SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Router Security
Start Test
Study First
Subject
:
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A secure alternative to telnet for remote administration that supported in Enterprise versions of Cisco IOS
SSH
ACL to block telnet
Common uses of Access Lists
Third Part of the IOS Version
2. Two FIN bits or one RST bit
Sixth (Optional) Part of the IOS Version
Tunneling
Requirements for Reflexive TCP to be removed
Privilege Level 15
3. Allows packets to be filtered based on upper-layer session information - only uses extended temporary ACL's and must be named - applied on border routers
Masquerading
Reflexive ACL
SNMP Trap
Overloading
4. Time can be changed - Routing Table can be killed
Access Layer
Rerouting
NTP Vulnerabilities
Privilege Level 15
5. DENY IP <Network ID> <Network WC Mask> ANY
ACL to block spoofed IPs
Network-to-Network Communications
uRPF Strength
Second Part of IOS Version
6. Software that blocks packets from unreachable hosts - thus allowing only reachable external hosts to initiate connections to a host on an internal network
Smurf Attack
TCP Intercept
SSH Identifier
Networks
7. Access-list <number <deny | permit> source source-wildcard source-qualifier destination dest-wildcard dest-qualifier <log | log-input>
Integrity Validation
Extended ACL format
TCP/UDP Chargen Vulnerability
Three Physical Security Vulnerabilities
8. What Tunnel Mode is used for
Higher IP Extended ACL Range
Network-to-Network Communications
TLS/SSL Identifier
BOOTP
9. Broadcast
Warning
: Invalid argument supplied for foreach() in
/var/www/html/basicversity.com/show_quiz.php
on line
183
10. Translates multiple local addresses to a pool of global addresses by having the firewall select the first available global address; retains the global address for the duration of the connection
IPSec AH Identifier
Network-to-Network Communications
Dynamic NAT
no ip redirect
11. Protocol used to keep their time-of-day clocks accurate and in sync
Network Time Protocol (NTP)
IPSec AH Identifier
TCP Intercept
Global Addresses
12. Allows the source IP host to specify a route through the IP network
TCP/UDP Echo Vulnerability
IP Source Routing
Denial of Service (DoS)
User Account Vulnerabilites
13. Command to disable TCP small server on a router
TCP/UDP Daytime Vulnerability
no service tcp-small-servers
Train Identifier 'S'
BOOTP
14. Geolocational positioning
IP Source Routing Vulnerabilities
Encrypted Tunneling Methods
TCP/UDP Daytime Vulnerability
Two Modes of IPSec
15. Router threat that involves the unauthorized viewing and collection of network traffic; usually accomplished with a packet sniffing program
Network-to-Network Communications
Eavesdropping and Information Theft
TCP/UDP Echo Vulnerability
ACL to block a Land Attack
16. Provides confidentiality - so it cannot be read by unauthorized parties
Anti-Replay
Encrypting Traffic
Network Address Translation (NAT)
Route Injection Attack
17. Tunnel Mode Protocol provides confidentiality - along with authentication and integrity protection with encryption
Inside
Encapsulation Security Payload (ESP)
Tunneling
TCP/UDP Chargen Vulnerability
18. Datagram protocol used by some hosts to load their operating system over the network via a central repository of IOS software
BOOTP
Dynamic NAT
ACL to block a Land Attack
Named ACL
19. Command to disable UDP small server on a router
Established Line
Land Attack
Encrypted Tunneling Methods
no service udp-small-servers
20. 0x33 or 51
TCP/UDP Daytime Vulnerability
Two Protocols of Tunnel Mode
Internet Protocol Security (IPSec)
IPSec AH Identifier
21. Can obtain CIDR and router ID
Higher IP Extended ACL Range
Inside Global Address
IP Mask Reply Vulnerabilities
Core Layer
22. Buffer Overflow
Session Hijacking
Unicast Reverse-Path Forwarding (uRPF)
ESP Identifier
TCP/UDP Chargen Vulnerability
23. Attack that involves a multitude of compromised system attack a single target - denying service to it by exploiting one 'master' system that communicates with other 'zombie' systems
no ip bootp server
Finger Vulnerabilities
TCP Load Distribution
Distributed Denial of Service Attacks
24. The host can specify which route to take - which bypasses security
IP Source Routing Vulnerabilities
