SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Router Security
Start Test
Study First
Subject
:
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Refers to addresses used on the organization's private network
no ip mask-reply
Local Addresses
SSH
Masquerading
2. Major Version
First Part of IOS Version
Reflexive ACL
TCP SYN Attack
no service udp-small-servers
3. Protects against repeating of secure sessions
Session Hijacking
BOOTP Vulnerabilities
Anti-Replay
uRPF Strength
4. Lists interfaces - routing table - ARP table - physical and network addresses - time last booted
no ip bootp server
Privilege Level 15
ACL to block TCP SYN Attack
SNMP Vulnerabilities
5. When a router acts as an intermediary for ARP queries on selected interfaces and enabling transparent access between multiple LAN segments
IP Directed Broadcast
Privilege Level 1
Proxy ARP
L2TP Identifier
6. Privilege levels that can have passwords assigned to them
SSH
Telnet - HTTP - SNMP Vulnerability
Privilege Levels 2-13
Second Part of IOS Version
7. Must be made at global config mode - created from CON/VTY session or text file - read top to bottom - applied at the interface and only one ACL per direction - per protocol - per interface
Fourth Part of the IOS Version
Integrity Validation
no ip unreachable
Access List Rules
8. Provides confidentiality - so it cannot be read by unauthorized parties
Access Layer
Encrypting Traffic
Unauthorized Access
ACL to block a Land Attack
9. War dialing
ACL to block incoming loopback packets
AUX Vulnerability
HTTP Operating Layer
Encrypted Tunneling Methods
10. Allows for a one-to-one translation of local to global addresses; used by web servers and mail servers so that users can connect to them via their global address
Static NAT
Privilege Levels 2-13
Session Hijacking
IP Unreachable Vulnerabilities
11. Buffer Overflow
TCP/UDP Chargen Vulnerability
Common uses of Access Lists
no ip finger - no service finger
Privilege Level 0
12. Attack that involves sending a large amount of UDP Echo packets to a subnet's broadcast address with a spoofed source IP address from that subnet
Fraggle Attack
NTP Vulnerabilities
Tunneling
User Account Vulnerabilites
13. Broadcast
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
14. Interim Build Number
Fourth Part of the IOS Version
Fifth Part of the IOS Version
Inside Global Address
Extended ACL format
15. This server is used for querying a host about its logged in users
Unauthorized Access
Transport Layer Security (TLS) and Secure Sockets Layer (SSL)
Established Line
inger Server
16. Command used to disable the ICMP message Host Unreachable
Fourth Part of the IOS Version
GRE Identifier
no ip mask-reply
no ip unreachable
17. A suite of protocols for securing Internet Protocol communications by authenticating and/or encrypting each IP packet in a data stream
Rerouting
Internet Protocol Security (IPSec)
Transport Mode
Sixth (Optional) Part of the IOS Version
18. These ACLs filter by network or host IP address and only filter on source
Encapsulation Security Payload (ESP)
IP Mask Reply Vulnerabilities
Standard IP ACLs
Train Idenifier 'E'
19. 2000-2699
TLS/SSL Identifier
Higher IP Extended ACL Range
Lower IP Extended ACL Range
syslog
20. TCP only - used to filter inbound traffic while allowing return TCP sessions - can be spoofed by attackers and cannot be used with Active FTP
TCP/UDP Chargen Vulnerability
Tunneling
Established Line
Encapsulation Security Payload (ESP)
21. Major Version - Minor Version - Release - Interim Build - Release Train Identifier
Overloading
General Format of Cisco IOS Version
Cisco Discovery Protocol (CDP)
UDP Traceroute Port Range
22. DENY IP <Network ID> <Network WC Mask> ANY
IP Source Routing Vulnerabilities
Standard IP ACLs
ACL to block spoofed IPs
General Format of Cisco IOS Version
23. Can copy - poison - corrupt - or delete the IOS
TCP SYN Attack
BOOTP Vulnerabilities
DNS Lookup Vulnerability
ACL to block a Land Attack
24. No Known Vulnerability
TCP/UDP Discard Vulnerability
Third Part of the IOS Version
GRE Identifier
IP Unreachable Vulnerabilities
