Добавил:
Опубликованный материал нарушает ваши авторские права? Сообщите нам.
Вуз: Предмет: Файл:
Securing Cisco IOS Networks Study Guide - Carl Timm.pdf
Скачиваний:
73
Добавлен:
24.05.2014
Размер:
9.74 Mб
Скачать

136 Chapter 4 Cisco Perimeter Router Problems and Solutions

Review Questions

1.Which routing protocols can use MD5 authentication? (Choose all that apply.)

A.EIGRP

B.BGP

C.OSPF

D.IGRP

E.RIPv1

2.Which IOS feature should be used when hiding multiple hosts behind a single IP address?

A.IPX

B.PAT

C.BGP

D.IPSec

E.DHCP

3.Which IOS feature best prevents rerouting attacks?

A.IPSec

B.TCP Intercept

C.MD5 authentication

D.ACLs

4.Which IOS feature best prevents the lack of legal IP address problem?

A.NAT

B.TCP Intercept

C.MD5 authentication

D.ACLs

5.Which IOS feature best prevents unauthorized access, data manipulation, and malicious destruction problems?

A.NAT

B.TCP Intercept

C.MD5 authentication

D.ACLs

Copyright ©2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501.

www.sybex.com

Review Questions

137

6.You have just configured TCP Intercept. Which type of problem are you trying to solve?

A.DoS attacks

B.Rerouting attacks

C.Lack of legal IP addresses

D.Eavesdropping

7.Which IOS feature best prevents eavesdropping?

A.NAT

B.TCP Intercept

C.MD5 authentication

D.ACLs

E.IPSec

8.You have just configured ACLs at the perimeter router of your network. Which problem are you trying to solve?

A.DoS

B.Rerouting

C.Lack of legal IP addresses

D.Unauthorized access, data manipulation, and malicious destruction problems

E.Eavesdropping

9.Which of the following can use a single IP address to address up to 64,000 internal hosts?

A.NAT

B.PAT

C.IPSec

D.TCP Intercept

10.Which TCP Intercept mode will proxy-answer incoming SYN requests and not notify the server until the originating host is verified?

A.Intercept mode

B.Secure mode

C.Monitor mode

D.None of the above

Copyright ©2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501.

www.sybex.com

138 Chapter 4 Cisco Perimeter Router Problems and Solutions

11.Which command would you configure on the perimeter router if you do not want it to announce to external hosts which subnets are not configured?

A.no source-route

B.no ip unreachables

C.no ip route-cache

D.no service udp-small-servers

12.You want to disable Finger replies on a perimeter router. Which command do you want to use?

A.no finger

B.no finger reply

C.no service finger

D.disable finger

13.Which commands would you use on your router to prevent a chargen attack? (Choose all that apply.)

A.no ip redirects

B.no tcp-small-servers

C.no ip-source route

D.no chargen enable

E.no udp-small-servers

F.no service finger

14.___________ can be used to encrypt data between two networks, which prevents eavesdropping.

A.CBAC

B.Lock and Key

C.IPSec

D.TCP Intercept

15.In a rerouting attack, the ___________ table is modified or prevented from being updated.

A.ARP

B.Address

C.Routing

D.Bridging

Copyright ©2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501.

www.sybex.com

Review Questions

139

16.Which command disables Cisco Discovery Protocol on a perimeter router?

A.no cdp enable

B.no cdp forwards

C.no cdp redirects

D.no cdp run

17.What command is used to enable an HTTP server on a router for AAA?

A.http server

B.http-server

C.ip http server

D.ip http-server

18.Which command disables Cisco Discovery Protocol on a perimeter router interface?

A.no cdp enable

B.no cdp forwards

C.no cdp redirects

D.no cdp run

19.What command will disable proxy ARP on a perimeter router?

A.disable proxy-arp

B.disable ip proxy-arp

C.no proxy-arp

D.no ip proxy-arp

E.no ip proxy arp

20.What command is used to disable the sending of redirect messages?

A.no redirects

B.no ip redirects

C.no interface redirects

D.disable ip redirects

Copyright ©2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501.

www.sybex.com