime
SSH
TCP/UDP Echo Vulnerability
37. ESP - SSH - SSL/TLP
Requirements for Reflexive TCP to be removed
Integrity Validation
Encrypted Tunneling Methods
no ip mask-reply
38. Smurf attacks - can enumerate the network
no cdp run
IP Direct Broadcast Vulnerabilties
TCP Intercept Watch Mode
Lower IP Extended ACL Range
39. Datagram protocol used by some hosts to load their operating system over the network via a central repository of IOS software
Devices
Train Identifier 'B'
Privilege Level 1
BOOTP
40. Dialer List - Routing Maps - Dynamic Routing Protocols - Controlling Remote Access - NAT'ing - Traffic Filtering
ACL to block telnet
Host-to-Host Communications
Uses for ACLs
no service tcp-small-servers
41. 0x32 - or 50
ESP Identifier
Finger Vulnerabilities
no ip finger - no service finger
GRE Operating Layer
42. Private IP address after translation
Inside Global Address
Sixth (Optional) Part of the IOS Version
GRE Identifier
Overloading
43. Command used to disable the ICMP message Address Mask Reply
Sixth (Optional) Part of the IOS Version
Two Types of Router Access
TCP Intercept
no ip mask-reply
44. PERMIT TCP ANY ANY ESTABLISHED
Overloading
login local
ACL to block TCP SYN Attack
Named ACL
45. 0x33 or 51
TCP/UDP Discard Vulnerability
IPSec AH Identifier
Higher IP Standard ACL Range
Common uses of Access Lists
46. The environment - catastrophic events an unauthorized access
Two Modes of IPSec
Three Layers of Hierarchical Model
Three Physical Security Vulnerabilities
TLS/SSL Layer
47. Rebuild Number
Extended IP ACLs
ESP Operating Layer
Sixth (Optional) Part of the IOS Version
L2TP Operating Layer
48. Attack that involves a multitude of compromised system attack a single target - denying service to it by exploiting one 'master' system that communicates with other 'zombie' systems
Outside
Distributed Denial of Service Attacks
Two Protocols of Tunnel Mode
Telnet - HTTP - SNMP Vulnerability
49. Layer 5
no ip mask-reply
L2TP Operating Layer
HTTP Identifier
Three Physical Security Vulnerabilities
50. Router threat where access by an entity or individual other than authorized users
Unauthorized Access
Smurf Attack
Devices
Proxy ARP Vulnerabilities
