SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Router Security
Start Test
Study First
Subject
:
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Attack that involves transmitting a volume of connections that cannot be completed at the destination - causing the queue to fill up and denying service to legitimate user
TCP SYN Attack
Higher IP Extended ACL Range
Inside
login local
2. DENY IP ANY HOST <Broadcast Address>
no service tcp-small-servers
ACL to block a Smurf Attack or Fraggle Attack
TCP Intercept Watch Mode
IP Spoofing
3. 2000-2699
BOOTP Vulnerabilities
Lower IP Extended ACL Range
SNMP Vulnerabilities
TCP Intercept Watch Mode
4. Protocol that allows data to be exchanged using a secure channel between two computers via encryption
Secure Shell (SSH)
Layer 2 Tunneling Protocol (L2TP)
SNMP Trap
ESP Operating Layer
5. Dialer List - Routing Maps - Dynamic Routing Protocols - Controlling Remote Access - NAT'ing - Traffic Filtering
GRE Identifier
Minimum ACLs Required for Reflexive ACLs
Inside
Uses for ACLs
6. Major Version
Unauthorized Access
Smurf Attack
Fraggle Attack
First Part of IOS Version
7. Allows the source IP host to specify a route through the IP network
IP Source Routing
Sixth (Optional) Part of the IOS Version
Rerouting
SSH Operating Layer
8. These ACLs filter by network or host IP addresses andspecific protocol type or port numbers - filters by source and destination
Extended IP ACLs
SSH
SNMP
Three Physical Security Vulnerabilities
9. Local IP address before translation
Higher IP Standard ACL Range
Inside Local Address
Network-to-Network Communications
IPSec AH Identifier
10. When a router acts as an intermediary for ARP queries on selected interfaces and enabling transparent access between multiple LAN segments
IP Direct Broadcast Vulnerabilties
HTTP Vulnerability
Proxy ARP
inger Server
11. Interim Build Number
Authentication Header (AH)
TLS/SSL Identifier
Fourth Part of the IOS Version
Higher IP Standard ACL Range
12. Uses server and host keys to authenticate systems
IP Source Routing Vulnerabilities
SSH1
Outside
no cdp run
13. Form of dynamic NAT that maps multiple unregistered IP addresses to a single registered IP address by using different ports; limited to ~64 -000 hosts
Second Part of IOS Version
Authenticating Peers
Overloading
Generic Routing Encapsulation (GRE)
14. Ip access-list <standard | extended> name - permit TCP any any established
IP Spoofing
Unicast Reverse-Path Forwarding (uRPF)
Named ACL Format
Minimum ACLs Required for Reflexive ACLs
15. Command to disable UDP small server on a router
ACL to block incoming loopback packets
Inside Global Address
ACL to block TCP SYN Attack
no service udp-small-servers
16. A method of bypassing firewall or proxy restrictions by making the firewall think that it is getting traffic from a web browser
Dynamic NAT
no service tcp-small-servers
HTTP Tunneling
TCP SYN Attack
17. DENY IP 224.0.0.0 15.255.255.255 ANY
ACL to block IP multicast
Minimum ACLs Required for Reflexive ACLs
GRE Operating Layer
Networks
18. The host can specify which route to take - which bypasses security
no ip unreachable
IP Source Routing Vulnerabilities
ACL to block a Smurf Attack or Fraggle Attack
NTP Vulnerabilities
19. Can stop spoofed IP addresses
uRPF Strength
TCP/UDP Daytime Vulnerability
SSH Operating Layer
NTP Vulnerabilities
20. Major Version - Minor Version - Release - Interim Build - Release Train Identifier
Distribution Layer
IP Directed Broadcast
TLS/SSL Identifier
General Format of Cisco IOS Version
21. Access-list <number <deny | permit> source source-wildcard source-qualifier destination dest-wildcard dest-qualifier <log | log-input>
SSH1
Lower IP Standard ACL Range
Extended ACL format
Proxy ARP Vulnerabilities
22. Enterprise
23. 0x2F - or 47
ACL to block incoming loopback packets
TCP/UDP Chargen Vulnerability
SNMP
GRE Identifier
24. Smurf attacks - can enumerate the network
no service udp-small-servers
IP Direct Broadcast Vulnerabilties
Tunneling
Named ACL
25. The communication layer between the two other layers and provides network security - including ACLs - firewalls - any general public access servers and address translation; also known as the isolation LAN or DMZ
Integrity Validation
