SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
Search
Test your basic knowledge |
Router Security
Start Test
Study First
Subject
:
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Command used to disable NTP on an interface
DNS Lookup Vulnerability
ntp disable
Rerouting
Internet Protocol Security (IPSec)
2. UDP Port 514
TLS/SSL Identifier
syslog
Access List Rules
Authentication Header (AH)
3. DENY IP <Network ID> <Network WC Mask> ANY
DNS Lookup Vulnerability
Inside Global Address
ACL to block spoofed IPs
Common uses of Access Lists
4. Router threat that includes manipulating router updates to cause traffic to flow to unauthorized destinations
Privilege Level 1
Outside Local Address
Route Injection Attack
IPSec AH Identifier
5. Helps to mitigate problems that are caused by the introduction of malformed or spoofed IP source addresses into a network by discarding packets lacking a verifiable IP source address
Cisco Discovery Protocol (CDP)
Unicast Reverse-Path Forwarding (uRPF)
L2TP Operating Layer
ACL to block telnet
6. Release Train Identifier
Encrypting Traffic
Denial of Service (DoS)
Access Layer
Fifth Part of the IOS Version
7. Provides nonrepudiation - ensuring that traffic is from a trusted party
Lower IP Extended ACL Range
Authenticating Peers
GRE Operating Layer
Access List Rules
8. Proprietary - used by Cisco routers and switches use to identify each other on LAN and WAN segments
echo - chargen - discard - daytime
Cisco Discovery Protocol (CDP)
SSH Operating Layer
ACL to block IP multicast
9. 33400-34400
Authentication Header (AH)
UDP Traceroute Port Range
HTTP Operating Layer
Lower IP Standard ACL Range
10. Layer 7
SSH Operating Layer
TCP Intercept Watch Mode
TCP/UDP Daytime Vulnerability
ACL to block spoofed IPs
11. Uses SSL port 443
HTTPS Strength
Fifth Part of the IOS Version
Named ACL Format
Syntax for Reflexive ACLs
12. Public IP address before translation
TCP Intercept Watch Mode
ACL to block TCP SYN Attack
Integrity Validation
Outside Local Address
13. When one network protocol called the payload protocol is encapsulated within a different delivery network - or provide a secure path through an untrusted network
Second Part of IOS Version
Transport Layer Security (TLS) and Secure Sockets Layer (SSL)
Outside
Tunneling
14. Plaintext
Telnet - HTTP - SNMP Vulnerability
Sixth (Optional) Part of the IOS Version
Route Injection Attack
Inside
15. Authentication Header (AH) and Encapsulated Security Payload (ESP)
Two Protocols of Tunnel Mode
Extended IP ACLs
no service tcp-small-servers
ntp disable
16. TCP Port 22
Higher IP Standard ACL Range
Encapsulation Security Payload (ESP)
SSH Identifier
Transport Layer Security (TLS) and Secure Sockets Layer (SSL)
17. Must be made at global config mode - created from CON/VTY session or text file - read top to bottom - applied at the interface and only one ACL per direction - per protocol - per interface
Privilege Level 15
Inside Local Address
Distributed Denial of Service Attacks
Access List Rules
18. Interim Build Number
Transport Mode
Core Layer
Fourth Part of the IOS Version
SSH Operating Layer
19. Attack that involves sending a large amount of UDP Echo packets to a subnet's broadcast address with a spoofed source IP address from that subnet
Boot Network
Fraggle Attack
TCP Intercept Watch Mode
Devices
20. Lists interfaces - routing table - ARP table - physical and network addresses - time last booted
Dynamic NAT
SNMP Vulnerabilities
IP Unreachable Vulnerabilities
SNMP Trap
21. This server is used for querying a host about its logged in users
inger Server
Layer 2 Tunneling Protocol (L2TP)
Authentication Header (AH)
Standard IP ACLs
22. Provides a checksum - ensuring traffic has not been modified along it's path
Integrity Validation
BOOTP Vulnerabilities
ACL to block telnet
Networks
23. Tunnel Mode Protocol provides confidentiality - along with authentication and integrity protection with encryption
no ip bootp server
Access List Rules
TCP Intercept Watch Mode
Encapsulation Security Payload (ESP)
24. Command to disable BOOTP Server
Two Modes of IPSec
no ip bootp server
General Format of Cisco IOS Version
Higher IP Standard ACL Range
25. TCP Port 80
Cisco Discovery Protocol (CDP)
Networks
