SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Router Security
Start Test
Study First
Subject
:
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Accounts without passwords - Type 7 encryption - account privilege higher than 1 - able to be fingered
UDP Traceroute Port Range
Network Address Translation (NAT)
User Account Vulnerabilites
login local
2. Can stop spoofed IP addresses
Transport Mode
TCP/UDP Chargen Vulnerability
uRPF Strength
DNS Lookup Vulnerability
3. Time can be changed - Routing Table can be killed
Dynamic NAT
NTP Vulnerabilities
IP Unreachable Vulnerabilities
Route Injection Attack
4. Software that blocks packets from unreachable hosts - thus allowing only reachable external hosts to initiate connections to a host on an internal network
SSH Identifier
TCP Intercept
Network-to-Network Communications
Authentication Header (AH)
5. Plaintext
Telnet - HTTP - SNMP Vulnerability
Host-to-Host Communications
no ip finger - no service finger
AUX Vulnerability
6. When a router acts as an intermediary for ARP queries on selected interfaces and enabling transparent access between multiple LAN segments
Proxy ARP
no ip unreachable
IP Mask Reply Vulnerabilities
Higher IP Extended ACL Range
7. Tunnel Mode Protocol provides confidentiality - along with authentication and integrity protection with encryption
Session Hijacking
Encapsulation Security Payload (ESP)
SSH2
IP Unreachable Vulnerabilities
8. DENY IP ANY HOST <Broadcast Address>
SSH2
ACL to block a Smurf Attack or Fraggle Attack
Finger Vulnerabilities
Internet Protocol Security (IPSec)
9. Smurf attacks - can enumerate the network
Overloading
IP Spoofing
DNS Lookup Vulnerability
IP Direct Broadcast Vulnerabilties
10. Refers to addresses used on the organization's private network
SSH Operating Layer
Extended IP ACLs
Overloading
Global Addresses
11. A suite of protocols for securing Internet Protocol communications by authenticating and/or encrypting each IP packet in a data stream
Fraggle Attack
TCP Intercept
Anti-Replay
Internet Protocol Security (IPSec)
12. Uses SSL port 443
Named ACL Format
BOOTP Vulnerabilities
TCP SYN Attack
HTTPS Strength
13. Command to disable TCP small server on a router
IP Source Routing
Two Types of Router Access
no service tcp-small-servers
Network-to-Network Communications
14. Authentication Header (AH) and Encapsulated Security Payload (ESP)
Lower IP Standard ACL Range
Static NAT
Two Protocols of Tunnel Mode
Second Part of IOS Version
15. ACK and RST
Encapsulation Security Payload (ESP)
Three Physical Security Vulnerabilities
Flags used by Established Line
SNMP
16. A method of bypassing firewall or proxy restrictions by making the firewall think that it is getting traffic from a web browser
ACL to block a Land Attack
HTTP Tunneling
Common uses of Access Lists
no service tcp-small-servers
17. TCP Port 22
GRE Operating Layer
Secure Shell (SSH)
SSH Identifier
GRE Identifier
18. Proprietary - used by Cisco routers and switches use to identify each other on LAN and WAN segments
Uses for ACLs
TCP Intercept Watch Mode
Cisco Discovery Protocol (CDP)
ESP Identifier
19. The environment - catastrophic events an unauthorized access
Three Physical Security Vulnerabilities
Distributed Denial of Service Attacks
Unauthorized Access
IP Source Routing
20. Privilege level that is restricted to basic level operations
GRE Operating Layer
Privilege Level 1
inger Server
Unauthorized Access
21. Access-list <number> <deny | permit> source source-wildcard log
ACL to block a Land Attack
Cisco Discovery Protocol (CDP)
SSH1
Standard ACL format
22. This server is used for querying a host about its logged in users
UDP Traceroute Port Range
IP Mask Reply Vulnerabilities
Transport Mode
inger Server
23. Device - Hostname - IOS - IP Address - Ports - Model
TCP/UDP Daytime Vulnerability
Lower IP Extended ACL Range
CDP Vulnerabilities
UDP Traceroute Port Range
24. Top of the hierarchy - responsible for transporting large amounts of traffic both reliably and quickly and switching traffic as fast as possible throughout the internet
Core Layer
Encrypting Traffic
Access Layer
Encrypted Tunneling Methods
