SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Router Security
Start Test
Study First
Subject
:
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Mode where only the payload of the IP packet is encrypted and/or authenticated
Generic Routing Encapsulation (GRE)
Global Addresses
Established Line
Transport Mode
2. Local IP address before translation
Networks
Inside Local Address
Devices
Common uses of Access Lists
3. Commands to disable Finger Server
ACL to block incoming loopback packets
no ip finger - no service finger
Distributed Denial of Service Attacks
Static NAT
4. Command used to disable the ICMP message Address Mask Reply
IP Unreachable Vulnerabilities
no ip mask-reply
HTTP Operating Layer
Three Layers of Hierarchical Model
5. Transport and Tunnel
Two Modes of IPSec
IP Mask Reply Vulnerabilities
Tunneling
Lower IP Extended ACL Range
6. Must be made at global config mode - created from CON/VTY session or text file - read top to bottom - applied at the interface and only one ACL per direction - per protocol - per interface
IP Spoofing
Access List Rules
Route Injection Attack
CDP Vulnerabilities
7. DENY TCP ANY HOST <IP Address> EQ 23
no ip redirect
Core Layer
Lower IP Extended ACL Range
ACL to block telnet
8. TCP Port 80
Syntax for Reflexive ACLs
IP Mask Reply Vulnerabilities
HTTP Identifier
CDP Vulnerabilities
9. Attack that involves sending a large amount of UDP Echo packets to a subnet's broadcast address with a spoofed source IP address from that subnet
User Account Vulnerabilites
Fraggle Attack
Telnet - HTTP - SNMP Vulnerability
ACL to block IP multicast
10. 0x2F - or 47
Dynamic NAT
GRE Identifier
no ip bootp server
L2TP Operating Layer
11. Router threat that involves a hacker inserting a spoofed TCP/IP packet into a stream - thereby enabling commands to be executed on the remote host
Session Hijacking
no ip unreachable
Networks
Fraggle Attack
12. A secure alternative to telnet for remote administration that supported in Enterprise versions of Cisco IOS
NTP Vulnerabilities
Requirements for Reflexive TCP to be removed
SSH
Outside Local Address
13. Access - Distribution - Core
TLS/SSL Layer
Tunneling
AUX Vulnerability
Three Layers of Hierarchical Model
14. Command used to disable the ICMP message Host Unreachable
Syntax for Reflexive ACLs
Smurf Attack
Internet Protocol Security (IPSec)
no ip unreachable
15. Allows the source IP host to specify a route through the IP network
TCP Load Distribution
Uses for ACLs
inger Server
IP Source Routing
16. Lists interfaces - routing table - ARP table - physical and network addresses - time last booted
Extended IP ACLs
Tunnel Mode
SNMP Vulnerabilities
Dynamic NAT
17. When one network protocol called the payload protocol is encapsulated within a different delivery network - or provide a secure path through an untrusted network
UDP Traceroute Port Range
Tunneling
Encrypted Tunneling Methods
Generic Routing Encapsulation (GRE)
18. Protocol that allows data to be exchanged using a secure channel between two computers via encryption
Secure Shell (SSH)
NTP Vulnerabilities
Devices
Telnet - HTTP - SNMP Vulnerability
19. Breaks LAN security perimeter extends LAN to Layer 2
Encrypting Traffic
Standard IP ACLs
Outside Local Address
Proxy ARP Vulnerabilities
20. The host can specify which route to take - which bypasses security
IP Source Routing Vulnerabilities
echo - chargen - discard - daytime
Devices
syslog
21. 2000-2699
Proxy ARP Vulnerabilities
Three Layers of Hierarchical Model
Authentication Header (AH)
Higher IP Extended ACL Range
22. Privilege level that restricts users to five commands (enable - disable - exit - help quit)
Boot Network
Privilege Level 0
no service udp-small-servers
Inside Global Address
23. Can copy - poison - corrupt - or delete the IOS
Two Protocols of Tunnel Mode
BOOTP Vulnerabilities
Layer 2 Tunneling Protocol (L2TP)
DNS Lookup Vulnerability
24. 2000-2699
Networks
Extended ACL format
Lower IP Extended ACL Range
Fraggle Attack
25. Also known as Configuration Auto-Loading - allows routers to load their startup configuration from the network
Boot Network
ACL to block a Smurf Attack or Fraggle Attack
SNMP Vulnerabilities
Denial of Service (DoS)
