Test your basic knowledge |

Router Security

Subject : it-skills
Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Startup-config can be deleted - copied - changed






2. Two - one Inbound or Evaluated and one Outbound or Reflected






3. Authentication Header (AH) and Encapsulated Security Payload (ESP)






4. An alternative for both standard and extended ACLs that allow you to refer to an ACL by a descriptive name instead of a number






5. Router threat that occurs when an attacker manipulates IP packets to falsify IP addresses - causing network disruptions as the router attempts to process the packet






6. A secure alternative to telnet for remote administration that supported in Enterprise versions of Cisco IOS






7. Layer 5






8. Lists interfaces - routing table - ARP table - physical and network addresses - time last booted






9. Mode where only the payload of the IP packet is encrypted and/or authenticated






10. Command to disable TCP small server on a router






11. Router threat that refers to willful attempts to cause such disruptions by overwhelming the targeted system with improperly formatted traffic






12. TCP Port 80






13. This layer controls user and workgroup acess to the Internetwork resources at the local level using segmentation of networks to create separate collision domains - AKA an organization's trusted network






14. The environment - catastrophic events an unauthorized access






15. Breaks LAN security perimeter extends LAN to Layer 2






16. Router threat that includes manipulating router updates to cause traffic to flow to unauthorized destinations






17. Ip accesslist extended <name1> - permit IP any any reflect <filename> - ip accesslist extended <name2> - evaluate <filename> - int f0/0 - ip access-group <name1> out - ip access-group <name2> in






18. Protocol used to keep their time-of-day clocks accurate and in sync






19. TCP and UDP Port 162






20. Router to Router Denial of Service






21. War dialing






22. What Local and Global refer to in NAT






23. The communication layer between the two other layers and provides network security - including ACLs - firewalls - any general public access servers and address translation; also known as the isolation LAN or DMZ






24. TCP only - used to filter inbound traffic while allowing return TCP sessions - can be spoofed by attackers and cannot be used with Active FTP






25. Rebuild Number






26. Attack that involves sending a large amount of UDP Echo packets to a subnet's broadcast address with a spoofed source IP address from that subnet






27. Software that passively monitors the connection requests flowing through the router; if a connection fails - the software sends a Reset to the server to clear up its state






28. Data link layer protocol used for tunneling network traffic between two peers over an existing network - often used with IPsec to secure packets






29. Proprietary - used by Cisco routers and switches use to identify each other on LAN and WAN segments






30. Buffer Overflow






31. Traffic is passed in plaintext






32. Router threat that includes manipulating router updates to cause traffic to flow to unauthorized destinations






33. 0x33 or 51






34. This server is used for querying a host about its logged in users






35. Four TCP/UDP Small Server commands recommended to disable






36. Tunnel Mode Protocol provides integrity - authentication - and non-repudiation and operates directly on top of IP






37. Block spoofed IP packets - block loopback packets - block IP multicast if unused - block ICMP redirects - Block telnet if not used






38. Can discover vulnerabilities - network stats - and firewall discovery






39. Protocol that allows data to be exchanged using a secure channel between two computers via encryption






40. Attack that involves sending a packet to the router with the same IP address in the source and destination address fields - as well as the same port number in the source and destination port field - causing a denial of service






41. Public IP address before translation






42. Two FIN bits or one RST bit






43. Interim Build Number






44. Can obtain CIDR and router ID






45. Major Version - Minor Version - Release - Interim Build - Release Train Identifier






46. Time can be changed - Routing Table can be killed






47. 0x32 - or 50






48. A method of bypassing firewall or proxy restrictions by making the firewall think that it is getting traffic from a web browser






49. DENY IP ANY HOST <Broadcast Address>






50. Allows packets to be filtered based on upper-layer session information - only uses extended temporary ACL's and must be named - applied on border routers