SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Router Security
Start Test
Study First
Subject
:
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Mode where only the payload of the IP packet is encrypted and/or authenticated
Unauthorized Access
Transport Mode
Boot Network
Unicast Reverse-Path Forwarding (uRPF)
2. Layer 3
ntp disable
General Format of Cisco IOS Version
GRE Operating Layer
TLS/SSL Layer
3. TCP Port 22
Transport Layer Security (TLS) and Secure Sockets Layer (SSL)
IP Directed Broadcast
SSH Identifier
Fraggle Attack
4. Privilege level that restricts users to five commands (enable - disable - exit - help quit)
Session Hijacking
Privilege Level 0
Outside Local Address
inger Server
5. DNS Poisoning
ESP Identifier
DNS Lookup Vulnerability
no ip finger - no service finger
ACL to block incoming loopback packets
6. Local and Remote
Third Part of the IOS Version
Boot Network Vulnerabilities
Rerouting
Two Types of Router Access
7. Public IP address after translation
Masquerading
Distribution Layer
Outside Global Address
Eavesdropping and Information Theft
8. Router threat that occurs when an attacker manipulates IP packets to falsify IP addresses - causing network disruptions as the router attempts to process the packet
ACL to block spoofed IPs
Masquerading
no ip finger - no service finger
Standard IP ACLs
9. TCP only - used to filter inbound traffic while allowing return TCP sessions - can be spoofed by attackers and cannot be used with Active FTP
Minimum ACLs Required for Reflexive ACLs
Higher IP Extended ACL Range
Overloading
Established Line
10. These ACLs filter by network or host IP address and only filter on source
no cdp run
Unauthorized Access
Outside Global Address
Standard IP ACLs
11. Provides confidentiality - so it cannot be read by unauthorized parties
Encrypting Traffic
NTP Vulnerabilities
Privilege Level 15
IP Source Routing Vulnerabilities
12. 0x2F - or 47
GRE Identifier
Access Layer
Train Idenifier 'E'
Privilege Level 0
13. What Inside and Outside refer to in NAT
Devices
Encrypting Traffic
Established Line
Network Address Translation (NAT)
14. TCP Port 80
Local Addresses
SSH Operating Layer
Inside
HTTP Identifier
15. Major Version - Minor Version - Release - Interim Build - Release Train Identifier
ACL to block a Land Attack
General Format of Cisco IOS Version
Denial of Service (DoS)
Higher IP Standard ACL Range
16. Router threat that includes manipulating router updates to cause traffic to flow to unauthorized destinations
TLS/SSL Identifier
no ip finger - no service finger
Rerouting
HTTP Identifier
17. Tunnel Mode Protocol provides confidentiality - along with authentication and integrity protection with encryption
Anti-Replay
ACL to block IP multicast
Encrypting Traffic
Encapsulation Security Payload (ESP)
18. Forces the user to enter both a valid username and password
Extended ACL format
Global Addresses
login local
IP Direct Broadcast Vulnerabilties
19. Routing mode depended on by uRPF in order to function
Inside Local Address
Cisco Express Forwarding (CEF)
User Account Vulnerabilites
Finger Vulnerabilities
20. Refers to the organization's private network
Inside
Privilege Level 0
Distributed Denial of Service Attacks
SSH
21. Router threat that involves the unauthorized viewing and collection of network traffic; usually accomplished with a packet sniffing program
Authenticating Peers
BOOTP Vulnerabilities
Host-to-Host Communications
Eavesdropping and Information Theft
22. 0-99
Authenticating Peers
Dynamic NAT
no ip http server
Lower IP Standard ACL Range
23. Allows packets to be filtered based on upper-layer session information - only uses extended temporary ACL's and must be named - applied on border routers
Proxy ARP Vulnerabilities
Reflexive ACL
IP Source Routing
Telnet - HTTP - SNMP Vulnerability
24. UDP Port 1701
GRE Operating Layer
AUX Vulnerability
IP Directed Broadcast
L2TP Identifier
25. DENY IP ANY HOST <Broadcast Address>
BOOTP
TCP/UDP Chargen Vulnerability
ACL to block a Smurf Attack or Fraggle Attack
echo - chargen - discard - daytime
26. Buffer Overflow
