Chapter 4 - Access Control Lists (Exam & Quiz Questions)

a) 172.16.0.255 b) 172.16.15.36 The wildcard mask indicates that any IP address within the range of 172.16.0.0 to 172.16.15.255 matches.

A network administrator configures an ACL with the command R1(config)# access-list 1 permit 172.16.0.0 0.0.15.255. Which two IP addresses will match this ACL statement? (Choose two.) a) 172.16.0.255 b) 172.16.15.36 c) 172.16.16.12 d) 172.16.31.24 e) 172.16.65.21

c) 0.0.1.255 Write all of the network numbers in binary and determine the binary digits that are identical in consecutive bit positions from left to right. In this example, 23 bits match perfectly. The wildcard mask of 0.0.1.255 designates that 25 bits must match.

A network administrator is designing an ACL. The networks 192.168.1.0/25, 192.168.0.0/25, 192.168.0.128/25, 192.168.1.128/26, and 192.168.1.192/26 are affected by the ACL. Which wildcard mask, if any, is the most efficient to use when specifying all of these networks in a single ACL permit entry? a) 0.0.0.127 b) 0.0.0.255 c) 0.0.1.255 d) 0.0.255.255 e) A single ACL command and wildcard mask should not be used to specify these particular networks or other traffic will be permitted or denied and present a security risk.

a) Router1(config)# access-list 10 permit host 192.168.15.23 b) Router1(config)# access-list 10 permit 192.168.15.23 0.0.0.0 To permit or deny one specific IP address, either the wildcard mask 0.0.0.0 (used after the IP address) or the wildcard mask keyword host (used before the IP address) can be used.

A network administrator needs to configure a standard ACL so that only the workstation of the administrator with the IP address 192.168.15.23 can access the virtual terminal of the main router. Which two configuration commands can achieve the task? (Choose two.) a) Router1(config)# access-list 10 permit host 192.168.15.23 b) Router1(config)# access-list 10 permit 192.168.15.23 0.0.0.0 c) Router1(config)# access-list 10 permit 192.168.15.23 0.0.0.255 d) Router1(config)# access-list 10 permit 192.168.15.23 255.255.255.0 e) Router1(config)# access-list 10 permit 192.168.15.23 255.255.255.255

c) R1(config-line)# access-class 1 in Administrative access over SSH to the router is through the vty lines. Therefore, the ACL must be applied to those lines in the inbound direction. This is accomplished by entering line configuration mode and issuing the access-class command.

An administrator has configured an access list on R1 to allow SSH administrative access from host 172.16.1.100. Which command correctly applies the ACL? a) R1(config-if)# ip access-group 1 in b) R1(config-if)# ip access-group 1 out c) R1(config-line)# access-class 1 in d) R1(config-line)# access-class 1 out

0.0.0.31 The wildcard mask can be found by subtracting the subnet mask from 255.255.255.255.

Fill in the blanks. Use dotted decimal format. The wildcard mask that is associated with 192.168.12.96/27 is ________________.

0.0.0.255 The wildcard mask can be found by subtracting the subnet mask from 255.255.255.255. Mask 255.255.255.255 Subnet mask - 255.255.255.0 Wild card mask 0 . 0 . 0. 255

Fill in the blanks. Use dotted decimal format. The wildcard mask that is associated with the network 192.168.12.0/24 is ________________.

c) traffic that is leaving the router and going toward the destination host Inbound and outbound are interpreted from the point of view of the router. Traffic that is designated in an inbound ACL will be denied or permitted when coming into that router interface from a source. Traffic that is designated in an outbound ACL will be denied or permitted when going out the interface to the destination.

In applying an ACL to a router interface, which traffic is designated as outbound? a) traffic for which the router can find no routing table entry b) traffic that is going from the destination IP address into the router c) traffic that is leaving the router and going toward the destination host d) traffic that is coming from the source IP address into the router

a) 192.168.3.64 0.0.0.7 192.168.3.64 is a subnetwork address in a subnet with 8 addresses. Convert 0.0.0.7 to binary and subtract it from 255.255.255.255, and the resulting subnet mask is 255.255.255.248. That mask contains 3 host bits, and yields 8 addresses.

