Test your basic knowledge |

Router Security

Subject : it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Access-list <number> <deny | permit> source source-wildcard log
Standard ACL format
Common uses of Access Lists
IPSec AH Identifier
IP Spoofing

2. Layer 7
Requirements for Reflexive TCP to be removed
ESP Identifier
Extended IP ACLs
HTTP Operating Layer

3. UDP Port 1701
ACL to block IP multicast
Syntax for Reflexive ACLs
Inside
L2TP Identifier

4. Device - Hostname - IOS - IP Address - Ports - Model
no ip unreachable
Networks
CDP Vulnerabilities
Host-to-Host Communications

5. Rebuild Number
Sixth (Optional) Part of the IOS Version
Proxy ARP
Extended ACL format
uRPF Strength

6. The environment - catastrophic events an unauthorized access
ACL to block spoofed IPs
no ip http server
Three Physical Security Vulnerabilities
SSH2

7. Command to disable UDP small server on a router
Three Physical Security Vulnerabilities
Privilege Levels 2-13
no service udp-small-servers
Standard ACL format

8. Privilege level that has Global administration capabilities
Higher IP Standard ACL Range
Network-to-Network Communications
ACL to block IP multicast
Privilege Level 15

9. Command used to disable the ICMP message Redirect
Telnet - HTTP - SNMP Vulnerability
Internet Protocol Security (IPSec)
Privilege Level 15
no ip redirect

10. What Tunnel Mode is used for
Network-to-Network Communications
Reflexive ACL
ACL to block a Smurf Attack or Fraggle Attack
Established Line

11. 2000-2699
Lower IP Extended ACL Range
Inside Global Address
Masquerading
CDP Vulnerabilities

12. Router threat that refers to willful attempts to cause such disruptions by overwhelming the targeted system with improperly formatted traffic
Secure Shell (SSH)
Denial of Service (DoS)
Finger Vulnerabilities
Rerouting

13. A method of bypassing firewall or proxy restrictions by making the firewall think that it is getting traffic from a web browser
Cisco Express Forwarding (CEF)
IP Spoofing
HTTP Tunneling
Access Layer

14. Attack that involves sending a large amount of UDP Echo packets to a subnet's broadcast address with a spoofed source IP address from that subnet
Dynamic NAT
Cisco Discovery Protocol (CDP)
echo - chargen - discard - daytime
Fraggle Attack

15. Dialer List - Routing Maps - Dynamic Routing Protocols - Controlling Remote Access - NAT'ing - Traffic Filtering
no ip redirect
Uses for ACLs
IP Direct Broadcast Vulnerabilties
TLS/SSL Identifier

16. Allows for a one-to-one translation of local to global addresses; used by web servers and mail servers so that users can connect to them via their global address
Higher IP Extended ACL Range
Static NAT
TCP Load Distribution
Uses for ACLs

17. These ACLs filter by network or host IP addresses andspecific protocol type or port numbers - filters by source and destination
Extended IP ACLs
SSH Identifier
Privilege Level 1
Privilege Level 0

18. Local IP address before translation
Telnet - HTTP - SNMP Vulnerability
Inside Local Address
Smurf Attack
Minimum ACLs Required for Reflexive ACLs

19. Rewrites the and/or destination IP address of IP packets as they pass through a router or firewall from private to public addresses
Network Address Translation (NAT)
TCP/UDP Chargen Vulnerability
login local
Transport Layer Security (TLS) and Secure Sockets Layer (SSL)

20. Privilege level that is restricted to basic level operations
Overloading
no ip http server
Privilege Level 1
TLS/SSL Layer

21. 0x32 - or 50
BOOTP
Train Identifier 'S'
ESP Identifier
TCP SYN Attack

22. Router threat that involves the unauthorized viewing and collection of network traffic; usually accomplished with a packet sniffing program
HTTPS Strength
Denial of Service (DoS)
Eavesdropping and Information Theft
Second Part of IOS Version

23. Ip access-list <standard | extended> name - permit TCP any any established
IP Source Routing
General Format of Cisco IOS Version
Static NAT
Named ACL Format

24. Datagram protocol used by some hosts to load their operating system over the network via a central repository of IOS software
uRPF Strength
BOOTP
ACL to block IP multicast
Unauthorized Access

