SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Router Security
Start Test
Study First
Subject
:
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Router threat that includes manipulating router updates to cause traffic to flow to unauthorized destinations
syslog
Route Injection Attack
Syntax for Reflexive ACLs
Standard ACL format
2. Router to Router Denial of Service
SSH Operating Layer
TCP/UDP Echo Vulnerability
uRPF Strength
TLS/SSL Identifier
3. Users - Host PC's - IP Addresses
Cisco Discovery Protocol (CDP)
TCP Intercept Watch Mode
Train Idenifier 'E'
Finger Vulnerabilities
4. Ip accesslist extended <name1> - permit IP any any reflect <filename> - ip accesslist extended <name2> - evaluate <filename> - int f0/0 - ip access-group <name1> out - ip access-group <name2> in
Syntax for Reflexive ACLs
SSH1
ESP Operating Layer
Integrity Validation
5. 0-99
Lower IP Standard ACL Range
ESP Identifier
Network Time Protocol (NTP)
Uses for ACLs
6. Also known as Configuration Auto-Loading - allows routers to load their startup configuration from the network
Proxy ARP Vulnerabilities
Flags used by Established Line
Boot Network
Encapsulation Security Payload (ESP)
7. No Known Vulnerability
SSH Operating Layer
Land Attack
User Account Vulnerabilites
TCP/UDP Discard Vulnerability
8. What Tunnel Mode is used for
Network-to-Network Communications
Encrypted Tunneling Methods
Minimum ACLs Required for Reflexive ACLs
Access List Rules
9. Layer 3
Lower IP Extended ACL Range
Boot Network
IPSec AH Operating Layer
Cisco Express Forwarding (CEF)
10. Access - Distribution - Core
Syntax for Reflexive ACLs
Three Layers of Hierarchical Model
Named ACL Format
Outside Global Address
11. Privilege levels that can have passwords assigned to them
Cisco Express Forwarding (CEF)
IP Spoofing
Privilege Levels 2-13
uRPF Strength
12. Router threat that occurs when an attacker manipulates IP packets to falsify IP addresses - causing network disruptions as the router attempts to process the packet
Train Identifier 'B'
IP Spoofing
Unicast Reverse-Path Forwarding (uRPF)
SNMP
13. Protects against repeating of secure sessions
Reflexive ACL
Anti-Replay
IPSec AH Operating Layer
Named ACL
14. Dialer List - Routing Maps - Dynamic Routing Protocols - Controlling Remote Access - NAT'ing - Traffic Filtering
Privilege Levels 2-13
Higher IP Extended ACL Range
Uses for ACLs
Flags used by Established Line
15. Transport and Tunnel
Two Modes of IPSec
syslog
ACL to block spoofed IPs
Lower IP Standard ACL Range
16. Mode where the entire packet is encrypted and/or authenticated - requiring a new IP packet to be encapsulated
First Part of IOS Version
Masquerading
Tunnel Mode
Network-to-Network Communications
17. 1300-1999
HTTPS Strength
SNMP Trap
AUX Vulnerability
Higher IP Standard ACL Range
18. Accounts without passwords - Type 7 encryption - account privilege higher than 1 - able to be fingered
User Account Vulnerabilites
Fourth Part of the IOS Version
HTTP Tunneling
Privilege Levels 2-13
19. Datagram protocol used by some hosts to load their operating system over the network via a central repository of IOS software
Train Identifier 'S'
BOOTP
no ip mask-reply
SSH Operating Layer
20. These ACLs filter by network or host IP addresses andspecific protocol type or port numbers - filters by source and destination
Extended IP ACLs
BOOTP Vulnerabilities
Lower IP Standard ACL Range
no service udp-small-servers
21. Attack that involves a multitude of compromised system attack a single target - denying service to it by exploiting one 'master' system that communicates with other 'zombie' systems
Distributed Denial of Service Attacks
Static NAT
TCP Intercept Watch Mode
Overloading
22. Major Version
Dynamic NAT
First Part of IOS Version
NTP Vulnerabilities
Inside Local Address
23. Smurf attacks - can enumerate the network
Tunneling
IP Direct Broadcast Vulnerabilties
SSH Identifier
no ip finger - no service finger
24. Router threat where access by an entity or individual other than authorized users
Denial of Service (DoS)
Unauthorized Access
Overloading
IP Source Routing
25. Layer 5
inger Server
L2TP Operating Layer