Match each statement with the subnet and wildcard that it describes. addresses with a subnet mask of 255.255.255.248 a) 192.168.3.64 0.0.0.7 b) host 192.168.15.12 c) 192.168.5.0 0.0.3.255 d) 192.168.100.63 255.255.255.192 e) 192.168.15.65 255.255.255.240 f) 192.168.15.144 0.0.0.15

b) host 192.168.15.12 Using the host parameter in a wildcard mask requires that all bits match the given address.

Match each statement with the subnet and wildcard that it describes. all IP address bits must match exactly a) 192.168.3.64 0.0.0.7 b) host 192.168.15.12 c) 192.168.5.0 0.0.3.255 d) 192.168.100.63 255.255.255.192 e) 192.168.15.65 255.255.255.240 f) 192.168.15.144 0.0.0.15

c) 192.168.5.0 0.0.3.255 Converting the wildcard mask 0.0.3.255 to binary and subtracting it from 255.255.255.255 yields a subnet mask of 255.255.252.0.

Match each statement with the subnet and wildcard that it describes. hosts in a subnet with the subnet mask 255.255.252.0 a) 192.168.3.64 0.0.0.7 b) host 192.168.15.12 c) 192.168.5.0 0.0.3.255 d) 192.168.100.63 255.255.255.192 e) 192.168.15.65 255.255.255.240 f) 192.168.15.144 0.0.0.15

f) 192.168.15.144 0.0.0.15 The subnet mask contains 4 host bits, yielding subnets with 16 addresses.

Match each statement with the subnet and wildcard that it describes. subnetwork address of a subnet with 14 valid host addresses a) 192.168.3.64 0.0.0.7 b) host 192.168.15.12 c) 192.168.5.0 0.0.3.255 d) 192.168.100.63 255.255.255.192 e) 192.168.15.65 255.255.255.240 f) 192.168.15.144 0.0.0.15

e) 192.168.15.65 255.255.255.240 192.168.15.65 is the first valid host address in a subnetwork beginning with the subnetwork address 192.168.15.64.

Match each statement with the subnet and wildcard that it describes. the first valid host address in a subnet a) 192.168.3.64 0.0.0.7 b) host 192.168.15.12 c) 192.168.5.0 0.0.3.255 d) 192.168.100.63 255.255.255.192 e) 192.168.15.65 255.255.255.240 f) 192.168.15.144 0.0.0.15

e) The IT group network is included in the deny statement. The source IP range in the deny ACE is 192.168.20.0 0.0.3.255, which covers IP addresses from 192.168.20.0 to 192.168.23.255. The IT group network 192.168.22.0/28 is included in the 192.168.20/22 network. Therefore, the connection is denied. To fix it, the order of the deny and permit ACE should be switched.

Refer to the exhibit. A network administrator is configuring an ACL to limit the connection to R1 vty lines to only the IT group workstations in the network 192.168.22.0/28. The administrator verifies the successful Telnet connections from a workstation with IP 192.168.22.5 to R1 before the ACL is applied. However, after the ACL is applied to the interface Fa0/0, Telnet connections are denied. What is the cause of the connection failure? a) The login command has not been entered for vty lines. b) The enable secret password is not configured on R1. c) The permit ACE should specify protocol ip instead of tcp. d) The permit ACE specifies a wrong port number. e) The IT group network is included in the deny statement.

a) R2(config)# interface fastethernet 0/0 d) R2(config)# access-list 101 permit ip host 192.168.1.1 host 192.168.2.1 g) R2(config-if)# ip access-group 101 in An extended ACL is placed as close to the source of the traffic as possible. In this case.it is placed in an inbound direction on interface fa0/0 on R2 for traffic entering the router from host with the IP address192.168.1.1 bound for the server with the IP address192.168.2.1.

Refer to the exhibit. A network administrator wants to permit only host 192.168.1.1 /24 to be able to access the server 192.168.2.1 /24. Which three commands will achieve this using best ACL placement practices? (Choose three.) a) R2(config)# interface fastethernet 0/0 b) R2(config-if)# ip access-group 101 out c) R2(config)# access-list 101 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0 d) R2(config)# access-list 101 permit ip host 192.168.1.1 host 192.168.2.1 e) R2(config)# access-list 101 permit ip any any f) R2(config)# interface fastethernet 0/1 g) R2(config-if)# ip access-group 101 in

c) ICMPv6 packets that are destined to PC1 The access list LIMITED_ACCESS will block ICMPv6 packets from the ISP. Both port 80, HTTP traffic, and port 443, HTTPS traffic, are explicitly permitted by the ACL. The neighbor advertisements from the ISP router are implicitly permitted by the implicit permit icmp any any nd-na statement at the end of all IPv6 ACLs.

