SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Router Security
Start Test
Study First
Subject
:
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Cryptographic protocols that provide secure communications on the Internet for such thing as WWW - email - faxing - IM - and other data transfers
Host-to-Host Communications
Two Modes of IPSec
Land Attack
Transport Layer Security (TLS) and Secure Sockets Layer (SSL)
2. Command to disable BOOTP Server
Masquerading
Transport Mode
Higher IP Extended ACL Range
no ip bootp server
3. Ip accesslist extended <name1> - permit IP any any reflect <filename> - ip accesslist extended <name2> - evaluate <filename> - int f0/0 - ip access-group <name1> out - ip access-group <name2> in
HTTP Vulnerability
TCP/UDP Daytime Vulnerability
GRE Operating Layer
Syntax for Reflexive ACLs
4. Privilege level that restricts users to five commands (enable - disable - exit - help quit)
Privilege Level 0
SSH Identifier
ACL to block IP multicast
Smurf Attack
5. Router to Router Denial of Service
L2TP Identifier
TLS/SSL Layer
TCP/UDP Echo Vulnerability
HTTP Tunneling
6. TCP and UDP Port 162
Flags used by Established Line
Cisco Express Forwarding (CEF)
SNMP Trap
Transport Mode
7. Allows packets to be filtered based on upper-layer session information - only uses extended temporary ACL's and must be named - applied on border routers
Network-to-Network Communications
Rerouting
Reflexive ACL
Eavesdropping and Information Theft
8. Translates multiple local addresses to a pool of global addresses by having the firewall select the first available global address; retains the global address for the duration of the connection
Dynamic NAT
Network Time Protocol (NTP)
SSH Operating Layer
Lower IP Standard ACL Range
9. 2000-2699
Flags used by Established Line
HTTPS Strength
Lower IP Extended ACL Range
ACL to block spoofed IPs
10. The environment - catastrophic events an unauthorized access
ACL to block TCP SYN Attack
HTTP Operating Layer
L2TP Operating Layer
Three Physical Security Vulnerabilities
11. Router threat that includes manipulating router updates to cause traffic to flow to unauthorized destinations
TCP/UDP Echo Vulnerability
Route Injection Attack
IP Mask Reply Vulnerabilities
ACL to block telnet
12. Attack that involves a multitude of compromised system attack a single target - denying service to it by exploiting one 'master' system that communicates with other 'zombie' systems
Distribution Layer
Finger Vulnerabilities
SSH
Distributed Denial of Service Attacks
13. When a router acts as an intermediary for ARP queries on selected interfaces and enabling transparent access between multiple LAN segments
IP Direct Broadcast Vulnerabilties
echo - chargen - discard - daytime
IP Source Routing
Proxy ARP
14. Rebuild Number
Sixth (Optional) Part of the IOS Version
no cdp run
AUX Vulnerability
NTP Vulnerabilities
15. TCP and UDP Port 161
IPSec AH Identifier
Two Modes of IPSec
SNMP
ntp disable
16. Can obtain CIDR and router ID
IP Mask Reply Vulnerabilities
SSH Identifier
Distributed Denial of Service Attacks
no ip redirect
17. Public IP address before translation
TLS/SSL Layer
Syntax for Reflexive ACLs
Outside Local Address
SNMP
18. None - uses attach application protocol's layer
TLS/SSL Layer
IP Direct Broadcast Vulnerabilties
IP Unreachable Vulnerabilities
Extended IP ACLs
19. Layer 3
IP Spoofing
Uses for ACLs
GRE Operating Layer
Transport Mode
20. Access-list <number <deny | permit> source source-wildcard source-qualifier destination dest-wildcard dest-qualifier <log | log-input>
HTTP Tunneling
TCP Load Distribution
Privilege Level 0
Extended ACL format
21. Breaks LAN security perimeter extends LAN to Layer 2
Unauthorized Access
Proxy ARP Vulnerabilities
no ip redirect
Transport Layer Security (TLS) and Secure Sockets Layer (SSL)
22. Command used to disable the ICMP message Redirect
Distributed Denial of Service Attacks
SNMP
AUX Vulnerability
no ip redirect
23. Router threat that occurs when an attacker manipulates IP packets to falsify IP addresses - causing network disruptions as the router attempts to process the packet
Devices
ESP Operating Layer
IP Spoofing
TLS/SSL Identifier
24. Uses SSL port 443
Inside Global Address
GRE Operating Layer
TCP Load Distribution
HTTPS Strength
25. PERMIT TCP ANY ANY ESTABLISHED
Third Part of the IOS Version
