SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Router Security
Start Test
Study First
Subject
:
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Attack that involves a multitude of compromised system attack a single target - denying service to it by exploiting one 'master' system that communicates with other 'zombie' systems
Distributed Denial of Service Attacks
Minimum ACLs Required for Reflexive ACLs
ntp disable
AUX Vulnerability
2. UDP Port 1701
login local
ACL to block incoming loopback packets
L2TP Identifier
Outside
3. Routing mode depended on by uRPF in order to function
Masquerading
IP Direct Broadcast Vulnerabilties
Privilege Level 15
Cisco Express Forwarding (CEF)
4. Top of the hierarchy - responsible for transporting large amounts of traffic both reliably and quickly and switching traffic as fast as possible throughout the internet
Core Layer
SNMP Vulnerabilities
Inside
CDP Vulnerabilities
5. Forces the user to enter both a valid username and password
General Format of Cisco IOS Version
Second Part of IOS Version
login local
ACL to block telnet
6. This layer controls user and workgroup acess to the Internetwork resources at the local level using segmentation of networks to create separate collision domains - AKA an organization's trusted network
SSH Identifier
ACL to block a Land Attack
Access Layer
Global Addresses
7. These ACLs filter by network or host IP address and only filter on source
login local
no ip unreachable
TCP Intercept Watch Mode
Standard IP ACLs
8. Command used to disable the ICMP message Address Mask Reply
no ip mask-reply
Integrity Validation
ACL to block a Land Attack
General Format of Cisco IOS Version
9. Provides nonrepudiation - ensuring that traffic is from a trusted party
Authenticating Peers
Cisco Discovery Protocol (CDP)
Second Part of IOS Version
Privilege Levels 2-13
10. Layer 7
Two Protocols of Tunnel Mode
AUX Vulnerability
Two Types of Router Access
HTTP Operating Layer
11. TCP and UDP Port 161
SNMP
CDP Vulnerabilities
IP Source Routing
Established Line
12. TCP and UDP Port 162
Local Addresses
SNMP Trap
Privilege Level 1
Dynamic NAT
13. Interim Build Number
Fourth Part of the IOS Version
Local Addresses
DNS Lookup Vulnerability
Authenticating Peers
14. Breaks LAN security perimeter extends LAN to Layer 2
Train Identifier 'T'
SSH
Proxy ARP Vulnerabilities
TCP SYN Attack
15. Command used to disable NTP on an interface
CDP Vulnerabilities
SNMP Vulnerabilities
Flags used by Established Line
ntp disable
16. Two - one Inbound or Evaluated and one Outbound or Reflected
Standard IP ACLs
no ip redirect
Minimum ACLs Required for Reflexive ACLs
TCP/UDP Discard Vulnerability
17. Data link layer protocol used for tunneling network traffic between two peers over an existing network - often used with IPsec to secure packets
Integrity Validation
Generic Routing Encapsulation (GRE)
Inside Local Address
Layer 2 Tunneling Protocol (L2TP)
18. War dialing
Privilege Levels 2-13
no ip mask-reply
Train Identifier 'T'
AUX Vulnerability
19. An extension of static mapping which allows for one global address to be mapped to multiple inside addresses; can be used for websites with multiple back end servers
IP Source Routing Vulnerabilities
HTTP Operating Layer
Flags used by Established Line
TCP Load Distribution
20. Helps to mitigate problems that are caused by the introduction of malformed or spoofed IP source addresses into a network by discarding packets lacking a verifiable IP source address
IP Directed Broadcast
Access Layer
Unicast Reverse-Path Forwarding (uRPF)
Train Identifier 'S'
21. Tunnel Mode Protocol provides integrity - authentication - and non-repudiation and operates directly on top of IP
IP Spoofing
HTTP Vulnerability
Authentication Header (AH)
Higher IP Extended ACL Range
22. TCP Port 80
Local Addresses
Anti-Replay
TCP/UDP Discard Vulnerability
HTTP Identifier
23. Protects against repeating of secure sessions
Privilege Level 0
ESP Identifier
Anti-Replay
Train Identifier 'B'
24. Smurf attacks - can enumerate the network
IP Direct Broadcast Vulnerabilties
