SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
Search
Test your basic knowledge |
Router Security
Start Test
Study First
Subject
:
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Major Version - Minor Version - Release - Interim Build - Release Train Identifier
SSH
uRPF Strength
Cisco Express Forwarding (CEF)
General Format of Cisco IOS Version
2. 2000-2699
Outside Global Address
HTTPS Strength
SSH1
Higher IP Extended ACL Range
3. Attack that involves sending a large amount of UDP Echo packets to a subnet's broadcast address with a spoofed source IP address from that subnet
User Account Vulnerabilites
Anti-Replay
Fraggle Attack
TCP Load Distribution
4. DENY TCP ANY HOST <IP Address> EQ 23
no ip http server
ACL to block telnet
Outside
Network Time Protocol (NTP)
5. 2000-2699
Distribution Layer
Lower IP Extended ACL Range
Secure Shell (SSH)
ACL to block a Smurf Attack or Fraggle Attack
6. DENY IP 224.0.0.0 15.255.255.255 ANY
Session Hijacking
Outside
ACL to block IP multicast
Generic Routing Encapsulation (GRE)
7. Attack that involves transmitting a volume of connections that cannot be completed at the destination - causing the queue to fill up and denying service to legitimate user
TCP SYN Attack
TCP/UDP Echo Vulnerability
Encrypting Traffic
Tunnel Mode
8. TCP and UDP Port 161
Reflexive ACL
SNMP
ACL to block IP multicast
Layer 2 Tunneling Protocol (L2TP)
9. Refers to the addresses on the public internet
Outside
Distribution Layer
ESP Identifier
no service tcp-small-servers
10. Forces the user to enter both a valid username and password
login local
Tunnel Mode
no ip redirect
Network-to-Network Communications
11. Form of dynamic NAT that maps multiple unregistered IP addresses to a single registered IP address by using different ports; limited to ~64 -000 hosts
Overloading
Devices
ACL to block incoming loopback packets
Higher IP Extended ACL Range
12. Command used to disable the ICMP message Address Mask Reply
no ip mask-reply
ACL to block a Land Attack
TCP Load Distribution
General Format of Cisco IOS Version
13. Can stop spoofed IP addresses
uRPF Strength
Three Physical Security Vulnerabilities
IPSec AH Identifier
SSH Operating Layer
14. Uses SSL port 443
Sixth (Optional) Part of the IOS Version
HTTPS Strength
Telnet - HTTP - SNMP Vulnerability
SNMP Vulnerabilities
15. Local IP address before translation
Transport Layer Security (TLS) and Secure Sockets Layer (SSL)
CDP Vulnerabilities
Two Types of Router Access
Inside Local Address
16. None - uses attached application protocol's port
Third Part of the IOS Version
TLS/SSL Identifier
IP Directed Broadcast
Two Modes of IPSec
17. Command to disable BOOTP Server
echo - chargen - discard - daytime
no ip bootp server
no ip finger - no service finger
Proxy ARP Vulnerabilities
18. Attack that involves sending a large amount of ICMP Echo packets to a subnet's broadcast address with a spoofed source IP address from that subnet
Lower IP Extended ACL Range
Smurf Attack
Standard ACL format
Land Attack
19. Uses server and host keys to authenticate systems
SSH1
Secure Shell (SSH)
Outside Global Address
HTTP Identifier
20. PERMIT TCP ANY ANY ESTABLISHED
ACL to block TCP SYN Attack
TLS/SSL Identifier
SSH Operating Layer
Outside
21. TCP Port 80
CDP Vulnerabilities
TCP SYN Attack
TCP Intercept
HTTP Identifier
22. A secure alternative to telnet for remote administration that supported in Enterprise versions of Cisco IOS
ESP Identifier
Privilege Level 15
Train Identifier 'S'
SSH
23. Layer 3
Train Identifier 'B'
IPSec AH Operating Layer
ESP Operating Layer
BOOTP Vulnerabilities
24. Router threat that involves the unauthorized viewing and collection of network traffic; usually accomplished with a packet sniffing program
HTTPS Strength
HTTP Operating Layer
Eavesdropping and Information Theft
ACL to block spoofed IPs
25. Privilege level that has Global administration capabilities
Privilege Level 0
BOOTP
Networks
Privilege Level 15
26. Transport and Tunnel
Two Modes of IPSec
