SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Router Security
Start Test
Study First
Subject
:
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Router to Router Denial of Service
Proxy ARP Vulnerabilities
Network Address Translation (NAT)
TCP/UDP Echo Vulnerability
SSH1
2. Provides a checksum - ensuring traffic has not been modified along it's path
Three Layers of Hierarchical Model
no ip redirect
Secure Shell (SSH)
Integrity Validation
3. Helps to mitigate problems that are caused by the introduction of malformed or spoofed IP source addresses into a network by discarding packets lacking a verifiable IP source address
Three Physical Security Vulnerabilities
Unicast Reverse-Path Forwarding (uRPF)
Network Address Translation (NAT)
L2TP Operating Layer
4. These ACLs filter by network or host IP addresses andspecific protocol type or port numbers - filters by source and destination
Extended IP ACLs
Inside Local Address
L2TP Identifier
Eavesdropping and Information Theft
5. Four TCP/UDP Small Server commands recommended to disable
echo - chargen - discard - daytime
Proxy ARP Vulnerabilities
Layer 2 Tunneling Protocol (L2TP)
no ip mask-reply
6. Buffer Overflow
SSH Identifier
TCP/UDP Chargen Vulnerability
TLS/SSL Identifier
Common uses of Access Lists
7. The communication layer between the two other layers and provides network security - including ACLs - firewalls - any general public access servers and address translation; also known as the isolation LAN or DMZ
Two Protocols of Tunnel Mode
no ip mask-reply
Distribution Layer
Transport Layer Security (TLS) and Secure Sockets Layer (SSL)
8. DENY TCP ANY HOST <IP Address> EQ 23
Host-to-Host Communications
Named ACL Format
Core Layer
ACL to block telnet
9. UDP Port 514
HTTP Tunneling
Layer 2 Tunneling Protocol (L2TP)
no ip http server
syslog
10. Time can be changed - Routing Table can be killed
NTP Vulnerabilities
inger Server
DNS Lookup Vulnerability
Privilege Levels 2-13
11. Router threat that involves a hacker inserting a spoofed TCP/IP packet into a stream - thereby enabling commands to be executed on the remote host
Session Hijacking
no ip mask-reply
IPSec AH Operating Layer
L2TP Operating Layer
12. Two - one Inbound or Evaluated and one Outbound or Reflected
Minimum ACLs Required for Reflexive ACLs
Higher IP Standard ACL Range
Authenticating Peers
Named ACL
13. Command used to disable the ICMP message Address Mask Reply
no ip mask-reply
Local Addresses
SNMP Vulnerabilities
Access Layer
14. Datagram protocol used by some hosts to load their operating system over the network via a central repository of IOS software
IP Directed Broadcast
TCP Intercept Watch Mode
BOOTP
Privilege Level 0
15. TCP Port 22
Inside Global Address
TCP SYN Attack
SSH Identifier
ACL to block a Land Attack
16. Mode where only the payload of the IP packet is encrypted and/or authenticated
TCP/UDP Daytime Vulnerability
Transport Mode
Syntax for Reflexive ACLs
Encrypting Traffic
17. Command to disable CDP on a router
TCP Intercept
no cdp run
GRE Identifier
ACL to block TCP SYN Attack
18. Public IP address before translation
echo - chargen - discard - daytime
Land Attack
Standard ACL format
Outside Local Address
19. These ACLs filter by network or host IP address and only filter on source
Anti-Replay
Cisco Discovery Protocol (CDP)
TCP/UDP Chargen Vulnerability
Standard IP ACLs
20. Smurf attacks - can enumerate the network
Outside
Boot Network
Denial of Service (DoS)
IP Direct Broadcast Vulnerabilties
21. Privilege level that is restricted to basic level operations
SNMP Vulnerabilities
Privilege Level 1
CDP Vulnerabilities
Secure Shell (SSH)
22. What Inside and Outside refer to in NAT
echo - chargen - discard - daytime
no ip finger - no service finger
Privilege Levels 2-13
Devices
23. Layer 3
HTTP Vulnerability
SSH
Train Identifier 'T'
ESP Operating Layer
24. Layer 7
TLS/SSL Layer
Outside Global Address
HTTP Operating Layer
Fourth Part of the IOS Version
25. Layer 3
Boot Network
IP Mask Reply Vulnerabilities
Sixth (Optional) Part of the IOS Version
