SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Router Security
Start Test
Study First
Subject
:
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Private IP address after translation
L2TP Identifier
SSH
BOOTP Vulnerabilities
Inside Global Address
2. 1300-1999
Train Idenifier 'E'
Land Attack
Network Time Protocol (NTP)
Higher IP Standard ACL Range
3. Device - Hostname - IOS - IP Address - Ports - Model
CDP Vulnerabilities
GRE Operating Layer
Secure Shell (SSH)
Privilege Level 1
4. Public IP address before translation
Layer 2 Tunneling Protocol (L2TP)
Outside Local Address
BOOTP
Masquerading
5. 2000-2699
HTTP Tunneling
IP Mask Reply Vulnerabilities
Higher IP Extended ACL Range
Encrypting Traffic
6. Interim Build Number
Fraggle Attack
Access Layer
Fourth Part of the IOS Version
Internet Protocol Security (IPSec)
7. Layer 5
General Format of Cisco IOS Version
TCP/UDP Discard Vulnerability
L2TP Operating Layer
Reflexive ACL
8. Cisco default tunneling protocol that uses multicast addressing without encryption and is designed to encapsulate a wide variety of network layer packets inside IP tunneling packets
Access List Rules
Outside
no ip mask-reply
Generic Routing Encapsulation (GRE)
9. Refers to the organization's private network
SNMP
Inside
Host-to-Host Communications
Train Identifier 'T'
10. Command to disable UDP small server on a router
Proxy ARP Vulnerabilities
no service udp-small-servers
Privilege Level 15
ACL to block TCP SYN Attack
11. TCP only - used to filter inbound traffic while allowing return TCP sessions - can be spoofed by attackers and cannot be used with Active FTP
Established Line
HTTP Vulnerability
AUX Vulnerability
Syntax for Reflexive ACLs
12. Command used to disable NTP on an interface
TCP/UDP Echo Vulnerability
no ip http server
ntp disable
TLS/SSL Identifier
13. Uses server and host keys to authenticate systems
SSH1
TLS/SSL Identifier
Internet Protocol Security (IPSec)
Lower IP Extended ACL Range
14. Four TCP/UDP Small Server commands recommended to disable
echo - chargen - discard - daytime
Standard IP ACLs
Network Time Protocol (NTP)
Layer 2 Tunneling Protocol (L2TP)
15. This layer controls user and workgroup acess to the Internetwork resources at the local level using segmentation of networks to create separate collision domains - AKA an organization's trusted network
Access Layer
TLS/SSL Identifier
Layer 2 Tunneling Protocol (L2TP)
Network-to-Network Communications
16. Accounts without passwords - Type 7 encryption - account privilege higher than 1 - able to be fingered
Outside Global Address
Extended ACL format
User Account Vulnerabilites
Reflexive ACL
17. Startup-config can be deleted - copied - changed
TCP SYN Attack
TCP/UDP Discard Vulnerability
Denial of Service (DoS)
Boot Network Vulnerabilities
18. Rewrites the and/or destination IP address of IP packets as they pass through a router or firewall from private to public addresses
Extended IP ACLs
Network Address Translation (NAT)
Three Physical Security Vulnerabilities
NTP Vulnerabilities
19. Command used to disable the ICMP message Address Mask Reply
HTTP Tunneling
Lower IP Standard ACL Range
Cisco Discovery Protocol (CDP)
no ip mask-reply
20. Router threat that occurs when an attacker manipulates IP packets to falsify IP addresses - causing network disruptions as the router attempts to process the packet
ACL to block a Smurf Attack or Fraggle Attack
Privilege Level 0
IP Spoofing
Syntax for Reflexive ACLs
21. Router threat that includes manipulating router updates to cause traffic to flow to unauthorized destinations
Boot Network
UDP Traceroute Port Range
Train Identifier 'T'
Rerouting
22. Minor Version
IP Source Routing Vulnerabilities
DNS Lookup Vulnerability
Second Part of IOS Version
UDP Traceroute Port Range
23. DENY IP 224.0.0.0 15.255.255.255 ANY
ESP Operating Layer
ACL to block IP multicast
Distributed Denial of Service Attacks
IP Directed Broadcast
24. 2000-2699
Lower IP Extended ACL Range
NTP Vulnerabilities
Tunnel Mode