26. Ip accesslist extended <name1> - permit IP any any reflect <filename> - ip accesslist extended <name2> - evaluate <filename> - int f0/0 - ip access-group <name1> out - ip access-group <name2> in
Syntax for Reflexive ACLs
Tunnel Mode
uRPF Strength
Transport Mode
27. Can obtain CIDR and router ID
Boot Network Vulnerabilities
Outside Global Address
Authentication Header (AH)
IP Mask Reply Vulnerabilities
28. Service Provider
29. Time can be changed - Routing Table can be killed
NTP Vulnerabilities
Fraggle Attack
Global Addresses
Boot Network Vulnerabilities
30. Traffic is passed in plaintext
HTTP Vulnerability
Authentication Header (AH)
TCP/UDP Discard Vulnerability
Encrypted Tunneling Methods
31. War dialing
Host-to-Host Communications
AUX Vulnerability
HTTP Operating Layer
Local Addresses
32. Smurf attacks - can enumerate the network
Route Injection Attack
IP Direct Broadcast Vulnerabilties
Common uses of Access Lists
TLS/SSL Layer
33. Top of the hierarchy - responsible for transporting large amounts of traffic both reliably and quickly and switching traffic as fast as possible throughout the internet
HTTP Vulnerability
Extended IP ACLs
Core Layer
HTTP Tunneling
34. Plaintext
Telnet - HTTP - SNMP Vulnerability
Session Hijacking
Distributed Denial of Service Attacks
Privilege Level 15
35. Cisco default tunneling protocol that uses multicast addressing without encryption and is designed to encapsulate a wide variety of network layer packets inside IP tunneling packets
Named ACL
First Part of IOS Version
HTTPS Strength
Generic Routing Encapsulation (GRE)
36. The environment - catastrophic events an unauthorized access
Privilege Level 1
login local
Three Physical Security Vulnerabilities
Local Addresses
37. Router threat that refers to willful attempts to cause such disruptions by overwhelming the targeted system with improperly formatted traffic
Denial of Service (DoS)
no ip bootp server
Static NAT
Established Line
38. Form of dynamic NAT that maps multiple unregistered IP addresses to a single registered IP address by using different ports; limited to ~64 -000 hosts
Overloading
IP Source Routing Vulnerabilities
Layer 2 Tunneling Protocol (L2TP)
Train Identifier 'B'
39. Local and Remote
Denial of Service (DoS)
Two Types of Router Access
Higher IP Standard ACL Range
TCP/UDP Chargen Vulnerability
40. Proprietary - used by Cisco routers and switches use to identify each other on LAN and WAN segments
Outside Local Address
Distribution Layer
Cisco Discovery Protocol (CDP)
ACL to block IP multicast
41. Router threat where access by an entity or individual other than authorized users
Cisco Discovery Protocol (CDP)
AUX Vulnerability
Unauthorized Access
Encapsulation Security Payload (ESP)
42. Private IP address after translation
Inside Global Address
Integrity Validation
TLS/SSL Identifier
HTTP Operating Layer
43. Public IP address before translation
Outside Local Address
Tunnel Mode
Outside
IP Source Routing Vulnerabilities
44. Router threat that involves the unauthorized viewing and collection of network traffic; usually accomplished with a packet sniffing program
Extended ACL format
IP Source Routing
Common uses of Access Lists
Eavesdropping and Information Theft
45. Privilege level that has Global administration capabilities
HTTP Operating Layer
Privilege Level 15
Extended IP ACLs
TCP/UDP Echo Vulnerability
46. Rebuild Number
Boot Network Vulnerabilities
Privilege Levels 2-13
Sixth (Optional) Part of the IOS Version
Standard ACL format
47. Attack that involves sending a packet to the router with the same IP address in the source and destination address fields - as well as the same port number in the source and destination port field - causing a denial of service
Proxy ARP Vulnerabilities
DNS Lookup Vulnerability
Land Attack
Encrypting Traffic
48. Router threat that occurs when an attacker manipulates IP packets to falsify IP addresses - causing network disruptions as the router attempts to process the packet
Uses for ACLs
Integrity Validation
Masquerading
Finger Vulnerabilities
49. Two FIN bits or one RST bit
Requirements for Reflexive TCP to be removed
Standard IP ACLs
Fraggle Attack
CDP Vulnerabilities
50. Router to Router Denial of Service
TCP/UDP Echo Vulnerability
TLS/SSL Layer
Outside Global Address
Static NAT