25. PERMIT TCP ANY ANY ESTABLISHED
ACL to block TCP SYN Attack
TCP/UDP Discard Vulnerability
Lower IP Extended ACL Range
login local
26. This layer controls user and workgroup acess to the Internetwork resources at the local level using segmentation of networks to create separate collision domains - AKA an organization's trusted network
Access Layer
Requirements for Reflexive TCP to be removed
Privilege Level 15
no ip mask-reply
27. Two FIN bits or one RST bit
Tunneling
Requirements for Reflexive TCP to be removed
no service tcp-small-servers
HTTP Operating Layer
28. DENY IP 224.0.0.0 15.255.255.255 ANY
ACL to block IP multicast
IP Source Routing
Third Part of the IOS Version
Higher IP Extended ACL Range
29. Layer 7
HTTP Operating Layer
login local
Second Part of IOS Version
AUX Vulnerability
30. Helps to mitigate problems that are caused by the introduction of malformed or spoofed IP source addresses into a network by discarding packets lacking a verifiable IP source address
SNMP Vulnerabilities
Unicast Reverse-Path Forwarding (uRPF)
Access Layer
Finger Vulnerabilities
31. Access-list <number <deny | permit> source source-wildcard source-qualifier destination dest-wildcard dest-qualifier <log | log-input>
TCP SYN Attack
Standard ACL format
BOOTP Vulnerabilities
Extended ACL format
32. TCP Port 80
HTTP Identifier
Second Part of IOS Version
SNMP Trap
Access List Rules
33. 0x2F - or 47
Inside Local Address
Encapsulation Security Payload (ESP)
GRE Identifier
Tunneling
34. Dialer List - Routing Maps - Dynamic Routing Protocols - Controlling Remote Access - NAT'ing - Traffic Filtering
Network Address Translation (NAT)
Uses for ACLs
Dynamic NAT
GRE Operating Layer
35. UDP Port 1701
L2TP Identifier
Encrypting Traffic
Networks
ACL to block telnet
36. Privilege level that restricts users to five commands (enable - disable - exit - help quit)
Second Part of IOS Version
Secure Shell (SSH)
IP Mask Reply Vulnerabilities
Privilege Level 0
37. Mode where only the payload of the IP packet is encrypted and/or authenticated
Outside Global Address
IP Unreachable Vulnerabilities
Transport Mode
Distribution Layer
38. Time can be changed - Routing Table can be killed
Second Part of IOS Version
NTP Vulnerabilities
no ip mask-reply
no service tcp-small-servers
39. Privilege level that is restricted to basic level operations
Eavesdropping and Information Theft
Dynamic NAT
uRPF Strength
Privilege Level 1
40. Permits a host on one LAN segment to initiate a physical broadcast on a different LAN segment
IP Source Routing Vulnerabilities
Unicast Reverse-Path Forwarding (uRPF)
TCP/UDP Chargen Vulnerability
IP Directed Broadcast
41. Transport and Tunnel
Two Modes of IPSec
inger Server
ACL to block a Land Attack
IPSec AH Operating Layer
42. Protocol used to keep their time-of-day clocks accurate and in sync
Network Time Protocol (NTP)
Network Address Translation (NAT)
Distributed Denial of Service Attacks
Outside Local Address
43. DENY TCP ANY HOST <IP Address> EQ 23
Sixth (Optional) Part of the IOS Version
TCP/UDP Chargen Vulnerability
ACL to block telnet
HTTPS Strength
44. Routing mode depended on by uRPF in order to function
Authenticating Peers
Cisco Express Forwarding (CEF)
Encrypting Traffic
Flags used by Established Line
45. 0x32 - or 50
Eavesdropping and Information Theft
Anti-Replay
ESP Identifier
Transport Mode
46. Router threat that occurs when an attacker manipulates IP packets to falsify IP addresses - causing network disruptions as the router attempts to process the packet
Encrypting Traffic
IP Spoofing
Train Identifier 'B'
no ip redirect
47. Provides nonrepudiation - ensuring that traffic is from a trusted party
IP Mask Reply Vulnerabilities
ACL to block telnet
no ip unreachable
Authenticating Peers
48. UDP Port 514
ESP Identifier
ESP Operating Layer
Network-to-Network Communications
syslog
49. Mode where the entire packet is encrypted and/or authenticated - requiring a new IP packet to be encapsulated
Tunnel Mode
Extended ACL format
Static NAT
no ip finger - no service finger
50. Enterprise
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