GRE Operating Layer
26. The host can specify which route to take - which bypasses security
Distribution Layer
IP Source Routing Vulnerabilities
HTTP Tunneling
Outside Global Address
27. Provides confidentiality - so it cannot be read by unauthorized parties
Common uses of Access Lists
Distribution Layer
no service udp-small-servers
Encrypting Traffic
28. 33400-34400
HTTP Operating Layer
UDP Traceroute Port Range
Outside Global Address
Flags used by Established Line
29. Router threat where access by an entity or individual other than authorized users
NTP Vulnerabilities
Core Layer
Standard ACL format
Unauthorized Access
30. Dialer List - Routing Maps - Dynamic Routing Protocols - Controlling Remote Access - NAT'ing - Traffic Filtering
Network Time Protocol (NTP)
Requirements for Reflexive TCP to be removed
Extended IP ACLs
Uses for ACLs
31. Traffic is passed in plaintext
HTTP Vulnerability
GRE Operating Layer
SNMP Vulnerabilities
Finger Vulnerabilities
32. A secure alternative to telnet for remote administration that supported in Enterprise versions of Cisco IOS
SSH
Rerouting
Encapsulation Security Payload (ESP)
Fourth Part of the IOS Version
33. Attack that involves a multitude of compromised system attack a single target - denying service to it by exploiting one 'master' system that communicates with other 'zombie' systems
Privilege Level 1
Session Hijacking
Three Layers of Hierarchical Model
Distributed Denial of Service Attacks
34. This server is used for querying a host about its logged in users
Access List Rules
Lower IP Standard ACL Range
inger Server
SNMP Trap
35. Uses SSL port 443
Access Layer
echo - chargen - discard - daytime
HTTPS Strength
no cdp run
36. Accounts without passwords - Type 7 encryption - account privilege higher than 1 - able to be fingered
TLS/SSL Layer
IP Spoofing
SSH2
User Account Vulnerabilites
37. Refers to addresses used on the organization's private network
ACL to block TCP SYN Attack
Local Addresses
ESP Identifier
Boot Network Vulnerabilities
38. None - uses attach application protocol's layer
no ip redirect
echo - chargen - discard - daytime
TLS/SSL Layer
Tunneling
39. Startup-config can be deleted - copied - changed
Host-to-Host Communications
SNMP
Boot Network Vulnerabilities
login local
40. TCP and UDP Port 161
Privilege Levels 2-13
SNMP
SSH Operating Layer
Transport Layer Security (TLS) and Secure Sockets Layer (SSL)
41. Protects against repeating of secure sessions
Land Attack
Anti-Replay
NTP Vulnerabilities
HTTP Tunneling
42. UDP Port 1701
NTP Vulnerabilities
Dynamic NAT
L2TP Identifier
Telnet - HTTP - SNMP Vulnerability
43. Device - Hostname - IOS - IP Address - Ports - Model
CDP Vulnerabilities
Three Physical Security Vulnerabilities
Authenticating Peers
SSH Operating Layer
44. TCP Port 80
Privilege Levels 2-13
HTTP Identifier
Privilege Level 0
Inside Local Address
45. Protocol that allows data to be exchanged using a secure channel between two computers via encryption
Secure Shell (SSH)
no ip unreachable
Lower IP Extended ACL Range
Standard ACL format
46. No Known Vulnerability
TCP/UDP Discard Vulnerability
Transport Mode
Two Modes of IPSec
Fourth Part of the IOS Version
47. An alternative for both standard and extended ACLs that allow you to refer to an ACL by a descriptive name instead of a number
Networks
no ip http server
Named ACL
IP Source Routing
48. Ip accesslist extended <name1> - permit IP any any reflect <filename> - ip accesslist extended <name2> - evaluate <filename> - int f0/0 - ip access-group <name1> out - ip access-group <name2> in
Cisco Express Forwarding (CEF)
IP Spoofing
Denial of Service (DoS)
Syntax for Reflexive ACLs
49. Major Version - Minor Version - Release - Interim Build - Release Train Identifier
General Format of Cisco IOS Version
HTTP Operating Layer
ntp disable
Layer 2 Tunneling Protocol (L2TP)
50. When a router acts as an intermediary for ARP queries on selected interfaces and enabling transparent access between multiple LAN segments
no ip unreachable
First Part of IOS Version
Outside Local Address
Proxy ARP
