Access Control Lists

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

What is the wildcard mask that is associated with the network 192.168.12.0/24? 0.0.0.255 0.0.255.255 0.0.0.256 255.255.255.0

0.0.0.255

What two functions describe uses of an access control list? (Choose two.) ACLs assist the router in determining the best path to a destination. Standard ACLs can restrict access to specific applications and ports. ACLs provide a basic level of security for network access. ACLs can permit or deny traffic based upon the MAC address originating on the router. ACLs can control which areas a host can access on a network.

ACLs provide a basic level of security for network access.* ACLs can control which areas a host can access on a network.*

Which two ACE commands will block traffic that is destined for a web server which is listening to default ports? (Choose two.) access-list 110 deny tcp any any lt 80 access-list 110 deny tcp any any eq 21 access-list 110 deny tcp any any eq https access-list 110 deny tcp any any gt 75 access-list 110 deny tcp any any gt 443

access-list 110 deny tcp any any eq https* access-list 110 deny tcp any any gt 75*

Which two statements are correct about extended ACLs? (Choose two) Extended ACLs evaluate the source and destination addresses. Port numbers can be used to add greater definition to an ACL. Extended ACLs end with an implicit permit statement. Extended ACLs use a number range from 1-99. Multiple ACLs can be placed on the same interface as long as they are in the same direction.

Extended ACLs evaluate the source and destination addresses. Port numbers can be used to add greater definition to an ACL.

Refer to the exhibit. The IPv6 access list LIMITED_ACCESS is applied on the S0/0/0 interface of R1 in the inbound direction. Which IPv6 packets from the ISP will be dropped by the ACL on R1? ICMPv6 packets that are destined to PC1 neighbor advertisements that are received from the ISP router HTTPS packets to PC1 packets that are destined to PC1 on port 80

ICMPv6 packets that are destined to PC1

The exhibit shows router R2 connected through int fa0/0 to a switch which in turn is connected to host with an IP address 192.168.1.1 /24. R2 is connected to another switch through interface fa0/1 and the switch is connected to a server with the IP address 192.168.2.1 /24.Refer to the exhibit. A network administrator wants to permit only host 192.168.1.1 /24 to be able to access the server 192.168.2.1 /24. Which three commands will achieve this using best ACL placement practices? (Choose three.) R2(config-if)# ip access-group 101 out R2(config)# access-list 101 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0 R2(config)# interface fastethernet 0/1 R2(config)# interface fastethernet 0/0 R2(config)# access-list 101 permit ip host 192.168.1.1 host 192.168.2.1 R2(config-if)# ip access-group 101 in R2(config)# access-list 101 permit ip any any

R2(config)# interface fastethernet 0/0 R2(config)# access-list 101 permit ip host 192.168.1.1 host 192.168.2.1 R2(config-if)# ip access-group 101 in

Which two statements describe the effect of the access control list wildcard mask 0.0.0.15? (Choose two.) The first 28 bits of a supplied IP address will be matched. The last four bits of a supplied IP address will be matched. The first 28 bits of a supplied IP address will be ignored. The last four bits of a supplied IP address will be ignored. The last five bits of a supplied IP address will be ignored. The first 32 bits of a supplied IP address will be matched

The first 28 bits of a supplied IP address will be matched. The last four bits of a supplied IP address will be ignored.

What two ACEs could be used to deny IP traffic from a single source host 10.1.1.1 to the 192.168.0.0/16 network? (Choose two.) access-list 100 deny ip 10.1.1.1 255.255.255.255 192.168.0.0 0.0.255.255 access-list 100 deny ip 10.1.1.1 0.0.0.0 192.168.0.0 0.0.255.255 access-list 100 deny ip 192.168.0.0 0.0.255.255 host 10.1.1.1 access-list 100 deny ip host 10.1.1.1 192.168.0.0 0.0.255.255 access-list 100 deny ip 192.168.0.0 0.0.255.255 10.1.1.1 0.0.0.0 access-list 100 deny ip 192.168.0.0 0.0.255.255 10.1.1.1 255.255.255.255

access-list 100 deny ip 10.1.1.1 0.0.0.0 192.168.0.0 0.0.255.255* access-list 100 deny ip host 10.1.1.1 192.168.0.0 0.0.255.255*

Which set of access control entries would allow all users on the 192.168.10.0/24 network to access a web server that is located at 172.17.80.1, but would not allow them to use Telnet? access-list 103 deny tcp host 192.168.10.0 any eq 23 access-list 103 permit tcp host 192.168.10.1 eq 80 access-list 103 permit tcp 192.168.10.0 0.0.0.255 host 172.17.80.1 eq 80 access-list 103 deny tcp 192.168.10.0 0.0.0.255 any eq 23 access-list 103 permit tcp 192.168.10.0 0.0.0.255 any eq 80 access-list 103 deny tcp 192.168.10.0 0.0.0.255 any eq 23 access-list 103 permit 192.168.10.0 0.0.0.255 host 172.17.80.1 access-list 103 deny tcp 192.168.10.0 0.0.0.255 any eq telnet

access-list 103 permit tcp 192.168.10.0 0.0.0.255 host 172.17.80.1 eq 80 access-list 103 deny tcp 192.168.10.0 0.0.0.255 any eq 23*

