SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
Search
Test your basic knowledge |
Router Security
Start Test
Study First
Subject
:
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Allows packets to be filtered based on upper-layer session information - only uses extended temporary ACL's and must be named - applied on border routers
Fourth Part of the IOS Version
echo - chargen - discard - daytime
Reflexive ACL
Two Modes of IPSec
2. Attack that involves transmitting a volume of connections that cannot be completed at the destination - causing the queue to fill up and denying service to legitimate user
IP Spoofing
Fifth Part of the IOS Version
inger Server
TCP SYN Attack
3. Attack that involves sending a large amount of UDP Echo packets to a subnet's broadcast address with a spoofed source IP address from that subnet
BOOTP Vulnerabilities
Fraggle Attack
Privilege Level 15
TCP/UDP Echo Vulnerability
4. Users - Host PC's - IP Addresses
IP Source Routing Vulnerabilities
Finger Vulnerabilities
Requirements for Reflexive TCP to be removed
SSH1
5. Attack that involves sending a packet to the router with the same IP address in the source and destination address fields - as well as the same port number in the source and destination port field - causing a denial of service
syslog
uRPF Strength
ACL to block IP multicast
Land Attack
6. Commands to disable Finger Server
no service udp-small-servers
no ip finger - no service finger
echo - chargen - discard - daytime
Boot Network Vulnerabilities
7. Software that passively monitors the connection requests flowing through the router; if a connection fails - the software sends a Reset to the server to clear up its state
SSH1
TCP Intercept Watch Mode
no ip http server
Third Part of the IOS Version
8. Refers to addresses used on the organization's private network
HTTP Tunneling
Local Addresses
Transport Mode
Second Part of IOS Version
9. None - uses attach application protocol's layer
Telnet - HTTP - SNMP Vulnerability
TLS/SSL Layer
Privilege Levels 2-13
Inside Local Address
10. Two FIN bits or one RST bit
syslog
Inside
Requirements for Reflexive TCP to be removed
SSH
11. Layer 7
Fourth Part of the IOS Version
Privilege Level 0
Network-to-Network Communications
HTTP Operating Layer
12. Forces the user to enter both a valid username and password
login local
Core Layer
DNS Lookup Vulnerability
Land Attack
13. DENY IP HOST <Inbound IP Address> HOST <Inbound IP Address>
TCP Intercept
ACL to block a Land Attack
Integrity Validation
Inside Local Address
14. 2000-2699
Higher IP Extended ACL Range
Integrity Validation
IP Spoofing
HTTP Identifier
15. Uses server and host keys to authenticate systems
Privilege Levels 2-13
Syntax for Reflexive ACLs
SSH1
Higher IP Standard ACL Range
16. TCP only - used to filter inbound traffic while allowing return TCP sessions - can be spoofed by attackers and cannot be used with Active FTP
Integrity Validation
Established Line
Outside Global Address
Lower IP Standard ACL Range
17. Rewrites the and/or destination IP address of IP packets as they pass through a router or firewall from private to public addresses
Network Address Translation (NAT)
Smurf Attack
TCP SYN Attack
TLS/SSL Identifier
18. When one network protocol called the payload protocol is encapsulated within a different delivery network - or provide a secure path through an untrusted network
First Part of IOS Version
Dynamic NAT
Telnet - HTTP - SNMP Vulnerability
Tunneling
19. Can stop spoofed IP addresses
TCP Intercept
SSH Identifier
IP Source Routing
uRPF Strength
20. Private IP address after translation
Layer 2 Tunneling Protocol (L2TP)
Internet Protocol Security (IPSec)
Inside Global Address
IP Source Routing Vulnerabilities
21. Must be made at global config mode - created from CON/VTY session or text file - read top to bottom - applied at the interface and only one ACL per direction - per protocol - per interface
Anti-Replay
Access List Rules
no service udp-small-servers
TLS/SSL Identifier
22. TCP and UDP Port 161
IP Spoofing
Telnet - HTTP - SNMP Vulnerability
SNMP
Dynamic NAT
23. DENY TCP ANY HOST <IP Address> EQ 23
IP Unreachable Vulnerabilities
ACL to block telnet
TCP Intercept Watch Mode
