Test your basic knowledge |

Router Security

Subject : it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Can copy - poison - corrupt - or delete the IOS
SNMP
BOOTP Vulnerabilities
Two Protocols of Tunnel Mode
GRE Operating Layer

2. Time can be changed - Routing Table can be killed
SSH2
IPSec AH Operating Layer
TCP SYN Attack
NTP Vulnerabilities

3. Traffic is passed in plaintext
Train Identifier 'B'
Uses for ACLs
DNS Lookup Vulnerability
HTTP Vulnerability

4. Users - Host PC's - IP Addresses
no ip mask-reply
Networks
Finger Vulnerabilities
Privilege Levels 2-13

5. Uses SSL port 443
HTTPS Strength
Two Modes of IPSec
Local Addresses
SSH2

6. Service Provider

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

7. Privilege level that has Global administration capabilities
Dynamic NAT
Privilege Level 15
Boot Network
syslog

8. Refers to the organization's private network
Inside
ntp disable
BOOTP Vulnerabilities
Outside Local Address

9. Ip accesslist extended <name1> - permit IP any any reflect <filename> - ip accesslist extended <name2> - evaluate <filename> - int f0/0 - ip access-group <name1> out - ip access-group <name2> in
Syntax for Reflexive ACLs
AUX Vulnerability
no service udp-small-servers
Inside

10. TCP and UDP Port 161
no service tcp-small-servers
Transport Mode
SNMP
Transport Layer Security (TLS) and Secure Sockets Layer (SSL)

11. TCP and UDP Port 162
Established Line
IP Mask Reply Vulnerabilities
SNMP Trap
Extended IP ACLs

12. Router threat that involves the unauthorized viewing and collection of network traffic; usually accomplished with a packet sniffing program
HTTPS Strength
SNMP Trap
ESP Operating Layer
Eavesdropping and Information Theft

13. Technology

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

14. Can discover vulnerabilities - network stats - and firewall discovery
Internet Protocol Security (IPSec)
GRE Identifier
IP Unreachable Vulnerabilities
Anti-Replay

15. Transport and Tunnel
Two Modes of IPSec
TCP/UDP Daytime Vulnerability
ACL to block incoming loopback packets
Lower IP Standard ACL Range

16. Command to disable TCP small server on a router
Eavesdropping and Information Theft
SSH2
no service tcp-small-servers
BOOTP Vulnerabilities

17. Privilege level that is restricted to basic level operations
Privilege Level 1
Denial of Service (DoS)
IP Unreachable Vulnerabilities
DNS Lookup Vulnerability

18. Router threat that refers to willful attempts to cause such disruptions by overwhelming the targeted system with improperly formatted traffic
Privilege Level 0
Inside Global Address
Denial of Service (DoS)
Inside

19. Smurf attacks - can enumerate the network
Proxy ARP Vulnerabilities
IP Direct Broadcast Vulnerabilties
Cisco Discovery Protocol (CDP)
Extended IP ACLs

20. UDP Port 514
no ip redirect
IP Source Routing Vulnerabilities
TCP Intercept
syslog

21. War dialing
Session Hijacking
no ip unreachable
Generic Routing Encapsulation (GRE)
AUX Vulnerability

22. This layer controls user and workgroup acess to the Internetwork resources at the local level using segmentation of networks to create separate collision domains - AKA an organization's trusted network
login local
IPSec AH Identifier
Access Layer
Generic Routing Encapsulation (GRE)

23. Minor Version
Second Part of IOS Version
Established Line
BOOTP Vulnerabilities
Access Layer

24. DENY IP HOST <Inbound IP Address> HOST <Inbound IP Address>
TCP/UDP Echo Vulnerability
ACL to block a Land Attack
Layer 2 Tunneling Protocol (L2TP)
Two Protocols of Tunnel Mode

25. Protocol used to keep their time-of-day clocks accurate and in sync
Masquerading
Encrypting Traffic
Network Time Protocol (NTP)
Fourth Part of the IOS Version

26. Router threat that includes manipulating router updates to cause traffic to flow to unauthorized destinations
Authenticating Peers
Standard IP ACLs
Rerouting
no ip finger - no service finger

