SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Router Security
Start Test
Study First
Subject
:
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Top of the hierarchy - responsible for transporting large amounts of traffic both reliably and quickly and switching traffic as fast as possible throughout the internet
no ip redirect
TCP/UDP Echo Vulnerability
Eavesdropping and Information Theft
Core Layer
2. Accounts without passwords - Type 7 encryption - account privilege higher than 1 - able to be fingered
User Account Vulnerabilites
IP Directed Broadcast
Minimum ACLs Required for Reflexive ACLs
no service udp-small-servers
3. Router threat that includes manipulating router updates to cause traffic to flow to unauthorized destinations
Train Identifier 'B'
AUX Vulnerability
Proxy ARP Vulnerabilities
Rerouting
4. Layer 3
IPSec AH Operating Layer
Cisco Express Forwarding (CEF)
ACL to block incoming loopback packets
SSH2
5. Must be made at global config mode - created from CON/VTY session or text file - read top to bottom - applied at the interface and only one ACL per direction - per protocol - per interface
Flags used by Established Line
Access List Rules
ntp disable
Inside Local Address
6. When one network protocol called the payload protocol is encapsulated within a different delivery network - or provide a secure path through an untrusted network
Tunneling
HTTP Vulnerability
Anti-Replay
Inside Local Address
7. Command used to disable the ICMP message Host Unreachable
GRE Identifier
TCP/UDP Discard Vulnerability
no ip unreachable
Train Idenifier 'E'
8. Broadcast
9. Refers to the addresses on the public internet
Outside
Train Identifier 'S'
TCP Intercept Watch Mode
Masquerading
10. Public IP address after translation
ACL to block a Land Attack
Land Attack
Proxy ARP
Outside Global Address
11. These ACLs filter by network or host IP addresses andspecific protocol type or port numbers - filters by source and destination
Standard ACL format
Extended IP ACLs
inger Server
Train Idenifier 'E'
12. Provides nonrepudiation - ensuring that traffic is from a trusted party
login local
Authenticating Peers
no ip bootp server
ESP Identifier
13. Command used to disable NTP on an interface
Inside Local Address
Network Time Protocol (NTP)
ESP Operating Layer
ntp disable
14. DENY IP ANY HOST <Broadcast Address>
Inside Local Address
ACL to block a Smurf Attack or Fraggle Attack
Outside Global Address
Flags used by Established Line
15. Software that passively monitors the connection requests flowing through the router; if a connection fails - the software sends a Reset to the server to clear up its state
Encrypting Traffic
ACL to block IP multicast
TCP Intercept Watch Mode
SSH
16. 0x2F - or 47
GRE Identifier
TCP Intercept
Two Protocols of Tunnel Mode
Outside
17. Layer 7
syslog
Networks
Two Types of Router Access
SSH Operating Layer
18. Major Version
First Part of IOS Version
Network Time Protocol (NTP)
Generic Routing Encapsulation (GRE)
Land Attack
19. 1300-1999
Boot Network Vulnerabilities
Outside Global Address
Higher IP Standard ACL Range
Three Physical Security Vulnerabilities
20. Form of dynamic NAT that maps multiple unregistered IP addresses to a single registered IP address by using different ports; limited to ~64 -000 hosts
Outside Global Address
Overloading
SNMP
Boot Network Vulnerabilities
21. Technology
22. Helps to mitigate problems that are caused by the introduction of malformed or spoofed IP source addresses into a network by discarding packets lacking a verifiable IP source address
Two Modes of IPSec
First Part of IOS Version
Unicast Reverse-Path Forwarding (uRPF)
Train Identifier 'T'
23. Lists interfaces - routing table - ARP table - physical and network addresses - time last booted
HTTP Tunneling
Privilege Level 0
SNMP Vulnerabilities
no ip http server
24. Service Provider
25. 33400-34400
Overloading
Encapsulation Security Payload (ESP)
UDP Traceroute Port Range
Three Physical Security Vulnerabilities
26. Public IP address before translation
Named ACL Format
Rerouting
Outside Local Address