Refer to the exhibit. The IPv6 access list LIMITED_ACCESS is applied on the S0/0/0 interface of R1 in the inbound direction. Which IPv6 packets from the ISP will be dropped by the ACL on R1? a) HTTPS packets to PC1 b) neighbor advertisements that are received from the ISP router c) ICMPv6 packets that are destined to PC1 d) packets that are destined to PC1 on port 80

a) access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20 access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21 access-list 105 permit tcp 10.0.0.0 0.255.255.255 host 10.0.54.5 eq www access-list 105 deny ip any host 10.0.54.5 access-list 105 permit ip any any f) R1(config)# interface gi0/0 R1(config-if)# ip access-group 105 out The first two lines of the ACL allow host 10.0.70.23 FTP access to the server that has the IP address of 10.0.54.5. The next line of the ACL allows HTTP access to the server from any host that has an IP address that starts with the number 10. The fourth line of the ACL denies any other type of traffic to the server from any source IP address. The last line of the ACL permits anything else in case there are other servers or devices added to the 10.0.54.0/28 network. Because traffic is being filtered from all other locations and for the 10.0.70.23 host device, the best place to put this ACL is closest to the server.

Refer to the exhibit. The network administrator that has the IP address of 10.0.70.23/25 needs to have access to the corporate FTP server (10.0.54.5/28). The FTP server is also a web server that is accessible to all internal employees on networks within the 10.x.x.x address. No other traffic should be allowed to this server. Which extended ACL would be used to filter this traffic, and how would this ACL be applied? (Choose two.) a) access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20 access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21 access-list 105 permit tcp 10.0.0.0 0.255.255.255 host 10.0.54.5 eq www access-list 105 deny ip any host 10.0.54.5 access-list 105 permit ip any any b) access-list 105 permit tcp host 10.0.54.5 any eq www access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20 access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21 c) R2(config)# interface gi0/0 R2(config-if)# ip access-group 105 in d) R1(config)# interface s0/0/0 R1(config-if)# ip access-group 105 out e) access-list 105 permit ip host 10.0.70.23 host 10.0.54.5 access-list 105 permit tcp any host 10.0.54.5 eq www access-list 105 permit ip any any f) R1(config)# interface gi0/0 R1(config-if)# ip access-group 105 out

d) 3 The first two lines of the ACL allow traffic from a particular application from the IP address 10.0.55.23 destined for 10.0.70.55. Because neither of these lines meets the criterion of request for information from a secure web page (port 443 is HTTPS) from 10.0.55.23 to the web server located at 10.0.70.5, no action is taken by the router. The third line is a match and because the "permission" is to deny the packet, the packet is dropped. No further examination is done by the router.

Refer to the exhibit. This ACL is applied on traffic outbound from the router on the interface that directly connects to the 10.0.70.5 server. A request for information from a secure web page is sent from host 10.0.55.23 and is destined for the 10.0.70.5 server. Which line of the access list will cause the router to take action (forward the packet onward or drop the packet)? a) the deny ip any any that is at the end of every ACL b) 2 c) 1 d) 3 e) 5 f) 4

b) The ACL name is case sensitive. The name in a named ACL is alphanumeric, case sensitive and unique. Thus, the router treats access_network and ACCESS_NETWORK as if they are two separate ACLs.

Refer to the exhibit. A network administrator configures a named ACL on the router. Why is there no output displayed when the show command is issued? a) The ACL is not activated. b) The ACL name is case sensitive. c) The ACL has not been applied to an interface. d) No packets have matched the ACL statements yet.

b) named extended Unlike IPv4, IPv6 has only one type of access list and that is the named extended access list.

What is the only type of ACL available for IPv6? a) named standard b) named extended c) numbered standard d) numbered extended

a) 192.168.70.0 to 192.168.70.127 The number of 1s in the wildcard mask represents the number of 0s in the subnet mask. The range of IP addresses for this network would be 192.168.70.0 - 192.168.70.127 with 192.168.70.127 being the broadcast address.