27. Access-list <number> <deny | permit> source source-wildcard log
Host-to-Host Communications
Standard ACL format
Syntax for Reflexive ACLs
Encapsulation Security Payload (ESP)

28. DENY IP 224.0.0.0 15.255.255.255 ANY
Inside Local Address
no ip finger - no service finger
Encrypting Traffic
ACL to block IP multicast

29. 2000-2699
Transport Mode
Higher IP Extended ACL Range
Flags used by Established Line
Two Types of Router Access

30. Router threat that involves a hacker inserting a spoofed TCP/IP packet into a stream - thereby enabling commands to be executed on the remote host
Tunnel Mode
Session Hijacking
SSH
Fourth Part of the IOS Version

31. Interim Build Number
CDP Vulnerabilities
Fourth Part of the IOS Version
no service udp-small-servers
Anti-Replay

32. Router threat that includes manipulating router updates to cause traffic to flow to unauthorized destinations
syslog
Cisco Express Forwarding (CEF)
Route Injection Attack
Distributed Denial of Service Attacks

33. TCP Port 80
SNMP Vulnerabilities
HTTP Identifier
Dynamic NAT
Standard ACL format

34. An alternative for both standard and extended ACLs that allow you to refer to an ACL by a descriptive name instead of a number
Named ACL
IP Spoofing
BOOTP Vulnerabilities
Train Identifier 'T'

35. Plaintext
ACL to block telnet
Lower IP Standard ACL Range
Host-to-Host Communications
Telnet - HTTP - SNMP Vulnerability

36. Command used to disable the ICMP message Address Mask Reply
Global Addresses
Fourth Part of the IOS Version
no cdp run
no ip mask-reply

37. Startup-config can be deleted - copied - changed
Standard IP ACLs
Boot Network Vulnerabilities
Overloading
HTTP Tunneling

38. Router threat where access by an entity or individual other than authorized users
Unauthorized Access
Cisco Express Forwarding (CEF)
SSH
Access List Rules

39. Command to disable CDP on a router
Access List Rules
no cdp run
Lower IP Standard ACL Range
Access Layer

40. Layer 7
Inside Global Address
HTTP Operating Layer
ntp disable
Overloading

41. Attack that involves transmitting a volume of connections that cannot be completed at the destination - causing the queue to fill up and denying service to legitimate user
TCP SYN Attack
Eavesdropping and Information Theft
TCP/UDP Chargen Vulnerability
Inside

42. DENY IP 127.0.0.0 0.255.255.255 ANY
Land Attack
no service udp-small-servers
L2TP Identifier
ACL to block incoming loopback packets

43. Can obtain CIDR and router ID
IP Mask Reply Vulnerabilities
Standard ACL format
Inside Local Address
GRE Operating Layer

44. Release Train Identifier
Higher IP Extended ACL Range
login local
Fifth Part of the IOS Version
Higher IP Standard ACL Range

45. Helps to mitigate problems that are caused by the introduction of malformed or spoofed IP source addresses into a network by discarding packets lacking a verifiable IP source address
TCP/UDP Chargen Vulnerability
Higher IP Extended ACL Range
Extended IP ACLs
Unicast Reverse-Path Forwarding (uRPF)

46. Provides confidentiality - so it cannot be read by unauthorized parties
Two Modes of IPSec
TCP/UDP Chargen Vulnerability
Encrypting Traffic
Overloading

47. Attack that involves sending a large amount of ICMP Echo packets to a subnet's broadcast address with a spoofed source IP address from that subnet
HTTP Vulnerability
Train Idenifier 'E'
Smurf Attack
User Account Vulnerabilites

48. PERMIT TCP ANY ANY ESTABLISHED
TCP Intercept
IP Unreachable Vulnerabilities
BOOTP Vulnerabilities
ACL to block TCP SYN Attack

49. Forces the user to enter both a valid username and password
login local
ESP Operating Layer
uRPF Strength
Extended ACL format

50. TCP Port 22
ESP Identifier
Unicast Reverse-Path Forwarding (uRPF)
SSH Identifier
HTTP Identifier