Chapter 7

¡Supera tus tareas y exámenes ahora con Quizwiz!

access-list 1 permit 192.168.10.96 0.0.0.31

Refer to the exhibit. Which command would be used in a standard ACL to allow only devices on the network attached to R2 G0/0 interface to access the networks attached to R1?

Four packets have been allowed through the router from PCs in the network of 192.168.1.64.

Refer to the following output. What is the significance of the 4 match(es) statement? R1# <output omitted> 10 permit 192.168.1.56 0.0.0.7 20 permit 192.168.1.64 0.0.0.63 (4 match(es)) 30 deny any (8 match(es))

False

T/F: ACLs should filter unwanted traffic after it travels onto a low-bandwidth link.

address with subnet 255.255.255.248

192.168.3.64 0.0.0.7

source

Extended ACLs should be placed close to the ____________ IP address of the traffic.

access-list 10 permit 192.168.16.0 0.0.3.255

What single access list statement matches all of the following networks? 192.168.16.0 192.168.17.0 192.168.18.0 192.168.19.0

A packet can either be rejected or forwarded as directed by the ACE that is matched.

When ACL processing a packet, what are two outcomes?

before the packets are routed

When are inbound ACLs processed?

after the routing is completed

When are outbound ACLs processed?

when troubleshooting an ACL and needing to know how many packets matched

When would a network administrator use the clear access-list counters command?

named standard ACL

Which ACL will give the ability to add additional ACEs in the middle of the ACL without deleting and re-creating the list?

source IP address

Which address is required in the command syntax of a standard ACL?

host

Which type of ACL statements are commonly reordered by the Cisco IOS as the first ACEs?

vty

Which type of router connection can be secured by the access-class command?

deny any

an ACE that is added to the end of every standard ACL

easy to modify

an advantage of using a named ACL

ACE

one line in an ACL

goes to the next ACE

the action taken when the criteria specified in an ACE does not match

permit (allow the packet to pass) or deny

the actions that can be taken when a router matches an address in an ACE

host

the common keyword that is used when only one IP address is to be matched

closest to destination

the common placement location for a standard ACL

any

the keyword that is the same as using an address of 0.0.0.0 255.255.255.255

one

the number of IP-based ACLs that can be applied to one router interface in the inbound direction

match the same bit value in the address

the purpose of a zero in a wildcard mask

0.0.0.31

the wildcard mask for a /27 network

The ACL does not perform as designed

A network administrator is configuring an ACL to restrict access to certain servers in the data center. The intent is to apply the ACL to the interface connected to the data center LAN. What happens if the ACL is incorrectly applied to an interface in the inbound direction instead of the outbound direction?

access-list 10 permit 192.168.15.23 0.0.0.0

A network administrator needs to configure a standard ACL so that only the workstation of the administrator with the IP address 192.168.15.23 can access the virtual terminal of the main router. Which configuration command can achieve the task?

R1(config-line)# access-class 1 in

An administrator has configured an access list on R1 to allow SSH administrative access from host 172.16.1.100. Which command correctly applies the ACL?

Use the no keyword and the sequence number of the ACE to be removed.

What is the quickest way to remove a single ACE from a named ACL?

subnetwork address of a subnet with 14 valid host addresses

What is the wildcard for 192.168.15.144 0.0.0.15

Two devices were able to use SSH or Telnet to gain access to the router.

Consider the following output for an ACL that has been applied to a router via the access-class in command. What can a network administrator determine from the output that is shown? R1# <output omitted> Standard IP access list 2 10 permit 192.168.10.0, wildcard bits 0.0.0.255 (2 matches) 20 deny any (1 match)

first valid host address in a subnet

What is the wildcard for 192.168.15.65 255.255.255.240

Each statement is checked only until a match is detected or until the end of the ACE list.

How are packets checked in ACL processing?

standard ACL

IP-based ACLs that can be numbered 1 to 99

8

If a router has two interfaces and is routing both IPv4 and IPv6 traffic, how many ACLs could be created and applied to it?

Rejects any packet that does not match any ACE.

In ACL processing, what is the outcome of an implicit deny?

when the ACL is applied to an outbound interface to filter packets coming from multiple inbound interfaces before the packets exit the interface

In which configuration would an outbound ACL placement be preferred over an inbound ACL placement?

hosts in a subnet with SM 255.255.252.0

What is the wildcard for 192.168.5.0 0.0.3.255

all IP address bits must match exactly

What is the wildcard for host 192.168.15.2

on the router that has the ACL configured

On which router should the show access-lists command be executed?

The ACEs of access list 10 will be renumbered.

Refer to the exhibit. What will happen to the access list 10 ACEs if the router is rebooted before any other commands are implemented?

All traffic will be blocked, not just traffic from the 172.16.4.0/24 subnet.

Refer to the exhibit. An ACL was configured on R1 with the intention of denying traffic from subnet 172.16.4.0/24 into subnet 172.16.3.0/24. All other traffic into subnet 172.16.3.0/24 should be permitted. This standard ACL was then applied outbound on interface Fa0/0. Which conclusion can be drawn from this configuration?​

Manually add the new deny ACE with a sequence number of 5

Refer to the exhibit. A router has an existing ACL that permits all traffic from the 172.16.0.0 network. The administrator attempts to add a new ACE to the ACL that denies packets from host 172.16.0.1 and receives the error message that is shown in the exhibit. What action can the administrator take to block packets from host 172.16.0.1 while still permitting all other traffic from the 172.16.0.0 network?

destination

Standard ACLs should be placed close to the ___________ IP address of the traffic.

outbound on the R1 G0/1 interface

Refer to the exhibit. If the network administrator created a standard ACL that allows only devices that connect to the R2 G0/0 network access to the devices on the R1 G0/1 interface, how should the ACL be applied?

The ACL will block all traffic

What is the effect of configuring an ACL with only ACEs that deny traffic?

ip access-group

a command that is used to apply a standard ACL to a serial interface

access-class

a command that is used to apply a standard ACL to one or more VTY ports

source IP address

a filter used by a numbered ACL that uses the number 5

ACL

a method of controlling packet flow


Conjuntos de estudio relacionados

S66 Unit 17 (Client Profile) Quiz

View Set

Unit 1 Quiz 2: Foundations & Essentials

View Set

ANAT & PHYS 337 - Visual System (Chapter 18.6 Mastering)

View Set

Chapter 2- Choice in a World of Scarcity

View Set

Environmental Science: Chapter 16 Test

View Set

Chapter 3 "What do Interest Rates Mean and What Is Their Role in Valuation?"

View Set

biology II - CHAPTER 33: INTRO TO ANIMAL DIVERSITY

View Set

''AlgGeoStat - ** U3Q2 M Systems Take Home Quiz''

View Set

The Kite Runner Final Study Guide

View Set