SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Router Security
Start Test
Study First
Subject
:
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. None - uses attached application protocol's port
TLS/SSL Layer
TLS/SSL Identifier
TCP Intercept Watch Mode
SSH1
2. TCP and UDP Port 162
ACL to block TCP SYN Attack
IP Direct Broadcast Vulnerabilties
SNMP Trap
Train Idenifier 'E'
3. DENY IP 127.0.0.0 0.255.255.255 ANY
no ip bootp server
no service tcp-small-servers
ACL to block incoming loopback packets
no ip unreachable
4. Cryptographic protocols that provide secure communications on the Internet for such thing as WWW - email - faxing - IM - and other data transfers
Host-to-Host Communications
User Account Vulnerabilites
Transport Layer Security (TLS) and Secure Sockets Layer (SSL)
First Part of IOS Version
5. Privilege level that has Global administration capabilities
Named ACL
login local
CDP Vulnerabilities
Privilege Level 15
6. Rebuild Number
Static NAT
Sixth (Optional) Part of the IOS Version
Rerouting
Inside Local Address
7. 2000-2699
Fifth Part of the IOS Version
Established Line
Transport Mode
Lower IP Extended ACL Range
8. Router to Router Denial of Service
Finger Vulnerabilities
SNMP Trap
TCP/UDP Echo Vulnerability
Distribution Layer
9. Attack that involves sending a packet to the router with the same IP address in the source and destination address fields - as well as the same port number in the source and destination port field - causing a denial of service
ACL to block a Land Attack
AUX Vulnerability
Fraggle Attack
Land Attack
10. 0x33 or 51
Access List Rules
IPSec AH Identifier
Standard ACL format
ntp disable
11. No Known Vulnerability
Core Layer
Authentication Header (AH)
Extended IP ACLs
TCP/UDP Discard Vulnerability
12. Attack that involves sending a large amount of ICMP Echo packets to a subnet's broadcast address with a spoofed source IP address from that subnet
Boot Network Vulnerabilities
UDP Traceroute Port Range
Smurf Attack
Distributed Denial of Service Attacks
13. Interim Build Number
IPSec AH Identifier
Fourth Part of the IOS Version
ACL to block a Land Attack
Unauthorized Access
14. Breaks LAN security perimeter extends LAN to Layer 2
IP Unreachable Vulnerabilities
Proxy ARP Vulnerabilities
TCP Load Distribution
ESP Operating Layer
15. Major Version - Minor Version - Release - Interim Build - Release Train Identifier
Land Attack
General Format of Cisco IOS Version
Higher IP Standard ACL Range
Distributed Denial of Service Attacks
16. Authentication Header (AH) and Encapsulated Security Payload (ESP)
Two Protocols of Tunnel Mode
TCP Load Distribution
Requirements for Reflexive TCP to be removed
Standard ACL format
17. The host can specify which route to take - which bypasses security
Boot Network
IP Source Routing Vulnerabilities
IP Source Routing
BOOTP Vulnerabilities
18. Form of dynamic NAT that maps multiple unregistered IP addresses to a single registered IP address by using different ports; limited to ~64 -000 hosts
Overloading
Fraggle Attack
Distributed Denial of Service Attacks
Fifth Part of the IOS Version
19. Refers to addresses used on the organization's private network
no ip mask-reply
Global Addresses
IP Direct Broadcast Vulnerabilties
TCP Intercept Watch Mode
20. Can discover vulnerabilities - network stats - and firewall discovery
TCP Intercept
IP Unreachable Vulnerabilities
SSH Operating Layer
Anti-Replay
21. PERMIT TCP ANY ANY ESTABLISHED
TCP Intercept Watch Mode
IPSec AH Operating Layer
ACL to block TCP SYN Attack
TCP Load Distribution
22. Command to disable BOOTP Server
Lower IP Standard ACL Range
Uses for ACLs
Overloading
no ip bootp server
23. Software that blocks packets from unreachable hosts - thus allowing only reachable external hosts to initiate connections to a host on an internal network
Lower IP Extended ACL Range
Eavesdropping and Information Theft
TCP Intercept Watch Mode
TCP Intercept
24. Four TCP/UDP Small Server commands recommended to disable
TCP Intercept Watch Mode
echo - chargen - discard - daytime
Boot Network Vulnerabilities
Devices
25. Datagram protocol used by some hosts to load their operating system over the network via a central repository of IOS software
L2TP Operating Layer
BOOTP
Authenticating Peers
