SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Router Security
Start Test
Study First
Subject
:
it-skills
Instructions:
Answer
50
questions in
15 minutes
.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Must be made at global config mode - created from CON/VTY session or text file - read top to bottom - applied at the interface and only one ACL per direction - per protocol - per interface
Network Time Protocol (NTP)
Access List Rules
Extended IP ACLs
no service udp-small-servers
2. Can obtain CIDR and router ID
TCP SYN Attack
IP Mask Reply Vulnerabilities
SNMP Trap
Encrypting Traffic
3. Four TCP/UDP Small Server commands recommended to disable
Network Address Translation (NAT)
no ip mask-reply
echo - chargen - discard - daytime
Sixth (Optional) Part of the IOS Version
4. 0x2F - or 47
HTTP Vulnerability
GRE Identifier
Tunneling
SSH Operating Layer
5. Technology
6. Startup-config can be deleted - copied - changed
Standard ACL format
Boot Network Vulnerabilities
uRPF Strength
Authenticating Peers
7. Ip access-list <standard | extended> name - permit TCP any any established
Standard ACL format
SSH Operating Layer
Named ACL Format
Transport Layer Security (TLS) and Secure Sockets Layer (SSL)
8. War dialing
AUX Vulnerability
IP Unreachable Vulnerabilities
Outside Global Address
syslog
9. None - uses attach application protocol's layer
TLS/SSL Layer
Standard ACL format
no service tcp-small-servers
IP Unreachable Vulnerabilities
10. DENY IP HOST <Inbound IP Address> HOST <Inbound IP Address>
TCP SYN Attack
Access List Rules
Fraggle Attack
ACL to block a Land Attack
11. Software that passively monitors the connection requests flowing through the router; if a connection fails - the software sends a Reset to the server to clear up its state
Static NAT
TCP Intercept Watch Mode
Privilege Level 0
Masquerading
12. Provides a checksum - ensuring traffic has not been modified along it's path
no ip redirect
Integrity Validation
Smurf Attack
inger Server
13. Attack that involves transmitting a volume of connections that cannot be completed at the destination - causing the queue to fill up and denying service to legitimate user
IP Source Routing Vulnerabilities
Access Layer
Encrypted Tunneling Methods
TCP SYN Attack
14. A secure alternative to telnet for remote administration that supported in Enterprise versions of Cisco IOS
SNMP Trap
TCP Load Distribution
IP Mask Reply Vulnerabilities
SSH
15. Interim Build Number
ESP Identifier
Privilege Level 1
Fourth Part of the IOS Version
TLS/SSL Layer
16. Command to disable CDP on a router
ntp disable
Three Layers of Hierarchical Model
Static NAT
no cdp run
17. Router threat that occurs when an attacker manipulates IP packets to falsify IP addresses - causing network disruptions as the router attempts to process the packet
Masquerading
HTTP Tunneling
Authentication Header (AH)
login local
18. A suite of protocols for securing Internet Protocol communications by authenticating and/or encrypting each IP packet in a data stream
Outside
Third Part of the IOS Version
Internet Protocol Security (IPSec)
Flags used by Established Line
19. TCP and UDP Port 161
TCP/UDP Echo Vulnerability
ACL to block telnet
SNMP
Train Identifier 'B'
20. Helps to mitigate problems that are caused by the introduction of malformed or spoofed IP source addresses into a network by discarding packets lacking a verifiable IP source address
no ip bootp server
Unicast Reverse-Path Forwarding (uRPF)
Finger Vulnerabilities
UDP Traceroute Port Range
21. Privilege levels that can have passwords assigned to them
Devices
GRE Operating Layer
Privilege Levels 2-13
TCP/UDP Daytime Vulnerability
22. Private IP address after translation
Devices
Encrypted Tunneling Methods
IP Source Routing Vulnerabilities
Inside Global Address
23. Attack that involves sending a large amount of UDP Echo packets to a subnet's broadcast address with a spoofed source IP address from that subnet
Fraggle Attack
Standard IP ACLs
Two Types of Router Access
no ip mask-reply
24. 2000-2699
Named ACL Format
Lower IP Extended ACL Range
Named ACL
ACL to block IP multicast
25. Access-list <number <deny | permit> source source-wildcard source-qualifier destination dest-wildcard dest-qualifier <log | log-input>
syslog
Standard IP ACLs
TCP Intercept
Extended ACL format
26. Protects against repeating of secure sessions
Authentication Header (AH)
TCP Intercept Watch Mode
Third Part of the IOS Version
