SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Router Security
Start Test
Study First
Subject
:
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. TCP only - used to filter inbound traffic while allowing return TCP sessions - can be spoofed by attackers and cannot be used with Active FTP
TCP Intercept
Rerouting
Tunnel Mode
Established Line
2. TCP and UDP Port 162
SNMP Trap
Higher IP Standard ACL Range
Fourth Part of the IOS Version
Encrypted Tunneling Methods
3. Translates multiple local addresses to a pool of global addresses by having the firewall select the first available global address; retains the global address for the duration of the connection
Train Identifier 'T'
Route Injection Attack
Three Physical Security Vulnerabilities
Dynamic NAT
4. 1300-1999
TLS/SSL Layer
Eavesdropping and Information Theft
TCP/UDP Daytime Vulnerability
Higher IP Standard ACL Range
5. Privilege levels that can have passwords assigned to them
Two Protocols of Tunnel Mode
Privilege Levels 2-13
AUX Vulnerability
Three Layers of Hierarchical Model
6. Rebuild Number
Network Address Translation (NAT)
Sixth (Optional) Part of the IOS Version
TLS/SSL Layer
Cisco Express Forwarding (CEF)
7. Tunnel Mode Protocol provides confidentiality - along with authentication and integrity protection with encryption
Network Address Translation (NAT)
Cisco Discovery Protocol (CDP)
Encapsulation Security Payload (ESP)
GRE Operating Layer
8. Command used to disable NTP on an interface
Encrypted Tunneling Methods
SSH Identifier
ntp disable
Named ACL Format
9. This server is used for querying a host about its logged in users
ACL to block IP multicast
TCP Intercept
TCP/UDP Daytime Vulnerability
inger Server
10. Protocol used to keep their time-of-day clocks accurate and in sync
Network Time Protocol (NTP)
NTP Vulnerabilities
TCP/UDP Daytime Vulnerability
Session Hijacking
11. Release Number
Flags used by Established Line
Third Part of the IOS Version
Extended ACL format
no service tcp-small-servers
12. Startup-config can be deleted - copied - changed
Boot Network Vulnerabilities
Layer 2 Tunneling Protocol (L2TP)
Lower IP Extended ACL Range
Train Idenifier 'E'
13. When one network protocol called the payload protocol is encapsulated within a different delivery network - or provide a secure path through an untrusted network
Global Addresses
ACL to block spoofed IPs
Tunnel Mode
Tunneling
14. Datagram protocol used by some hosts to load their operating system over the network via a central repository of IOS software
no service udp-small-servers
Three Layers of Hierarchical Model
Train Identifier 'S'
BOOTP
15. An alternative for both standard and extended ACLs that allow you to refer to an ACL by a descriptive name instead of a number
Rerouting
SSH2
Named ACL
Encapsulation Security Payload (ESP)
16. The communication layer between the two other layers and provides network security - including ACLs - firewalls - any general public access servers and address translation; also known as the isolation LAN or DMZ
Transport Mode
Distribution Layer
SSH1
Network Address Translation (NAT)
17. Major Version
Eavesdropping and Information Theft
First Part of IOS Version
Static NAT
IP Mask Reply Vulnerabilities
18. Attack that involves sending a large amount of UDP Echo packets to a subnet's broadcast address with a spoofed source IP address from that subnet
NTP Vulnerabilities
ACL to block incoming loopback packets
Fraggle Attack
Static NAT
19. Allows the source IP host to specify a route through the IP network
IP Source Routing Vulnerabilities
Two Types of Router Access
Standard ACL format
IP Source Routing
20. UDP Port 514
Unicast Reverse-Path Forwarding (uRPF)
Standard ACL format
Network-to-Network Communications
syslog
21. A secure alternative to telnet for remote administration that supported in Enterprise versions of Cisco IOS
ACL to block telnet
ACL to block IP multicast
Networks
SSH
22. Layer 5
TCP SYN Attack
ACL to block a Land Attack
no ip mask-reply
L2TP Operating Layer
23. Forces the user to enter both a valid username and password
login local
TCP Intercept
Core Layer
Transport Layer Security (TLS) and Secure Sockets Layer (SSL)
24. Provides nonrepudiation - ensuring that traffic is from a trusted party
no ip mask-reply
