1. The following commands were entered on a router:
Router(config)# access-list 2 deny 172.16.5.24
Router(config)# access-list 2 permit any
The ACL is correctly applied to an interface. What can be
concluded about this set of commands?
The wildcard mask 0.0.0.0 is assumed.
2. Interface s0/0/0 already has an IP ACL applied inbound.
What happens when the network administrator attempts to apply a second inbound
IP ACL?
The second ACL is applied to the interface, replacing the
first.
3. Which two statements are correct about extended ACLs?
(Choose two)
Extended ACLs evaluate the source and destination addresses.
Port numbers can be used to add greater definition to an
ACL.
4. Which benefit does an extended ACL offer over a standard
ACL?
In addition to the source address, an extended ACL can also
filter on destination address, destination port, and source port.
5. Refer to the exhibit. How will Router1 treat traffic
matching the time-range requirement of EVERYOTHERDAY?
Telnet traffic entering fa0/0 from 10.1.1.254/24 destined to
the 172.16.1.0/24 network is permitted.
6. Which three statements describe ACL processing of
packets? (Choose three.)
An implicit deny any rejects any packet that does not match
any ACL statement.
A packet can either be rejected or forwarded as directed by
the statement that is matched.
Each statement is checked only until a match is detected or
until the end of the ACL statement list.
7. Refer to the exhibit. The administrator wishes to block
web traffic from 192.168.1.50 from reaching the default port of the web service
on 192.168.3.30. To do this, the access control list name is applied inbound on
the router R1 LAN interface. After testing the list, the administrator has
noted that the web traffic remains successful. Why is web traffic reaching the
destination?
The range of source addresses specified in line 10 does not
include host 192.168.1.50.
8. Which feature will require the use of a named ACL rather
than a numbered ACL?
the ability to edit the ACL and add additional statements in
the middle of the list without removing and re-creating the list
9. Which two statements are true regarding the significance
of the access control list wildcard mask 0.0.0.7? (Choose two.)
The last 3 bits of a given IP address will be ignored.
The first 29 bits of a given IP address will be checked.
10. Where should a standard access control list be placed?
close to the destination
11. How do Cisco standard ACLs filter traffic?
by source IP address
12. Which two statements are true regarding named ACLs?
(Choose two.)
Names can be used to help identify the function of the ACL.
Certain complex ACLs, such as reflexive ACLs, must be
defined with named ACLs.
13. Refer to the exhibit. What will be the effect of the
configuration that is shown?
Users attempting to access hosts in the 192.168.30.0/24
network will be required to telnet to R3.
14. Refer to the exhibit. An administrator has configured
two access lists on R1. The list inbound on the serial interface is named
Serial and the list inbound on the LAN interface is named LAN. What affect will
be produced by the access control lists?
PC1 will not be able to telnet to R3 and PC3 will not be
able to communicate with PC1.
15. Which two statements are true regarding the following
extended ACL? (Choose two.)
access-list 101 deny tcp 172.16.3.0 0.0.0.255 any eq 20
access-list 101 deny tcp 172.16.3.0 0.0.0.255 any eq 21
access-list 101 permit ip any any
FTP traffic originating from network 172.16.3.0/24 is
denied.
Web traffic originating from 172.16.3.0 is permitted.
16. Which statement about standard ACLs is true?
They should be placed as close to the destination as
possible.
17. Refer to the exhibit. Which statement is true about ACL
110 if ACL 110 is applied in the inbound direction on S0/0/0 of R1?
It will permit any TCP traffic that originated from network
172.22.10.0/24 to return inbound on the S0/0/0 interface.
18. Which three parameters can ACLs use to filter traffic?
(Choose three.)
protocol suite
source address
destination address
19. Refer to the exhibit. How does this access list process
a packet with the source address 10.1.1.1 and a destination of 192.168.10.13?
It is dropped because it does not match any of the items in
the ACL.
20. By default, how is IP traffic filtered in a Cisco
router?
Permitted in and out of all interfaces
21. Refer to the exhibit. When creating an extended ACL to
deny traffic from the 192.168.30.0 network destined for the Web server
209.165.201.30, where is the best location for applying the ACL?
R3 Fa0/0 inbound
22. Refer to the exhibit. ACL 120 is configured inbound on
the serial0/0/0 interface on router R1, but the hosts on network 172.11.10.0/24
are able to telnet to network 10.10.0.0/16. On the basis of the provided
configuration, what should be done to remedy the problem?
Apply the ACL outbound on the serial0/0/0 interface on
router R1.
23. A network administrator needs to allow traffic through
the firewall router for sessions that originate from within the company
network, but the administrator must block traffic for sessions that originate
outside the network of the company. What type of ACL is most appropriate?
Reflexive
24. A technician is creating an ACL and needs a way to
indicate only the subnet 172.16.16.0/21. Which combination of network address
and wildcard mask will accomplish the desired task?
172.16.16.0 0.0.7.255
25. Which three items must be configured before a dynamic
ACL can become active on a router? (Choose three.)
Extended ACL
Authentication
Telnet connectivity
CCNA 4 Chapter 5 Answers |
No comments:
Post a Comment