Established Line
26. 2000-2699
Flags used by Established Line
Privilege Levels 2-13
Anti-Replay
Higher IP Extended ACL Range
27. Attack that involves transmitting a volume of connections that cannot be completed at the destination - causing the queue to fill up and denying service to legitimate user
Unauthorized Access
TCP SYN Attack
Proxy ARP Vulnerabilities
CDP Vulnerabilities
28. Provides nonrepudiation - ensuring that traffic is from a trusted party
Transport Mode
Uses for ACLs
IP Direct Broadcast Vulnerabilties
Authenticating Peers
29. Router threat that involves a hacker inserting a spoofed TCP/IP packet into a stream - thereby enabling commands to be executed on the remote host
Lower IP Standard ACL Range
IPSec AH Identifier
Cisco Express Forwarding (CEF)
Session Hijacking
30. Command used to disable HTTP Server
Lower IP Extended ACL Range
Dynamic NAT
no ip http server
HTTP Operating Layer
31. Provides a checksum - ensuring traffic has not been modified along it's path
Established Line
Integrity Validation
Standard IP ACLs
Internet Protocol Security (IPSec)
32. Uses server and host keys to authenticate systems
Extended IP ACLs
HTTP Vulnerability
SSH1
Outside Local Address
33. War dialing
no cdp run
Higher IP Standard ACL Range
AUX Vulnerability
Named ACL Format
34. An extension of static mapping which allows for one global address to be mapped to multiple inside addresses; can be used for websites with multiple back end servers
TCP Load Distribution
Higher IP Standard ACL Range
IP Directed Broadcast
Authentication Header (AH)
35. Helps to mitigate problems that are caused by the introduction of malformed or spoofed IP source addresses into a network by discarding packets lacking a verifiable IP source address
Encrypting Traffic
SNMP Vulnerabilities
Unicast Reverse-Path Forwarding (uRPF)
Train Idenifier 'E'
36. Protects against repeating of secure sessions
Boot Network Vulnerabilities
Higher IP Standard ACL Range
Authenticating Peers
Anti-Replay
37. Access - Distribution - Core
SSH1
ACL to block TCP SYN Attack
Telnet - HTTP - SNMP Vulnerability
Three Layers of Hierarchical Model
38. Proprietary - used by Cisco routers and switches use to identify each other on LAN and WAN segments
Train Identifier 'S'
Cisco Discovery Protocol (CDP)
Syntax for Reflexive ACLs
ESP Identifier
39. Router threat that occurs when an attacker manipulates IP packets to falsify IP addresses - causing network disruptions as the router attempts to process the packet
Extended ACL format
Denial of Service (DoS)
ESP Operating Layer
Masquerading
40. Mode where the entire packet is encrypted and/or authenticated - requiring a new IP packet to be encapsulated
Reflexive ACL
Tunnel Mode
no ip bootp server
Fifth Part of the IOS Version
41. Refers to addresses used on the organization's private network
IPSec AH Identifier
Local Addresses
no cdp run
IP Directed Broadcast
42. 0x2F - or 47
IP Directed Broadcast
ACL to block incoming loopback packets
TCP Load Distribution
GRE Identifier
43. DENY IP <Network ID> <Network WC Mask> ANY
Two Modes of IPSec
Tunnel Mode
no ip unreachable
ACL to block spoofed IPs
44. Release Train Identifier
IP Source Routing Vulnerabilities
Global Addresses
Fifth Part of the IOS Version
no ip unreachable
45. UDP Port 514
syslog
IP Directed Broadcast
no ip finger - no service finger
Three Layers of Hierarchical Model
46. Minor Version
Encrypted Tunneling Methods
Second Part of IOS Version
General Format of Cisco IOS Version
Requirements for Reflexive TCP to be removed
47. A suite of protocols for securing Internet Protocol communications by authenticating and/or encrypting each IP packet in a data stream
Third Part of the IOS Version
ACL to block IP multicast
Internet Protocol Security (IPSec)
Encrypted Tunneling Methods
48. Rewrites the and/or destination IP address of IP packets as they pass through a router or firewall from private to public addresses
Extended IP ACLs
SNMP
TLS/SSL Identifier
Network Address Translation (NAT)
49. Service Provider
50. Top of the hierarchy - responsible for transporting large amounts of traffic both reliably and quickly and switching traffic as fast as possible throughout the internet
Core Layer
ACL to block spoofed IPs
no ip unreachable
Finger Vulnerabilities
