SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Router Security
Start Test
Study First
Subject
:
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Four TCP/UDP Small Server commands recommended to disable
no ip redirect
echo - chargen - discard - daytime
no ip finger - no service finger
Fourth Part of the IOS Version
2. TCP Port 22
inger Server
ACL to block a Land Attack
SSH Identifier
Rerouting
3. Users - Host PC's - IP Addresses
IP Source Routing Vulnerabilities
no cdp run
IP Direct Broadcast Vulnerabilties
Finger Vulnerabilities
4. What Tunnel Mode is used for
Network-to-Network Communications
Anti-Replay
Secure Shell (SSH)
HTTP Vulnerability
5. Must be made at global config mode - created from CON/VTY session or text file - read top to bottom - applied at the interface and only one ACL per direction - per protocol - per interface
Access List Rules
Privilege Level 15
Boot Network
SNMP Vulnerabilities
6. These ACLs filter by network or host IP address and only filter on source
TLS/SSL Identifier
Transport Mode
Two Modes of IPSec
Standard IP ACLs
7. Major Version - Minor Version - Release - Interim Build - Release Train Identifier
AUX Vulnerability
Boot Network Vulnerabilities
General Format of Cisco IOS Version
Requirements for Reflexive TCP to be removed
8. Command to disable CDP on a router
Tunneling
Train Identifier 'T'
no cdp run
DNS Lookup Vulnerability
9. Startup-config can be deleted - copied - changed
Session Hijacking
Boot Network Vulnerabilities
ESP Operating Layer
User Account Vulnerabilites
10. Software that blocks packets from unreachable hosts - thus allowing only reachable external hosts to initiate connections to a host on an internal network
IP Mask Reply Vulnerabilities
TCP/UDP Echo Vulnerability
TCP Intercept
TCP SYN Attack
11. Layer 3
Extended ACL format
ESP Operating Layer
Proxy ARP Vulnerabilities
Secure Shell (SSH)
12. Translates multiple local addresses to a pool of global addresses by having the firewall select the first available global address; retains the global address for the duration of the connection
Extended ACL format
Transport Layer Security (TLS) and Secure Sockets Layer (SSL)
HTTP Operating Layer
Dynamic NAT
13. TCP only - used to filter inbound traffic while allowing return TCP sessions - can be spoofed by attackers and cannot be used with Active FTP
Common uses of Access Lists
Static NAT
Established Line
SSH1
14. Forces the user to enter both a valid username and password
Boot Network
login local
L2TP Operating Layer
IP Mask Reply Vulnerabilities
15. Provides confidentiality - so it cannot be read by unauthorized parties
Inside Global Address
Named ACL
Sixth (Optional) Part of the IOS Version
Encrypting Traffic
16. 0x2F - or 47
no ip finger - no service finger
GRE Identifier
Common uses of Access Lists
Privilege Level 0
17. A method of bypassing firewall or proxy restrictions by making the firewall think that it is getting traffic from a web browser
Distributed Denial of Service Attacks
ESP Operating Layer
HTTP Tunneling
ntp disable
18. Privilege level that is restricted to basic level operations
Privilege Level 1
Sixth (Optional) Part of the IOS Version
Land Attack
ACL to block telnet
19. What Local and Global refer to in NAT
Networks
BOOTP
Privilege Level 15
Tunnel Mode
20. Protocol that allows data to be exchanged using a secure channel between two computers via encryption
Secure Shell (SSH)
Tunneling
Named ACL
Unicast Reverse-Path Forwarding (uRPF)
21. Helps to mitigate problems that are caused by the introduction of malformed or spoofed IP source addresses into a network by discarding packets lacking a verifiable IP source address
HTTPS Strength
uRPF Strength
Unicast Reverse-Path Forwarding (uRPF)
HTTP Tunneling
22. Commands to disable Finger Server
Privilege Level 1
TLS/SSL Layer
no ip finger - no service finger
TCP/UDP Chargen Vulnerability
23. An extension of static mapping which allows for one global address to be mapped to multiple inside addresses; can be used for websites with multiple back end servers
Inside
TLS/SSL Identifier
Network Time Protocol (NTP)
TCP Load Distribution
