Standard IP access lists filter network traffic

Standard IP access lists filter network traffic

Access lists combined with dedicated ____ at the edge of your network provide the greatest security.

 

·         firewalls

 

Standard IP access lists filter network traffic based on ________ only.

 

·         source IP address

 

You want to create an access list that denies all outbound traffic to port 80 from the 10.10.0.0 network. Which access list entry meets your requirements?

 

·         access-list 101 deny tcp 10.10.0.0 0.0.255.255 any eq 80

 

Regarding access lists, which of the following statements is correct?

 

·         Only one access list per protocol, per direction, per interface

 

What extended IP access list syntax item is applied to determine which bits of the destination address are significant?

 

·         destination wildcard mask

 

You are using the access-class command to secure a vty line. In which configuration mode is the access-class command used?

 

·         Line Configuration mode

 

What are the number ranges for extended IP access lists?

 

·         100-199

 

In _______ configuration mode you add each line of the access list sequentially.

 

·         global

 

If you wish to remove an access list, you use the __________ command.

 

·         no access-list [list #]

 

Which command links an access list to the VTY lines?

 

·         access-class

 

You want to create an access list to filter all traffic from the 172.16.16.0 255.255.240.0 network. What wildcard mask is appropriate?

 

·         0.0.15.255

 

What are the number ranges for standard IP access lists?

 

·         1-99

 

Which command links an access list to the VTY lines?

 

·         access-class

 

Which command will configure a standard access list to only permit traffic from the network of 194.1.1.0?

 

·         Router(config)#access-list 99 permit 194.1.1.0 0.0.0.255

 

Which of the following access-list commands will allow packets from the 192.16.10.0 network?

 

·         Access-list 1 permit 192.16.10.0 0.0.0.255

 

You need to temporarily remove access-list 101 from one of your interfaces, which command is appropriate?

 

·         no ip access-group 101

 

Which of the following access-list commands allows only http traffic?

 

·         Access-list 101 permit tcp any any eq 80

 

How many access lists per protocol can an interface have?

 

·         2

 

Which of the following is accurate regarding the ordering of access lists?

 

·         Access lists are processed from top of the access list to the end.

 

What mode must the router be in to apply an access list to a router?

 

·         Interface configuration mode

 

After you create access lists you must apply them to ____ so they can begin filtering traffic.

 

·         interfaces

 

Given the following:

·        

access-list 111 deny tcp 200.1.1.0 0.0.0.255 any eq 80
access-list 111 permit ip any any
interface ethernet 0
ip access-group 111 out

Which of the following statements is true?

·         Telnet traffic coming in interface e0 will not be blocked.
FTP traffic in either direction is allowed to pass through interface e0.
Outbound http traffic on interface e0 will be filtered against an extended access-list.

 

What command is used to apply an inbound access list to an interface?

 

·         ip access-group 1 in

 

To view which interfaces have IP access lists set, use the show ________ command.

 

·         ip interface

 

You want to use access list 1 to filter traffic on your inbound vty lines. What command do you enter?

 

·         access-class 1 in

 

In an extended IP access list, what keyword is short for a wildcard mask of 0.0.0.0?

 

·         host

 

Which command syntax is used to apply an IP access list to an interface?

 

·         ip access-group 1 in

 

Which configuration mode must you be in to remove a standard IP access list from an interface?

 

·         Interface

 

A. Filter unwanted traffic before it travels onto a low-bandwidth link.
B. Place standard ACLs close to the destination IP address of the traffic.
C. Place extended ACLs close to the source IP address of the traffic.

Which three statements are generally considered to be best practices in the placement of ACLs? (Choose three.)

·        
A. Filter unwanted traffic before it travels onto a low-bandwidth link.
B. Place standard ACLs close to the destination IP address of the traffic.
C. Place extended ACLs close to the source IP address of the traffic.
D. For every inbound ACL placed on an interface, there should be a matching outbound ACL.
E. Place extended ACLs close to the destination IP address of the traffic.
F. Place standard ACLs close to the source IP address of the traffic.

 

E. 8

 

·         If a router has two interfaces and is routing both IPv4 and IPv6 traffic, how many ACLs could be created and applied to it?
A. 4
B. 16
C. 6
D. 12
E. 8