Test your basic knowledge |

Router Security

Subject : it-skills
Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Permits a host on one LAN segment to initiate a physical broadcast on a different LAN segment






2. Layer 3






3. These ACLs filter by network or host IP address and only filter on source






4. What Local and Global refer to in NAT






5. Dialer List - Routing Maps - Dynamic Routing Protocols - Controlling Remote Access - NAT'ing - Traffic Filtering






6. Plaintext






7. These ACLs filter by network or host IP addresses andspecific protocol type or port numbers - filters by source and destination






8. Allows packets to be filtered based on upper-layer session information - only uses extended temporary ACL's and must be named - applied on border routers






9. Mode where the entire packet is encrypted and/or authenticated - requiring a new IP packet to be encapsulated






10. Allows the source IP host to specify a route through the IP network






11. Ip access-list <standard | extended> name - permit TCP any any established






12. Attack that involves sending a large amount of ICMP Echo packets to a subnet's broadcast address with a spoofed source IP address from that subnet






13. No Known Vulnerability






14. Uses only host keys to authenticate systems






15. Also known as Configuration Auto-Loading - allows routers to load their startup configuration from the network






16. DENY IP 127.0.0.0 0.255.255.255 ANY






17. Ip accesslist extended <name1> - permit IP any any reflect <filename> - ip accesslist extended <name2> - evaluate <filename> - int f0/0 - ip access-group <name1> out - ip access-group <name2> in






18. Service Provider


19. A secure alternative to telnet for remote administration that supported in Enterprise versions of Cisco IOS






20. Protects against repeating of secure sessions






21. Access - Distribution - Core






22. Attack that involves transmitting a volume of connections that cannot be completed at the destination - causing the queue to fill up and denying service to legitimate user






23. Must be made at global config mode - created from CON/VTY session or text file - read top to bottom - applied at the interface and only one ACL per direction - per protocol - per interface






24. Public IP address before translation






25. Software that blocks packets from unreachable hosts - thus allowing only reachable external hosts to initiate connections to a host on an internal network






26. Minor Version






27. What Inside and Outside refer to in NAT






28. The host can specify which route to take - which bypasses security






29. None - uses attached application protocol's port






30. Privilege level that is restricted to basic level operations






31. Data link layer protocol used for tunneling network traffic between two peers over an existing network - often used with IPsec to secure packets






32. Uses SSL port 443






33. Forces the user to enter both a valid username and password






34. Command to disable BOOTP Server






35. The environment - catastrophic events an unauthorized access






36. The communication layer between the two other layers and provides network security - including ACLs - firewalls - any general public access servers and address translation; also known as the isolation LAN or DMZ






37. Cisco default tunneling protocol that uses multicast addressing without encryption and is designed to encapsulate a wide variety of network layer packets inside IP tunneling packets






38. Lists interfaces - routing table - ARP table - physical and network addresses - time last booted






39. Broadcast


40. Buffer Overflow






41. Translates multiple local addresses to a pool of global addresses by having the firewall select the first available global address; retains the global address for the duration of the connection






42. ESP - SSH - SSL/TLP






43. 0x33 or 51






44. When a router acts as an intermediary for ARP queries on selected interfaces and enabling transparent access between multiple LAN segments






45. ACK and RST






46. Layer 7






47. 0x32 - or 50






48. Router to Router Denial of Service






49. Accounts without passwords - Type 7 encryption - account privilege higher than 1 - able to be fingered






50. TCP and UDP Port 161