Refer to the exhibit. The network administrator that has the IP address of 10.0.70.23/25 needs to have access to the corporate FTP server (10.0.54.5/28). The FTP server is also a web server that is accessible to all internal employees on networks within the 10.x.x.x address. No other traffic should be allowed to this server. Which extended ACL would be used to filter this traffic, and how would this ACL be applied? (Choose two.) R1(config)# interface s0/0/0 R1(config-if)# ip access-group 105 outR2(config)# interface gi0/0 R2(config-if)# ip access-group 105 in access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20 access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21 access-list 105 permit tcp 10.0.0.0 0.255.255.255 host 10.0.54.5 eq www access-list 105 deny ip any host 10.0.54.5 access-list 105 permit ip any any access-list 105 permit ip host 10.0.70.23 host 10.0.54.5 access-list 105 permit tcp any host 10.0.54.5 eq www access-list 105 permit ip any any R1(config)# interface gi0/0 R1(config-if)# ip access-group 105 out access-list 105 permit tcp host 10.0.54.5 any eq www access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20 access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21

access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20 access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21 access-list 105 permit tcp 10.0.0.0 0.255.255.255 host 10.0.54.5 eq www access-list 105 deny ip any host 10.0.54.5 access-list 105 permit ip any any R1(config)# interface gi0/0 R1(config-if)# ip access-group 105 out

Which feature is unique to IPv6 ACLs when compared to those of IPv4 ACLs? the use of wildcard masks an implicit permit of neighbor discovery packets* an implicit deny any any ACE the use of named ACL ACE

an implicit permit of neighbor discovery packets

Which two packet filters could a network administrator use on an IPv4 extended ACL? (Choose two.) destination UDP port number source TCP hello address ICMP message type destination MAC address computer type

destination UDP port number ICMP message type

Which command is used to activate an IPv6 ACL named ENG_ACL on an interface so that the router filters traffic prior to accessing the routing table? ipv6 access-class ENG_ACL in ipv6 traffic-filter ENG_ACL out ipv6 traffic-filter ENG_ACL in ipv6 access-class ENG_ACL out

ipv6 traffic-filter ENG_ACL in

Which IPv6 ACL command entry will permit traffic from any host to an SMTP server on network 2001:DB8:10:10::/64? permit tcp host 2001:DB8:10:10::100 any eq 23 permit tcp any host 2001:DB8:10:10::100 eq 25 permit tcp any host 2001:DB8:10:10::100 eq 23 permit tcp host 2001:DB8:10:10::100 any eq 25

permit tcp any host 2001:DB8:10:10::100 eq 25

Which three values or sets of values are included when creating an extended access control list entry? (Choose three.) source address and wildcard mask access list number between 100 and 199 source subnet mask and wildcard mask access list number between 1 and 99 destination address and wildcard mask destination subnet mask and wildcard mask default gateway address and wildcard mask

source address and wildcard mask access list number between 100 and 199 destination address and wildcard mask

In applying an ACL to a router interface, which traffic is designated as outbound? traffic for which the router can find no routing table entry traffic that is going from the destination IP address into the router traffic that is leaving the router and going toward the destination host traffic that is coming from the source IP address into the router

traffic that is leaving the router and going toward the destination host*

The wildcard mask that is associated with the network 192.168.12.0/24 is _______

0.0.0.255

6. A network administrator is designing an ACL. The networks 192.168.1.0/25, 192.168.0.0/25, 192.168.0.128/25, 192.168.1.128/26, and 192.168.1.192/26 are affected by the ACL. Which wildcard mask, if any, is the most efficient to use when specifying all of these networks in a single ACL permit entry? 0.0.0.127 0.0.0.255 0.0.1.255 0.0.255.255

0.0.1.255

Which range represents all the IP addresses that are affected when network 10.120.160.0 with a wildcard mask of 0.0.7.255 is used in an ACE? 10.120.160.0 to 10.120.168.0 10.120.160.0 to 10.127.255.255 10.120.160.0 to 10.120.191.255 10.120.160.0 to 10.120.167.255

10.120.160.0 to 10.120.167.255

Refer to the exhibit. This ACL is applied on traffic outbound from the router on the interface that directly connects to the 10.0.70.5 server. A request for information from a secure web page is sent from host 10.0.55.23 and is destined for the 10.0.70.5 server. Which line of the access list will cause the router to take action (forward the packet onward or drop the packet)? 1 3 2 the deny ip any any that is at the end of every ACL 5 4

3

An access list has been applied to a router LAN interface in the inbound direction. the ip address of the lan segment is 192.168.83.64/26. the entire ACL appears below: access-list 101 deny tcp 192.168.83.64 0.0.0.63 any eq 23 access-list 101 permit ip 192.168.83.64 0.0.0.63 192.168.83.128 0.0.0.63 Match the Description to whether the router will Drop or Forward the packet. destination: 202.16.83.131 protocol: HTTP destination: 192.168.83.157 protocol: Telnet destination: 192.168.83.189 protocol: FTP

THE ROUTER WILL DROP THE PACKET destination: 202.16.83.131 protocol: HTTP destination: 192.168.83.157 protocol: Telnet THE ROUTER WILL FORWARD THE PACKET destination: 192.168.83.189 protocol: FTP

Refer to the exhibit. A network administrator is configuring an ACL to limit the connection to R1 vty lines to only the IT group workstations in the network 192.168.22.0/28. The administrator verifies the successful Telnet connections from a workstation with IP 192.168.22.5 to R1 before the ACL is applied. However, after the ACL is applied to the interface Fa0/0, Telnet connections are denied. What is the cause of the connection failure? The enable secret password is not configured on R1. The IT group network is included in the deny statement. The permit ACE specifies a wrong port number. The permit ACE should specify protocol ip instead of tcp. The login command has not been entered for vty lines.

The IT group network is included in the deny statement.


Kaugnay na mga set ng pag-aaral

Chapter 16: The Endocrine System

View Set

ABC UNIT 1 basic study of canines

View Set

Module 8 - Sleep and Dreams - Quiz #2

View Set

L4M6 Supplier Relationships all chapters revision

View Set

CCNA Security Final Exam - CCNAS v2.0

View Set

Sequence of Blood Flow Through the Heart and Body

View Set