Anti-Replay
27. UDP Port 514
syslog
Train Identifier 'T'
L2TP Operating Layer
ACL to block a Land Attack
28. When a router acts as an intermediary for ARP queries on selected interfaces and enabling transparent access between multiple LAN segments
Proxy ARP
no ip unreachable
IPSec AH Identifier
AUX Vulnerability
29. Allows packets to be filtered based on upper-layer session information - only uses extended temporary ACL's and must be named - applied on border routers
HTTP Vulnerability
Reflexive ACL
no ip bootp server
HTTPS Strength
30. Cisco default tunneling protocol that uses multicast addressing without encryption and is designed to encapsulate a wide variety of network layer packets inside IP tunneling packets
Inside Global Address
General Format of Cisco IOS Version
Distributed Denial of Service Attacks
Generic Routing Encapsulation (GRE)
31. The communication layer between the two other layers and provides network security - including ACLs - firewalls - any general public access servers and address translation; also known as the isolation LAN or DMZ
Syntax for Reflexive ACLs
Flags used by Established Line
no ip bootp server
Distribution Layer
32. DNS Poisoning
Network-to-Network Communications
DNS Lookup Vulnerability
Finger Vulnerabilities
Host-to-Host Communications
33. Geolocational positioning
TCP/UDP Daytime Vulnerability
Three Physical Security Vulnerabilities
Syntax for Reflexive ACLs
HTTP Vulnerability
34. ACK and RST
IPSec AH Identifier
Second Part of IOS Version
Flags used by Established Line
Encapsulation Security Payload (ESP)
35. Uses server and host keys to authenticate systems
TCP Load Distribution
Third Part of the IOS Version
Tunnel Mode
SSH1
36. Local IP address before translation
Access List Rules
Inside Local Address
echo - chargen - discard - daytime
HTTP Tunneling
37. Device - Hostname - IOS - IP Address - Ports - Model
Standard ACL format
CDP Vulnerabilities
Rerouting
Train Identifier 'B'
38. This server is used for querying a host about its logged in users
inger Server
Flags used by Established Line
Privilege Level 0
IPSec AH Operating Layer
39. This layer controls user and workgroup acess to the Internetwork resources at the local level using segmentation of networks to create separate collision domains - AKA an organization's trusted network
Inside Global Address
Unicast Reverse-Path Forwarding (uRPF)
Access Layer
Privilege Levels 2-13
40. Access - Distribution - Core
Encrypting Traffic
Three Layers of Hierarchical Model
Telnet - HTTP - SNMP Vulnerability
Boot Network
41. Attack that involves sending a packet to the router with the same IP address in the source and destination address fields - as well as the same port number in the source and destination port field - causing a denial of service
Train Identifier 'B'
Two Modes of IPSec
Land Attack
Internet Protocol Security (IPSec)
42. Protocol that allows data to be exchanged using a secure channel between two computers via encryption
Named ACL
Secure Shell (SSH)
Static NAT
Requirements for Reflexive TCP to be removed
43. Minor Version
Named ACL
no ip bootp server
BOOTP
Second Part of IOS Version
44. An extension of static mapping which allows for one global address to be mapped to multiple inside addresses; can be used for websites with multiple back end servers
IP Direct Broadcast Vulnerabilties
Syntax for Reflexive ACLs
TCP Load Distribution
Transport Mode
45. Allows for a one-to-one translation of local to global addresses; used by web servers and mail servers so that users can connect to them via their global address
Static NAT
Two Modes of IPSec
ACL to block spoofed IPs
CDP Vulnerabilities
46. What Local and Global refer to in NAT
Networks
Encrypted Tunneling Methods
BOOTP Vulnerabilities
Train Identifier 'B'
47. Refers to addresses used on the organization's private network
Global Addresses
HTTPS Strength
Higher IP Extended ACL Range
User Account Vulnerabilites
48. Plaintext
TCP Load Distribution
Telnet - HTTP - SNMP Vulnerability
TLS/SSL Layer
no service tcp-small-servers
49. Provides nonrepudiation - ensuring that traffic is from a trusted party
Authenticating Peers
Authentication Header (AH)
TCP Load Distribution
IP Directed Broadcast
50. Router threat that includes manipulating router updates to cause traffic to flow to unauthorized destinations
TCP Intercept Watch Mode
IP Unreachable Vulnerabilities
Rerouting
Sixth (Optional) Part of the IOS Version
