SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Router Security
Start Test
Study First
Subject
:
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. War dialing
AUX Vulnerability
Fourth Part of the IOS Version
syslog
Proxy ARP
2. TCP and UDP Port 161
Boot Network Vulnerabilities
Standard ACL format
SNMP
Eavesdropping and Information Theft
3. ESP - SSH - SSL/TLP
Encrypted Tunneling Methods
Finger Vulnerabilities
SSH1
no ip finger - no service finger
4. Local IP address before translation
SSH Operating Layer
Inside Local Address
HTTPS Strength
no cdp run
5. TCP Port 22
Sixth (Optional) Part of the IOS Version
SSH Identifier
Uses for ACLs
Access Layer
6. The host can specify which route to take - which bypasses security
Cisco Discovery Protocol (CDP)
GRE Operating Layer
Masquerading
IP Source Routing Vulnerabilities
7. Refers to addresses used on the organization's private network
SSH Identifier
HTTPS Strength
HTTP Tunneling
Global Addresses
8. Translates multiple local addresses to a pool of global addresses by having the firewall select the first available global address; retains the global address for the duration of the connection
Internet Protocol Security (IPSec)
Dynamic NAT
Train Identifier 'T'
Global Addresses
9. Dialer List - Routing Maps - Dynamic Routing Protocols - Controlling Remote Access - NAT'ing - Traffic Filtering
General Format of Cisco IOS Version
IP Mask Reply Vulnerabilities
Uses for ACLs
no ip finger - no service finger
10. Layer 7
Finger Vulnerabilities
Core Layer
SSH Operating Layer
Third Part of the IOS Version
11. Access-list <number> <deny | permit> source source-wildcard log
SNMP Vulnerabilities
Distribution Layer
Standard ACL format
Anti-Replay
12. Major Version
Overloading
First Part of IOS Version
Fifth Part of the IOS Version
Named ACL Format
13. Router threat that includes manipulating router updates to cause traffic to flow to unauthorized destinations
Sixth (Optional) Part of the IOS Version
no service udp-small-servers
Route Injection Attack
Host-to-Host Communications
14. Rebuild Number
Network Time Protocol (NTP)
Masquerading
Sixth (Optional) Part of the IOS Version
SSH Operating Layer
15. Command to disable TCP small server on a router
UDP Traceroute Port Range
IPSec AH Identifier
Lower IP Extended ACL Range
no service tcp-small-servers
16. UDP Port 514
syslog
L2TP Identifier
Privilege Level 15
Authenticating Peers
17. Local and Remote
Common uses of Access Lists
Second Part of IOS Version
Two Types of Router Access
General Format of Cisco IOS Version
18. Authentication Header (AH) and Encapsulated Security Payload (ESP)
Authenticating Peers
Two Protocols of Tunnel Mode
IP Direct Broadcast Vulnerabilties
GRE Identifier
19. Command used to disable the ICMP message Address Mask Reply
TCP/UDP Echo Vulnerability
no ip mask-reply
ACL to block a Smurf Attack or Fraggle Attack
Third Part of the IOS Version
20. A method of bypassing firewall or proxy restrictions by making the firewall think that it is getting traffic from a web browser
User Account Vulnerabilites
HTTP Tunneling
GRE Operating Layer
no ip unreachable
21. Layer 3
no ip bootp server
HTTP Identifier
TCP Load Distribution
IPSec AH Operating Layer
22. Geolocational positioning
Train Identifier 'T'
Boot Network Vulnerabilities
TCP/UDP Daytime Vulnerability
HTTP Identifier
23. Can stop spoofed IP addresses
uRPF Strength
Authentication Header (AH)
Denial of Service (DoS)
Tunnel Mode
24. 0x2F - or 47
Overloading
GRE Identifier
Anti-Replay
Boot Network Vulnerabilities
25. Provides confidentiality - so it cannot be read by unauthorized parties
Eavesdropping and Information Theft
Second Part of IOS Version
Encrypting Traffic
ESP Identifier
26. Access - Distribution - Core
Three Layers of Hierarchical Model
ACL to block IP multicast
Standard ACL format
syslog
27. Command used to disable the ICMP message Host Unreachable
Lower IP Standard ACL Range
no ip unreachable