What range of IP addresses is represented by the network and wildcard mask 192.168.70.0 0.0.0.127? a) 192.168.70.0 to 192.168.70.127 b) 192.168.70.0 to 192.168.70.255 c) 192.168.70.0 to 192.168.70.63 d) 192.168.70.0 to 192.168.71.255

b) access-list 100 deny ip 10.1.1.1 0.0.0.0 192.168.0.0 0.0.255.255 f) access-list 100 deny ip host 10.1.1.1 192.168.0.0 0.0.255.255 There are two ways to identify a single host in an access list entry. One, is to use the host keyword with the host IP address, the other is to use a wildcard mask of 0.0.0.0 with the host IP address. The source of the traffic to be inspected by the access list goes first in the syntax and the destination goes last.

What two ACEs could be used to deny IP traffic from a single source host 10.1.1.1 to the 192.168.0.0/16 network? (Choose two.) a) access-list 100 deny ip 10.1.1.1 255.255.255.255 192.168.0.0 0.0.255.255 b) access-list 100 deny ip 10.1.1.1 0.0.0.0 192.168.0.0 0.0.255.255 c) access-list 100 deny ip 192.168.0.0 0.0.255.255 host 10.1.1.1 d) access-list 100 deny ip 192.168.0.0 0.0.255.255 10.1.1.1 0.0.0.0 e) access-list 100 deny ip 192.168.0.0 0.0.255.255 10.1.1.1 255.255.255.255 f) access-list 100 deny ip host 10.1.1.1 192.168.0.0 0.0.255.255

a) ACLs can control which areas a host can access on a network. d) ACLs provide a basic level of security for network access.

What two functions describe uses of an access control list? (Choose two.) a) ACLs can control which areas a host can access on a network. b) ACLs can permit or deny traffic based upon the MAC address originating on the router. c) ACLs assist the router in determining the best path to a destination. d) ACLs provide a basic level of security for network access. e) Standard ACLs can restrict access to specific applications and ports.

c) 172.16.2.0 to 172.16.3.255 The wildcard mask 0.0.1.255 means the first 23 bits are matched and the last 9 bits are ignored. That is, a matching IP address should be from 172.16.2.0 to 172.16.3.255 (where last 9 bits are from all 0s to all 1s and any value between).

Which IPv4 address range covers all IP addresses that match the ACL filter specified by 172.16.2.0 with wildcard mask 0.0.1.255? a) 172.16.2.0 to 172.16.2.255 b) 172.16.2.1 to 172.16.3.254 c) 172.16.2.0 to 172.16.3.255 d) 172.16.2.1 to 172.16.255.255

d) permit tcp any host 2001:DB8:10:10::100 eq 25 The IPv6 access list statement, permit tcp any host 2001:DB8:10:10::100 eq 25, will allow IPv6 packets from any host to the SMTP server at 2001:DB8:10:10::100. The source of the packet is listed first in the ACL, which in this case is any source, and the destination is listed second, in this case the IPv6 address of the SMTP server. The port number is last in the statement, port 25, which is the well-known port for SMTP.

Which IPv6 ACL command entry will permit traffic from any host to an SMTP server on network 2001:DB8:10:10::/64? a) permit tcp any host 2001:DB8:10:10::100 eq 23 b) permit tcp host 2001:DB8:10:10::100 any eq 23 c) permit tcp host 2001:DB8:10:10::100 any eq 25 d) permit tcp any host 2001:DB8:10:10::100 eq 25

c) ipv6 traffic-filter ENG_ACL in For the purpose of applying an access list to a particular interface, the ipv6 traffic-filter IPv6 command is equivalent to the access-group IPv4 command. The direction in which the traffic is examined (in or out) is also required.

Which command is used to activate an IPv6 ACL named ENG_ACL on an interface so that the router filters traffic prior to accessing the routing table? a) ipv6 access-class ENG_ACL out b) ipv6 traffic-filter ENG_ACL out c) ipv6 traffic-filter ENG_ACL in d) ipv6 access-class ENG_ACL in

a) an implicit permit of neighbor discovery packets One of the major differences between IPv6 and IPv4 ACLs are two implicit permit ACEs at the end of any IPv6 ACL. These two permit ACEs allow neighbor discovery operations to function on the router interface.

