Guide to Network Defense and Countermeasures 3rd Edition Randy Weaver Dawn Weaver Dean Farwood- Test Bank

Description

Guide to Network Defense and Countermeasures 3rd Edition Randy Weaver Dawn Weaver Dean Farwood- Test Bank

 Sample Questions

Instant Download With Answers

Chapter 2 – TCP/IP

 

TRUE/FALSE

 

1. The Transport layer of the OSI model includes the RIP protocol.

 

ANS:  F                    PTS:   1                    REF:   36

 

2. The IP address 172.20.1.5 is a private IP address.

 

ANS:  T                    PTS:   1                    REF:   39

 

3. Fragmentation of IP packets is normal and doesn’t present any networking problems.

 

ANS:  F                    PTS:   1                    REF:   50

 

4. The TCP protocol uses a three-way handshake to create a connection.

 

ANS:  T                    PTS:   1                    REF:   51

 

5. IPv4 and IPv6 headers are interoperable.

 

ANS:  F                    PTS:   1                    REF:   58

 

MULTIPLE CHOICE

 

1. In which OSI model layer will you find the OSPF protocol?

a.	Application	c.	Transport
b.	Session	d.	Network

 

 

ANS:  D                    PTS:   1                    REF:   36

 

2. Which protocol is responsible for automatic assignment of IP addresses?

a.	DNS	c.	FTP
b.	DHCP	d.	SNMP

 

 

ANS:  B                    PTS:   1                    REF:   37

 

3. How are the two parts of an IP address determined?

a.	network identifier	c.	host identifier
b.	subnet mask	d.	routing table

 

 

ANS:  B                    PTS:   1                    REF:   37

 

4. Which of the following addresses is a Class B IP address?

a.	126.14.1.7	c.	189.77.101.6
b.	224.14.9.11	d.	211.55.119.7

 

 

ANS:  C                    PTS:   1                    REF:   38

 

5. Which of the following is NOT a reason for subnetting a network?

a.	controlling network traffic	c.	planning for growth
b.	increasing network security	d.	making larger groups of computers

 

 

ANS:  D                    PTS:   1                    REF:   39

 

6. If you are subnetting a class B network, what subnet mask will yield 64 subnets?

a.	255.255.252.0	c.	255.255.224.0
b.	255.255.64.0	d.	255.255.192.0

 

 

ANS:  A                    PTS:   1                    REF:   40

 

7. Which of the following is the broadcast address for subnet 192.168.10.32 with subnet mask 255.255.255.240

a.	192.168.10.63	c.	192.168.10.23
b.	192.168.10.47	d.	192.168.10.95

 

 

ANS:  B                    PTS:   1                    REF:   42

 

8. Which of the following is considered a flooded broadcast IP address?

a.	200.15.6.255	c.	255.255.255.255
b.	10.255.255.255	d.	FFFF.FFFF.FFFF

 

 

ANS:  C                    PTS:   1                    REF:   43

 

9. Which field in the IP header is an 8-bit value that identifies the maximum amount of time the packet can remain in the network before it is dropped?

a.	TTL	c.	ECN
b.	Fragment Offset	d.	Options

 

 

ANS:  A                    PTS:   1                    REF:   45

 

10. What is the TCP portion of a packet called?

a.	frame	c.	segment
b.	data	d.	header

 

 

ANS:  C                    PTS:   1                    REF:   47

 

11. Which of the following is a reason that UDP is faster than TCP?

a.	it doesn’t use port numbers	c.	the header is smaller
b.	it has a higher priority on the network	d.	it doesn’t guarantee delivery

 

 

ANS:  D                    PTS:   1                    REF:   48

 

12. Which of the following is the first packet sent in the TCP three-way handshake?

a.	RST	c.	ACK
b.	SYN	d.	PSH

 

 

ANS:  B                    PTS:   1                    REF:   51

 

13. What does a sliding window do in a TCP packet?

a.	ensures all packets are delivered	c.	provides flow control
b.	provides packet security	d.	ensures transmission reliability

 

 

ANS:  C                    PTS:   1                    REF:   52

 

14. What should you do when configuring DNS servers that are connected to the Internet in order to improve security?

a.	disable zone transfers	c.	disable DNS buffers
b.	delete the DNS cache	d.	setup DNS proxy

 

 

ANS:  A                    PTS:   1                    REF:   54

 