25. None - uses attach application protocol's layer
HTTP Vulnerability
Minimum ACLs Required for Reflexive ACLs
TLS/SSL Layer
Transport Layer Security (TLS) and Secure Sockets Layer (SSL)

26. Layer 5
L2TP Operating Layer
IPSec AH Identifier
Second Part of IOS Version
Inside

27. Command used to disable the ICMP message Address Mask Reply
Proxy ARP
ACL to block IP multicast
Static NAT
no ip mask-reply

28. Protects against repeating of secure sessions
HTTP Vulnerability
Secure Shell (SSH)
Anti-Replay
NTP Vulnerabilities

29. TCP and UDP Port 162
Generic Routing Encapsulation (GRE)
Train Identifier 'T'
Established Line
SNMP Trap

30. Proprietary - used by Cisco routers and switches use to identify each other on LAN and WAN segments
Lower IP Extended ACL Range
Generic Routing Encapsulation (GRE)
Masquerading
Cisco Discovery Protocol (CDP)

31. Privilege level that restricts users to five commands (enable - disable - exit - help quit)
ACL to block incoming loopback packets
Named ACL
no ip unreachable
Privilege Level 0

32. Enterprise

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

33. The host can specify which route to take - which bypasses security
Unicast Reverse-Path Forwarding (uRPF)
IP Source Routing Vulnerabilities
Overloading
BOOTP

34. The communication layer between the two other layers and provides network security - including ACLs - firewalls - any general public access servers and address translation; also known as the isolation LAN or DMZ
Encrypting Traffic
Distribution Layer
Higher IP Standard ACL Range
ACL to block incoming loopback packets

35. Breaks LAN security perimeter extends LAN to Layer 2
Proxy ARP Vulnerabilities
Outside Local Address
HTTPS Strength
Extended ACL format

36. 0x2F - or 47
Distribution Layer
Boot Network
GRE Identifier
BOOTP

37. Translates multiple local addresses to a pool of global addresses by having the firewall select the first available global address; retains the global address for the duration of the connection
TCP Load Distribution
Train Idenifier 'E'
Dynamic NAT
echo - chargen - discard - daytime

38. None - uses attached application protocol's port
HTTP Vulnerability
TLS/SSL Identifier
Third Part of the IOS Version
Higher IP Extended ACL Range

39. Private IP address after translation
BOOTP
Inside Global Address
Global Addresses
Tunnel Mode

40. A suite of protocols for securing Internet Protocol communications by authenticating and/or encrypting each IP packet in a data stream
Boot Network Vulnerabilities
Internet Protocol Security (IPSec)
Common uses of Access Lists
UDP Traceroute Port Range

41. DENY IP 224.0.0.0 15.255.255.255 ANY
no cdp run
Tunneling
ACL to block IP multicast
Requirements for Reflexive TCP to be removed

42. What Local and Global refer to in NAT
SNMP
Fourth Part of the IOS Version
Networks
Privilege Levels 2-13

43. Tunnel Mode Protocol provides integrity - authentication - and non-repudiation and operates directly on top of IP
Static NAT
Authentication Header (AH)
Access Layer
Fraggle Attack

44. Public IP address before translation
Extended IP ACLs
no ip finger - no service finger
Outside Local Address
L2TP Identifier

45. Four TCP/UDP Small Server commands recommended to disable
Privilege Level 1
Train Identifier 'S'
ACL to block a Land Attack
echo - chargen - discard - daytime

46. DENY IP ANY HOST <Broadcast Address>
GRE Identifier
ACL to block a Smurf Attack or Fraggle Attack
L2TP Operating Layer
Network-to-Network Communications

47. TCP only - used to filter inbound traffic while allowing return TCP sessions - can be spoofed by attackers and cannot be used with Active FTP
Fraggle Attack
Masquerading
Established Line
no service udp-small-servers

48. Major Version - Minor Version - Release - Interim Build - Release Train Identifier
Static NAT
Distributed Denial of Service Attacks
Unicast Reverse-Path Forwarding (uRPF)
General Format of Cisco IOS Version

49. DNS Poisoning
TCP/UDP Chargen Vulnerability
TCP/UDP Echo Vulnerability
DNS Lookup Vulnerability
Train Identifier 'T'

50. UDP Port 514
Outside Local Address
syslog
Transport Mode
Local Addresses