ACL to block a Smurf Attack or Fraggle Attack
Distribution Layer
Flags used by Established Line
26. Proprietary - used by Cisco routers and switches use to identify each other on LAN and WAN segments
Dynamic NAT
Distributed Denial of Service Attacks
Cisco Discovery Protocol (CDP)
Authenticating Peers
27. Software that passively monitors the connection requests flowing through the router; if a connection fails - the software sends a Reset to the server to clear up its state
TCP Intercept Watch Mode
Generic Routing Encapsulation (GRE)
TCP/UDP Discard Vulnerability
Named ACL Format
28. An extension of static mapping which allows for one global address to be mapped to multiple inside addresses; can be used for websites with multiple back end servers
SNMP Vulnerabilities
TCP Load Distribution
Outside Global Address
TCP Intercept Watch Mode
29. Router threat that involves the unauthorized viewing and collection of network traffic; usually accomplished with a packet sniffing program
no service tcp-small-servers
First Part of IOS Version
Eavesdropping and Information Theft
Privilege Level 1
30. DNS Poisoning
Cisco Discovery Protocol (CDP)
no ip finger - no service finger
DNS Lookup Vulnerability
Inside Global Address
31. Authentication Header (AH) and Encapsulated Security Payload (ESP)
HTTP Tunneling
Higher IP Standard ACL Range
L2TP Operating Layer
Two Protocols of Tunnel Mode
32. Traffic is passed in plaintext
Core Layer
Layer 2 Tunneling Protocol (L2TP)
Higher IP Standard ACL Range
HTTP Vulnerability
33. Two FIN bits or one RST bit
Requirements for Reflexive TCP to be removed
Privilege Level 0
IP Direct Broadcast Vulnerabilties
Proxy ARP
34. What Transport Mode is used for
echo - chargen - discard - daytime
Sixth (Optional) Part of the IOS Version
Host-to-Host Communications
Encapsulation Security Payload (ESP)
35. Routing mode depended on by uRPF in order to function
Finger Vulnerabilities
Cisco Express Forwarding (CEF)
Inside
Privilege Level 15
36. Transport and Tunnel
Local Addresses
Networks
HTTP Vulnerability
Two Modes of IPSec
37. These ACLs filter by network or host IP address and only filter on source
Standard IP ACLs
Third Part of the IOS Version
Sixth (Optional) Part of the IOS Version
L2TP Identifier
38. Commands to disable Finger Server
Proxy ARP
Train Identifier 'B'
no ip finger - no service finger
HTTP Operating Layer
39. Provides a checksum - ensuring traffic has not been modified along it's path
Cisco Discovery Protocol (CDP)
SSH2
General Format of Cisco IOS Version
Integrity Validation
40. Router threat that includes manipulating router updates to cause traffic to flow to unauthorized destinations
IPSec AH Identifier
Route Injection Attack
SSH Operating Layer
no ip finger - no service finger
41. DENY TCP ANY HOST <IP Address> EQ 23
ACL to block telnet
Generic Routing Encapsulation (GRE)
SNMP Trap
uRPF Strength
42. Privilege levels that can have passwords assigned to them
Devices
no ip mask-reply
Privilege Levels 2-13
Proxy ARP
43. Protocol used to keep their time-of-day clocks accurate and in sync
Network Time Protocol (NTP)
IP Source Routing Vulnerabilities
Fraggle Attack
SSH2
44. Time can be changed - Routing Table can be killed
SSH2
Unicast Reverse-Path Forwarding (uRPF)
NTP Vulnerabilities
CDP Vulnerabilities
45. Datagram protocol used by some hosts to load their operating system over the network via a central repository of IOS software
TCP/UDP Chargen Vulnerability
BOOTP
TLS/SSL Identifier
Inside Local Address
46. Accounts without passwords - Type 7 encryption - account privilege higher than 1 - able to be fingered
ACL to block IP multicast
User Account Vulnerabilites
Secure Shell (SSH)
Two Protocols of Tunnel Mode
47. Privilege level that restricts users to five commands (enable - disable - exit - help quit)
Boot Network
Two Modes of IPSec
Outside Global Address
Privilege Level 0
48. ESP - SSH - SSL/TLP
Secure Shell (SSH)
Encrypted Tunneling Methods
Core Layer
User Account Vulnerabilites
49. What Tunnel Mode is used for
Network-to-Network Communications
Access Layer
syslog
Fraggle Attack
50. Plaintext
Telnet - HTTP - SNMP Vulnerability
SNMP Vulnerabilities
Unicast Reverse-Path Forwarding (uRPF)
Authenticating Peers
