SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Router Security
Start Test
Study First
Subject
:
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Software that passively monitors the connection requests flowing through the router; if a connection fails - the software sends a Reset to the server to clear up its state
TCP Intercept Watch Mode
Network Address Translation (NAT)
TLS/SSL Identifier
Local Addresses
2. DENY IP 127.0.0.0 0.255.255.255 ANY
Train Idenifier 'E'
ACL to block incoming loopback packets
Outside Global Address
HTTPS Strength
3. Refers to the organization's private network
Inside
Route Injection Attack
Extended IP ACLs
Train Idenifier 'E'
4. The host can specify which route to take - which bypasses security
Finger Vulnerabilities
IP Source Routing Vulnerabilities
no ip http server
Transport Layer Security (TLS) and Secure Sockets Layer (SSL)
5. UDP Port 1701
L2TP Identifier
GRE Identifier
Cisco Discovery Protocol (CDP)
SSH Operating Layer
6. Layer 3
Inside
L2TP Operating Layer
GRE Operating Layer
Transport Layer Security (TLS) and Secure Sockets Layer (SSL)
7. Command used to disable HTTP Server
TCP Intercept Watch Mode
ESP Identifier
no ip http server
Network Time Protocol (NTP)
8. Software that blocks packets from unreachable hosts - thus allowing only reachable external hosts to initiate connections to a host on an internal network
HTTP Tunneling
ACL to block IP multicast
TCP Intercept
Fourth Part of the IOS Version
9. Buffer Overflow
TCP/UDP Chargen Vulnerability
SSH
ACL to block TCP SYN Attack
SNMP Trap
10. PERMIT TCP ANY ANY ESTABLISHED
Named ACL
Rerouting
ACL to block TCP SYN Attack
ACL to block incoming loopback packets
11. Can obtain CIDR and router ID
Uses for ACLs
Flags used by Established Line
Train Identifier 'S'
IP Mask Reply Vulnerabilities
12. DENY IP 224.0.0.0 15.255.255.255 ANY
Encrypting Traffic
ACL to block IP multicast
Flags used by Established Line
HTTPS Strength
13. Can copy - poison - corrupt - or delete the IOS
SSH1
TLS/SSL Identifier
IP Spoofing
BOOTP Vulnerabilities
14. Attack that involves a multitude of compromised system attack a single target - denying service to it by exploiting one 'master' system that communicates with other 'zombie' systems
Layer 2 Tunneling Protocol (L2TP)
Internet Protocol Security (IPSec)
IP Source Routing Vulnerabilities
Distributed Denial of Service Attacks
15. Router threat where access by an entity or individual other than authorized users
uRPF Strength
no ip mask-reply
no cdp run
Unauthorized Access
16. Tunnel Mode Protocol provides confidentiality - along with authentication and integrity protection with encryption
Anti-Replay
Encapsulation Security Payload (ESP)
Cisco Express Forwarding (CEF)
TCP/UDP Chargen Vulnerability
17. Refers to addresses used on the organization's private network
Lower IP Extended ACL Range
CDP Vulnerabilities
syslog
Local Addresses
18. Protocol that allows data to be exchanged using a secure channel between two computers via encryption
Established Line
Third Part of the IOS Version
Secure Shell (SSH)
Boot Network Vulnerabilities
19. Uses only host keys to authenticate systems
SSH2
ACL to block spoofed IPs
AUX Vulnerability
Network-to-Network Communications
20. Lists interfaces - routing table - ARP table - physical and network addresses - time last booted
Higher IP Extended ACL Range
SNMP Vulnerabilities
ACL to block IP multicast
Sixth (Optional) Part of the IOS Version
21. A secure alternative to telnet for remote administration that supported in Enterprise versions of Cisco IOS
login local
Second Part of IOS Version
SSH
Fifth Part of the IOS Version
22. Traffic is passed in plaintext
HTTP Vulnerability
SSH1
Established Line
Train Identifier 'T'
23. No Known Vulnerability
TCP/UDP Discard Vulnerability
L2TP Operating Layer
Encrypting Traffic
Three Layers of Hierarchical Model
24. Local and Remote
Two Types of Router Access
Privilege Levels 2-13
SSH Identifier
DNS Lookup Vulnerability
25. Forces the user to enter both a valid username and password
Distributed Denial of Service Attacks
Proxy ARP
login local
Session Hijacking
