SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Router Security
Start Test
Study First
Subject
:
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Startup-config can be deleted - copied - changed
Rerouting
Boot Network Vulnerabilities
Requirements for Reflexive TCP to be removed
Boot Network
2. Plaintext
Local Addresses
ACL to block telnet
Telnet - HTTP - SNMP Vulnerability
CDP Vulnerabilities
3. Refers to addresses used on the organization's private network
Eavesdropping and Information Theft
IP Spoofing
Layer 2 Tunneling Protocol (L2TP)
Local Addresses
4. Translates multiple local addresses to a pool of global addresses by having the firewall select the first available global address; retains the global address for the duration of the connection
Lower IP Extended ACL Range
AUX Vulnerability
HTTP Vulnerability
Dynamic NAT
5. Command used to disable the ICMP message Address Mask Reply
Three Physical Security Vulnerabilities
Third Part of the IOS Version
no ip mask-reply
AUX Vulnerability
6. ESP - SSH - SSL/TLP
Encrypted Tunneling Methods
SNMP Trap
Telnet - HTTP - SNMP Vulnerability
Common uses of Access Lists
7. A secure alternative to telnet for remote administration that supported in Enterprise versions of Cisco IOS
Common uses of Access Lists
ntp disable
SSH
Land Attack
8. Can discover vulnerabilities - network stats - and firewall discovery
Eavesdropping and Information Theft
syslog
IP Unreachable Vulnerabilities
Network Address Translation (NAT)
9. Two FIN bits or one RST bit
Requirements for Reflexive TCP to be removed
IP Spoofing
Privilege Level 0
Static NAT
10. These ACLs filter by network or host IP address and only filter on source
ESP Identifier
Extended IP ACLs
Denial of Service (DoS)
Standard IP ACLs
11. UDP Port 1701
IP Mask Reply Vulnerabilities
Sixth (Optional) Part of the IOS Version
Proxy ARP Vulnerabilities
L2TP Identifier
12. TCP and UDP Port 162
Three Physical Security Vulnerabilities
IP Direct Broadcast Vulnerabilties
NTP Vulnerabilities
SNMP Trap
13. Geolocational positioning
Rerouting
Finger Vulnerabilities
ESP Operating Layer
TCP/UDP Daytime Vulnerability
14. Ip access-list <standard | extended> name - permit TCP any any established
DNS Lookup Vulnerability
HTTPS Strength
uRPF Strength
Named ACL Format
15. Device - Hostname - IOS - IP Address - Ports - Model
TCP Intercept
Secure Shell (SSH)
CDP Vulnerabilities
ACL to block telnet
16. Enterprise
17. Uses only host keys to authenticate systems
ACL to block a Land Attack
IP Mask Reply Vulnerabilities
NTP Vulnerabilities
SSH2
18. Major Version
First Part of IOS Version
ACL to block incoming loopback packets
Second Part of IOS Version
Third Part of the IOS Version
19. Command to disable TCP small server on a router
Distributed Denial of Service Attacks
Eavesdropping and Information Theft
IP Unreachable Vulnerabilities
no service tcp-small-servers
20. DENY IP 224.0.0.0 15.255.255.255 ANY
IPSec AH Operating Layer
no ip http server
Lower IP Extended ACL Range
ACL to block IP multicast
21. Traffic is passed in plaintext
Standard IP ACLs
HTTP Vulnerability
Two Types of Router Access
Boot Network
22. Router threat that includes manipulating router updates to cause traffic to flow to unauthorized destinations
Host-to-Host Communications
Cisco Discovery Protocol (CDP)
Uses for ACLs
Route Injection Attack
23. An extension of static mapping which allows for one global address to be mapped to multiple inside addresses; can be used for websites with multiple back end servers
Minimum ACLs Required for Reflexive ACLs
TCP Load Distribution
CDP Vulnerabilities
L2TP Identifier
24. Access-list <number <deny | permit> source source-wildcard source-qualifier destination dest-wildcard dest-qualifier <log | log-input>
Extended ACL format
Static NAT
Telnet - HTTP - SNMP Vulnerability
First Part of IOS Version
25. DENY IP ANY HOST <Broadcast Address>
Transport Mode
Network Address Translation (NAT)
ACL to block a Smurf Attack or Fraggle Attack
Secure Shell (SSH)
26. Release Train Identifier
Fifth Part of the IOS Version