Distributed Denial of Service Attacks
Eavesdropping and Information Theft
Second Part of IOS Version
25. Can copy - poison - corrupt - or delete the IOS
BOOTP Vulnerabilities
Network Address Translation (NAT)
Boot Network Vulnerabilities
AUX Vulnerability
26. Datagram protocol used by some hosts to load their operating system over the network via a central repository of IOS software
SSH Operating Layer
BOOTP
Sixth (Optional) Part of the IOS Version
Three Layers of Hierarchical Model
27. Command used to disable the ICMP message Redirect
no ip redirect
SSH Operating Layer
Tunneling
SSH
28. These ACLs filter by network or host IP addresses andspecific protocol type or port numbers - filters by source and destination
L2TP Identifier
ACL to block spoofed IPs
Extended IP ACLs
login local
29. Traffic is passed in plaintext
HTTP Vulnerability
Requirements for Reflexive TCP to be removed
Standard ACL format
Local Addresses
30. Release Number
Train Identifier 'B'
Authentication Header (AH)
L2TP Identifier
Third Part of the IOS Version
31. Broadcast
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
32. Command to disable CDP on a router
Proxy ARP Vulnerabilities
CDP Vulnerabilities
no cdp run
Anti-Replay
33. Proprietary - used by Cisco routers and switches use to identify each other on LAN and WAN segments
ACL to block a Smurf Attack or Fraggle Attack
Global Addresses
Local Addresses
Cisco Discovery Protocol (CDP)
34. Private IP address after translation
TLS/SSL Identifier
Dynamic NAT
Local Addresses
Inside Global Address
35. PERMIT TCP ANY ANY ESTABLISHED
Encapsulation Security Payload (ESP)
ACL to block TCP SYN Attack
L2TP Identifier
NTP Vulnerabilities
36. Allows packets to be filtered based on upper-layer session information - only uses extended temporary ACL's and must be named - applied on border routers
IP Directed Broadcast
Lower IP Standard ACL Range
Common uses of Access Lists
Reflexive ACL
37. When one network protocol called the payload protocol is encapsulated within a different delivery network - or provide a secure path through an untrusted network
Tunneling
Standard IP ACLs
Fifth Part of the IOS Version
Encrypted Tunneling Methods
38. Router threat that includes manipulating router updates to cause traffic to flow to unauthorized destinations
Route Injection Attack
Cisco Express Forwarding (CEF)
Encrypting Traffic
IP Unreachable Vulnerabilities
39. Users - Host PC's - IP Addresses
L2TP Identifier
Encrypting Traffic
Finger Vulnerabilities
Authentication Header (AH)
40. 0-99
Integrity Validation
Standard ACL format
Lower IP Standard ACL Range
Network Time Protocol (NTP)
41. DENY IP HOST <Inbound IP Address> HOST <Inbound IP Address>
Session Hijacking
ACL to block IP multicast
no ip mask-reply
ACL to block a Land Attack
42. Tunnel Mode Protocol provides confidentiality - along with authentication and integrity protection with encryption
Inside
Established Line
Named ACL
Encapsulation Security Payload (ESP)
43. Buffer Overflow
TCP/UDP Chargen Vulnerability
TLS/SSL Identifier
Train Identifier 'S'
echo - chargen - discard - daytime
44. Privilege level that is restricted to basic level operations
Privilege Level 1
IP Direct Broadcast Vulnerabilties
Anti-Replay
Static NAT
45. What Transport Mode is used for
no cdp run
Host-to-Host Communications
ntp disable
NTP Vulnerabilities
46. The host can specify which route to take - which bypasses security
Outside Local Address
Requirements for Reflexive TCP to be removed
NTP Vulnerabilities
IP Source Routing Vulnerabilities
47. UDP Port 514
Integrity Validation
Tunneling
TCP Intercept
syslog
48. Privilege levels that can have passwords assigned to them
Reflexive ACL
General Format of Cisco IOS Version
HTTP Identifier
Privilege Levels 2-13
49. Minor Version
TCP SYN Attack
Train Identifier 'T'
SNMP
Second Part of IOS Version
50. Router threat that involves a hacker inserting a spoofed TCP/IP packet into a stream - thereby enabling commands to be executed on the remote host
Two Modes of IPSec
Cisco Discovery Protocol (CDP)
BOOTP
Session Hijacking