ACL to block TCP SYN Attack
Uses for ACLs
Anti-Replay
26. Also known as Configuration Auto-Loading - allows routers to load their startup configuration from the network
no service tcp-small-servers
Fraggle Attack
Boot Network
TLS/SSL Identifier
27. Router threat that involves the unauthorized viewing and collection of network traffic; usually accomplished with a packet sniffing program
Generic Routing Encapsulation (GRE)
Internet Protocol Security (IPSec)
Eavesdropping and Information Theft
Three Physical Security Vulnerabilities
28. Refers to addresses used on the organization's private network
Global Addresses
IP Unreachable Vulnerabilities
IP Spoofing
IP Direct Broadcast Vulnerabilties
29. What Tunnel Mode is used for
Outside
login local
Network-to-Network Communications
Uses for ACLs
30. Provides confidentiality - so it cannot be read by unauthorized parties
Higher IP Extended ACL Range
no service udp-small-servers
Encrypting Traffic
Local Addresses
31. War dialing
GRE Identifier
AUX Vulnerability
Named ACL Format
Devices
32. Release Train Identifier
ACL to block TCP SYN Attack
Denial of Service (DoS)
Fifth Part of the IOS Version
no service tcp-small-servers
33. Cisco default tunneling protocol that uses multicast addressing without encryption and is designed to encapsulate a wide variety of network layer packets inside IP tunneling packets
IPSec AH Identifier
Privilege Level 15
Generic Routing Encapsulation (GRE)
ESP Operating Layer
34. None - uses attached application protocol's port
TLS/SSL Identifier
no service tcp-small-servers
Networks
Train Identifier 'S'
35. DENY IP 224.0.0.0 15.255.255.255 ANY
Lower IP Standard ACL Range
Encrypted Tunneling Methods
ESP Operating Layer
ACL to block IP multicast
36. TCP Port 80
Proxy ARP
SSH Operating Layer
HTTP Identifier
Three Layers of Hierarchical Model
37. Mode where only the payload of the IP packet is encrypted and/or authenticated
Train Identifier 'B'
TCP SYN Attack
echo - chargen - discard - daytime
Transport Mode
38. Plaintext
ntp disable
Telnet - HTTP - SNMP Vulnerability
GRE Operating Layer
Overloading
39. Allows the source IP host to specify a route through the IP network
IP Source Routing
NTP Vulnerabilities
ESP Identifier
Boot Network Vulnerabilities
40. Router threat that occurs when an attacker manipulates IP packets to falsify IP addresses - causing network disruptions as the router attempts to process the packet
Common uses of Access Lists
Masquerading
Authenticating Peers
Two Protocols of Tunnel Mode
41. Traffic is passed in plaintext
Networks
login local
SSH1
HTTP Vulnerability
42. Command to disable UDP small server on a router
no service udp-small-servers
Boot Network Vulnerabilities
no ip bootp server
Common uses of Access Lists
43. DENY IP HOST <Inbound IP Address> HOST <Inbound IP Address>
Anti-Replay
Inside Local Address
ACL to block a Land Attack
Overloading
44. Protects against repeating of secure sessions
Anti-Replay
Authenticating Peers
TCP Load Distribution
Static NAT
45. Software that passively monitors the connection requests flowing through the router; if a connection fails - the software sends a Reset to the server to clear up its state
Outside
TCP Load Distribution
Three Physical Security Vulnerabilities
TCP Intercept Watch Mode
46. Allows for a one-to-one translation of local to global addresses; used by web servers and mail servers so that users can connect to them via their global address
inger Server
Static NAT
Syntax for Reflexive ACLs
TCP/UDP Daytime Vulnerability
47. Helps to mitigate problems that are caused by the introduction of malformed or spoofed IP source addresses into a network by discarding packets lacking a verifiable IP source address
Unicast Reverse-Path Forwarding (uRPF)
BOOTP Vulnerabilities
Common uses of Access Lists
TCP Intercept
48. The host can specify which route to take - which bypasses security
Train Identifier 'B'
syslog
IP Source Routing Vulnerabilities
Reflexive ACL
49. This server is used for querying a host about its logged in users
Requirements for Reflexive TCP to be removed
Network Time Protocol (NTP)
Access List Rules
inger Server
50. Tunnel Mode Protocol provides integrity - authentication - and non-repudiation and operates directly on top of IP
Fourth Part of the IOS Version
Authentication Header (AH)
TCP/UDP Chargen Vulnerability
Authenticating Peers