SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Router Security
Start Test
Study First
Subject
:
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. DENY IP 224.0.0.0 15.255.255.255 ANY
GRE Identifier
ACL to block IP multicast
Smurf Attack
Cisco Express Forwarding (CEF)
2. Privilege level that restricts users to five commands (enable - disable - exit - help quit)
Privilege Level 0
SNMP Trap
ACL to block incoming loopback packets
Train Identifier 'B'
3. Major Version
IP Source Routing
First Part of IOS Version
Fraggle Attack
Networks
4. UDP Port 514
syslog
Unicast Reverse-Path Forwarding (uRPF)
Privilege Levels 2-13
Two Types of Router Access
5. Interim Build Number
no service udp-small-servers
Fourth Part of the IOS Version
SNMP
Inside Global Address
6. Layer 7
Privilege Levels 2-13
SSH Operating Layer
syslog
General Format of Cisco IOS Version
7. UDP Port 1701
Named ACL Format
Third Part of the IOS Version
Two Modes of IPSec
L2TP Identifier
8. Layer 3
GRE Operating Layer
GRE Identifier
Transport Mode
Minimum ACLs Required for Reflexive ACLs
9. What Transport Mode is used for
Host-to-Host Communications
Three Layers of Hierarchical Model
ACL to block spoofed IPs
Common uses of Access Lists
10. Command to disable BOOTP Server
no ip bootp server
SNMP Vulnerabilities
IP Spoofing
GRE Identifier
11. Startup-config can be deleted - copied - changed
TCP/UDP Discard Vulnerability
Authenticating Peers
Boot Network Vulnerabilities
Three Physical Security Vulnerabilities
12. Router threat that involves a hacker inserting a spoofed TCP/IP packet into a stream - thereby enabling commands to be executed on the remote host
Two Types of Router Access
TCP/UDP Discard Vulnerability
Distribution Layer
Session Hijacking
13. Router threat where access by an entity or individual other than authorized users
Anti-Replay
Unauthorized Access
Proxy ARP Vulnerabilities
Privilege Levels 2-13
14. Refers to addresses used on the organization's private network
DNS Lookup Vulnerability
Route Injection Attack
TLS/SSL Identifier
Global Addresses
15. What Inside and Outside refer to in NAT
Inside Local Address
Outside Global Address
Devices
Lower IP Standard ACL Range
16. Can copy - poison - corrupt - or delete the IOS
no ip unreachable
Lower IP Standard ACL Range
BOOTP Vulnerabilities
IP Source Routing
17. Two - one Inbound or Evaluated and one Outbound or Reflected
ACL to block a Smurf Attack or Fraggle Attack
Minimum ACLs Required for Reflexive ACLs
Inside Local Address
IP Unreachable Vulnerabilities
18. DNS Poisoning
SSH2
DNS Lookup Vulnerability
HTTPS Strength
Fraggle Attack
19. Command used to disable HTTP Server
Encrypted Tunneling Methods
Reflexive ACL
SNMP
no ip http server
20. Router threat that includes manipulating router updates to cause traffic to flow to unauthorized destinations
Network-to-Network Communications
Rerouting
Unicast Reverse-Path Forwarding (uRPF)
IP Mask Reply Vulnerabilities
21. Can stop spoofed IP addresses
uRPF Strength
syslog
Generic Routing Encapsulation (GRE)
Standard IP ACLs
22. 0x33 or 51
Privilege Levels 2-13
login local
TCP/UDP Chargen Vulnerability
IPSec AH Identifier
23. Uses SSL port 443
SSH
Encapsulation Security Payload (ESP)
Tunnel Mode
HTTPS Strength
24. Forces the user to enter both a valid username and password
Encrypting Traffic
L2TP Operating Layer
Privilege Level 1
login local
25. Technology
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
26. Commands to disable Finger Server
Lower IP Extended ACL Range
no ip finger - no service finger
Train Identifier 'B'
Smurf Attack
27. Provides a checksum - ensuring traffic has not been modified along it's path
Integrity Validation
Devices
no ip http server
Third Part of the IOS Version
28. Protects against repeating of secure sessions
Anti-Replay
HTTP Operating Layer
Train Identifier 'B'
Access List Rules
29. Can obtain CIDR and router ID
Outside Global Address
BOOTP Vulnerabilities
IP Mask Reply Vulnerabilities
TCP/UDP Echo Vulnerability
