Cisco Chapter 4 Exam

¡Supera tus tareas y exámenes ahora con Quizwiz!

Which three statements describe ACL processing of packets? - An implicit deny any rejects any packet that does not match any ACE. - A packet can either be rejected or forwarded as directed by the ACE that is matched. - A packet that has been denied by one ACE can be permitted by a subsequent ACE. - A packet that does not match the conditions of any ACE will be forwarded by default. - Each statement is checked only until a match is detected or until the end of the ACE list. - Each packet is compared to the conditions of every ACE in the ACL before a forwarding decision is made.

- An implicit deny any rejects any packet that does not match any ACE. - A packet can either be rejected or forwarded as directed by the ACE that is matched. -Each statement is checked only until a match is detected or until the end of the ACE list.

A network administrator needs to configure a standard ACL so that only the workstation of the administrator with the IP address 192.168.15.23 can access the virtual terminal of the main router. Which two configuration commands can achieve the task? (Choose two.) - Router1(config)# access-list 10 permit host 192.168.15.23 - Router1(config)# access-list 10 permit 192.168.15.23 0.0.0.0 - Router1(config)# access-list 10 permit 192.168.15.23 0.0.0.255 - Router1(config)# access-list 10 permit 192.168.15.23 255.255.255.0 - Router1(config)# access-list 10 permit 192.168.15.23 255.255.255.255

- Router1(config)# access-list 10 permit host 192.168.15.23 - Router1(config)# access-list 10 permit 192.168.15.23 0.0.0.0

Refer to the exhibit. A network administrator is configuring an ACL to limit the connection to R1 vty lines to only the IT group workstations in the network 192.168.22.0/28. The administrator verifies the successful Telnet connections from a workstation with IP 192.168.22.5 to R1 before the ACL is applied. However, after the ACL is applied to the interface Fa0/0, Telnet connections are denied. What is the cause of the connection failure? - The permit ACE specifies a wrong port number. - The enable secret password is not configured on R1. - The login command has not been entered for vty lines. - The IT group network is included in the deny statement. - The permit ACE should specify protocol ip instead of tcp.

- The IT group network is included in the deny statement.

A network administrator is designing an ACL. The networks 192.168.1.0/25, 192.168.0.0/25, 192.168.0.128/25, 192.168.1.128/26, and 192.168.1.192/26 are affected by the ACL. Which wildcard mask, if any, is the most efficient to use when specifying all of these networks in a single ACL permit entry? 0.0.0.127 0.0.0.255 0.0.1.255 0.0.255.255

0.0.1.255

Which range represents all the IP addresses that are affected when network 10.120.160.0 with a wildcard mask of 0.0.7.255 is used in an ACE? 10.120.160.0 to 10.127.255.255 10.120.160.0 to 10.120.167.255 10.120.160.0 to 10.120.168.0 10.120.160.0 to 10.120.191.255

10.120.160.0 to 10.120.167.255

A network administrator configures an ACL with the command R1(config)# access-list 1 permit 172.16.0.0 0.0.15.255. Which two IP addresses will match this ACL statement? 172.16.0.255 172.16.15.36 172.16.16.12 172.16.31.24 172.16.65.21

172.16.0.255 172.16.15.36

Which IPv4 address range covers all IP addresses that match the ACL filter specified by 172.16.2.0 with wildcard mask 0.0.1.255? 172.16.2.0 to 172.16.2.255 172.16.2.1 to 172.16.3.254 172.16.2.0 to 172.16.3.255 172.16.2.1 to 172.16.255.255

172.16.2.0 to 172.16.3.255

This ACL is applied on traffic outbound from the router on the interface that directly connects to the 10.0.70.5 server. A request for information from a secure web page is sent from host 10.0.55.23 and is destined for the 10.0.70.5 server. Which line of the access list will cause the router to take action (forward the packet onward or drop the packet)? 1 2 3 4 5

3

Which statement describes a difference between the operation of inbound and outbound ACLs? In contrast to outbound ALCs, inbound ACLs can be used to filter packets with multiple criteria. Inbound ACLs can be used in both routers and switches but outbound ACLs can be used only on routers. Inbound ACLs are processed before the packets are routed while outbound ACLs are processed after the routing is completed. On a network interface, more than one inbound ACL can be configured but only one outbound ACL can be configured.