SSH Operating Layer
TCP/UDP Chargen Vulnerability
uRPF Strength
IPSec AH Operating Layer
27. Layer 7
SSH
Outside Local Address
Named ACL
SSH Operating Layer
28. Software that blocks packets from unreachable hosts - thus allowing only reachable external hosts to initiate connections to a host on an internal network
no cdp run
TCP Intercept
Extended IP ACLs
Lower IP Standard ACL Range
29. Allows the source IP host to specify a route through the IP network
no ip unreachable
IP Source Routing
General Format of Cisco IOS Version
Named ACL Format
30. DENY IP <Network ID> <Network WC Mask> ANY
syslog
no ip bootp server
Tunnel Mode
ACL to block spoofed IPs
31. Router threat that occurs when an attacker manipulates IP packets to falsify IP addresses - causing network disruptions as the router attempts to process the packet
Two Modes of IPSec
GRE Identifier
IP Mask Reply Vulnerabilities
IP Spoofing
32. Top of the hierarchy - responsible for transporting large amounts of traffic both reliably and quickly and switching traffic as fast as possible throughout the internet
no ip http server
no ip mask-reply
IP Spoofing
Core Layer
33. None - uses attach application protocol's layer
Privilege Levels 2-13
HTTP Tunneling
AUX Vulnerability
TLS/SSL Layer
34. 0x33 or 51
Host-to-Host Communications
IPSec AH Identifier
UDP Traceroute Port Range
ACL to block spoofed IPs
35. Refers to addresses used on the organization's private network
HTTP Operating Layer
Access Layer
AUX Vulnerability
Global Addresses
36. No Known Vulnerability
TCP/UDP Discard Vulnerability
Privilege Levels 2-13
Extended IP ACLs
ACL to block TCP SYN Attack
37. Uses server and host keys to authenticate systems
TCP/UDP Daytime Vulnerability
HTTP Operating Layer
SSH1
Fifth Part of the IOS Version
38. Commands to disable Finger Server
ntp disable
no ip finger - no service finger
IP Directed Broadcast
Networks
39. DENY IP 127.0.0.0 0.255.255.255 ANY
Overloading
ACL to block incoming loopback packets
Global Addresses
TCP/UDP Echo Vulnerability
40. Lists interfaces - routing table - ARP table - physical and network addresses - time last booted
DNS Lookup Vulnerability
Higher IP Extended ACL Range
SNMP Vulnerabilities
Unicast Reverse-Path Forwarding (uRPF)
41. What Local and Global refer to in NAT
IP Unreachable Vulnerabilities
Networks
Global Addresses
SNMP
42. DENY IP HOST <Inbound IP Address> HOST <Inbound IP Address>
Named ACL Format
Higher IP Extended ACL Range
ACL to block a Land Attack
Second Part of IOS Version
43. The communication layer between the two other layers and provides network security - including ACLs - firewalls - any general public access servers and address translation; also known as the isolation LAN or DMZ
TCP/UDP Daytime Vulnerability
HTTP Operating Layer
Distribution Layer
IP Directed Broadcast
44. Attack that involves transmitting a volume of connections that cannot be completed at the destination - causing the queue to fill up and denying service to legitimate user
TCP SYN Attack
IP Direct Broadcast Vulnerabilties
Third Part of the IOS Version
TLS/SSL Layer
45. Layer 5
Train Identifier 'B'
L2TP Operating Layer
Masquerading
HTTP Tunneling
46. Allows for a one-to-one translation of local to global addresses; used by web servers and mail servers so that users can connect to them via their global address
no ip bootp server
TCP/UDP Chargen Vulnerability
Static NAT
TCP Intercept
47. What Tunnel Mode is used for
Network-to-Network Communications
ESP Identifier
Generic Routing Encapsulation (GRE)
no ip finger - no service finger
48. Protects against repeating of secure sessions
Anti-Replay
Established Line
echo - chargen - discard - daytime
General Format of Cisco IOS Version
49. An extension of static mapping which allows for one global address to be mapped to multiple inside addresses; can be used for websites with multiple back end servers
Boot Network Vulnerabilities
HTTP Tunneling
TCP Load Distribution
Train Identifier 'B'
50. Command used to disable HTTP Server
Two Types of Router Access
Train Identifier 'B'
Flags used by Established Line
no ip http server
