SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Router Security
Start Test
Study First
Subject
:
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. DENY IP HOST <Inbound IP Address> HOST <Inbound IP Address>
Privilege Level 0
ACL to block a Land Attack
Static NAT
Tunnel Mode
2. This server is used for querying a host about its logged in users
IP Spoofing
Distribution Layer
Overloading
inger Server
3. TCP only - used to filter inbound traffic while allowing return TCP sessions - can be spoofed by attackers and cannot be used with Active FTP
TCP/UDP Discard Vulnerability
Established Line
Named ACL Format
Standard IP ACLs
4. Broadcast
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
5. Router threat that involves the unauthorized viewing and collection of network traffic; usually accomplished with a packet sniffing program
Train Identifier 'S'
Eavesdropping and Information Theft
login local
Authenticating Peers
6. The host can specify which route to take - which bypasses security
Session Hijacking
IP Source Routing Vulnerabilities
Two Types of Router Access
SSH Identifier
7. A method of bypassing firewall or proxy restrictions by making the firewall think that it is getting traffic from a web browser
Named ACL
GRE Operating Layer
Encrypting Traffic
HTTP Tunneling
8. Command to disable UDP small server on a router
Fifth Part of the IOS Version
Train Identifier 'S'
Common uses of Access Lists
no service udp-small-servers
9. What Transport Mode is used for
no ip mask-reply
Reflexive ACL
Route Injection Attack
Host-to-Host Communications
10. This layer controls user and workgroup acess to the Internetwork resources at the local level using segmentation of networks to create separate collision domains - AKA an organization's trusted network
SSH1
Network Time Protocol (NTP)
TLS/SSL Layer
Access Layer
11. Helps to mitigate problems that are caused by the introduction of malformed or spoofed IP source addresses into a network by discarding packets lacking a verifiable IP source address
Second Part of IOS Version
Anti-Replay
Unicast Reverse-Path Forwarding (uRPF)
TCP Intercept
12. Plaintext
HTTP Tunneling
echo - chargen - discard - daytime
Telnet - HTTP - SNMP Vulnerability
IP Direct Broadcast Vulnerabilties
13. TCP Port 22
Route Injection Attack
Higher IP Standard ACL Range
Integrity Validation
SSH Identifier
14. Routing mode depended on by uRPF in order to function
BOOTP Vulnerabilities
Cisco Express Forwarding (CEF)
ACL to block a Smurf Attack or Fraggle Attack
Route Injection Attack
15. Interim Build Number
Extended IP ACLs
Fourth Part of the IOS Version
Session Hijacking
TCP SYN Attack
16. Enterprise
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
17. Release Number
Third Part of the IOS Version
Global Addresses
GRE Identifier
Two Protocols of Tunnel Mode
18. 0x2F - or 47
GRE Identifier
IP Source Routing Vulnerabilities
Two Protocols of Tunnel Mode
TCP/UDP Discard Vulnerability
19. Protocol that allows data to be exchanged using a secure channel between two computers via encryption
Global Addresses
Secure Shell (SSH)
Lower IP Standard ACL Range
Flags used by Established Line
20. Attack that involves a multitude of compromised system attack a single target - denying service to it by exploiting one 'master' system that communicates with other 'zombie' systems
GRE Identifier
Overloading
Transport Layer Security (TLS) and Secure Sockets Layer (SSL)
Distributed Denial of Service Attacks
21. Layer 7
SSH Operating Layer
Session Hijacking
TCP/UDP Echo Vulnerability
Flags used by Established Line
22. UDP Port 1701
First Part of IOS Version
L2TP Identifier
ACL to block TCP SYN Attack
TCP Intercept Watch Mode
23. Four TCP/UDP Small Server commands recommended to disable
echo - chargen - discard - daytime
login local
Authenticating Peers
no cdp run
24. Private IP address after translation
Route Injection Attack
Core Layer
Inside Global Address
ACL to block IP multicast
