Controlling virtual terminal access to routers
B. 172.16.2.0 to
172.16.3.255
·
Which IPv4 address
range covers all IP addresses that match the ACL filter specified by 172.16.2.0
with wildcard mask 0.0.1.255?
A. 172.16.2.1 to 172.16.255.255
B. 172.16.2.0 to 172.16.3.255
C. 172.16.2.1 to 172.16.3.254
D. 172.16.2.0 to 172.16.2.255
D. R1(config)#
interface gi0/0
R1(config-if)# no ip access-group 105 out
R1(config)# no access-list 105
R1(config)# access-list 105 permit udp host 10.0.70.23 host 10.0.54.5 range
1024 5000
R1(config)# access-list 105 permit tcp any host 10.0.54.5 eq 20
R1(config)# access-list 105 permit tcp any host 10.0.54.5 eq 21
R1(config)# access-list 105 deny ip any any
R1(config)# interface gi0/0
R1(config-if)# ip access-group 105 out
Consider the following
access list that allows IP
·
phone configuration
file transfers from a particular host to a TFTP server:
R1(config)# access-list 105 permit udp host 10.0.70.23 host 10.0.54.5 range
1024 5000
R1(config)# access-list 105 deny ip any any
R1(config)# interface gi0/0
R1(config-if)# ip access-group 105 out
Which method would allow the network administrator to modify the ACL and
include FTP transfers from any source IP address?
A. R1(config)# access-list 105 permit tcp any host 10.0.54.5 eq 20
R1(config)# access-list 105 permit tcp any host 10.0.54.5 eq 21
B. R1(config)# access-list 105 permit udp host 10.0.70.23 host 10.0.54.5 range
1024 5000
R1(config)# access-list 105 permit tcp any host 10.0.54.5 eq 20
R1(config)# access-list 105 permit tcp any host 10.0.54.5 eq 21
R1(config)# access-list 105 deny ip any any
C. R1(config)# interface gi0/0
R1(config-if)# no ip access-group 105 out
R1(config)# access-list 105 permit tcp any host 10.0.54.5 eq 20
R1(config)# access-list 105 permit tcp any host 10.0.54.5 eq 21
R1(config)# interface gi0/0
R1(config-if)# ip access-group 105 out
D. R1(config)# interface gi0/0
R1(config-if)# no ip access-group 105 out
R1(config)# no access-list 105
R1(config)# access-list 105 permit udp host 10.0.70.23 host 10.0.54.5 range
1024 5000
R1(config)# access-list 105 permit tcp any host 10.0.54.5 eq 20
R1(config)# access-list 105 permit tcp any host 10.0.54.5 eq 21
R1(config)# access-list 105 deny ip any any
R1(config)# interface gi0/0
R1(config-if)# ip access-group 105 out
A. permit tcp any host 2001:DB8:10:10::100 eq 25.
·
Which IPv6 ACL command
entry will permit traffic from any host to an SMTP server on network
2001:DB8:10:10::/64?
A. permit tcp any host 2001:DB8:10:10::100 eq 25
B. permit tcp host 2001:DB8:10:10::100 any eq 23
C. permit tcp host 2001:DB8:10:10::100 any eq 25
D. permit tcp any host 2001:DB8:10:10::100 eq 23
B. named extended
·
What is the only type
of ACL available for IPv6?
A. named standard
B. named extended
C. numbered standard
D. numbered extended
C. Each statement is checked only until a match is detected or until
the end of the ACE list.
D. An implicit deny any rejects any packet that does not match any ACE.
E. A packet can either be rejected or forwarded as directed by the ACE that is
matched.
·
Which three statements
describe ACL processing of packets? (Choose three.)
A. A packet that has been denied by one ACE can be permitted by a subsequent
ACE.
B. A packet that does not match the conditions of any ACE will be forwarded by
default.
C. Each statement is checked only until a match is detected or until the end of
the ACE list.
D. An implicit deny any rejects any packet that does not match any ACE.
E. A packet can either be rejected or forwarded as directed by the ACE that is
matched.
F. Each packet is compared to the conditions of every ACE in the ACL before a
forwarding decision is made.
B. limiting debug outputs
D. controlling virtual terminal access to routers
·
What are two possible
uses of access control lists in an enterprise network? (Choose two.)
A. allowing Layer 2 traffic to be filtered by a router
B. limiting debug outputs
C. reducing the processing load on routers
D. controlling virtual terminal access to routers
E. controlling the physical status of router interfaces
D. an implicit permit of neighbor discovery packets
·
Which feature is
unique to IPv6 ACLs when compared to those of IPv4 ACLs?
A. the use of named ACL entries
B. an implicit deny any any ACE
C. the use of wildcard masks
D. an implicit permit of neighbor discovery packets
E. They filter traffic based on source IP
addresses only.
·
Which statement
describes a characteristic of standard IPv4 ACLs?
A. They are configured in the interface configuration mode.
B. They can be configured to filter traffic based on both source IP addresses
and source ports.
C. They can be created with a number but not with a name.
D. They filter traffic based on source IP addresses only.
D. ICMPv6 packets that
are destined to PC1
·
Refer to the exhibit.
The IPv6 access list LIMITED_ACCESS is applied on the S0/0/0 interface of R1 in
the inbound direction. Which IPv6 packets from the ISP will be dropped by the
ACL on R1?
A. HTTPS packets to PC1
B. neighbor advertisements that are received from the ISP router
C. packets that are destined to PC1 on port 80
D. ICMPv6 packets that are destined to PC1
A. The ACL is applied to the wrong interface.
·
Open the PT Activity.