Secure Shell (SSH)
Encrypting Traffic
26. Router threat that refers to willful attempts to cause such disruptions by overwhelming the targeted system with improperly formatted traffic
IP Mask Reply Vulnerabilities
SSH1
Denial of Service (DoS)
SSH Identifier
27. Access-list <number> <deny | permit> source source-wildcard log
Session Hijacking
Standard ACL format
no ip unreachable
Authentication Header (AH)
28. Local IP address before translation
TCP Intercept Watch Mode
Network-to-Network Communications
Inside Local Address
Third Part of the IOS Version
29. DNS Poisoning
DNS Lookup Vulnerability
Privilege Level 1
Tunneling
Minimum ACLs Required for Reflexive ACLs
30. Can stop spoofed IP addresses
uRPF Strength
Two Modes of IPSec
L2TP Operating Layer
Devices
31. Privilege level that restricts users to five commands (enable - disable - exit - help quit)
TCP Intercept Watch Mode
Privilege Level 0
Smurf Attack
Standard ACL format
32. Command to disable CDP on a router
TCP Intercept Watch Mode
Privilege Levels 2-13
no ip redirect
no cdp run
33. Proprietary - used by Cisco routers and switches use to identify each other on LAN and WAN segments
Internet Protocol Security (IPSec)
Eavesdropping and Information Theft
ESP Identifier
Cisco Discovery Protocol (CDP)
34. Refers to addresses used on the organization's private network
Local Addresses
HTTP Tunneling
Tunnel Mode
syslog
35. Mode where only the payload of the IP packet is encrypted and/or authenticated
Transport Mode
SSH Identifier
TLS/SSL Layer
Authenticating Peers
36. Access-list <number <deny | permit> source source-wildcard source-qualifier destination dest-wildcard dest-qualifier <log | log-input>
Extended ACL format
SSH Identifier
Masquerading
Anti-Replay
37. What Local and Global refer to in NAT
Integrity Validation
Networks
Established Line
Global Addresses
38. Top of the hierarchy - responsible for transporting large amounts of traffic both reliably and quickly and switching traffic as fast as possible throughout the internet
IP Source Routing
ACL to block a Land Attack
General Format of Cisco IOS Version
Core Layer
39. Minor Version
Flags used by Established Line
Tunnel Mode
Second Part of IOS Version
Land Attack
40. Four TCP/UDP Small Server commands recommended to disable
Authenticating Peers
echo - chargen - discard - daytime
TCP SYN Attack
L2TP Operating Layer
41. Translates multiple local addresses to a pool of global addresses by having the firewall select the first available global address; retains the global address for the duration of the connection
Privilege Level 1
Extended ACL format
CDP Vulnerabilities
Dynamic NAT
42. Command to disable UDP small server on a router
Encapsulation Security Payload (ESP)
no service udp-small-servers
no ip bootp server
Access Layer
43. A method of bypassing firewall or proxy restrictions by making the firewall think that it is getting traffic from a web browser
Local Addresses
Third Part of the IOS Version
TCP Load Distribution
HTTP Tunneling
44. Ip access-list <standard | extended> name - permit TCP any any established
Named ACL Format
Secure Shell (SSH)
Overloading
Network Time Protocol (NTP)
45. Software that blocks packets from unreachable hosts - thus allowing only reachable external hosts to initiate connections to a host on an internal network
SNMP Trap
TCP Intercept
Finger Vulnerabilities
Smurf Attack
46. Permits a host on one LAN segment to initiate a physical broadcast on a different LAN segment
IP Directed Broadcast
Established Line
TCP/UDP Discard Vulnerability
uRPF Strength
47. Layer 3
IP Direct Broadcast Vulnerabilties
Unicast Reverse-Path Forwarding (uRPF)
ESP Operating Layer
Transport Mode
48. Rebuild Number
Generic Routing Encapsulation (GRE)
Sixth (Optional) Part of the IOS Version
Masquerading
HTTP Identifier
49. Authentication Header (AH) and Encapsulated Security Payload (ESP)
Outside Local Address
Two Protocols of Tunnel Mode
TCP/UDP Chargen Vulnerability
Smurf Attack
50. A secure alternative to telnet for remote administration that supported in Enterprise versions of Cisco IOS
Named ACL
Dynamic NAT
Encrypted Tunneling Methods
SSH