Which feature is unique to IPv6 ACLs when compared to those of IPv4 ACLs? a) an implicit permit of neighbor discovery packets b) an implicit deny any any ACE c) the use of named ACL ACE d) the use of wildcard masks

c) 10.120.160.0 to 10.120.167.255 A wildcard mask of 0.0.7.255 means that the first 5 bits of the 3rd octet must remain the same but the last 3 bits can have values from 000 to 111. The last octet has a value of 255, which means the last octet can have values from all zeros to all 1s.

Which range represents all the IP addresses that are affected when network 10.120.160.0 with a wildcard mask of 0.0.7.255 is used in an ACE? a) 10.120.160.0 to 10.127.255.255 b) 10.120.160.0 to 10.120.168.0 c) 10.120.160.0 to 10.120.167.255 d) 10.120.160.0 to 10.120.191.255

a) access-list 103 permit tcp 192.168.10.0 0.0.0.255 host 172.17.80.1 eq 80 access-list 103 deny tcp ​192.168.10.0 0.0.0.255 any eq 23 For an extended ACL to meet these requirements the following need to be included in the access control entries: identification number in the range 100-199 or 2000-2699 permit or deny parameter protocol source address and wildcard destination address and wildcard port number or name

Which set of access control entries would allow all users on the 192.168.10.0/24 network to access a web server that is located at 172.17.80.1, but would not allow them to use Telnet? a) access-list 103 permit tcp 192.168.10.0 0.0.0.255 host 172.17.80.1 eq 80 access-list 103 deny tcp ​192.168.10.0 0.0.0.255 any eq 23 b) access-list 103 deny tcp host 192.168.10.0 any eq 23 access-list 103 permit tcp host 192.168.10.1 eq 80 c) access-list 103 permit 192.168.10.0 0.0.0.255 host 172.17.80.1 access-list 103 deny tcp 192.168.10.0 0.0.0.255 any eq telnet​​ d) access-list 103 permit tcp 192.168.10.0 0.0.0.255 any eq 80 access-list 103 deny tcp 192.168.10.0 0.0.0.255 any eq 23

b) They filter traffic based on source IP addresses only. A standard IPv4 ACL can filter traffic based on source IP addresses only. Unlike an extended ACL, it cannot filter traffic based on Layer 4 ports. However, both standard and extended ACLs can be identified with either a number or a name, and both are configured in global configuration mode.

Which statement describes a characteristic of standard IPv4 ACLs? a) They are configured in the interface configuration mode. b) They filter traffic based on source IP addresses only. c) They can be created with a number but not with a name. d) They can be configured to filter traffic based on both source IP addresses and source ports.

c) Inbound ACLs are processed before the packets are routed while outbound ACLs are processed after the routing is completed. With an inbound ACL, incoming packets are processed before they are routed. With an outbound ACL, packets are first routed to the outbound interface, then they are processed. Thus processing inbound is more efficient from the router perspective. The structure, filtering methods, and limitations (on an interface, only one inbound and one outbound ACL can be configured) are the same for both types of ACLs.

Which statement describes a difference between the operation of inbound and outbound ACLs? a) In contrast to outbound ALCs, inbound ACLs can be used to filter packets with multiple criteria. b) Inbound ACLs can be used in both routers and switches but outbound ACLs can be used only on routers. c) Inbound ACLs are processed before the packets are routed while outbound ACLs are processed after the routing is completed. d) On a network interface, more than one inbound ACL can be configured but only one outbound ACL can be configured.

b) deny ipv6 any any e) permit icmp any any nd-ns f) permit icmp any any nd-na All IPv6 ACLs automatically include two implicit permit statements; permit icmp any any nd-ns and permit icmp any any nd-na. These statements allow the router interface to perform neighbor discovery operations. There is also an implicit deny ipv6 any any automatically included at the very end of any IPv6 ACL that blocks all IPv6 packets not otherwise permitted.