15. How large is the IPv6 address space?

a.	32 bits	c.	64 bits
b.	128 bits	d.	168 bits

 

 

ANS:  B                    PTS:   1                    REF:   54

 

16. Which of the following is NOT an advantage of IPv6 versus IPv4?

a.	larger address space	c.	supports static configuration
b.	built-in security	d.	NAT is unnecessary

 

 

ANS:  C                    PTS:   1                    REF:   55

 

17. Which IPv6 header field is known as the priority field?

a.	Version	c.	Hop Limit
b.	Flow Label	d.	Traffic Class

 

 

ANS:  D                    PTS:   1                    REF:   56

 

18. What feature in ICMPv6 replaces ARP in IPv4?

a.	Multicast Listener Discovery	c.	Echo Request
b.	Neighbor Discovery	d.	Authentication Header

 

 

ANS:  B                    PTS:   1                    REF:   59

 

19. Which of the following is a valid IPv6 address?

a.	5BA4:2391:0:0:4C3E	c.	24::5B1A::346C
b.	1080::8:800:200C:417A	d.	5510:ABCD::34:1::2

 

 

ANS:  B                    PTS:   1                    REF:   62

 

20. Which of the following is the IPv6 loopback address?

a.	000:000::	c.	::1
b.	1000:127:0:0:1	d.	::FFFF

 

 

ANS:  C                    PTS:   1                    REF:   62

 

COMPLETION

 

1. DNS operates at the _________________ layer of the OSI model.

 

ANS:  Application

 

PTS:   1                    REF:   36

 

2. The ______________________ is the part of the IP address that is the same among computers in a network segment.

 

ANS:

network identifier

network ID

 

PTS:   1                    REF:   37

 

3. The _____________ field in an IP header is a 3-bit value indicating whether a datagram is a fragment.

 

ANS:  flags

 

PTS:   1                    REF:   45

 

4. ________________ IPv6 addresses are used for one-to-one or one-to-many communication.

 

ANS:  Anycast

 

PTS:   1                    REF:   63

 

5. The ____________ command shows current sessions with associated port numbers.

 

ANS:

netstat

netstat -n

 

PTS:   1                    REF:   65

 

MATCHING

 

 

a.	broadcast	f.	unicast
b.	datagram	g.	stateless autoconfiguration
c.	fragmentation	h.	network identifier
d.	multicast	i.	Multicast Listener Discovery
e.	scopes	j.	Network Address Translation

 

 

1. a discrete chunk of information; each datagram contains source and destination

addresses, control settings, and data

 

2. unicast addresses used in IPv6 to identify the application suitable for the address

 

3. the part of an IP address that a computer has in common with other computers in its subnet

 

4. a process by which internal hosts are assigned private IP addresses and communicate with the Internet using a public address

 

5. a transmission used for one-to-many communication, in which a single host can

send packets to a group of recipients

 

6. a transmission in which one packet is sent from a server to each client that

requests a file or application

 

7. enables IPv6 routers to discover multicast listeners on a directly connected link and to decide which multicast addresses are of interest to those nodes

 

8. a communication sent to all hosts on a specific network

 

9. a feature of IPv6 in which a computer can connect to a network by determining its own IP address based on the addressing of neighboring nodes

 

10. the division of packets into smaller sizes to accommodate routers with frame size limitations

 

1. ANS:  B                    PTS:   1                    REF:   43

 

2. ANS:  E                    PTS:   1                    REF:   62

 

3. ANS:  H                    PTS:   1                    REF:   37

 

4. ANS:  J                     PTS:   1                    REF:   38

 

5. ANS:  D                    PTS:   1                    REF:   43

 

6. ANS:  F                    PTS:   1                    REF:   43

 

7. ANS:  I                     PTS:   1                    REF:   59

 

8. ANS:  A                    PTS:   1                    REF:   43

 

9. ANS:  G                    PTS:   1                    REF:   55

 

10. ANS:  C                    PTS:   1                    REF:   49

 

SHORT ANSWER

 

1. List the seven layers of the OSI model.

 

ANS:

Application

Presentation

Session

Transport

Network

Data Link

Physical

 

PTS:   1                    REF:   36

 

2. Briefly describe Network Address Translation and how it makes a network more secure.

 

ANS:

IP addresses are valuable commodities. If attackers can find a computer’s IP address, they can run a port scan to look for open ports they can exploit. By hiding IP addresses, you can

prevent certain attacks. To hide the addresses of computers on your network, you can use

Network Address Translation (NAT) to translate your private network’s internal addresses

into the address of the NAT server’s external interface connected to the Internet. A private

network’s internal addresses are not routable on the Internet.

