Test your basic knowledge |

Router Security

Subject : it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Minor Version
Second Part of IOS Version
Fifth Part of the IOS Version
no service tcp-small-servers
IPSec AH Operating Layer

2. Public IP address before translation
Inside
no ip unreachable
SNMP Trap
Outside Local Address

3. TCP Port 22
ntp disable
Train Identifier 'S'
no ip redirect
SSH Identifier

4. When a router acts as an intermediary for ARP queries on selected interfaces and enabling transparent access between multiple LAN segments
SSH2
SNMP
Proxy ARP
Fifth Part of the IOS Version

5. Proprietary - used by Cisco routers and switches use to identify each other on LAN and WAN segments
Cisco Discovery Protocol (CDP)
ACL to block IP multicast
Encapsulation Security Payload (ESP)
Two Protocols of Tunnel Mode

6. Router to Router Denial of Service
TCP Intercept Watch Mode
TCP/UDP Echo Vulnerability
Inside Global Address
Fraggle Attack

7. Command used to disable NTP on an interface
Eavesdropping and Information Theft
Standard ACL format
Lower IP Standard ACL Range
ntp disable

8. Protocol used to keep their time-of-day clocks accurate and in sync
Integrity Validation
Unauthorized Access
Network Time Protocol (NTP)
L2TP Identifier

9. Command used to disable the ICMP message Host Unreachable
ESP Identifier
no ip unreachable
Masquerading
Syntax for Reflexive ACLs

10. Authentication Header (AH) and Encapsulated Security Payload (ESP)
Two Protocols of Tunnel Mode
SSH1
Higher IP Extended ACL Range
Secure Shell (SSH)

11. What Local and Global refer to in NAT
Inside Local Address
Session Hijacking
Networks
UDP Traceroute Port Range

12. DNS Poisoning
Second Part of IOS Version
DNS Lookup Vulnerability
Higher IP Extended ACL Range
Devices

13. 0x2F - or 47
GRE Identifier
Cisco Express Forwarding (CEF)
ACL to block telnet
Authenticating Peers

14. Access-list <number> <deny | permit> source source-wildcard log
SNMP
L2TP Operating Layer
Standard ACL format
HTTP Operating Layer

15. Release Train Identifier
Two Protocols of Tunnel Mode
Transport Mode
Fifth Part of the IOS Version
ACL to block a Land Attack

16. TCP and UDP Port 162
SSH Operating Layer
SNMP Trap
Syntax for Reflexive ACLs
Cisco Express Forwarding (CEF)

17. The host can specify which route to take - which bypasses security
Sixth (Optional) Part of the IOS Version
HTTP Tunneling
IP Source Routing Vulnerabilities
Unicast Reverse-Path Forwarding (uRPF)

18. Also known as Configuration Auto-Loading - allows routers to load their startup configuration from the network
SSH2
no service tcp-small-servers
Boot Network
Minimum ACLs Required for Reflexive ACLs

19. Time can be changed - Routing Table can be killed
NTP Vulnerabilities
Cisco Express Forwarding (CEF)
Train Identifier 'T'
Requirements for Reflexive TCP to be removed

20. Command to disable CDP on a router
no ip finger - no service finger
Encapsulation Security Payload (ESP)
SSH Operating Layer
no cdp run

21. Provides nonrepudiation - ensuring that traffic is from a trusted party
Train Idenifier 'E'
Authenticating Peers
Outside Global Address
Land Attack

22. Plaintext
L2TP Identifier
no ip http server
ACL to block telnet
Telnet - HTTP - SNMP Vulnerability

23. What Tunnel Mode is used for
SNMP Vulnerabilities
Network-to-Network Communications
Inside
Fraggle Attack

24. Attack that involves transmitting a volume of connections that cannot be completed at the destination - causing the queue to fill up and denying service to legitimate user
Session Hijacking
TCP SYN Attack
Route Injection Attack
Authenticating Peers

25. Broadcast

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

26. Attack that involves sending a large amount of ICMP Echo packets to a subnet's broadcast address with a spoofed source IP address from that subnet
ACL to block IP multicast
no ip finger - no service finger
Smurf Attack
Authenticating Peers