25. This layer controls user and workgroup acess to the Internetwork resources at the local level using segmentation of networks to create separate collision domains - AKA an organization's trusted network
Tunnel Mode
Outside Global Address
Access Layer
ESP Identifier
26. An extension of static mapping which allows for one global address to be mapped to multiple inside addresses; can be used for websites with multiple back end servers
HTTPS Strength
TCP Load Distribution
ACL to block spoofed IPs
Train Identifier 'S'
27. DENY IP 127.0.0.0 0.255.255.255 ANY
Local Addresses
Flags used by Established Line
IP Source Routing Vulnerabilities
ACL to block incoming loopback packets
28. Major Version - Minor Version - Release - Interim Build - Release Train Identifier
IP Mask Reply Vulnerabilities
ESP Operating Layer
General Format of Cisco IOS Version
Encrypting Traffic
29. Buffer Overflow
IP Spoofing
TCP/UDP Chargen Vulnerability
Transport Layer Security (TLS) and Secure Sockets Layer (SSL)
ACL to block a Land Attack
30. Layer 7
HTTP Vulnerability
TCP Load Distribution
SSH2
SSH Operating Layer
31. TCP only - used to filter inbound traffic while allowing return TCP sessions - can be spoofed by attackers and cannot be used with Active FTP
Unauthorized Access
Established Line
ACL to block a Land Attack
GRE Operating Layer
32. TCP and UDP Port 161
Three Physical Security Vulnerabilities
SNMP
Lower IP Standard ACL Range
no cdp run
33. Users - Host PC's - IP Addresses
Encrypted Tunneling Methods
UDP Traceroute Port Range
Finger Vulnerabilities
SSH
34. Privilege level that restricts users to five commands (enable - disable - exit - help quit)
Fifth Part of the IOS Version
Transport Mode
echo - chargen - discard - daytime
Privilege Level 0
35. Local IP address before translation
Land Attack
HTTP Identifier
SSH1
Inside Local Address
36. Startup-config can be deleted - copied - changed
Third Part of the IOS Version
Two Protocols of Tunnel Mode
Flags used by Established Line
Boot Network Vulnerabilities
37. Router threat where access by an entity or individual other than authorized users
General Format of Cisco IOS Version
inger Server
TCP/UDP Chargen Vulnerability
Unauthorized Access
38. ESP - SSH - SSL/TLP
Encrypted Tunneling Methods
no cdp run
no ip http server
Distribution Layer
39. 33400-34400
Tunnel Mode
Transport Layer Security (TLS) and Secure Sockets Layer (SSL)
UDP Traceroute Port Range
no ip redirect
40. Interim Build Number
Finger Vulnerabilities
Masquerading
Fourth Part of the IOS Version
Privilege Level 1
41. TCP Port 80
SNMP Trap
HTTP Identifier
TCP Intercept Watch Mode
Access Layer
42. Lists interfaces - routing table - ARP table - physical and network addresses - time last booted
no ip finger - no service finger
Train Idenifier 'E'
Outside Global Address
SNMP Vulnerabilities
43. Software that passively monitors the connection requests flowing through the router; if a connection fails - the software sends a Reset to the server to clear up its state
SNMP
IP Direct Broadcast Vulnerabilties
Rerouting
TCP Intercept Watch Mode
44. Refers to the organization's private network
syslog
Telnet - HTTP - SNMP Vulnerability
Inside
Internet Protocol Security (IPSec)
45. Command used to disable the ICMP message Redirect
Uses for ACLs
no service udp-small-servers
no ip redirect
Eavesdropping and Information Theft
46. Allows packets to be filtered based on upper-layer session information - only uses extended temporary ACL's and must be named - applied on border routers
IP Direct Broadcast Vulnerabilties
Standard ACL format
Reflexive ACL
Access Layer
47. Block spoofed IP packets - block loopback packets - block IP multicast if unused - block ICMP redirects - Block telnet if not used
Common uses of Access Lists
SNMP
L2TP Identifier
inger Server
48. Local and Remote
no service udp-small-servers
ACL to block incoming loopback packets
Two Types of Router Access
ntp disable
49. Layer 5
TCP Intercept
L2TP Operating Layer
TCP Load Distribution
Inside
50. Forces the user to enter both a valid username and password
Syntax for Reflexive ACLs
Encapsulation Security Payload (ESP)
Train Identifier 'T'
login local