 

PTS:   1                    REF:   38

 

3. List the three classes of IP address that can be assigned to network devices and their corresponding first octet range of values.

 

ANS:

Class A: 1-126

Class B: 128-191

Class C: 192-223

 

PTS:   1                    REF:   38

 

4. What are the three private IP address ranges and their associated subnet masks?

 

ANS:

10.0.0.0 255.0.0.0

172.16.0.0 255.240.0.0

192.168.0.0 255.255.0.0

 

PTS:   1                    REF:   39

 

5. List three reasons an administrator would want to use subnetting.

 

ANS:

Mirroring the organization’s physical layout

Mirroring the organization’s administrative structure

Planning for future growth

Reducing and controlling network traffic

Increasing network security

Logically segment a network

 

PTS:   1                    REF:   39

 

6. Discuss variable length subnet masking.

 

ANS:

Networks that do not have a large number of available IP addresses can use variable length subnet masking (VLSM), which involves applying masks of varying sizes to the same network. If an organization has a limited number of IP addresses and subnets of varying lengths, VLSM can help it use address space more efficiently. VLSM is a means of allocating IP addressing according to the network’s needs. This allocation method creates subnets within subnets and multiple divisions of an IP network.

 

PTS:   1                    REF:   42

 

7. What is CIDR?  Give an example.

 

ANS:

CIDR is Classless Interdomain Routing which is an address notation scheme that specifies the

number of masked bits in an IP address/subnet mask combination. Instead of using standard notation for subnet masks, with CIDR you can simply list the number of masked binary bits. The subnet mask 255.255.255.224, for example, has a total of 27 masked bits (eight in each of the first three octets and three in the last octet). In CIDR notation, you would write the network address 192.168.6.0 with a subnet mask of 255.255.255.224 as 192.168.6.0/27.

 

PTS:   1                    REF:   42

 

8. Describe the TTL field in an IP packet header.

 

ANS:

Time to Live (TTL)—This 8-bit value identifies the maximum amount of time the packet can remain in a network before it is dropped. Each router or device through which the packet passes (hops) reduces the TTL by a value of one. The TTL avoids congestion that results from corrupted packets infinitely looping through the network.

 

PTS:   1                    REF:   45

 

9. Describe the three-way handshake.

 

ANS:

To establish connection-oriented communication, each computer needs a way to know that the other computer received the packets sent. Sequence and acknowledgement numbers perform

this function, as demonstrated in the way that two hosts first establish the TCP connection: the TCP three-way handshake.

 

Host A includes a randomly generated initial sequence number in its first packet to Host B. This packet is called a SYN packet because the TCP SYN flag is set. The acknowledgement number is zero because the SYN packet is the first in the session and there is no previous packet for Host A to acknowledge.

 

Host B receives the SYN packet and responds with a SYN ACK packet. This packet includes a randomly generated initial sequence number for Host B. As a way of proving that Host B received the SYN packet from Host A, the acknowledgement number is set to the number that Host B expects to receive in the second packet from Host A. The first packet’s sequence number is incremented by one and placed as the acknowledgement number.

 

The final packet in the three-way handshake is the ACK packet that Host A sends in response to the SYN ACK from Host B. Now Host A increments its initial sequence number by one and sets the acknowledgement number to be one more than the initial sequence number that Host B sent in the SYN ACK

 

PTS:   1                    REF:   51-52

 

10. Discuss two drawbacks of IPv4 and how IPv6 addresses those drawbacks.

 

ANS:

IPv4 has serious drawbacks. IP addresses are now in short supply, so Internet Protocol version 6 (IPv6), which has a larger address space of 128 bits, is being deployed to allow an  almost endless supply of IP addresses. Because an IPv4 address is 32 bits long, IPv4 permits a total of 232 addresses, which is more than 4 billion. With 128 bits, IPv6 offers 2128 addresses, which is 340 undecillion. An undecillion is a 1 followed by 39 zeros.

 

IPv4 also presents problems with the routing system. Routers on the Internet backbone have

routing tables with about 90,000 entries. Routers get the job done, but because most computers are not connected directly to the Internet backbone, a packet must traverse several extra hops along the route to its destination. In IPv6, backbone routing tables need only the entries of other routers that are connected directly to them. The information in an IPv6 header

contains the rest of the information needed to get a packet to its destination, so the process is

streamlined.

