cisco 4 exam
Which two statements are correct about extended ACLs
Extended ACLs evaluate the source and destination addresses.* Port numbers can be used to add greater definition to an ACL
all IP address bits must match exactly
host 192
Which IPv6 ACL command entry will permit traffic from any host to an SMTP server on network 2001:DB8:10:10::/64?
permit tcp any host 2001:DB8:10:10::100 eq 25* (any host Eq25)
Which three values or sets of values are included when creating an extended access control list entry
source address and wildcard mask* access list number between 100 and 199 destination address and wildcard mask*
The first valid host of the subnet
starts with 192 end with 240
In applying an ACL to a router interface, which traffic is designated as outbound?
traffic that is leaving the router and going toward the destination host*
What two functions describe uses of an access control list?
ACLs provide a basic level of security for network access. ACLs can control which areas a host can access on a network
Refer to the exhibit. The IPv6 access list LIMITED_ACCESS is applied on the S0/0/0 interface of R1 in the inbound direction. Which IPv6 packets from the ISP will be dropped by the ACL on R1
CMPv6 packets that are destined to PC1
Which range represents all the IP addresses that are affected when network 10.120.160.0 with a wildcard mask of 0.0.7.255 is used in an ACE
10.120.160.0 to 10.120.167.255* (160, 167)
subnetwork address with subnet worth of 14
192 end with 15
What is the wildcard mask that is associated with the network 192.168.12.0/24
0.0.0.255
. A network administrator is designing an ACL. The networks 192.168.1.0/25, 192.168.0.0/25, 192.168.0.128/25, 192.168.1.128/26, and 192.168.1.192/26 are affected by the ACL. Which wildcard mask, if any, is the most efficient to use when specifying all of these networks in a single ACL permit entry?
0.0.1.255
Which set of access control entries would allow all users on the 192.168.10.0/24 network to access a web server that is located at 172.17.80.1, but would not allow them to use Telnet?
1.ends with host 172.17.80.1 eq 80 2.starts with 103 deny tcp 192
What two ACEs could be used to deny IP traffic from a single source host 10.1.1.1 to the 192.168.0.0/16 network?
10.1.1.1 0. ip host
address with a subnet mask of 255
192 ends with 7
. Refer to the exhibit. This ACL is applied on traffic outbound from the router on the interface that directly connects to the 10.0.70.5 server. A request for information from a secure web page is sent from host 10.0.55.23 and is destined for the 10.0.70.5 server. Which line of the access list will cause the router to take action (forward the packet onward or drop the packet)?
3
The exhibit shows router R2 connected through int fa0/0 to a switch which in turn is connected to host with an IP address 192.168.1.1 /24. R2 is connected to another switch through interface fa0/1 and the switch is connected to a server with the IP address 192.168.2.1 /24.Refer to the exhibit. A network administrator wants to permit only host 192.168.1.1 /24 to be able to access the server 192.168.2.1 /24. Which three commands will achieve this using best ACL placement practices?
R2(config)# int f0/0 R2(config)#permit ip host R2(config-if)# 101 in*
202.16.83.131 Protocol HTTP
ROuter drops packet
192.168.83.189 protocol FTP
ROuter will forward the packet
192.168.83.157 protocol Telnet
Router will drop the packer
Refer to the exhibit. A network administrator is configuring an ACL to limit the connection to R1 vty lines to only the IT group workstations in the network 192.168.22.0/28. The administrator verifies the successful Telnet connections from a workstation with IP 192.168.22.5 to R1 before the ACL is applied. However, after the ACL is applied to the interface Fa0/0, Telnet connections are denied. What is the cause of the connection failure
The IT group network is included in the deny statement
Which two statements describe the effect of the access control list wildcard mask 0.0.0.15?
The first 28 bits of a supplied IP address will be matched.* The last four bits of a supplied IP address will be ignored
Which feature is unique to IPv6 ACLs when compared to those of IPv4 ACLs?
an implicit permit of neighbor discovery packets*
Which two packet filters could a network administrator use on an IPv4 extended ACL
destination UDP port number ICMP message type*
Which two ACE commands will block traffic that is destined for a web server which is listening to default ports
eq https* gt 75
Which command is used to activate an IPv6 ACL named ENG_ACL on an interface so that the router filters traffic prior to accessing the routing table?
ipv6 traffic-filter ENG_ACL in*