25. Uses SSL port 443
HTTPS Strength
Lower IP Extended ACL Range
no ip redirect
Finger Vulnerabilities
26. Rewrites the and/or destination IP address of IP packets as they pass through a router or firewall from private to public addresses
Sixth (Optional) Part of the IOS Version
Fraggle Attack
Network Address Translation (NAT)
Masquerading
27. Can copy - poison - corrupt - or delete the IOS
Authenticating Peers
DNS Lookup Vulnerability
BOOTP Vulnerabilities
Secure Shell (SSH)
28. Technology
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
29. Minor Version
Lower IP Extended ACL Range
Layer 2 Tunneling Protocol (L2TP)
Second Part of IOS Version
L2TP Operating Layer
30. Provides nonrepudiation - ensuring that traffic is from a trusted party
Cisco Discovery Protocol (CDP)
Authenticating Peers
DNS Lookup Vulnerability
Uses for ACLs
31. Can discover vulnerabilities - network stats - and firewall discovery
IP Unreachable Vulnerabilities
Boot Network
Outside Local Address
Smurf Attack
32. 2000-2699
Higher IP Extended ACL Range
HTTPS Strength
no ip redirect
no cdp run
33. Attack that involves sending a large amount of UDP Echo packets to a subnet's broadcast address with a spoofed source IP address from that subnet
Second Part of IOS Version
Fraggle Attack
Host-to-Host Communications
Network Time Protocol (NTP)
34. PERMIT TCP ANY ANY ESTABLISHED
Layer 2 Tunneling Protocol (L2TP)
ACL to block TCP SYN Attack
Privilege Level 15
login local
35. Release Train Identifier
Telnet - HTTP - SNMP Vulnerability
Fifth Part of the IOS Version
Masquerading
L2TP Operating Layer
36. What Inside and Outside refer to in NAT
no ip mask-reply
Devices
TCP Intercept
Authentication Header (AH)
37. Transport and Tunnel
ACL to block incoming loopback packets
Named ACL
SSH Identifier
Two Modes of IPSec
38. Authentication Header (AH) and Encapsulated Security Payload (ESP)
no ip unreachable
ESP Identifier
no ip http server
Two Protocols of Tunnel Mode
39. Local and Remote
no ip redirect
ACL to block spoofed IPs
Network Time Protocol (NTP)
Two Types of Router Access
40. Datagram protocol used by some hosts to load their operating system over the network via a central repository of IOS software
Extended IP ACLs
BOOTP
Layer 2 Tunneling Protocol (L2TP)
no ip http server
41. Can stop spoofed IP addresses
ACL to block IP multicast
no service udp-small-servers
uRPF Strength
ACL to block telnet
42. The communication layer between the two other layers and provides network security - including ACLs - firewalls - any general public access servers and address translation; also known as the isolation LAN or DMZ
Distribution Layer
Privilege Levels 2-13
Rerouting
BOOTP Vulnerabilities
43. Access - Distribution - Core
Finger Vulnerabilities
Three Layers of Hierarchical Model
TCP SYN Attack
Fraggle Attack
44. An extension of static mapping which allows for one global address to be mapped to multiple inside addresses; can be used for websites with multiple back end servers
TCP Load Distribution
ACL to block spoofed IPs
Distributed Denial of Service Attacks
syslog
45. Public IP address before translation
Outside Local Address
Privilege Levels 2-13
Reflexive ACL
IP Unreachable Vulnerabilities
46. Command to disable BOOTP Server
TCP/UDP Discard Vulnerability
no ip bootp server
Extended ACL format
ESP Identifier
47. Two FIN bits or one RST bit
TLS/SSL Identifier
Privilege Level 15
Requirements for Reflexive TCP to be removed
Proxy ARP
48. Startup-config can be deleted - copied - changed
Privilege Level 15
Syntax for Reflexive ACLs
Boot Network Vulnerabilities
Transport Mode
49. Ip access-list <standard | extended> name - permit TCP any any established
echo - chargen - discard - daytime
ESP Operating Layer
Named ACL Format
Fraggle Attack
50. These ACLs filter by network or host IP address and only filter on source
Standard IP ACLs
ACL to block a Smurf Attack or Fraggle Attack
HTTP Operating Layer
no ip mask-reply