Syntax for Reflexive ACLs
ACL to block incoming loopback packets
Secure Shell (SSH)
27. Major Version
no service tcp-small-servers
Lower IP Standard ACL Range
Finger Vulnerabilities
First Part of IOS Version
28. Allows for a one-to-one translation of local to global addresses; used by web servers and mail servers so that users can connect to them via their global address
Core Layer
Two Modes of IPSec
Static NAT
Generic Routing Encapsulation (GRE)
29. Provides confidentiality - so it cannot be read by unauthorized parties
Finger Vulnerabilities
Standard IP ACLs
L2TP Operating Layer
Encrypting Traffic
30. Traffic is passed in plaintext
SNMP
Train Idenifier 'E'
Encapsulation Security Payload (ESP)
HTTP Vulnerability
31. Two FIN bits or one RST bit
Requirements for Reflexive TCP to be removed
Access List Rules
Fourth Part of the IOS Version
Cisco Express Forwarding (CEF)
32. Ip accesslist extended <name1> - permit IP any any reflect <filename> - ip accesslist extended <name2> - evaluate <filename> - int f0/0 - ip access-group <name1> out - ip access-group <name2> in
Second Part of IOS Version
Privilege Level 15
Syntax for Reflexive ACLs
SNMP
33. Block spoofed IP packets - block loopback packets - block IP multicast if unused - block ICMP redirects - Block telnet if not used
Two Types of Router Access
ESP Operating Layer
Dynamic NAT
Common uses of Access Lists
34. Router threat that refers to willful attempts to cause such disruptions by overwhelming the targeted system with improperly formatted traffic
Anti-Replay
Denial of Service (DoS)
BOOTP Vulnerabilities
Second Part of IOS Version
35. Must be made at global config mode - created from CON/VTY session or text file - read top to bottom - applied at the interface and only one ACL per direction - per protocol - per interface
Two Protocols of Tunnel Mode
Distributed Denial of Service Attacks
Access List Rules
TLS/SSL Layer
36. Public IP address before translation
IPSec AH Identifier
Privilege Level 15
Outside Local Address
DNS Lookup Vulnerability
37. 0x32 - or 50
TCP/UDP Chargen Vulnerability
Proxy ARP Vulnerabilities
Train Identifier 'S'
ESP Identifier
38. Provides nonrepudiation - ensuring that traffic is from a trusted party
TCP Load Distribution
Authenticating Peers
Static NAT
Access List Rules
39. Rewrites the and/or destination IP address of IP packets as they pass through a router or firewall from private to public addresses
Extended IP ACLs
Train Identifier 'T'
Global Addresses
Network Address Translation (NAT)
40. Ip access-list <standard | extended> name - permit TCP any any established
Dynamic NAT
inger Server
Privilege Levels 2-13
Named ACL Format
41. Geolocational positioning
GRE Operating Layer
TCP/UDP Daytime Vulnerability
Eavesdropping and Information Theft
Static NAT
42. Two - one Inbound or Evaluated and one Outbound or Reflected
HTTP Operating Layer
Minimum ACLs Required for Reflexive ACLs
AUX Vulnerability
Train Idenifier 'E'
43. Command to disable TCP small server on a router
SSH1
Local Addresses
no service tcp-small-servers
Cisco Discovery Protocol (CDP)
44. UDP Port 514
Syntax for Reflexive ACLs
Two Types of Router Access
syslog
Local Addresses
45. Can obtain CIDR and router ID
Core Layer
IP Directed Broadcast
IP Mask Reply Vulnerabilities
Networks
46. Layer 7
SSH Operating Layer
Outside Local Address
Outside
TCP Load Distribution
47. No Known Vulnerability
Three Layers of Hierarchical Model
GRE Operating Layer
TCP/UDP Discard Vulnerability
IP Mask Reply Vulnerabilities
48. Command to disable UDP small server on a router
ACL to block a Land Attack
Named ACL
no service udp-small-servers
Three Layers of Hierarchical Model
49. Top of the hierarchy - responsible for transporting large amounts of traffic both reliably and quickly and switching traffic as fast as possible throughout the internet
Inside
Standard IP ACLs
Core Layer
Unauthorized Access
50. Layer 7
HTTP Operating Layer
Host-to-Host Communications
Network Time Protocol (NTP)
Static NAT
