SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Router Security
Start Test
Study First
Subject
:
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Command used to disable the ICMP message Redirect
SNMP
no ip redirect
Transport Layer Security (TLS) and Secure Sockets Layer (SSL)
ACL to block spoofed IPs
2. Command used to disable NTP on an interface
ntp disable
Outside Global Address
uRPF Strength
Proxy ARP
3. Access - Distribution - Core
Three Layers of Hierarchical Model
no ip mask-reply
Minimum ACLs Required for Reflexive ACLs
Session Hijacking
4. Cryptographic protocols that provide secure communications on the Internet for such thing as WWW - email - faxing - IM - and other data transfers
Standard IP ACLs
Finger Vulnerabilities
Transport Layer Security (TLS) and Secure Sockets Layer (SSL)
ACL to block IP multicast
5. When a router acts as an intermediary for ARP queries on selected interfaces and enabling transparent access between multiple LAN segments
BOOTP
IP Unreachable Vulnerabilities
Proxy ARP
Static NAT
6. Time can be changed - Routing Table can be killed
Core Layer
NTP Vulnerabilities
Smurf Attack
Eavesdropping and Information Theft
7. Major Version - Minor Version - Release - Interim Build - Release Train Identifier
Eavesdropping and Information Theft
Rerouting
General Format of Cisco IOS Version
ntp disable
8. DENY IP ANY HOST <Broadcast Address>
Lower IP Extended ACL Range
Higher IP Extended ACL Range
Outside Global Address
ACL to block a Smurf Attack or Fraggle Attack
9. Minor Version
Telnet - HTTP - SNMP Vulnerability
Distributed Denial of Service Attacks
Uses for ACLs
Second Part of IOS Version
10. Allows packets to be filtered based on upper-layer session information - only uses extended temporary ACL's and must be named - applied on border routers
Reflexive ACL
ACL to block IP multicast
TCP Load Distribution
Generic Routing Encapsulation (GRE)
11. This layer controls user and workgroup acess to the Internetwork resources at the local level using segmentation of networks to create separate collision domains - AKA an organization's trusted network
Access Layer
Lower IP Standard ACL Range
Global Addresses
SNMP
12. Router threat that occurs when an attacker manipulates IP packets to falsify IP addresses - causing network disruptions as the router attempts to process the packet
HTTP Tunneling
HTTP Vulnerability
Authenticating Peers
Masquerading
13. 0-99
Generic Routing Encapsulation (GRE)
Lower IP Standard ACL Range
NTP Vulnerabilities
Lower IP Extended ACL Range
14. Uses only host keys to authenticate systems
SSH2
Eavesdropping and Information Theft
Fraggle Attack
Fifth Part of the IOS Version
15. Startup-config can be deleted - copied - changed
Boot Network Vulnerabilities
SSH2
Core Layer
Proxy ARP Vulnerabilities
16. Four TCP/UDP Small Server commands recommended to disable
SNMP
AUX Vulnerability
Encrypting Traffic
echo - chargen - discard - daytime
17. Allows for a one-to-one translation of local to global addresses; used by web servers and mail servers so that users can connect to them via their global address
UDP Traceroute Port Range
Core Layer
Train Idenifier 'E'
Static NAT
18. Commands to disable Finger Server
no ip finger - no service finger
User Account Vulnerabilites
login local
Privilege Levels 2-13
19. Attack that involves sending a packet to the router with the same IP address in the source and destination address fields - as well as the same port number in the source and destination port field - causing a denial of service
Land Attack
Fourth Part of the IOS Version
HTTP Operating Layer
Sixth (Optional) Part of the IOS Version
20. Attack that involves a multitude of compromised system attack a single target - denying service to it by exploiting one 'master' system that communicates with other 'zombie' systems
ACL to block spoofed IPs
Distributed Denial of Service Attacks
Generic Routing Encapsulation (GRE)
syslog
21. Service Provider
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
22. 1300-1999
uRPF Strength
Host-to-Host Communications
BOOTP
Higher IP Standard ACL Range
23. Refers to addresses used on the organization's private network
Second Part of IOS Version
IP Spoofing
Local Addresses
TCP/UDP Chargen Vulnerability