Two Types of Router Access
Rerouting
IP Direct Broadcast Vulnerabilties
27. Local IP address before translation
Denial of Service (DoS)
Inside Local Address
Rerouting
Named ACL
28. Rebuild Number
Network Time Protocol (NTP)
Fifth Part of the IOS Version
Sixth (Optional) Part of the IOS Version
Inside
29. Cryptographic protocols that provide secure communications on the Internet for such thing as WWW - email - faxing - IM - and other data transfers
Transport Layer Security (TLS) and Secure Sockets Layer (SSL)
Inside Global Address
IP Directed Broadcast
Flags used by Established Line
30. Software that blocks packets from unreachable hosts - thus allowing only reachable external hosts to initiate connections to a host on an internal network
TCP Intercept
SSH Operating Layer
Fraggle Attack
Two Types of Router Access
31. What Tunnel Mode is used for
IPSec AH Identifier
Syntax for Reflexive ACLs
Network-to-Network Communications
IPSec AH Operating Layer
32. A suite of protocols for securing Internet Protocol communications by authenticating and/or encrypting each IP packet in a data stream
UDP Traceroute Port Range
ACL to block a Land Attack
Transport Mode
Internet Protocol Security (IPSec)
33. An alternative for both standard and extended ACLs that allow you to refer to an ACL by a descriptive name instead of a number
Two Modes of IPSec
Cisco Express Forwarding (CEF)
HTTPS Strength
Named ACL
34. Protects against repeating of secure sessions
Authenticating Peers
BOOTP
Anti-Replay
Privilege Level 0
35. When a router acts as an intermediary for ARP queries on selected interfaces and enabling transparent access between multiple LAN segments
GRE Identifier
IP Direct Broadcast Vulnerabilties
Sixth (Optional) Part of the IOS Version
Proxy ARP
36. Datagram protocol used by some hosts to load their operating system over the network via a central repository of IOS software
Minimum ACLs Required for Reflexive ACLs
Standard IP ACLs
BOOTP
Encrypting Traffic
37. 0x33 or 51
HTTP Operating Layer
IPSec AH Identifier
Extended IP ACLs
Standard ACL format
38. Service Provider
39. Privilege level that is restricted to basic level operations
BOOTP
Transport Layer Security (TLS) and Secure Sockets Layer (SSL)
Outside Local Address
Privilege Level 1
40. Router threat that involves a hacker inserting a spoofed TCP/IP packet into a stream - thereby enabling commands to be executed on the remote host
ESP Identifier
ACL to block incoming loopback packets
Networks
Session Hijacking
41. Protocol used to keep their time-of-day clocks accurate and in sync
Network Time Protocol (NTP)
no cdp run
SNMP
TCP/UDP Chargen Vulnerability
42. Top of the hierarchy - responsible for transporting large amounts of traffic both reliably and quickly and switching traffic as fast as possible throughout the internet
Extended IP ACLs
L2TP Identifier
Core Layer
HTTP Vulnerability
43. Layer 7
no ip http server
HTTP Operating Layer
Cisco Express Forwarding (CEF)
AUX Vulnerability
44. Can copy - poison - corrupt - or delete the IOS
Train Idenifier 'E'
BOOTP Vulnerabilities
Integrity Validation
Privilege Levels 2-13
45. TCP and UDP Port 161
SNMP
Higher IP Standard ACL Range
SSH
Access Layer
46. Layer 3
ESP Operating Layer
HTTP Tunneling
IPSec AH Identifier
Three Layers of Hierarchical Model
47. Privilege level that has Global administration capabilities
Unauthorized Access
IP Source Routing
Privilege Level 15
Common uses of Access Lists
48. Helps to mitigate problems that are caused by the introduction of malformed or spoofed IP source addresses into a network by discarding packets lacking a verifiable IP source address
Unicast Reverse-Path Forwarding (uRPF)
Devices
Proxy ARP
Common uses of Access Lists
49. Privilege level that restricts users to five commands (enable - disable - exit - help quit)
Inside Global Address
Sixth (Optional) Part of the IOS Version
Privilege Level 0
AUX Vulnerability
50. DENY IP <Network ID> <Network WC Mask> ANY
ACL to block spoofed IPs
TCP/UDP Chargen Vulnerability
Flags used by Established Line
Denial of Service (DoS)
