SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Router Security
Start Test
Study First
Subject
:
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Startup-config can be deleted - copied - changed
Boot Network Vulnerabilities
no ip http server
Train Identifier 'T'
NTP Vulnerabilities
2. Local IP address before translation
AUX Vulnerability
Three Physical Security Vulnerabilities
Privilege Levels 2-13
Inside Local Address
3. Protocol used to keep their time-of-day clocks accurate and in sync
Network Time Protocol (NTP)
Privilege Level 1
ACL to block incoming loopback packets
ESP Operating Layer
4. Software that blocks packets from unreachable hosts - thus allowing only reachable external hosts to initiate connections to a host on an internal network
Boot Network
TCP Intercept
Uses for ACLs
Train Identifier 'B'
5. Software that passively monitors the connection requests flowing through the router; if a connection fails - the software sends a Reset to the server to clear up its state
Second Part of IOS Version
TLS/SSL Identifier
IP Spoofing
TCP Intercept Watch Mode
6. Router threat that refers to willful attempts to cause such disruptions by overwhelming the targeted system with improperly formatted traffic
login local
Privilege Levels 2-13
Inside Global Address
Denial of Service (DoS)
7. These ACLs filter by network or host IP addresses andspecific protocol type or port numbers - filters by source and destination
Three Physical Security Vulnerabilities
Generic Routing Encapsulation (GRE)
Land Attack
Extended IP ACLs
8. Attack that involves sending a large amount of ICMP Echo packets to a subnet's broadcast address with a spoofed source IP address from that subnet
Smurf Attack
Session Hijacking
Two Protocols of Tunnel Mode
HTTP Vulnerability
9. Command used to disable the ICMP message Host Unreachable
TCP Load Distribution
Third Part of the IOS Version
IPSec AH Identifier
no ip unreachable
10. None - uses attach application protocol's layer
ACL to block TCP SYN Attack
TLS/SSL Layer
HTTPS Strength
Unicast Reverse-Path Forwarding (uRPF)
11. Service Provider
12. Layer 7
HTTP Operating Layer
Session Hijacking
echo - chargen - discard - daytime
ACL to block incoming loopback packets
13. 33400-34400
UDP Traceroute Port Range
Route Injection Attack
Generic Routing Encapsulation (GRE)
no cdp run
14. Command used to disable the ICMP message Address Mask Reply
no ip bootp server
no ip mask-reply
Standard IP ACLs
Inside
15. Attack that involves sending a packet to the router with the same IP address in the source and destination address fields - as well as the same port number in the source and destination port field - causing a denial of service
CDP Vulnerabilities
Land Attack
ACL to block a Smurf Attack or Fraggle Attack
no ip redirect
16. Attack that involves sending a large amount of UDP Echo packets to a subnet's broadcast address with a spoofed source IP address from that subnet
SNMP
Proxy ARP
Fraggle Attack
no cdp run
17. Command to disable BOOTP Server
no ip bootp server
HTTP Tunneling
IP Direct Broadcast Vulnerabilties
no ip redirect
18. Attack that involves a multitude of compromised system attack a single target - denying service to it by exploiting one 'master' system that communicates with other 'zombie' systems
Distributed Denial of Service Attacks
Proxy ARP
Authentication Header (AH)
Fourth Part of the IOS Version
19. 2000-2699
IPSec AH Operating Layer
Lower IP Extended ACL Range
echo - chargen - discard - daytime
Requirements for Reflexive TCP to be removed
20. When one network protocol called the payload protocol is encapsulated within a different delivery network - or provide a secure path through an untrusted network
Outside Local Address
Tunneling
IPSec AH Operating Layer
Transport Layer Security (TLS) and Secure Sockets Layer (SSL)
21. 1300-1999
Named ACL Format
uRPF Strength
ACL to block a Smurf Attack or Fraggle Attack
Higher IP Standard ACL Range
22. Geolocational positioning
IP Source Routing Vulnerabilities
Flags used by Established Line
TCP/UDP Daytime Vulnerability
Network Address Translation (NAT)
23. Tunnel Mode Protocol provides integrity - authentication - and non-repudiation and operates directly on top of IP
Encapsulation Security Payload (ESP)
no ip mask-reply
Authentication Header (AH)
NTP Vulnerabilities
24. Allows for a one-to-one translation of local to global addresses; used by web servers and mail servers so that users can connect to them via their global address