26. Command to disable TCP small server on a router
Access List Rules
no service tcp-small-servers
TCP SYN Attack
SSH
27. None - uses attached application protocol's port
Privilege Level 15
echo - chargen - discard - daytime
TLS/SSL Identifier
HTTP Vulnerability
28. This layer controls user and workgroup acess to the Internetwork resources at the local level using segmentation of networks to create separate collision domains - AKA an organization's trusted network
Networks
Access Layer
GRE Identifier
GRE Operating Layer
29. 2000-2699
Internet Protocol Security (IPSec)
Requirements for Reflexive TCP to be removed
Lower IP Extended ACL Range
no ip unreachable
30. Layer 7
Distribution Layer
HTTP Operating Layer
DNS Lookup Vulnerability
Train Identifier 'S'
31. TCP and UDP Port 161
SNMP
no ip finger - no service finger
Land Attack
Cisco Discovery Protocol (CDP)
32. Block spoofed IP packets - block loopback packets - block IP multicast if unused - block ICMP redirects - Block telnet if not used
SNMP Trap
Train Idenifier 'E'
Common uses of Access Lists
L2TP Identifier
33. A method of bypassing firewall or proxy restrictions by making the firewall think that it is getting traffic from a web browser
Fraggle Attack
GRE Identifier
HTTP Tunneling
ESP Identifier
34. Data link layer protocol used for tunneling network traffic between two peers over an existing network - often used with IPsec to secure packets
Layer 2 Tunneling Protocol (L2TP)
Named ACL
no ip http server
no ip finger - no service finger
35. Router threat that includes manipulating router updates to cause traffic to flow to unauthorized destinations
Sixth (Optional) Part of the IOS Version
TCP/UDP Discard Vulnerability
Rerouting
Layer 2 Tunneling Protocol (L2TP)
36. The environment - catastrophic events an unauthorized access
Three Physical Security Vulnerabilities
Lower IP Standard ACL Range
Train Identifier 'T'
Finger Vulnerabilities
37. Router threat that includes manipulating router updates to cause traffic to flow to unauthorized destinations
IP Directed Broadcast
Route Injection Attack
IP Spoofing
Host-to-Host Communications
38. Rewrites the and/or destination IP address of IP packets as they pass through a router or firewall from private to public addresses
Local Addresses
no ip http server
First Part of IOS Version
Network Address Translation (NAT)
39. Major Version
Cisco Express Forwarding (CEF)
First Part of IOS Version
UDP Traceroute Port Range
Proxy ARP
40. TCP Port 22
ACL to block incoming loopback packets
no ip redirect
SSH Identifier
IP Source Routing Vulnerabilities
41. Public IP address before translation
Outside Local Address
DNS Lookup Vulnerability
SSH
HTTPS Strength
42. Two FIN bits or one RST bit
Two Modes of IPSec
Requirements for Reflexive TCP to be removed
Two Types of Router Access
Extended ACL format
43. Access-list <number> <deny | permit> source source-wildcard log
Extended IP ACLs
Encrypted Tunneling Methods
Three Layers of Hierarchical Model
Standard ACL format
44. Technology
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
45. Router threat that involves a hacker inserting a spoofed TCP/IP packet into a stream - thereby enabling commands to be executed on the remote host
Access Layer
Three Physical Security Vulnerabilities
Session Hijacking
SNMP
46. Accounts without passwords - Type 7 encryption - account privilege higher than 1 - able to be fingered
Established Line
IPSec AH Operating Layer
User Account Vulnerabilites
Privilege Level 0
47. DENY IP <Network ID> <Network WC Mask> ANY
ACL to block spoofed IPs
ntp disable
IP Source Routing Vulnerabilities
SSH1
48. DENY TCP ANY HOST <IP Address> EQ 23
ACL to block telnet
Syntax for Reflexive ACLs
Proxy ARP
Layer 2 Tunneling Protocol (L2TP)
49. Private IP address after translation
Static NAT
Inside Global Address
Two Protocols of Tunnel Mode
Authenticating Peers
50. Allows for a one-to-one translation of local to global addresses; used by web servers and mail servers so that users can connect to them via their global address
uRPF Strength
Syntax for Reflexive ACLs
Static NAT
Secure Shell (SSH)