Higher IP Extended ACL Range
27. Time can be changed - Routing Table can be killed
SSH
Requirements for Reflexive TCP to be removed
NTP Vulnerabilities
SNMP
28. Privilege level that restricts users to five commands (enable - disable - exit - help quit)
Three Layers of Hierarchical Model
no ip finger - no service finger
Privilege Level 0
Internet Protocol Security (IPSec)
29. Command used to disable HTTP Server
Three Physical Security Vulnerabilities
no ip http server
no ip finger - no service finger
CDP Vulnerabilities
30. Layer 7
Core Layer
HTTP Operating Layer
SSH2
Devices
31. Command used to disable the ICMP message Address Mask Reply
Generic Routing Encapsulation (GRE)
Encapsulation Security Payload (ESP)
Inside Global Address
no ip mask-reply
32. The communication layer between the two other layers and provides network security - including ACLs - firewalls - any general public access servers and address translation; also known as the isolation LAN or DMZ
IPSec AH Operating Layer
Masquerading
Distribution Layer
DNS Lookup Vulnerability
33. Router threat that occurs when an attacker manipulates IP packets to falsify IP addresses - causing network disruptions as the router attempts to process the packet
no service udp-small-servers
BOOTP
IP Spoofing
Privilege Level 1
34. An extension of static mapping which allows for one global address to be mapped to multiple inside addresses; can be used for websites with multiple back end servers
Local Addresses
Networks
Access List Rules
TCP Load Distribution
35. Ip access-list <standard | extended> name - permit TCP any any established
Named ACL Format
syslog
Extended IP ACLs
First Part of IOS Version
36. DENY IP HOST <Inbound IP Address> HOST <Inbound IP Address>
ACL to block a Land Attack
Global Addresses
Named ACL
Train Identifier 'B'
37. ACK and RST
HTTP Vulnerability
Flags used by Established Line
Requirements for Reflexive TCP to be removed
ntp disable
38. The environment - catastrophic events an unauthorized access
SNMP Trap
Local Addresses
Three Physical Security Vulnerabilities
Train Identifier 'T'
39. Attack that involves sending a large amount of UDP Echo packets to a subnet's broadcast address with a spoofed source IP address from that subnet
Dynamic NAT
Overloading
GRE Identifier
Fraggle Attack
40. Access - Distribution - Core
Devices
Three Layers of Hierarchical Model
Fifth Part of the IOS Version
no ip http server
41. 0x33 or 51
IPSec AH Identifier
L2TP Operating Layer
NTP Vulnerabilities
Distribution Layer
42. Access-list <number <deny | permit> source source-wildcard source-qualifier destination dest-wildcard dest-qualifier <log | log-input>
Encapsulation Security Payload (ESP)
Extended ACL format
no service tcp-small-servers
Telnet - HTTP - SNMP Vulnerability
43. Enterprise
44. Device - Hostname - IOS - IP Address - Ports - Model
Outside Local Address
no ip unreachable
Access List Rules
CDP Vulnerabilities
45. Attack that involves sending a packet to the router with the same IP address in the source and destination address fields - as well as the same port number in the source and destination port field - causing a denial of service
Land Attack
Boot Network
Anti-Replay
TLS/SSL Layer
46. Tunnel Mode Protocol provides integrity - authentication - and non-repudiation and operates directly on top of IP
Proxy ARP
Authentication Header (AH)
IP Direct Broadcast Vulnerabilties
ACL to block a Land Attack
47. None - uses attached application protocol's port
Extended ACL format
Fifth Part of the IOS Version
TLS/SSL Identifier
Lower IP Standard ACL Range
48. Four TCP/UDP Small Server commands recommended to disable
Two Protocols of Tunnel Mode
Inside Local Address
BOOTP Vulnerabilities
echo - chargen - discard - daytime
49. Minor Version
Train Idenifier 'E'
General Format of Cisco IOS Version
login local
Second Part of IOS Version
50. Attack that involves sending a large amount of ICMP Echo packets to a subnet's broadcast address with a spoofed source IP address from that subnet
HTTPS Strength
TCP Intercept
Unicast Reverse-Path Forwarding (uRPF)
Smurf Attack