L2TP Identifier
TLS/SSL Layer
General Format of Cisco IOS Version
25. Access - Distribution - Core
Privilege Level 1
Networks
Access List Rules
Three Layers of Hierarchical Model
26. UDP Port 1701
NTP Vulnerabilities
L2TP Identifier
Inside
no service tcp-small-servers
27. 0x2F - or 47
Encapsulation Security Payload (ESP)
GRE Identifier
IP Source Routing
Proxy ARP Vulnerabilities
28. Lists interfaces - routing table - ARP table - physical and network addresses - time last booted
SNMP Vulnerabilities
Network Address Translation (NAT)
Network Time Protocol (NTP)
L2TP Operating Layer
29. When one network protocol called the payload protocol is encapsulated within a different delivery network - or provide a secure path through an untrusted network
Tunneling
Requirements for Reflexive TCP to be removed
Higher IP Extended ACL Range
Fourth Part of the IOS Version
30. Layer 3
Three Physical Security Vulnerabilities
ESP Operating Layer
IPSec AH Identifier
Authentication Header (AH)
31. UDP Port 514
Outside Global Address
Standard IP ACLs
syslog
Boot Network
32. Startup-config can be deleted - copied - changed
syslog
Network Time Protocol (NTP)
Boot Network Vulnerabilities
Train Identifier 'S'
33. The environment - catastrophic events an unauthorized access
Syntax for Reflexive ACLs
Three Physical Security Vulnerabilities
Flags used by Established Line
Cisco Discovery Protocol (CDP)
34. Router threat that includes manipulating router updates to cause traffic to flow to unauthorized destinations
Flags used by Established Line
Layer 2 Tunneling Protocol (L2TP)
IP Spoofing
Route Injection Attack
35. Two - one Inbound or Evaluated and one Outbound or Reflected
Minimum ACLs Required for Reflexive ACLs
HTTP Operating Layer
UDP Traceroute Port Range
Higher IP Standard ACL Range
36. Major Version
Proxy ARP
First Part of IOS Version
inger Server
ACL to block a Land Attack
37. Layer 3
IPSec AH Operating Layer
Encrypted Tunneling Methods
inger Server
ntp disable
38. Command used to disable NTP on an interface
HTTP Vulnerability
TCP/UDP Discard Vulnerability
ntp disable
IP Spoofing
39. The communication layer between the two other layers and provides network security - including ACLs - firewalls - any general public access servers and address translation; also known as the isolation LAN or DMZ
no ip redirect
Network-to-Network Communications
Distribution Layer
ESP Identifier
40. Users - Host PC's - IP Addresses
Authenticating Peers
Finger Vulnerabilities
Sixth (Optional) Part of the IOS Version
Network Address Translation (NAT)
41. 0-99
Session Hijacking
Lower IP Standard ACL Range
Anti-Replay
Standard IP ACLs
42. When a router acts as an intermediary for ARP queries on selected interfaces and enabling transparent access between multiple LAN segments
Established Line
Authentication Header (AH)
Tunneling
Proxy ARP
43. Permits a host on one LAN segment to initiate a physical broadcast on a different LAN segment
IP Directed Broadcast
Layer 2 Tunneling Protocol (L2TP)
Distributed Denial of Service Attacks
IPSec AH Identifier
44. Transport and Tunnel
Fraggle Attack
Dynamic NAT
BOOTP
Two Modes of IPSec
45. 2000-2699
Cisco Express Forwarding (CEF)
UDP Traceroute Port Range
CDP Vulnerabilities
Lower IP Extended ACL Range
46. Data link layer protocol used for tunneling network traffic between two peers over an existing network - often used with IPsec to secure packets
SSH Operating Layer
Outside
Layer 2 Tunneling Protocol (L2TP)
Three Layers of Hierarchical Model
47. Command used to disable the ICMP message Address Mask Reply
Two Types of Router Access
no ip mask-reply
Static NAT
Transport Layer Security (TLS) and Secure Sockets Layer (SSL)
48. These ACLs filter by network or host IP addresses andspecific protocol type or port numbers - filters by source and destination
IP Spoofing
Extended IP ACLs
BOOTP Vulnerabilities
Authenticating Peers
49. Privilege levels that can have passwords assigned to them
Masquerading
Encrypting Traffic
Privilege Levels 2-13
Session Hijacking
50. A suite of protocols for securing Internet Protocol communications by authenticating and/or encrypting each IP packet in a data stream
Proxy ARP Vulnerabilities
Internet Protocol Security (IPSec)
Dynamic NAT
Distribution Layer