Named ACL
24. Plaintext
Rerouting
Requirements for Reflexive TCP to be removed
Telnet - HTTP - SNMP Vulnerability
Global Addresses
25. The communication layer between the two other layers and provides network security - including ACLs - firewalls - any general public access servers and address translation; also known as the isolation LAN or DMZ
Authenticating Peers
Distribution Layer
SSH Identifier
Standard ACL format
26. Routing mode depended on by uRPF in order to function
no ip finger - no service finger
Local Addresses
Cisco Express Forwarding (CEF)
Distributed Denial of Service Attacks
27. Uses only host keys to authenticate systems
IP Directed Broadcast
SSH2
IP Source Routing
Two Protocols of Tunnel Mode
28. TCP and UDP Port 162
HTTP Vulnerability
Proxy ARP Vulnerabilities
SNMP Trap
UDP Traceroute Port Range
29. 33400-34400
UDP Traceroute Port Range
echo - chargen - discard - daytime
Access Layer
Cisco Express Forwarding (CEF)
30. Cisco default tunneling protocol that uses multicast addressing without encryption and is designed to encapsulate a wide variety of network layer packets inside IP tunneling packets
Static NAT
Generic Routing Encapsulation (GRE)
Unauthorized Access
no ip redirect
31. An extension of static mapping which allows for one global address to be mapped to multiple inside addresses; can be used for websites with multiple back end servers
IP Source Routing
L2TP Operating Layer
TCP Load Distribution
NTP Vulnerabilities
32. Router threat that occurs when an attacker manipulates IP packets to falsify IP addresses - causing network disruptions as the router attempts to process the packet
Encapsulation Security Payload (ESP)
IP Directed Broadcast
Train Idenifier 'E'
Masquerading
33. Local and Remote
Two Types of Router Access
HTTP Tunneling
UDP Traceroute Port Range
SSH
34. Form of dynamic NAT that maps multiple unregistered IP addresses to a single registered IP address by using different ports; limited to ~64 -000 hosts
GRE Identifier
Overloading
TCP/UDP Chargen Vulnerability
HTTP Vulnerability
35. 0x2F - or 47
no ip redirect
GRE Identifier
Flags used by Established Line
Land Attack
36. UDP Port 1701
L2TP Identifier
TCP SYN Attack
Standard IP ACLs
ACL to block incoming loopback packets
37. Four TCP/UDP Small Server commands recommended to disable
Train Idenifier 'E'
Two Protocols of Tunnel Mode
echo - chargen - discard - daytime
no cdp run
38. Time can be changed - Routing Table can be killed
Syntax for Reflexive ACLs
Access Layer
Devices
NTP Vulnerabilities
39. Helps to mitigate problems that are caused by the introduction of malformed or spoofed IP source addresses into a network by discarding packets lacking a verifiable IP source address
Unicast Reverse-Path Forwarding (uRPF)
General Format of Cisco IOS Version
Core Layer
SNMP Vulnerabilities
40. Uses SSL port 443
NTP Vulnerabilities
HTTPS Strength
no ip http server
Rerouting
41. Traffic is passed in plaintext
IP Mask Reply Vulnerabilities
HTTP Operating Layer
HTTP Vulnerability
Integrity Validation
42. Layer 5
L2TP Operating Layer
SSH2
First Part of IOS Version
TCP/UDP Discard Vulnerability
43. Router threat where access by an entity or individual other than authorized users
Unauthorized Access
Train Identifier 'S'
Proxy ARP Vulnerabilities
Lower IP Extended ACL Range
44. Layer 3
no ip http server
ACL to block TCP SYN Attack
ESP Operating Layer
ACL to block telnet
45. Router threat that occurs when an attacker manipulates IP packets to falsify IP addresses - causing network disruptions as the router attempts to process the packet
Session Hijacking
Access Layer
IP Spoofing
no ip http server
46. Major Version - Minor Version - Release - Interim Build - Release Train Identifier
ACL to block incoming loopback packets
SSH Identifier
ESP Operating Layer
General Format of Cisco IOS Version
47. Broadcast
48. Layer 7
syslog
SSH Operating Layer
Lower IP Standard ACL Range
Access List Rules
49. What Tunnel Mode is used for
Network-to-Network Communications
Dynamic NAT
no ip redirect
Tunneling
50. Permits a host on one LAN segment to initiate a physical broadcast on a different LAN segment
IP Directed Broadcast
ntp disable
Rerouting
ESP Identifier