30. Attack that involves sending a packet to the router with the same IP address in the source and destination address fields - as well as the same port number in the source and destination port field - causing a denial of service
Three Physical Security Vulnerabilities
Land Attack
Tunneling
Fourth Part of the IOS Version
31. Ip accesslist extended <name1> - permit IP any any reflect <filename> - ip accesslist extended <name2> - evaluate <filename> - int f0/0 - ip access-group <name1> out - ip access-group <name2> in
Syntax for Reflexive ACLs
SNMP Vulnerabilities
Internet Protocol Security (IPSec)
TCP Load Distribution
32. Device - Hostname - IOS - IP Address - Ports - Model
First Part of IOS Version
Host-to-Host Communications
CDP Vulnerabilities
Tunneling
33. Ip access-list <standard | extended> name - permit TCP any any established
Encrypting Traffic
Named ACL Format
Fourth Part of the IOS Version
Eavesdropping and Information Theft
34. Router to Router Denial of Service
Inside Local Address
GRE Identifier
TCP/UDP Echo Vulnerability
SSH2
35. Uses only host keys to authenticate systems
ESP Operating Layer
IP Spoofing
Second Part of IOS Version
SSH2
36. When one network protocol called the payload protocol is encapsulated within a different delivery network - or provide a secure path through an untrusted network
Boot Network
Layer 2 Tunneling Protocol (L2TP)
TCP/UDP Echo Vulnerability
Tunneling
37. Enterprise
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
38. Attack that involves transmitting a volume of connections that cannot be completed at the destination - causing the queue to fill up and denying service to legitimate user
ACL to block spoofed IPs
no cdp run
Standard IP ACLs
TCP SYN Attack
39. Also known as Configuration Auto-Loading - allows routers to load their startup configuration from the network
SSH2
GRE Identifier
Boot Network
TCP Intercept
40. Router threat that involves the unauthorized viewing and collection of network traffic; usually accomplished with a packet sniffing program
Transport Layer Security (TLS) and Secure Sockets Layer (SSL)
Eavesdropping and Information Theft
SSH1
L2TP Identifier
41. Layer 5
ACL to block IP multicast
L2TP Operating Layer
HTTP Tunneling
Eavesdropping and Information Theft
42. Form of dynamic NAT that maps multiple unregistered IP addresses to a single registered IP address by using different ports; limited to ~64 -000 hosts
Overloading
Authenticating Peers
Train Identifier 'T'
Two Protocols of Tunnel Mode
43. No Known Vulnerability
TCP/UDP Discard Vulnerability
no ip bootp server
Higher IP Extended ACL Range
Privilege Level 1
44. An alternative for both standard and extended ACLs that allow you to refer to an ACL by a descriptive name instead of a number
TCP/UDP Echo Vulnerability
Named ACL
TCP/UDP Daytime Vulnerability
Core Layer
45. Command to disable UDP small server on a router
TCP SYN Attack
Eavesdropping and Information Theft
login local
no service udp-small-servers
46. TCP only - used to filter inbound traffic while allowing return TCP sessions - can be spoofed by attackers and cannot be used with Active FTP
no service tcp-small-servers
Transport Layer Security (TLS) and Secure Sockets Layer (SSL)
Established Line
Anti-Replay
47. Can discover vulnerabilities - network stats - and firewall discovery
IP Unreachable Vulnerabilities
General Format of Cisco IOS Version
Network Address Translation (NAT)
ACL to block IP multicast
48. Refers to the addresses on the public internet
Lower IP Standard ACL Range
Integrity Validation
First Part of IOS Version
Outside
49. Allows the source IP host to specify a route through the IP network
NTP Vulnerabilities
no service udp-small-servers
HTTP Tunneling
IP Source Routing
50. Attack that involves a multitude of compromised system attack a single target - denying service to it by exploiting one 'master' system that communicates with other 'zombie' systems
Network-to-Network Communications
User Account Vulnerabilites
TCP SYN Attack
Distributed Denial of Service Attacks