SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Router Security
Start Test
Study First
Subject
:
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. What Transport Mode is used for
Flags used by Established Line
Fourth Part of the IOS Version
IPSec AH Identifier
Host-to-Host Communications
2. Form of dynamic NAT that maps multiple unregistered IP addresses to a single registered IP address by using different ports; limited to ~64 -000 hosts
HTTP Identifier
Overloading
Network Time Protocol (NTP)
SSH Identifier
3. Rebuild Number
Network Address Translation (NAT)
Authentication Header (AH)
Sixth (Optional) Part of the IOS Version
Masquerading
4. Can stop spoofed IP addresses
Uses for ACLs
AUX Vulnerability
Named ACL
uRPF Strength
5. Can discover vulnerabilities - network stats - and firewall discovery
Train Identifier 'B'
IP Unreachable Vulnerabilities
Minimum ACLs Required for Reflexive ACLs
Finger Vulnerabilities
6. Transport and Tunnel
Two Modes of IPSec
Access List Rules
Privilege Level 1
IP Direct Broadcast Vulnerabilties
7. Command used to disable NTP on an interface
ACL to block TCP SYN Attack
BOOTP Vulnerabilities
Route Injection Attack
ntp disable
8. Refers to addresses used on the organization's private network
Boot Network Vulnerabilities
Distribution Layer
uRPF Strength
Global Addresses
9. Command to disable BOOTP Server
IP Directed Broadcast
GRE Operating Layer
Smurf Attack
no ip bootp server
10. Four TCP/UDP Small Server commands recommended to disable
echo - chargen - discard - daytime
Integrity Validation
ntp disable
Secure Shell (SSH)
11. TCP only - used to filter inbound traffic while allowing return TCP sessions - can be spoofed by attackers and cannot be used with Active FTP
Train Identifier 'B'
SSH1
no ip finger - no service finger
Established Line
12. Local and Remote
CDP Vulnerabilities
no ip redirect
Two Types of Router Access
Authenticating Peers
13. DENY TCP ANY HOST <IP Address> EQ 23
Access List Rules
ACL to block telnet
TCP Intercept
Privilege Level 0
14. Attack that involves a multitude of compromised system attack a single target - denying service to it by exploiting one 'master' system that communicates with other 'zombie' systems
Local Addresses
Established Line
Distributed Denial of Service Attacks
Syntax for Reflexive ACLs
15. Public IP address after translation
TCP/UDP Discard Vulnerability
Cisco Express Forwarding (CEF)
Outside Global Address
Distributed Denial of Service Attacks
16. ESP - SSH - SSL/TLP
BOOTP Vulnerabilities
Flags used by Established Line
Internet Protocol Security (IPSec)
Encrypted Tunneling Methods
17. Ip access-list <standard | extended> name - permit TCP any any established
Named ACL Format
Higher IP Extended ACL Range
Common uses of Access Lists
Unauthorized Access
18. Protects against repeating of secure sessions
Anti-Replay
Fraggle Attack
Train Identifier 'S'
IP Directed Broadcast
19. Cryptographic protocols that provide secure communications on the Internet for such thing as WWW - email - faxing - IM - and other data transfers
TLS/SSL Layer
Transport Layer Security (TLS) and Secure Sockets Layer (SSL)
ESP Identifier
ACL to block a Smurf Attack or Fraggle Attack
20. A suite of protocols for securing Internet Protocol communications by authenticating and/or encrypting each IP packet in a data stream
HTTP Tunneling
Minimum ACLs Required for Reflexive ACLs
Unicast Reverse-Path Forwarding (uRPF)
Internet Protocol Security (IPSec)
21. TCP and UDP Port 161
TCP/UDP Chargen Vulnerability
no ip http server
Distributed Denial of Service Attacks
SNMP
22. Release Number
Named ACL Format
TCP/UDP Echo Vulnerability
Third Part of the IOS Version
Dynamic NAT
23. These ACLs filter by network or host IP addresses andspecific protocol type or port numbers - filters by source and destination
Overloading
Extended IP ACLs
Authentication Header (AH)
Higher IP Standard ACL Range
24. 1300-1999
Boot Network
Higher IP Standard ACL Range
HTTPS Strength
Land Attack
25. Authentication Header (AH) and Encapsulated Security Payload (ESP)
HTTP Vulnerability
IP Unreachable Vulnerabilities
IP Source Routing
Two Protocols of Tunnel Mode
26. A secure alternative to telnet for remote administration that supported in Enterprise versions of Cisco IOS