no ip mask-reply
SSH2
NTP Vulnerabilities
Static NAT
25. The environment - catastrophic events an unauthorized access
Train Identifier 'S'
Three Physical Security Vulnerabilities
Boot Network Vulnerabilities
no ip redirect
26. Command to disable CDP on a router
ESP Operating Layer
no cdp run
Host-to-Host Communications
SSH2
27. A method of bypassing firewall or proxy restrictions by making the firewall think that it is getting traffic from a web browser
User Account Vulnerabilites
Encrypted Tunneling Methods
Masquerading
HTTP Tunneling
28. ACK and RST
Flags used by Established Line
Integrity Validation
DNS Lookup Vulnerability
TLS/SSL Layer
29. 0x33 or 51
Masquerading
IPSec AH Identifier
TCP Intercept Watch Mode
Privilege Level 1
30. Router threat that occurs when an attacker manipulates IP packets to falsify IP addresses - causing network disruptions as the router attempts to process the packet
IP Spoofing
Smurf Attack
Distribution Layer
Cisco Express Forwarding (CEF)
31. Can copy - poison - corrupt - or delete the IOS
Train Idenifier 'E'
Session Hijacking
BOOTP Vulnerabilities
uRPF Strength
32. Also known as Configuration Auto-Loading - allows routers to load their startup configuration from the network
Standard ACL format
Distributed Denial of Service Attacks
Boot Network
Fourth Part of the IOS Version
33. Local and Remote
GRE Identifier
Sixth (Optional) Part of the IOS Version
Devices
Two Types of Router Access
34. What Transport Mode is used for
IP Source Routing Vulnerabilities
Host-to-Host Communications
L2TP Operating Layer
Transport Mode
35. Release Train Identifier
Privilege Level 0
Authentication Header (AH)
Fifth Part of the IOS Version
Named ACL
36. Permits a host on one LAN segment to initiate a physical broadcast on a different LAN segment
IPSec AH Identifier
Transport Layer Security (TLS) and Secure Sockets Layer (SSL)
IP Directed Broadcast
no ip http server
37. Technology
38. Four TCP/UDP Small Server commands recommended to disable
echo - chargen - discard - daytime
Proxy ARP
Inside
Privilege Levels 2-13
39. A suite of protocols for securing Internet Protocol communications by authenticating and/or encrypting each IP packet in a data stream
SSH Identifier
Smurf Attack
Internet Protocol Security (IPSec)
Telnet - HTTP - SNMP Vulnerability
40. DENY IP HOST <Inbound IP Address> HOST <Inbound IP Address>
Networks
ACL to block a Land Attack
IP Source Routing
IP Directed Broadcast
41. Broadcast
42. Command used to disable HTTP Server
no ip http server
TCP Intercept
TLS/SSL Layer
Proxy ARP
43. DENY IP 127.0.0.0 0.255.255.255 ANY
IPSec AH Operating Layer
Two Types of Router Access
ACL to block a Smurf Attack or Fraggle Attack
ACL to block incoming loopback packets
44. Proprietary - used by Cisco routers and switches use to identify each other on LAN and WAN segments
echo - chargen - discard - daytime
Smurf Attack
Cisco Discovery Protocol (CDP)
Generic Routing Encapsulation (GRE)
45. Helps to mitigate problems that are caused by the introduction of malformed or spoofed IP source addresses into a network by discarding packets lacking a verifiable IP source address
Distribution Layer
Unicast Reverse-Path Forwarding (uRPF)
IPSec AH Identifier
Higher IP Standard ACL Range
46. Translates multiple local addresses to a pool of global addresses by having the firewall select the first available global address; retains the global address for the duration of the connection
Dynamic NAT
General Format of Cisco IOS Version
Access Layer
Established Line
47. Transport and Tunnel
Extended ACL format
Two Modes of IPSec
no ip finger - no service finger
SNMP Vulnerabilities
48. Attack that involves transmitting a volume of connections that cannot be completed at the destination - causing the queue to fill up and denying service to legitimate user
ACL to block a Land Attack
TCP SYN Attack
ACL to block a Smurf Attack or Fraggle Attack
echo - chargen - discard - daytime
49. Ip access-list <standard | extended> name - permit TCP any any established
Named ACL Format
Network Time Protocol (NTP)
IP Direct Broadcast Vulnerabilties
Train Identifier 'S'
50. Provides a checksum - ensuring traffic has not been modified along it's path
Integrity Validation
UDP Traceroute Port Range
Privilege Level 0
Transport Layer Security (TLS) and Secure Sockets Layer (SSL)