27. Layer 7
SNMP Trap
SSH Operating Layer
Lower IP Extended ACL Range
Cisco Express Forwarding (CEF)

28. What Inside and Outside refer to in NAT
Devices
TCP/UDP Echo Vulnerability
Host-to-Host Communications
no service udp-small-servers

29. Provides confidentiality - so it cannot be read by unauthorized parties
TLS/SSL Identifier
Encrypting Traffic
TLS/SSL Layer
Transport Layer Security (TLS) and Secure Sockets Layer (SSL)

30. DENY TCP ANY HOST <IP Address> EQ 23
Static NAT
ACL to block telnet
ACL to block a Smurf Attack or Fraggle Attack
no ip mask-reply

31. War dialing
AUX Vulnerability
no ip redirect
Proxy ARP
DNS Lookup Vulnerability

32. Geolocational positioning
Train Identifier 'T'
TCP/UDP Daytime Vulnerability
Named ACL Format
TLS/SSL Layer

33. Datagram protocol used by some hosts to load their operating system over the network via a central repository of IOS software
Smurf Attack
BOOTP
Network Time Protocol (NTP)
Integrity Validation

34. Allows the source IP host to specify a route through the IP network
IP Spoofing
IP Source Routing
TLS/SSL Identifier
Train Identifier 'T'

35. Interim Build Number
TCP/UDP Discard Vulnerability
Fourth Part of the IOS Version
Cisco Discovery Protocol (CDP)
SNMP

36. Transport and Tunnel
Higher IP Standard ACL Range
Land Attack
Proxy ARP Vulnerabilities
Two Modes of IPSec

37. Uses server and host keys to authenticate systems
Train Identifier 'T'
SSH1
Tunneling
no service udp-small-servers

38. TCP Port 80
HTTP Identifier
TCP Load Distribution
Standard IP ACLs
SNMP Vulnerabilities

39. ACK and RST
SNMP
TCP Intercept
User Account Vulnerabilites
Flags used by Established Line

40. Router threat where access by an entity or individual other than authorized users
DNS Lookup Vulnerability
Outside
Unauthorized Access
Train Identifier 'T'

41. Device - Hostname - IOS - IP Address - Ports - Model
Privilege Level 1
CDP Vulnerabilities
Privilege Levels 2-13
HTTP Operating Layer

42. Software that passively monitors the connection requests flowing through the router; if a connection fails - the software sends a Reset to the server to clear up its state
Inside
Fraggle Attack
TCP Intercept Watch Mode
ACL to block a Smurf Attack or Fraggle Attack

43. DENY IP 127.0.0.0 0.255.255.255 ANY
ACL to block incoming loopback packets
uRPF Strength
Outside Global Address
HTTP Tunneling

44. PERMIT TCP ANY ANY ESTABLISHED
Networks
Finger Vulnerabilities
ACL to block TCP SYN Attack
ACL to block a Smurf Attack or Fraggle Attack

45. Top of the hierarchy - responsible for transporting large amounts of traffic both reliably and quickly and switching traffic as fast as possible throughout the internet
Sixth (Optional) Part of the IOS Version
Core Layer
Global Addresses
Uses for ACLs

46. Must be made at global config mode - created from CON/VTY session or text file - read top to bottom - applied at the interface and only one ACL per direction - per protocol - per interface
Privilege Level 1
TCP/UDP Chargen Vulnerability
Train Identifier 'B'
Access List Rules

47. Refers to addresses used on the organization's private network
Unicast Reverse-Path Forwarding (uRPF)
Lower IP Extended ACL Range
Layer 2 Tunneling Protocol (L2TP)
Global Addresses

48. None - uses attach application protocol's layer
TCP/UDP Daytime Vulnerability
TLS/SSL Layer
ACL to block incoming loopback packets
SSH2

49. The communication layer between the two other layers and provides network security - including ACLs - firewalls - any general public access servers and address translation; also known as the isolation LAN or DMZ
Encrypting Traffic
syslog
Distribution Layer
GRE Operating Layer

50. UDP Port 1701
HTTP Vulnerability
no ip redirect
Lower IP Standard ACL Range
L2TP Identifier