Inside
Third Part of the IOS Version
SSH
SSH2
27. Major Version
First Part of IOS Version
Layer 2 Tunneling Protocol (L2TP)
Telnet - HTTP - SNMP Vulnerability
SSH Identifier
28. Major Version - Minor Version - Release - Interim Build - Release Train Identifier
General Format of Cisco IOS Version
Masquerading
Internet Protocol Security (IPSec)
HTTP Tunneling
29. Private IP address after translation
CDP Vulnerabilities
Requirements for Reflexive TCP to be removed
Inside Global Address
Land Attack
30. When one network protocol called the payload protocol is encapsulated within a different delivery network - or provide a secure path through an untrusted network
Tunneling
General Format of Cisco IOS Version
SNMP Vulnerabilities
Overloading
31. Allows packets to be filtered based on upper-layer session information - only uses extended temporary ACL's and must be named - applied on border routers
AUX Vulnerability
Higher IP Standard ACL Range
Reflexive ACL
Boot Network
32. Protocol that allows data to be exchanged using a secure channel between two computers via encryption
Named ACL Format
Secure Shell (SSH)
Session Hijacking
Outside Local Address
33. Provides nonrepudiation - ensuring that traffic is from a trusted party
IP Unreachable Vulnerabilities
Established Line
Authenticating Peers
no service tcp-small-servers
34. DENY IP <Network ID> <Network WC Mask> ANY
ACL to block spoofed IPs
SSH
Unicast Reverse-Path Forwarding (uRPF)
HTTP Vulnerability
35. A method of bypassing firewall or proxy restrictions by making the firewall think that it is getting traffic from a web browser
Third Part of the IOS Version
HTTP Tunneling
Masquerading
no ip bootp server
36. Ip accesslist extended <name1> - permit IP any any reflect <filename> - ip accesslist extended <name2> - evaluate <filename> - int f0/0 - ip access-group <name1> out - ip access-group <name2> in
Syntax for Reflexive ACLs
Reflexive ACL
Three Layers of Hierarchical Model
IP Source Routing Vulnerabilities
37. Block spoofed IP packets - block loopback packets - block IP multicast if unused - block ICMP redirects - Block telnet if not used
Standard IP ACLs
Common uses of Access Lists
Higher IP Standard ACL Range
Reflexive ACL
38. Release Train Identifier
Denial of Service (DoS)
Fifth Part of the IOS Version
Privilege Level 15
SSH
39. Refers to the organization's private network
ntp disable
Inside
Cisco Express Forwarding (CEF)
SNMP Trap
40. TCP Port 80
Common uses of Access Lists
HTTP Identifier
General Format of Cisco IOS Version
Outside
41. Uses server and host keys to authenticate systems
HTTPS Strength
BOOTP Vulnerabilities
TCP Load Distribution
SSH1
42. Broadcast
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
43. Attack that involves sending a large amount of UDP Echo packets to a subnet's broadcast address with a spoofed source IP address from that subnet
Train Idenifier 'E'
Three Physical Security Vulnerabilities
TCP/UDP Daytime Vulnerability
Fraggle Attack
44. Access - Distribution - Core
Three Layers of Hierarchical Model
General Format of Cisco IOS Version
Static NAT
Eavesdropping and Information Theft
45. Can copy - poison - corrupt - or delete the IOS
AUX Vulnerability
Devices
BOOTP Vulnerabilities
IP Source Routing
46. An extension of static mapping which allows for one global address to be mapped to multiple inside addresses; can be used for websites with multiple back end servers
TCP Load Distribution
Fourth Part of the IOS Version
TCP/UDP Discard Vulnerability
Extended ACL format
47. Buffer Overflow
BOOTP
TCP/UDP Chargen Vulnerability
Smurf Attack
Requirements for Reflexive TCP to be removed
48. These ACLs filter by network or host IP address and only filter on source
Standard IP ACLs
NTP Vulnerabilities
Fraggle Attack
IP Direct Broadcast Vulnerabilties
49. Helps to mitigate problems that are caused by the introduction of malformed or spoofed IP source addresses into a network by discarding packets lacking a verifiable IP source address
Unicast Reverse-Path Forwarding (uRPF)
GRE Identifier
Syntax for Reflexive ACLs
HTTP Operating Layer
50. Time can be changed - Routing Table can be killed
SSH Operating Layer
NTP Vulnerabilities
Two Types of Router Access
inger Server