 

Security is another concern with IPv4. Although it does support IPsec (an industry standard

set of encryption and authentication protocols), IPv4 has no native encryption methods. Plenty

of encryption methods are available, but the lack of standardization can create compatibility

problems, and encryption can increase overhead on the network. IPv6, on the other hand,

has integrated support for IPsec.

 

Another advantage of IPv6 is that Network Address Translation (NAT) is not needed because of the vast number of IP addresses provided. While NAT has worked well enough to deal with the decreasing number of IP addresses in IPv4, NAT has security problems. In short, because NAT devices need to read encapsulated IP headers, it is difficult to maintain data confidentiality for end-to-end transmissions; typically, the packets are unencrypted by the NAT firewall and sent through the internal network unencrypted. IPv6 obviates this problem.

 

Another major advantage of IPv6 is its autoconfiguration capabilities. Instead of relying

solely on Dynamic Host Configuration Protocol (DHCP) or manual configuration, IPv6

can determine its own settings based on two different models

 

Chapter 4 – Routing Fundamentals

 

TRUE/FALSE

 

1. To determine best path, routers use metrics such as the value of the first octet of the destination IP address.

 

ANS:  F                    PTS:   1                    REF:   120

 

2. A rollover cable is wired similarly to an Ethernet cable except that pins 7 and 8 are crossed.

 

ANS:  F                    PTS:   1                    REF:   122

 

3. Current Microsoft OSs include IPv6, but to use it, you must enable it first.

 

ANS:  F                    PTS:   1                    REF:   127

 

4. Cisco routers support both numbered and named ACLs, starting with IOS version 11.2.

 

ANS:  T                    PTS:   1                    REF:   132

 

5. Some methods of attacking a Cisco router do not require knowledge of the IOS version, so software patching is recommended.

 

ANS:  T                    PTS:   1                    REF:   144

 

MULTIPLE CHOICE

 

1. Which of the following types of traffic does NOT travel through routers?

a.	DNS zone transfers	c.	SNMP status information
b.	ARP requests	d.	network route information

 

 

ANS:  B                    PTS:   1                    REF:   120

 

2. Which of the following is a metric routers can use to determine best path?

a.	datagram size	c.	link state
b.	packet TTL	d.	network protocol

 

 

ANS:  C                    PTS:   1                    REF:   120

 

3. What is contained in ARP tables?

a.	IP address, MAC address	c.	NetBIOS name, IP address
b.	DNS name, IP address	d.	MAC address, TCP port

 

 

ANS:  A                    PTS:   1                    REF:   121

 

4. To what type of port on a Cisco router do you connect a rollover cable?

a.	auxiliary	c.	Frame Relay
b.	console	d.	Ethernet

 

 

ANS:  B                    PTS:   1                    REF:   122

 

5. Which of the following is NOT a type of entry found in a routing table?

a.	default routes	c.	dynamic routes
b.	static routes	d.	backup routes

 

 

ANS:  D                    PTS:   1                    REF:   122

 

6. Which of the following is true about static routes?

a.	the metric is higher than a dynamic route	c.	they are used for stub networks
b.	they are created by routing protocols	d.	they change automatically as the network changes

 

 

ANS:  C                    PTS:   1                    REF:   122

 

7. What uses mathematical calculations to compare routes based on some measurement of distance?

a.	route summarization	c.	routing metrics
b.	link-state routing protocols	d.	distance-vector routing protocols

 

 

ANS:  D                    PTS:   1                    REF:   124

 

8. Which of the following makes routing tables more efficient?

a.	route summarization	c.	CIDR
b.	VLSM	d.	host routing

 

 

ANS:  A                    PTS:   1                    REF:   126

 

9. What feature does RIPng support that is not supported by RIP?

a.	gigabit Ethernet	c.	IPv6
b.	supernetting	d.	32-bit addresses

 

 

ANS:  C                    PTS:   1                    REF:   127

 

10. Which feature of a router provides traffic flow and enhances network security?

a.	VLSMs	c.	TCP
b.	ACLs	d.	CIDR

 

 

ANS:  B                    PTS:   1                    REF:   129

 

