SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Router Security
Start Test
Study First
Subject
:
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. None - uses attach application protocol's layer
Outside Local Address
Land Attack
Three Layers of Hierarchical Model
TLS/SSL Layer
2. 0x33 or 51
IPSec AH Identifier
SNMP
Telnet - HTTP - SNMP Vulnerability
Two Protocols of Tunnel Mode
3. Authentication Header (AH) and Encapsulated Security Payload (ESP)
Two Protocols of Tunnel Mode
Land Attack
Distribution Layer
no ip mask-reply
4. Must be made at global config mode - created from CON/VTY session or text file - read top to bottom - applied at the interface and only one ACL per direction - per protocol - per interface
Access List Rules
Layer 2 Tunneling Protocol (L2TP)
Proxy ARP Vulnerabilities
Route Injection Attack
5. 2000-2699
Lower IP Extended ACL Range
Higher IP Extended ACL Range
TCP SYN Attack
no service tcp-small-servers
6. 2000-2699
Outside Local Address
ACL to block a Land Attack
Lower IP Extended ACL Range
L2TP Identifier
7. Tunnel Mode Protocol provides confidentiality - along with authentication and integrity protection with encryption
TCP/UDP Chargen Vulnerability
Encapsulation Security Payload (ESP)
SNMP
General Format of Cisco IOS Version
8. Command to disable BOOTP Server
no ip bootp server
Local Addresses
Requirements for Reflexive TCP to be removed
Named ACL
9. TCP Port 80
HTTP Identifier
Syntax for Reflexive ACLs
Higher IP Standard ACL Range
Denial of Service (DoS)
10. UDP Port 514
IPSec AH Operating Layer
Reflexive ACL
Rerouting
syslog
11. An alternative for both standard and extended ACLs that allow you to refer to an ACL by a descriptive name instead of a number
IP Spoofing
Privilege Level 15
TCP/UDP Discard Vulnerability
Named ACL
12. Mode where the entire packet is encrypted and/or authenticated - requiring a new IP packet to be encapsulated
Smurf Attack
Minimum ACLs Required for Reflexive ACLs
Unicast Reverse-Path Forwarding (uRPF)
Tunnel Mode
13. Provides nonrepudiation - ensuring that traffic is from a trusted party
Authenticating Peers
Cisco Discovery Protocol (CDP)
Unicast Reverse-Path Forwarding (uRPF)
Cisco Express Forwarding (CEF)
14. Can obtain CIDR and router ID
Generic Routing Encapsulation (GRE)
Train Idenifier 'E'
Encrypting Traffic
IP Mask Reply Vulnerabilities
15. PERMIT TCP ANY ANY ESTABLISHED
ACL to block TCP SYN Attack
no ip unreachable
Internet Protocol Security (IPSec)
ACL to block a Land Attack
16. Software that passively monitors the connection requests flowing through the router; if a connection fails - the software sends a Reset to the server to clear up its state
Requirements for Reflexive TCP to be removed
Train Identifier 'B'
Local Addresses
TCP Intercept Watch Mode
17. Attack that involves sending a packet to the router with the same IP address in the source and destination address fields - as well as the same port number in the source and destination port field - causing a denial of service
Three Layers of Hierarchical Model
HTTP Identifier
Land Attack
Session Hijacking
18. Lists interfaces - routing table - ARP table - physical and network addresses - time last booted
ACL to block incoming loopback packets
SNMP Vulnerabilities
HTTP Operating Layer
Generic Routing Encapsulation (GRE)
19. Router threat that includes manipulating router updates to cause traffic to flow to unauthorized destinations
Lower IP Extended ACL Range
SNMP Trap
Rerouting
IP Directed Broadcast
20. Router to Router Denial of Service
Flags used by Established Line
ACL to block spoofed IPs
TCP/UDP Echo Vulnerability
Extended ACL format
21. 33400-34400
Second Part of IOS Version
UDP Traceroute Port Range
IP Source Routing Vulnerabilities
Cisco Discovery Protocol (CDP)
22. Allows packets to be filtered based on upper-layer session information - only uses extended temporary ACL's and must be named - applied on border routers
Reflexive ACL
HTTP Tunneling
Second Part of IOS Version
Devices
23. Uses only host keys to authenticate systems
Tunnel Mode
ESP Operating Layer
SSH2
inger Server
24. Layer 3
IPSec AH Operating Layer
no cdp run
ntp disable
Generic Routing Encapsulation (GRE)
25. Startup-config can be deleted - copied - changed
Authenticating Peers
Host-to-Host Communications
Boot Network Vulnerabilities
Two Protocols of Tunnel Mode