24. TCP and UDP Port 162
SNMP Trap
Internet Protocol Security (IPSec)
HTTP Vulnerability
HTTPS Strength
25. PERMIT TCP ANY ANY ESTABLISHED
Network-to-Network Communications
ACL to block TCP SYN Attack
Common uses of Access Lists
Inside Local Address
26. Privilege level that has Global administration capabilities
HTTPS Strength
Static NAT
Privilege Level 15
Overloading
27. 33400-34400
UDP Traceroute Port Range
SSH1
Two Modes of IPSec
TLS/SSL Layer
28. War dialing
User Account Vulnerabilites
Secure Shell (SSH)
AUX Vulnerability
Distributed Denial of Service Attacks
29. Attack that involves sending a packet to the router with the same IP address in the source and destination address fields - as well as the same port number in the source and destination port field - causing a denial of service
Land Attack
Privilege Levels 2-13
Sixth (Optional) Part of the IOS Version
User Account Vulnerabilites
30. Can copy - poison - corrupt - or delete the IOS
TCP Load Distribution
BOOTP Vulnerabilities
Unauthorized Access
Finger Vulnerabilities
31. Traffic is passed in plaintext
HTTP Vulnerability
Secure Shell (SSH)
Finger Vulnerabilities
Anti-Replay
32. None - uses attached application protocol's port
Named ACL Format
Access Layer
TLS/SSL Identifier
Inside
33. Access - Distribution - Core
IP Unreachable Vulnerabilities
IPSec AH Identifier
Three Layers of Hierarchical Model
login local
34. Command used to disable the ICMP message Redirect
no ip redirect
inger Server
Extended ACL format
Lower IP Extended ACL Range
35. Layer 5
GRE Operating Layer
NTP Vulnerabilities
Eavesdropping and Information Theft
L2TP Operating Layer
36. Lists interfaces - routing table - ARP table - physical and network addresses - time last booted
Land Attack
SNMP Vulnerabilities
TCP/UDP Discard Vulnerability
SSH2
37. Time can be changed - Routing Table can be killed
TCP/UDP Echo Vulnerability
no ip bootp server
General Format of Cisco IOS Version
NTP Vulnerabilities
38. DENY IP HOST <Inbound IP Address> HOST <Inbound IP Address>
Internet Protocol Security (IPSec)
ACL to block a Land Attack
no service tcp-small-servers
ESP Identifier
39. Attack that involves transmitting a volume of connections that cannot be completed at the destination - causing the queue to fill up and denying service to legitimate user
Dynamic NAT
Boot Network Vulnerabilities
TCP SYN Attack
Sixth (Optional) Part of the IOS Version
40. Rebuild Number
Local Addresses
Sixth (Optional) Part of the IOS Version
Two Protocols of Tunnel Mode
Train Identifier 'S'
41. ESP - SSH - SSL/TLP
Encrypted Tunneling Methods
Two Protocols of Tunnel Mode
IP Mask Reply Vulnerabilities
Denial of Service (DoS)
42. Cisco default tunneling protocol that uses multicast addressing without encryption and is designed to encapsulate a wide variety of network layer packets inside IP tunneling packets
Generic Routing Encapsulation (GRE)
ACL to block incoming loopback packets
Smurf Attack
SNMP Trap
43. Release Train Identifier
inger Server
Inside Local Address
Fifth Part of the IOS Version
SSH2
44. Geolocational positioning
no ip unreachable
TCP/UDP Daytime Vulnerability
Encrypted Tunneling Methods
BOOTP Vulnerabilities
45. What Transport Mode is used for
no ip mask-reply
IPSec AH Operating Layer
SSH Operating Layer
Host-to-Host Communications
46. Public IP address after translation
Internet Protocol Security (IPSec)
TCP Intercept Watch Mode
Three Layers of Hierarchical Model
Outside Global Address
47. DNS Poisoning
Access Layer
ACL to block spoofed IPs
DNS Lookup Vulnerability
IPSec AH Identifier
48. Router threat that includes manipulating router updates to cause traffic to flow to unauthorized destinations
Encapsulation Security Payload (ESP)
GRE Operating Layer
Route Injection Attack
Inside Local Address
49. Block spoofed IP packets - block loopback packets - block IP multicast if unused - block ICMP redirects - Block telnet if not used
Requirements for Reflexive TCP to be removed
Eavesdropping and Information Theft
Common uses of Access Lists
Reflexive ACL
50. UDP Port 514
Host-to-Host Communications
syslog
Encapsulation Security Payload (ESP)
TCP Intercept