24. Buffer Overflow
TCP/UDP Chargen Vulnerability
ACL to block spoofed IPs
Authentication Header (AH)
TCP/UDP Echo Vulnerability
25. Plaintext
IP Source Routing Vulnerabilities
TCP Load Distribution
login local
Telnet - HTTP - SNMP Vulnerability
26. Protocol that allows data to be exchanged using a secure channel between two computers via encryption
Eavesdropping and Information Theft
no ip http server
HTTP Identifier
Secure Shell (SSH)
27. Protocol used to keep their time-of-day clocks accurate and in sync
Transport Layer Security (TLS) and Secure Sockets Layer (SSL)
ESP Operating Layer
IP Direct Broadcast Vulnerabilties
Network Time Protocol (NTP)
28. Provides confidentiality - so it cannot be read by unauthorized parties
no ip mask-reply
Encrypting Traffic
HTTPS Strength
Rerouting
29. Release Train Identifier
Extended ACL format
Two Protocols of Tunnel Mode
Fifth Part of the IOS Version
L2TP Identifier
30. Access-list <number <deny | permit> source source-wildcard source-qualifier destination dest-wildcard dest-qualifier <log | log-input>
SSH Identifier
IP Directed Broadcast
Extended ACL format
TCP Intercept Watch Mode
31. None - uses attached application protocol's port
HTTPS Strength
TLS/SSL Identifier
Host-to-Host Communications
HTTP Operating Layer
32. Two - one Inbound or Evaluated and one Outbound or Reflected
BOOTP
ntp disable
Eavesdropping and Information Theft
Minimum ACLs Required for Reflexive ACLs
33. Allows the source IP host to specify a route through the IP network
Authenticating Peers
echo - chargen - discard - daytime
IP Source Routing
Cisco Express Forwarding (CEF)
34. Forces the user to enter both a valid username and password
HTTP Identifier
login local
Transport Mode
Privilege Level 1
35. Layer 3
GRE Operating Layer
GRE Identifier
Proxy ARP Vulnerabilities
Distributed Denial of Service Attacks
36. Command to disable BOOTP Server
SSH Operating Layer
Outside
SNMP
no ip bootp server
37. Refers to addresses used on the organization's private network
syslog
Eavesdropping and Information Theft
Internet Protocol Security (IPSec)
Global Addresses
38. Data link layer protocol used for tunneling network traffic between two peers over an existing network - often used with IPsec to secure packets
Train Identifier 'S'
Layer 2 Tunneling Protocol (L2TP)
IP Unreachable Vulnerabilities
Authenticating Peers
39. Block spoofed IP packets - block loopback packets - block IP multicast if unused - block ICMP redirects - Block telnet if not used
Common uses of Access Lists
Host-to-Host Communications
Generic Routing Encapsulation (GRE)
Land Attack
40. Enterprise
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
41. Command used to disable HTTP Server
Inside Local Address
no ip redirect
no ip http server
Static NAT
42. UDP Port 514
Proxy ARP
Encapsulation Security Payload (ESP)
Outside Local Address
syslog
43. Cisco default tunneling protocol that uses multicast addressing without encryption and is designed to encapsulate a wide variety of network layer packets inside IP tunneling packets
Generic Routing Encapsulation (GRE)
IPSec AH Identifier
Reflexive ACL
Common uses of Access Lists
44. PERMIT TCP ANY ANY ESTABLISHED
Core Layer
HTTP Vulnerability
ACL to block TCP SYN Attack
Third Part of the IOS Version
45. Mode where only the payload of the IP packet is encrypted and/or authenticated
TCP Intercept Watch Mode
Fourth Part of the IOS Version
Transport Mode
ACL to block spoofed IPs
46. Datagram protocol used by some hosts to load their operating system over the network via a central repository of IOS software
Distributed Denial of Service Attacks
Masquerading
BOOTP
Two Modes of IPSec
47. DENY TCP ANY HOST <IP Address> EQ 23
Established Line
ACL to block telnet
Syntax for Reflexive ACLs
SSH Identifier
48. Public IP address after translation
IP Spoofing
Privilege Level 0
Second Part of IOS Version
Outside Global Address
49. Software that passively monitors the connection requests flowing through the router; if a connection fails - the software sends a Reset to the server to clear up its state
Boot Network
TCP Intercept Watch Mode
SSH1
Proxy ARP Vulnerabilities
50. DENY IP <Network ID> <Network WC Mask> ANY
ACL to block spoofed IPs
Reflexive ACL
Outside
Static NAT