TCP Load Distribution
25. Software that passively monitors the connection requests flowing through the router; if a connection fails - the software sends a Reset to the server to clear up its state
TCP Intercept Watch Mode
no cdp run
SSH
Fourth Part of the IOS Version
26. Ip access-list <standard | extended> name - permit TCP any any established
Named ACL Format
Transport Mode
Syntax for Reflexive ACLs
Outside Local Address
27. TCP and UDP Port 161
SNMP
Two Modes of IPSec
Access Layer
DNS Lookup Vulnerability
28. Routing mode depended on by uRPF in order to function
SNMP Vulnerabilities
Authenticating Peers
no service tcp-small-servers
Cisco Express Forwarding (CEF)
29. Allows for a one-to-one translation of local to global addresses; used by web servers and mail servers so that users can connect to them via their global address
Static NAT
IPSec AH Operating Layer
SSH Operating Layer
TCP/UDP Chargen Vulnerability
30. Layer 7
TCP Intercept
SSH Operating Layer
Higher IP Extended ACL Range
Privilege Level 15
31. Breaks LAN security perimeter extends LAN to Layer 2
Local Addresses
SNMP
Proxy ARP Vulnerabilities
Outside Global Address
32. Access-list <number <deny | permit> source source-wildcard source-qualifier destination dest-wildcard dest-qualifier <log | log-input>
Train Idenifier 'E'
Extended ACL format
no ip finger - no service finger
Boot Network Vulnerabilities
33. Provides confidentiality - so it cannot be read by unauthorized parties
Lower IP Extended ACL Range
Privilege Level 0
SSH1
Encrypting Traffic
34. This server is used for querying a host about its logged in users
Inside Global Address
Reflexive ACL
inger Server
Minimum ACLs Required for Reflexive ACLs
35. Attack that involves sending a large amount of UDP Echo packets to a subnet's broadcast address with a spoofed source IP address from that subnet
Syntax for Reflexive ACLs
uRPF Strength
Fraggle Attack
Land Attack
36. Two FIN bits or one RST bit
echo - chargen - discard - daytime
SSH Operating Layer
Requirements for Reflexive TCP to be removed
ACL to block incoming loopback packets
37. 0x33 or 51
IPSec AH Identifier
TCP Intercept
L2TP Identifier
Smurf Attack
38. The host can specify which route to take - which bypasses security
Lower IP Extended ACL Range
TCP/UDP Daytime Vulnerability
Outside Local Address
IP Source Routing Vulnerabilities
39. UDP Port 514
Unauthorized Access
SSH1
syslog
IPSec AH Operating Layer
40. Can stop spoofed IP addresses
HTTP Vulnerability
Encrypted Tunneling Methods
SNMP
uRPF Strength
41. Can obtain CIDR and router ID
Network Time Protocol (NTP)
Internet Protocol Security (IPSec)
IP Mask Reply Vulnerabilities
Fraggle Attack
42. TCP Port 80
Cisco Discovery Protocol (CDP)
Network-to-Network Communications
HTTP Identifier
First Part of IOS Version
43. Block spoofed IP packets - block loopback packets - block IP multicast if unused - block ICMP redirects - Block telnet if not used
Overloading
IP Spoofing
Named ACL Format
Common uses of Access Lists
44. Permits a host on one LAN segment to initiate a physical broadcast on a different LAN segment
Integrity Validation
SSH
ESP Identifier
IP Directed Broadcast
45. Proprietary - used by Cisco routers and switches use to identify each other on LAN and WAN segments
Two Protocols of Tunnel Mode
Cisco Discovery Protocol (CDP)
IP Unreachable Vulnerabilities
Land Attack
46. These ACLs filter by network or host IP address and only filter on source
IPSec AH Operating Layer
Standard IP ACLs
TCP/UDP Echo Vulnerability
no ip bootp server
47. DENY TCP ANY HOST <IP Address> EQ 23
Tunneling
Network Address Translation (NAT)
Static NAT
ACL to block telnet
48. Commands to disable Finger Server
Flags used by Established Line
Global Addresses
no ip finger - no service finger
Cisco Discovery Protocol (CDP)
49. 0x2F - or 47
Networks
Access List Rules
GRE Identifier
Cisco Express Forwarding (CEF)
50. DENY IP <Network ID> <Network WC Mask> ANY
no ip unreachable
Common uses of Access Lists
ACL to block spoofed IPs
IP Spoofing
