SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Router Security
Start Test
Study First
Subject
:
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Command to disable UDP small server on a router
no service tcp-small-servers
Generic Routing Encapsulation (GRE)
Cisco Express Forwarding (CEF)
no service udp-small-servers
2. Refers to addresses used on the organization's private network
L2TP Identifier
Global Addresses
Access List Rules
Static NAT
3. Also known as Configuration Auto-Loading - allows routers to load their startup configuration from the network
no service udp-small-servers
Devices
Boot Network
Encrypting Traffic
4. Command to disable BOOTP Server
no ip redirect
Syntax for Reflexive ACLs
SSH2
no ip bootp server
5. Tunnel Mode Protocol provides integrity - authentication - and non-repudiation and operates directly on top of IP
Smurf Attack
Boot Network Vulnerabilities
General Format of Cisco IOS Version
Authentication Header (AH)
6. Protocol that allows data to be exchanged using a secure channel between two computers via encryption
Secure Shell (SSH)
Proxy ARP Vulnerabilities
Uses for ACLs
no service tcp-small-servers
7. Authentication Header (AH) and Encapsulated Security Payload (ESP)
Two Protocols of Tunnel Mode
DNS Lookup Vulnerability
no ip http server
IP Directed Broadcast
8. Top of the hierarchy - responsible for transporting large amounts of traffic both reliably and quickly and switching traffic as fast as possible throughout the internet
GRE Identifier
TCP/UDP Echo Vulnerability
syslog
Core Layer
9. Form of dynamic NAT that maps multiple unregistered IP addresses to a single registered IP address by using different ports; limited to ~64 -000 hosts
Sixth (Optional) Part of the IOS Version
Overloading
TCP Intercept Watch Mode
Common uses of Access Lists
10. 0x33 or 51
General Format of Cisco IOS Version
SSH Operating Layer
Network Address Translation (NAT)
IPSec AH Identifier
11. Tunnel Mode Protocol provides confidentiality - along with authentication and integrity protection with encryption
Encapsulation Security Payload (ESP)
Train Identifier 'S'
Proxy ARP Vulnerabilities
Telnet - HTTP - SNMP Vulnerability
12. Attack that involves sending a large amount of ICMP Echo packets to a subnet's broadcast address with a spoofed source IP address from that subnet
Session Hijacking
Land Attack
Smurf Attack
Network Address Translation (NAT)
13. Router threat that includes manipulating router updates to cause traffic to flow to unauthorized destinations
Higher IP Standard ACL Range
Syntax for Reflexive ACLs
Rerouting
Inside
14. Interim Build Number
Dynamic NAT
Fourth Part of the IOS Version
Boot Network Vulnerabilities
BOOTP
15. DENY IP 127.0.0.0 0.255.255.255 ANY
ACL to block incoming loopback packets
Proxy ARP
TCP/UDP Echo Vulnerability
Named ACL
16. Public IP address before translation
BOOTP Vulnerabilities
SSH2
Outside Local Address
no ip http server
17. This layer controls user and workgroup acess to the Internetwork resources at the local level using segmentation of networks to create separate collision domains - AKA an organization's trusted network
IP Source Routing Vulnerabilities
Access Layer
Tunneling
Train Idenifier 'E'
18. What Transport Mode is used for
Host-to-Host Communications
SNMP Vulnerabilities
SSH1
Transport Mode
19. Provides a checksum - ensuring traffic has not been modified along it's path
SNMP
Integrity Validation
Inside
TCP Intercept Watch Mode
20. Router threat that involves a hacker inserting a spoofed TCP/IP packet into a stream - thereby enabling commands to be executed on the remote host
Boot Network
Requirements for Reflexive TCP to be removed
Privilege Level 1
Session Hijacking
21. Proprietary - used by Cisco routers and switches use to identify each other on LAN and WAN segments
Cisco Discovery Protocol (CDP)
TLS/SSL Identifier
Finger Vulnerabilities
TCP/UDP Echo Vulnerability
22. DENY TCP ANY HOST <IP Address> EQ 23
echo - chargen - discard - daytime
SSH Operating Layer
ACL to block telnet
Fraggle Attack
23. Attack that involves a multitude of compromised system attack a single target - denying service to it by exploiting one 'master' system that communicates with other 'zombie' systems