11. Which of the following is true about ACLs on Cisco routers?

a.	there is an implicit deny any statement at the end of the ACL	c.	ACLs are processed in reverse order so place high priority statements last
b.	there is an explicit permit any statement at the beginning of the ACL	d.	ACLs bound to an interface apply to inbound and outbound traffic by default

 

 

ANS:  A                    PTS:   1                    REF:   129

 

12. Which of the following is true about standard IP ACLs?

a.	they can filter on source and destination IP address	c.	a 0.0.0.0 inverse mask means all bits are significant
b.	they automatically apply to all active interfaces	d.	they can filter on IP address and port

 

 

ANS:  C                    PTS:   1                    REF:   130

 

13. Which of the following is true about extended IP ACLs?

a.	the ‘established’ keyword is not available except on standard ACLs	c.	the default inverse mask for the source is 0.0.0.0
b.	you can apply multiple outbound ACLs on a single interface	d.	they should be applied to an interface close to the traffic source

 

 

ANS:  D                    PTS:   1                    REF:   132

 

14. What should you set up if you want to store router system log files on a server?

a.	AAA server	c.	TTY connection
b.	syslog server	d.	buffered logging

 

 

ANS:  B                    PTS:   1                    REF:   134

 

15. Which of the following is a command you would find in an antispoofing ACL for network 172.31.0.0/16?

a.	permit  ip any 172.31.0.0 0.0.255.255  log	c.	deny ip 172.31.0.0 0.0.255.255 any log
b.	deny TCP 172.31.0.0 0.0.0.0 any log	d.	permit icmp any any redirect

 

 

ANS:  C                    PTS:   1                    REF:   135

 

16. Which of the following is an open standard used for authentication on Cisco routers?

a.	RADIUS	c.	CHAP
b.	ATM	d.	ACE

 

 

ANS:  A                    PTS:   1                    REF:   136-137

 

17. Which of the following types of password prevents a user from accessing privileged exec mode on a Cisco router?

a.	console	c.	enable
b.	AUX	d.	TTY

 

 

ANS:  C                    PTS:   1                    REF:   137

 

18. What remote shell program should you use if security is a consideration?

a.	rlogin	c.	rcp
b.	ssh	d.	rsh

 

 

ANS:  B                    PTS:   1                    REF:   140

 

19. What Cisco router command encrypts all passwords on the router?

a.	enable secret password	c.	crypto key passwords
b.	secure passwords enable	d.	service password-encryption

 

 

ANS:  D                    PTS:   1                    REF:   138

 

20. Which protocol that runs on Cisco routers shares information between Cisco devices?

a.	CDP	c.	bootp
b.	TCP	d.	SSH

 

 

ANS:  A                    PTS:   1                    REF:   143

 

COMPLETION

 

1. During the routing process, the router strips off ______________________ layer header information and then examines the Network layer address.

 

ANS:  Data Link

 

PTS:   1                    REF:   120

 

2. An ARP broadcast is sent to the local subnet in an attempt to discover the destination computer’s ______________ address.

 

ANS:

MAC

Media Access Control

 

PTS:   1                    REF:   121

 

3. ____________ routes are manually configured routes that direct all packets not specifically configured in the routing table.

 

ANS:  Default

 

PTS:   1                    REF:   122

 

4. Rather than using classful routing, ________________ subnet masks allow you to divide your network into different sizes to make better use of available addresses.

 

ANS:  variable length

 

PTS:   1                    REF:   126

 

5. The enable ___________ password uses type 5 encryption and overrides the enable password.

 

ANS:  secret

 

PTS:   1                    REF:   137

 

MATCHING

 

 

a.	ACE	f.	inverse mask
b.	ARP table	g.	metrics
c.	banner	h.	routing
d.	console port	i.	stub router
e.	convergence	j.	virtual terminal

 

 

1. the port on a Cisco device that permits direct physical access from a nearby computer using the serial RS-232 protocol

 

2. cost values that help routers assess the desirability of a link

 

3. virtual session access points for simultaneous access to a Cisco device

 

4. a state in which all routers on a network have up-to-date routing tables

 

5. a router that connects a stub network to the larger network

 

6. a network system tool that lists the MAC and IP address resolutions of other

devices on the network, making the resolution process more efficient

 

7. the number in an access control list that specifies which part of an IP address is considered significant

 

8. an individual rule in an ACL

 

9. the process of transporting packets of information across a network from the

source node to the destination node

 