Which three implicit access control entries are automatically added to the end of an IPv6 ACL? (Choose three.) a) deny ip any any b) deny ipv6 any any c) permit ipv6 any any d) deny icmp any any e) permit icmp any any nd-ns f) permit icmp any any nd-na

a) An implicit deny any rejects any packet that does not match any ACL statement. b) A packet can either be rejected or forwarded as directed by the statement that is matched. e) Each statement is checked only until a match is detected or until the end of the ACL statement list is reached. ACLs are processed in a top down manner. When an ACL is inspected, if the information in a packet header and an ACL statement match, the remaining statements are not examined, and the packet is either denied or permitted through as specified by the ACL. If a packet header does not match an ACL statement, the packet is tested against the next statement in the list. This matching process continues until the end of the list is reached. Every ACL has an implied deny at the end of the list. This implied deny statement is applied to all packets for which conditions did not test true.

Which three statements describe ACL processing of packets? (Choose three.) a) An implicit deny any rejects any packet that does not match any ACL statement. b) A packet can either be rejected or forwarded as directed by the statement that is matched. c) A packet that has been denied by one statement can be permitted by a subsequent statement. d) A packet that does not match the conditions of any ACL statements will be forwarded by default. e) Each statement is checked only until a match is detected or until the end of the ACL statement list is reached. f) Each packet is compared to the conditions of every statement in the ACL before a forwarding decision is made.

a) access list number between 100 and 199 c) destination address and wildcard mask g) source address and wildcard mask

Which three values or sets of values are included when creating an extended access control list entry? (Choose three.) a) access list number between 100 and 199 b) destination subnet mask and wildcard mask c) destination address and wildcard mask d) source subnet mask and wildcard mask e) default gateway address and wildcard mask f) access list number between 1 and 99 g) source address and wildcard mask

a) access-list 110 deny tcp any any eq https d) access-list 110 deny tcp any any gt 75 Traffic that is destined for a web server will use port 80 or 443. The keyword eq represents equal, gt represents greater than, and lt less than.

Which two ACE commands will block traffic that is destined for a web server which is listening to default ports? (Choose two.) a) access-list 110 deny tcp any any eq https b) access-list 110 deny tcp any any lt 80 c) access-list 110 deny tcp any any gt 443 d) access-list 110 deny tcp any any gt 75 e) access-list 110 deny tcp any any eq 21

b) host d) any The two keywords that can be used when configuring ACLs are host and any. The host keyword is equivalent to using the 0.0.0.0 wildcard mask and the any keyword could be used instead of the 255.255.255.255 wildcard mask.

Which two keywords can be used in an access control list to replace a wildcard mask or address and wildcard mask pair? (Choose two.) a) most b) host c) all d) any e) some f) gt

b) ICMP message type c) destination UDP port number Extended access lists commonly filter on source and destination IPv4 addresses and TCP or UDP port numbers. Additional filtering can be provided for protocol types.

Which two packet filters could a network administrator use on an IPv4 extended ACL? (Choose two.) a) source TCP hello address b) ICMP message type c) destination UDP port number d) computer type e) destination MAC address

d) Extended ACLs evaluate the source and destination addresses. e) Port numbers can be used to add greater definition to an ACL. Extended ACLs can be used for precise traffic-filtering. Extended ACLs check for both source and destination addresses of packets. They also check the protocols and port numbers (or services), thus allowing for a greater range of criteria on which to base the ACL.

Which two statements are correct about extended ACLs? (Choose two) a) Extended ACLs end with an implicit permit statement. b) Extended ACLs use a number range from 1-99. c) Multiple ACLs can be placed on the same interface as long as they are in the same direction. d) Extended ACLs evaluate the source and destination addresses. e) Port numbers can be used to add greater definition to an ACL.

b) The first 28 bits of a supplied IP address will be matched. f) The last four bits of a supplied IP address will be ignored. A wildcard mask uses 0s to indicate that bits must match. 0s in the first three octets represent 24 bits and four more zeros in the last octet, represent a total of 28 bits that must match. The four 1s represented by the decimal value of 15 represents the four bits to ignore.

Which two statements describe the effect of the access control list wildcard mask 0.0.0.15? (Choose two.) a) The last five bits of a supplied IP address will be ignored. b) The first 28 bits of a supplied IP address will be matched. c) The first 32 bits of a supplied IP address will be matched. d) The last four bits of a supplied IP address will be matched. e) The first 28 bits of a supplied IP address will be ignored. f) The last four bits of a supplied IP address will be ignored.