Distributed Denial of Service Attacks
DNS Lookup Vulnerability
no ip http server
Flags used by Established Line
24. Command used to disable the ICMP message Host Unreachable
Fifth Part of the IOS Version
Second Part of IOS Version
Proxy ARP Vulnerabilities
no ip unreachable
25. Router threat that refers to willful attempts to cause such disruptions by overwhelming the targeted system with improperly formatted traffic
ESP Operating Layer
Denial of Service (DoS)
ACL to block incoming loopback packets
Privilege Level 15
26. Major Version
NTP Vulnerabilities
Fraggle Attack
First Part of IOS Version
Third Part of the IOS Version
27. Layer 3
TLS/SSL Layer
SNMP
Integrity Validation
IPSec AH Operating Layer
28. Can obtain CIDR and router ID
CDP Vulnerabilities
IP Mask Reply Vulnerabilities
Uses for ACLs
Telnet - HTTP - SNMP Vulnerability
29. The environment - catastrophic events an unauthorized access
Three Physical Security Vulnerabilities
Authenticating Peers
Lower IP Extended ACL Range
Standard IP ACLs
30. 0x32 - or 50
ESP Identifier
Denial of Service (DoS)
Transport Layer Security (TLS) and Secure Sockets Layer (SSL)
login local
31. Privilege level that is restricted to basic level operations
Distribution Layer
Masquerading
Privilege Level 1
SSH Identifier
32. Router threat where access by an entity or individual other than authorized users
Unauthorized Access
AUX Vulnerability
Generic Routing Encapsulation (GRE)
Three Layers of Hierarchical Model
33. What Inside and Outside refer to in NAT
no ip http server
Third Part of the IOS Version
Devices
Outside
34. Private IP address after translation
no ip http server
Inside Global Address
Access List Rules
no ip finger - no service finger
35. Minor Version
First Part of IOS Version
Distribution Layer
Land Attack
Second Part of IOS Version
36. Local and Remote
Two Types of Router Access
HTTP Tunneling
Cisco Discovery Protocol (CDP)
no ip bootp server
37. What Tunnel Mode is used for
Network-to-Network Communications
SSH
Reflexive ACL
Privilege Level 15
38. Refers to addresses used on the organization's private network
IP Spoofing
Devices
ACL to block TCP SYN Attack
Local Addresses
39. Must be made at global config mode - created from CON/VTY session or text file - read top to bottom - applied at the interface and only one ACL per direction - per protocol - per interface
Distributed Denial of Service Attacks
Access List Rules
Inside
Network-to-Network Communications
40. Smurf attacks - can enumerate the network
Two Types of Router Access
BOOTP
IP Direct Broadcast Vulnerabilties
Common uses of Access Lists
41. Command to disable TCP small server on a router
IP Direct Broadcast Vulnerabilties
ACL to block a Land Attack
no service tcp-small-servers
Unauthorized Access
42. Allows the source IP host to specify a route through the IP network
Core Layer
IP Source Routing
IP Source Routing Vulnerabilities
SSH2
43. Can copy - poison - corrupt - or delete the IOS
no cdp run
TCP SYN Attack
IPSec AH Identifier
BOOTP Vulnerabilities
44. Command used to disable HTTP Server
Masquerading
SSH Operating Layer
Higher IP Standard ACL Range
no ip http server
45. Transport and Tunnel
Two Modes of IPSec
GRE Operating Layer
Uses for ACLs
Three Physical Security Vulnerabilities
46. TCP Port 22
TCP/UDP Echo Vulnerability
SSH Identifier
IPSec AH Operating Layer
BOOTP Vulnerabilities
47. ACK and RST
ACL to block a Land Attack
Transport Mode
Flags used by Established Line
Finger Vulnerabilities
48. Attack that involves sending a packet to the router with the same IP address in the source and destination address fields - as well as the same port number in the source and destination port field - causing a denial of service
Dynamic NAT
First Part of IOS Version
TCP/UDP Echo Vulnerability
Land Attack
49. Four TCP/UDP Small Server commands recommended to disable
Encrypted Tunneling Methods
User Account Vulnerabilites
echo - chargen - discard - daytime
Train Idenifier 'E'
50. Layer 7
SSH Operating Layer
Extended ACL format
Outside
Fifth Part of the IOS Version