HTTP Identifier
NTP Vulnerabilities
26. What Transport Mode is used for
SNMP Trap
login local
Authenticating Peers
Host-to-Host Communications
27. Access - Distribution - Core
Cisco Express Forwarding (CEF)
Integrity Validation
Three Layers of Hierarchical Model
Distributed Denial of Service Attacks
28. Forces the user to enter both a valid username and password
Network-to-Network Communications
ACL to block incoming loopback packets
login local
Lower IP Standard ACL Range
29. ESP - SSH - SSL/TLP
CDP Vulnerabilities
TCP/UDP Echo Vulnerability
Tunneling
Encrypted Tunneling Methods
30. This layer controls user and workgroup acess to the Internetwork resources at the local level using segmentation of networks to create separate collision domains - AKA an organization's trusted network
Extended ACL format
Train Identifier 'S'
L2TP Identifier
Access Layer
31. UDP Port 1701
no ip http server
L2TP Identifier
IPSec AH Operating Layer
Standard ACL format
32. Refers to the addresses on the public internet
Outside
Train Idenifier 'E'
Telnet - HTTP - SNMP Vulnerability
Train Identifier 'T'
33. Broadcast
34. Local IP address before translation
SNMP Trap
HTTP Vulnerability
HTTPS Strength
Inside Local Address
35. A method of bypassing firewall or proxy restrictions by making the firewall think that it is getting traffic from a web browser
TCP/UDP Daytime Vulnerability
HTTP Tunneling
no ip http server
IP Spoofing
36. Command to disable CDP on a router
ACL to block IP multicast
HTTP Vulnerability
no cdp run
User Account Vulnerabilites
37. Layer 7
User Account Vulnerabilites
Three Physical Security Vulnerabilities
ACL to block TCP SYN Attack
HTTP Operating Layer
38. Allows for a one-to-one translation of local to global addresses; used by web servers and mail servers so that users can connect to them via their global address
Static NAT
Two Protocols of Tunnel Mode
echo - chargen - discard - daytime
Extended IP ACLs
39. A suite of protocols for securing Internet Protocol communications by authenticating and/or encrypting each IP packet in a data stream
Network Time Protocol (NTP)
Train Identifier 'S'
Internet Protocol Security (IPSec)
Higher IP Standard ACL Range
40. Major Version - Minor Version - Release - Interim Build - Release Train Identifier
General Format of Cisco IOS Version
HTTP Operating Layer
SSH Identifier
Standard IP ACLs
41. When a router acts as an intermediary for ARP queries on selected interfaces and enabling transparent access between multiple LAN segments
Proxy ARP
Tunnel Mode
Privilege Levels 2-13
Uses for ACLs
42. Cisco default tunneling protocol that uses multicast addressing without encryption and is designed to encapsulate a wide variety of network layer packets inside IP tunneling packets
Route Injection Attack
IP Mask Reply Vulnerabilities
inger Server
Generic Routing Encapsulation (GRE)
43. Access-list <number> <deny | permit> source source-wildcard log
General Format of Cisco IOS Version
ACL to block incoming loopback packets
Train Identifier 'S'
Standard ACL format
44. None - uses attached application protocol's port
TLS/SSL Identifier
Higher IP Extended ACL Range
TCP/UDP Chargen Vulnerability
TLS/SSL Layer
45. 0x33 or 51
First Part of IOS Version
Session Hijacking
Tunnel Mode
IPSec AH Identifier
46. 2000-2699
Lower IP Extended ACL Range
Three Physical Security Vulnerabilities
Uses for ACLs
UDP Traceroute Port Range
47. Software that blocks packets from unreachable hosts - thus allowing only reachable external hosts to initiate connections to a host on an internal network
ACL to block spoofed IPs
L2TP Operating Layer
TCP Intercept
Two Protocols of Tunnel Mode
48. Two - one Inbound or Evaluated and one Outbound or Reflected
Extended IP ACLs
Privilege Level 0
Minimum ACLs Required for Reflexive ACLs
Eavesdropping and Information Theft
49. Protocol used to keep their time-of-day clocks accurate and in sync
Network Time Protocol (NTP)
HTTP Tunneling
Train Idenifier 'E'
Overloading
50. Allows packets to be filtered based on upper-layer session information - only uses extended temporary ACL's and must be named - applied on border routers
ACL to block TCP SYN Attack
Reflexive ACL
ACL to block a Smurf Attack or Fraggle Attack
Masquerading