Perform the tasks in the activity instructions and then answer the question.
Why is the ACL not working?
A. The ACL is applied to the wrong interface.
B. No ACL is needed for this scenario.
C. The ACL is missing a deny ip any any ACE.
D. The ACL is applied in the wrong direction.
E. The access-list 105 command or commands are incorrect.
D. Both can be created by using either a
descriptive name or number.
E. Both include an implicit deny as a final ACE.
·
Which two
characteristics are shared by both standard and extended ACLs? (Choose two.)
A. Both can permit or deny specific services by port number.
B. Both filter packets for a specific destination host IP address.
C. Both kinds of ACLs can filter based on protocol type.
D. Both can be created by using either a descriptive name or number.
E. Both include an implicit deny as a final ACE.
B. Router1(config)# access-list 10 permit host 192.168.15.23
D. Router1(config)# access-list 10 permit 192.168.15.23 0.0.0.0
·
A network
administrator needs to configure a standard ACL so that only the workstation of
the administrator with the IP address 192.168.15.23 can access the virtual
terminal of the main router. Which two configuration commands can achieve the
task? (Choose two.)
A. Router1(config)# access-list 10 permit 192.168.15.23 255.255.255.255
B. Router1(config)# access-list 10 permit 192.168.15.23 0.0.0.255
C. Router1(config)# access-list 10 permit host 192.168.15.23
D. Router1(config)# access-list 10 permit 192.168.15.23 0.0.0.0
E. Router1(config)# access-list 10 permit 192.168.15.23 255.255.255.0
C. R1(config)# interface gi0/0
R1(config-if)# ip access-group 105 out
E. access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20
access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21
access-list 105 permit tcp 10.0.0.0 0.255.255.255 host 10.0.54.5 eq www
access-list 105 deny ip any host 10.0.54.5
access-list 105 permit ip any any
·
Refer to the exhibit.
The network administrator that has the IP address of 10.0.70.23/25 needs to
have access to the corporate FTP server (10.0.54.5/28). The FTP server is also
a web server that is accessible to all internal employees on networks within
the 10.x.x.x address. No other traffic should be allowed to this server. Which
extended ACL would be used to filter this traffic, and how would this ACL be
applied? (Choose two.)
A. access-list 105 permit ip host 10.0.70.23 host 10.0.54.5
access-list 105 permit tcp any host 10.0.54.5 eq www
access-list 105 permit ip any any
B. R1(config)# interface gi0/0
R1(config-if)# ip access-group 105 out
C. access-list 105 permit tcp host 10.0.54.5 any eq www
access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20
access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21
D. R2(config)# interface gi0/0
R2(config-if)# ip access-group 105 in
E. access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20
access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21
access-list 105 permit tcp 10.0.0.0 0.255.255.255 host 10.0.54.5 eq www
access-list 105 deny ip any host 10.0.54.5
access-list 105 permit ip any any
F. R1(config)# interface s0/0/0
R1(config-if)# ip access-group 105 out
A. ACLs can control which areas a host can access on a network.
B. ACLs provide a basic level of security for network access.
·
What two functions
describe uses of an access control list? (Choose two.)
A. ACLs can control which areas a host can access on a network.
B. ACLs provide a basic level of security for network access.
C. ACLs can permit or deny traffic based upon the MAC address originating on
the router.
D. ACLs assist the router in determining the best path to a destination.
E. Standard ACLs can restrict access to specific applications and ports.
D. Inbound ACLs are processed before the packets are routed while
outbound ACLs are processed after the routing is completed.
·
Which statement
describes a difference between the operation of inbound and outbound ACLs?
A. In contrast to outbound ALCs, inbound ACLs can be used to filter packets
with multiple criteria.
B. On a network interface, more than one inbound ACL can be configured but only
one outbound ACL can be configured.
C. Inbound ACLs can be used in both routers and switches but outbound ACLs can
be used only on routers.
D. Inbound ACLs are processed before the packets are routed while outbound ACLs
are processed after the routing is completed.
B. deny ip any any
E. deny icmp any any
F. permit icmp any any nd-ns
·
Which three implicit
access control entries are automatically added to the end of an IPv6 ACL?
(Choose three.)
A. deny ipv6 any any
B. deny ip any any
C. permit ipv6 any any
D. permit icmp any any nd-na
E. deny icmp any any
F. permit icmp any any nd-ns
C. Manually add the new deny ACE with a sequence number of 5.
·
Refer to the exhibit.
A router has an existing ACL that permits all traffic from the 172.16.0.0
network. The administrator attempts to add a new ACE to the ACL that denies
packets from host 172.16.0.1 and receives the error message that is shown in
the exhibit. What action can the administrator take to block packets from host
172.16.0.1 while still permitting all other traffic from the 172.16.0.0
network?
A. Manually add the new deny ACE with a sequence number of 15.
B. Manually add the new deny ACE with a sequence number of 5.
C. Create a second access list denying the host and apply it to the same
interface.
D. Add a deny any any ACE to access-list 1.
D. R1(config-line)# access-class 1 in
·
An administrator has
configured an access list on R1 to allow SSH administrative access from host
172.16.1.100. Which command correctly applies the ACL?
A. R1(config-if)# ip access-group 1 out
B. R1(config-line)# access-class 1 out
C. R1(config-line)# access-class 1 in
D. R1(config-if)# ip access-group 1 in