Two Types of Router Access
Inside Global Address
28. What Local and Global refer to in NAT
GRE Identifier
IP Direct Broadcast Vulnerabilties
L2TP Identifier
Networks
29. PERMIT TCP ANY ANY ESTABLISHED
Two Types of Router Access
ACL to block a Smurf Attack or Fraggle Attack
ACL to block TCP SYN Attack
Standard IP ACLs
30. Layer 3
Authenticating Peers
no ip http server
TCP Intercept Watch Mode
GRE Operating Layer
31. DENY IP ANY HOST <Broadcast Address>
ACL to block a Smurf Attack or Fraggle Attack
Rerouting
Network Time Protocol (NTP)
Anti-Replay
32. Transport and Tunnel
Route Injection Attack
Two Modes of IPSec
Established Line
Syntax for Reflexive ACLs
33. 0x32 - or 50
Reflexive ACL
ESP Identifier
Cisco Express Forwarding (CEF)
Privilege Level 15
34. DENY TCP ANY HOST <IP Address> EQ 23
Host-to-Host Communications
Privilege Level 0
ACL to block telnet
Global Addresses
35. Privilege levels that can have passwords assigned to them
Flags used by Established Line
Privilege Levels 2-13
Uses for ACLs
Internet Protocol Security (IPSec)
36. Command to disable BOOTP Server
IP Mask Reply Vulnerabilities
GRE Operating Layer
Outside Global Address
no ip bootp server
37. Attack that involves sending a large amount of UDP Echo packets to a subnet's broadcast address with a spoofed source IP address from that subnet
Land Attack
Fraggle Attack
Denial of Service (DoS)
Common uses of Access Lists
38. This server is used for querying a host about its logged in users
Cisco Discovery Protocol (CDP)
Train Identifier 'T'
inger Server
IPSec AH Identifier
39. Cryptographic protocols that provide secure communications on the Internet for such thing as WWW - email - faxing - IM - and other data transfers
Train Identifier 'T'
BOOTP
Transport Layer Security (TLS) and Secure Sockets Layer (SSL)
HTTP Tunneling
40. TCP and UDP Port 162
Telnet - HTTP - SNMP Vulnerability
echo - chargen - discard - daytime
SNMP Trap
syslog
41. Software that passively monitors the connection requests flowing through the router; if a connection fails - the software sends a Reset to the server to clear up its state
Standard ACL format
TCP Intercept Watch Mode
Second Part of IOS Version
Train Identifier 'T'
42. Mode where only the payload of the IP packet is encrypted and/or authenticated
BOOTP Vulnerabilities
Outside Global Address
Denial of Service (DoS)
Transport Mode
43. Router threat that includes manipulating router updates to cause traffic to flow to unauthorized destinations
Host-to-Host Communications
General Format of Cisco IOS Version
Rerouting
Three Physical Security Vulnerabilities
44. Uses SSL port 443
syslog
TCP Load Distribution
HTTPS Strength
no ip bootp server
45. Ip accesslist extended <name1> - permit IP any any reflect <filename> - ip accesslist extended <name2> - evaluate <filename> - int f0/0 - ip access-group <name1> out - ip access-group <name2> in
Two Modes of IPSec
ntp disable
Syntax for Reflexive ACLs
Fourth Part of the IOS Version
46. 0-99
HTTP Operating Layer
Distribution Layer
HTTPS Strength
Lower IP Standard ACL Range
47. What Inside and Outside refer to in NAT
ESP Operating Layer
ACL to block spoofed IPs
Devices
Second Part of IOS Version
48. Helps to mitigate problems that are caused by the introduction of malformed or spoofed IP source addresses into a network by discarding packets lacking a verifiable IP source address
Unicast Reverse-Path Forwarding (uRPF)
Denial of Service (DoS)
Transport Mode
Fraggle Attack
49. Attack that involves transmitting a volume of connections that cannot be completed at the destination - causing the queue to fill up and denying service to legitimate user
SNMP
TCP/UDP Chargen Vulnerability
Overloading
TCP SYN Attack
50. Allows for a one-to-one translation of local to global addresses; used by web servers and mail servers so that users can connect to them via their global address
Static NAT
CDP Vulnerabilities
Two Protocols of Tunnel Mode
Train Idenifier 'E'