26. Command used to disable the ICMP message Host Unreachable
Lower IP Standard ACL Range
Lower IP Extended ACL Range
login local
no ip unreachable
27. The environment - catastrophic events an unauthorized access
Train Idenifier 'E'
Three Physical Security Vulnerabilities
no ip finger - no service finger
Privilege Levels 2-13
28. Protocol that allows data to be exchanged using a secure channel between two computers via encryption
Second Part of IOS Version
Denial of Service (DoS)
IP Unreachable Vulnerabilities
Secure Shell (SSH)
29. Protects against repeating of secure sessions
Anti-Replay
HTTP Operating Layer
Proxy ARP
Tunneling
30. Access-list <number> <deny | permit> source source-wildcard log
IP Direct Broadcast Vulnerabilties
no ip unreachable
TCP/UDP Discard Vulnerability
Standard ACL format
31. Data link layer protocol used for tunneling network traffic between two peers over an existing network - often used with IPsec to secure packets
SSH
Layer 2 Tunneling Protocol (L2TP)
Tunnel Mode
Fraggle Attack
32. Command used to disable NTP on an interface
Privilege Level 1
Network Time Protocol (NTP)
ntp disable
Proxy ARP Vulnerabilities
33. No Known Vulnerability
Rerouting
Standard IP ACLs
HTTP Vulnerability
TCP/UDP Discard Vulnerability
34. This layer controls user and workgroup acess to the Internetwork resources at the local level using segmentation of networks to create separate collision domains - AKA an organization's trusted network
ACL to block telnet
Access Layer
Transport Layer Security (TLS) and Secure Sockets Layer (SSL)
no service tcp-small-servers
35. 1300-1999
no ip unreachable
Higher IP Standard ACL Range
Host-to-Host Communications
echo - chargen - discard - daytime
36. A method of bypassing firewall or proxy restrictions by making the firewall think that it is getting traffic from a web browser
Integrity Validation
Networks
HTTP Tunneling
no service udp-small-servers
37. Major Version - Minor Version - Release - Interim Build - Release Train Identifier
ACL to block incoming loopback packets
TLS/SSL Identifier
General Format of Cisco IOS Version
SNMP
38. Minor Version
no service udp-small-servers
NTP Vulnerabilities
Train Idenifier 'E'
Second Part of IOS Version
39. Interim Build Number
TCP/UDP Daytime Vulnerability
Train Identifier 'T'
Fourth Part of the IOS Version
Extended IP ACLs
40. DENY IP HOST <Inbound IP Address> HOST <Inbound IP Address>
HTTP Identifier
IP Source Routing Vulnerabilities
ACL to block a Land Attack
Host-to-Host Communications
41. Two - one Inbound or Evaluated and one Outbound or Reflected
Distributed Denial of Service Attacks
IPSec AH Identifier
SNMP Trap
Minimum ACLs Required for Reflexive ACLs
42. Helps to mitigate problems that are caused by the introduction of malformed or spoofed IP source addresses into a network by discarding packets lacking a verifiable IP source address
Three Physical Security Vulnerabilities
TCP/UDP Echo Vulnerability
Cisco Express Forwarding (CEF)
Unicast Reverse-Path Forwarding (uRPF)
43. Proprietary - used by Cisco routers and switches use to identify each other on LAN and WAN segments
HTTP Tunneling
SSH
General Format of Cisco IOS Version
Cisco Discovery Protocol (CDP)
44. Command to disable UDP small server on a router
TCP/UDP Chargen Vulnerability
Fourth Part of the IOS Version
no service udp-small-servers
no ip http server
45. Ip accesslist extended <name1> - permit IP any any reflect <filename> - ip accesslist extended <name2> - evaluate <filename> - int f0/0 - ip access-group <name1> out - ip access-group <name2> in
Overloading
GRE Identifier
Syntax for Reflexive ACLs
TCP Intercept Watch Mode
46. Command to disable TCP small server on a router
no service tcp-small-servers
Train Idenifier 'E'
Two Modes of IPSec
HTTP Vulnerability
47. Refers to addresses used on the organization's private network
Dynamic NAT
Fourth Part of the IOS Version
Local Addresses
SNMP Trap
48. Uses server and host keys to authenticate systems
Authentication Header (AH)
Privilege Level 0
SSH1
TCP SYN Attack
49. Protocol used to keep their time-of-day clocks accurate and in sync
Session Hijacking
Network Time Protocol (NTP)
Lower IP Standard ACL Range
Privilege Level 1
50. Accounts without passwords - Type 7 encryption - account privilege higher than 1 - able to be fingered
Global Addresses
Tunnel Mode
User Account Vulnerabilites
Two Types of Router Access