Inbound ACLs are processed before the packets are routed while outbound ACLs are processed after the routing is completed.

An administrator has configured an access list on R1 to allow SSH administrative access from host 172.16.1.100. Which command correctly applies the ACL? R1(config-if)# ip access-group 1 in R1(config-if)# ip access-group 1 out R1(config-line)# access-class 1 in R1(config-line)# access-class 1 out

R1(config-line)# access-class 1 in

A network administrator wants to permit only host 192.168.1.1 /24 to be able to access the server 192.168.2.1 /24. Which three commands will achieve this using best ACL placement practices? (Choose three.) R2(config)# access-list 101 permit ip host 192.168.1.1 host 192.168.2.1 R2(config)# access-list 101 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0 R2(config)# interface fastethernet 0/0 R2(config-if)# ip access-group 101 out R2(config)# access-list 101 permit ip any any R2(config)# interface fastethernet 0/1 R2(config-if)# ip access-group 101 in

R2(config)# access-list 101 permit ip host 192.168.1.1 host 192.168.2.1 R2(config)# interface fastethernet 0/0 R2(config-if)# ip access-group 101 in

Refer to the exhibit. A network administrator configures a named ACL on the router. Why is there no output displayed when the show command is issued? The ACL is not activated. The ACL name is case sensitive. The ACL has not been applied to an interface. No packets have matched the ACL statements yet.

The ACL name is case sensitive.

Which statement describes a characteristic of a standard IPv4 ACLs? They are configured in the interface configuration mode. They filter traffic based on source IP addresses only. They can be created with a number but not with a name. They can be configured to filter traffic based on both source IP addresses and source ports.

They filter traffic based on source IP addresses only.

Which set of access control entries would allow all users on the 192.168.10.0/24 network to access a web server that is located at 172.17.80.1, but would not allow them to use Telnet? access-list 103 deny tcp host 192.168.10.0 any eq 23 access-list 103 permit tcp host 192.168.10.1 eq 80 access-list 103 permit 192.168.10.0 0.0.0.255 host 172.17.80.1 access-list 103 deny tcp 192.168.10.0 0.0.0.255 any eq telnet​​ access-list 103 permit tcp 192.168.10.0 0.0.0.255 host 172.17.80.1 eq 80 access-list 103 deny tcp ​192.168.10.0 0.0.0.255 any eq 23 access-list 103 permit tcp 192.168.10.0 0.0.0.255 any eq 80 access-list 103 deny tcp 192.168.10.0 0.0.0.255 any eq 23

access-list 103 permit tcp 192.168.10.0 0.0.0.255 host 172.17.80.1 eq 80 access-list 103 deny tcp ​192.168.10.0 0.0.0.255 any eq 23

Refer to the exhibit. The network administrator that has the IP address of 10.0.70.23/25 needs to have access to the corporate FTP server (10.0.54.5/28). The FTP server is also a web server that is accessible to all internal employees on networks within the 10.x.x.x address. No other traffic should be allowed to this server. Which extended ACL would be used to filter this traffic, and how would this ACL be applied? (Choose two.) access-list 105 permit ip host 10.0.70.23 host 10.0.54.5 access-list 105 permit tcp any host 10.0.54.5 eq www access-list 105 permit ip any any access-list 105 permit tcp host 10.0.54.5 any eq www access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20 access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21 access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20 access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21 access-list 105 permit tcp 10.0.0.0 0.255.255.255 host 10.0.54.5 eq www access-list 105 deny ip any host 10.0.54.5 access-list 105 permit ip any any R2(config)# interface gi0/0 R2(config-if)# ip access-group 105 in R1(config)# interface gi0/0 R1(config-if)# ip access-group 105 out R1(config)# interface s0/0/0 R1(config-if)# ip access-group 105 out

access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20 access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21 access-list 105 permit tcp 10.0.0.0 0.255.255.255 host 10.0.54.5 eq www access-list 105 deny ip any host 10.0.54.5 access-list 105 permit ip any any** R1(config)# interface gi0/0 R1(config-if)# ip access-group 105 out**


Conjuntos de estudio relacionados

Unit 1 Physics Test Questions (Link of Equations in Description)

View Set

Financial accounting chapter 1 and 2

View Set

Chapter 7: Choosing a Source of Credit: The Cost of Credit Alternatives

View Set

Propiedades de la multiplicacion

View Set