Named ACL
L2TP Operating Layer
Authenticating Peers
25. No Known Vulnerability
TCP/UDP Discard Vulnerability
Network-to-Network Communications
no ip mask-reply
login local
26. Command used to disable HTTP Server
Boot Network
no ip http server
HTTP Tunneling
AUX Vulnerability
27. Form of dynamic NAT that maps multiple unregistered IP addresses to a single registered IP address by using different ports; limited to ~64 -000 hosts
IP Spoofing
TCP Intercept
Smurf Attack
Overloading
28. Refers to the addresses on the public internet
Outside
Privilege Levels 2-13
Encrypting Traffic
HTTP Vulnerability
29. Router threat that occurs when an attacker manipulates IP packets to falsify IP addresses - causing network disruptions as the router attempts to process the packet
SSH Identifier
Masquerading
Train Identifier 'B'
Cisco Express Forwarding (CEF)
30. Attack that involves transmitting a volume of connections that cannot be completed at the destination - causing the queue to fill up and denying service to legitimate user
SSH Operating Layer
TCP SYN Attack
Cisco Express Forwarding (CEF)
SSH2
31. 33400-34400
Global Addresses
Transport Layer Security (TLS) and Secure Sockets Layer (SSL)
Outside
UDP Traceroute Port Range
32. Access - Distribution - Core
Three Layers of Hierarchical Model
User Account Vulnerabilites
Static NAT
no ip unreachable
33. None - uses attached application protocol's port
Local Addresses
First Part of IOS Version
TLS/SSL Identifier
Common uses of Access Lists
34. Ip accesslist extended <name1> - permit IP any any reflect <filename> - ip accesslist extended <name2> - evaluate <filename> - int f0/0 - ip access-group <name1> out - ip access-group <name2> in
Syntax for Reflexive ACLs
ESP Operating Layer
Network Time Protocol (NTP)
Common uses of Access Lists
35. Ip access-list <standard | extended> name - permit TCP any any established
User Account Vulnerabilites
no ip finger - no service finger
SNMP
Named ACL Format
36. The environment - catastrophic events an unauthorized access
GRE Identifier
HTTP Operating Layer
IP Spoofing
Three Physical Security Vulnerabilities
37. Two - one Inbound or Evaluated and one Outbound or Reflected
Unicast Reverse-Path Forwarding (uRPF)
Layer 2 Tunneling Protocol (L2TP)
Minimum ACLs Required for Reflexive ACLs
Named ACL
38. Users - Host PC's - IP Addresses
Denial of Service (DoS)
Privilege Levels 2-13
Finger Vulnerabilities
ACL to block incoming loopback packets
39. Release Train Identifier
Fifth Part of the IOS Version
GRE Operating Layer
GRE Identifier
Encrypting Traffic
40. What Transport Mode is used for
Host-to-Host Communications
Three Layers of Hierarchical Model
Two Modes of IPSec
TCP/UDP Chargen Vulnerability
41. Router threat that occurs when an attacker manipulates IP packets to falsify IP addresses - causing network disruptions as the router attempts to process the packet
Fraggle Attack
Lower IP Extended ACL Range
IP Spoofing
Land Attack
42. PERMIT TCP ANY ANY ESTABLISHED
Eavesdropping and Information Theft
Named ACL
ACL to block TCP SYN Attack
Rerouting
43. Protects against repeating of secure sessions
Layer 2 Tunneling Protocol (L2TP)
IP Direct Broadcast Vulnerabilties
Anti-Replay
Boot Network Vulnerabilities
44. Can stop spoofed IP addresses
Distribution Layer
Reflexive ACL
Unauthorized Access
uRPF Strength
45. These ACLs filter by network or host IP addresses andspecific protocol type or port numbers - filters by source and destination
Layer 2 Tunneling Protocol (L2TP)
Train Identifier 'T'
Extended IP ACLs
Eavesdropping and Information Theft
46. Command to disable BOOTP Server
Encrypting Traffic
Third Part of the IOS Version
no ip bootp server
Extended ACL format
47. Command to disable TCP small server on a router
TCP Intercept
ESP Operating Layer
Authenticating Peers
no service tcp-small-servers
48. What Inside and Outside refer to in NAT
BOOTP
Devices
Common uses of Access Lists
IP Unreachable Vulnerabilities
49. The host can specify which route to take - which bypasses security
ACL to block IP multicast
IP Source Routing Vulnerabilities
Train Identifier 'T'
no service tcp-small-servers
50. Command to disable UDP small server on a router
Route Injection Attack
no service udp-small-servers
Two Protocols of Tunnel Mode
IP Source Routing