10. a message, usually a warning about appropriate use, presented to users of a digital system before authentication

 

1. ANS:  D                    PTS:   1                    REF:   145,122

 

2. ANS:  G                    PTS:   1                    REF:   146,124

 

3. ANS:  J                     PTS:   1                    REF:   146,133

 

4. ANS:  E                    PTS:   1                    REF:   145,124

 

5. ANS:  I                     PTS:   1                    REF:   146,122

 

6. ANS:  B                    PTS:   1                    REF:   145,121

 

7. ANS:  F                    PTS:   1                    REF:   146,130

 

8. ANS:  A                    PTS:   1                    REF:   145,136

 

9. ANS:  H                    PTS:   1                    REF:   146,120

 

10. ANS:  C                    PTS:   1                    REF:   145,139

 

SHORT ANSWER

 

1. Describe how a computer uses its ARP table and the ARP protocol when preparing to transmit a packet to the local network.

 

ANS:

When a computer prepares to transmit a packet to a destination on the local network, it checks its ARP table for an IP-to-MAC address resolution for the destination node. If the computer finds the address resolution, the source computer uses the information to create the Data Link header with the source and destination MAC addresses. The packet is then sent directly to the destination node on the local network.

 

If the source computer does not find an entry for the destination computer’s IP address in its ARP table, it sends an ARP broadcast to the local subnet in an attempt to discover the destination computer’s MAC address. Because the destination address in this discovery packet is a broadcast (FF-FF-FF-FF-FF-FF), every host on the local subnet must process the packet to determine if it is “of interest.” When the packet reaches the Network layer, where ARP is processed, the host can determine if its own IP address is being specified in the ARP broadcast packet. Only the correct host responds; the others discard the packet. The host that discovers its IP address in the broadcast packet responds to the source computer’s ARP request by providing its MAC address.

 

PTS:   1                    REF:   121

 

2. What is a dynamic route?

 

ANS:

Dynamic routes are routes in a routing table that are populated automatically by routing protocols and routing algorithms that the router uses to calculate the best path.

 

PTS:   1                    REF:   122

 

3. What is a stub router and where would you find one?

 

ANS:

A router with only one route is called a stub router. A stub router is usually found at the end of the network line and is connected to only one other router. Stub networks are generally found at the network’s edge and are considered dead-end segments.

 

PTS:   1                    REF:   123

 

4. What is a distance-vector routing protocol?  Give one example.

 

ANS:

A distance-vector routing protocol uses mathematical calculations to compare routes based on some measurement of distance, such as hops. This protocol requires routers to send full or partial routing table updates periodically to neighboring routers.  RIP is an example.

 

PTS:   1                    REF:   124

 

5. Define metric and give three examples of common metrics that routers use.

 

ANS:

Metrics are cost values that help routers assess the desirability of a link. Common metrics include hop count, load, bandwidth, delay, and reliability of links.

 

PTS:   1                    REF:   124

 

6. Define route summarization.

 

ANS:

Route summarization (also called supernetting) allows service providers to assign addresses in a classless fashion and make more efficient use of available Internet addresses.

 

PTS:   1                    REF:   125

 

7. Describe ACLs.

 

ANS:

Router access control lists (ACLs) are permit or deny statements that filter traffic based on the source and destination address, source or destination port number, and protocol in the packet header. ACLs provide traffic-flow control and enhance network security. They can also be used to fine-tune performance and control client access to sensitive network segments.

 

PTS:   1                    REF:   129

 

8. Where in an internetwork should extended ACLs be applied?

 

ANS:

Extended IP ACLs should be applied to an interface as close to the traffic source as possible.

 

PTS:   1                    REF:   132

 

9. Describe antispoofing logging and how you can prevent it with ACLs.

 

ANS:

Antispoofing is a way to prevent spoofing and ensure that no packets arrive at your security perimeter with a source address of your internal network or certain well-known or reserved addresses. Antispoofing is accomplished by using ACLs.

Your ACL should instruct the router to deny any inbound packet with a source address that matches your internal network, broadcast, and loopback addresses; illegal addresses, such as all 0s or all 1s; and multicast or experimental address classes. At the end of each rule in the ACL, specify that packets matching these conditions will be logged

 

PTS:   1                    REF:   135

 

10. List the five types of Cisco router passwords.

 

ANS:

Enable

Enable secret

AUX

VTY

Console

 

PTS:   1                    REF:   137