section 14 connecting networks ccna
A network administrator configures an ACL with the command R1(config)# access-list 1 permit 172.16.0.0 0.0.15.255. Which two IP addresses will match this ACL statement? (Choose two.)
172.16.0.255 172.16.15.36
Which IPv4 address range covers all IP addresses that match the ACL filter specified by 172.16.2.0 with wildcard mask 0.0.1.255?
172.16.2.0 to 172.16.3.255
Match each statement with the example subnet and wildcard that it describes. (Not all options are used.) subnetwork address of a subnet with 14 valid host addresses
192.168.15.144 0.0.0.15
Match each statement with the example subnet and wildcard that it describes. (Not all options are used.) the first valid host address in a subnet
192.168.15.65 255.255.255.240
Match each statement with the example subnet and wildcard that it describes. (Not all options are used.) addresses with a subnet mask 255.255.255.248
192.168.3.64 0.0.0.7
Match each statement with the example subnet and wildcard that it describes. (Not all options are used.) addresses with a subnet mask of 255.255.255.248
192.168.3.64 0.0.0.7
Match each statement with the example subnet and wildcard that it describes. (Not all options are used.) hosts in a subnet mask 255.255.252.0
192.168.5.0 0.0.3.255
Match each statement with the example subnet and wildcard that it describes. (Not all options are used.) hosts in a subnet with the subnet mask 255.255.252.0
192.168.5.0 0.0.3.255
What range of IP addresses is represented by the network and wildcard mask 192.168.70.0 0.0.0.127?
192.168.70.0 to 192.168.70.127
Refer to the exhibit. This ACL is applied on traffic outbound from the router on the interface that directly connects to the 10.0.70.5 server. A request for information from a secure web page is sent from host 10.0.55.23 and is destined for the 10.0.70.5 server. Which line of the access list will cause the router to take action (forward the packet onward or drop the packet)?
3
If a router has two interfaces and is routing both IPv4 and IPv6 traffic, how many ACLs could be created and applied to it?
8
Which two statements are correct about extended ACLs? (Choose two)
Extended ACLs evaluate the source and destination addresses. Port numbers can be used to add greater definition to an ACL.
Which three statements are generally considered to be best practices in the placement of ACLs? (Choose three.)
Filter unwanted traffic before it travels onto a low-bandwidth link. Place extended ACLs close to the source IP address of the traffic. Place standard ACLs close to the destination IP address of the traffic.
Which statement describes a difference between the operation of inbound and outbound ACLs?
Inbound ACLs are processed before the packets are routed while outbound ACLs are processed after the routing is completed.
Refer to the exhibit. A network administrator wants to permit only host 192.168.1.1 /24 to be able to access the server 192.168.2.1 /24. Which three commands will achieve this using best ACL placement practices? (Choose three.)
R2(config)# access-list 101 permit ip host 192.168.1.1 host 192.168.2.1 R2(config)# interface fastethernet 0/0 R2(config-if)# ip access-group 101 in
Refer to the exhibit. What will happen to the access list 10 ACEs if the router is rebooted before any other commands are implemented?
The ACEs of access list 10 will be renumbered.
A network administrator is configuring an ACL to restrict access to certain servers in the data center. The intent is to apply the ACL to the interface connected to the data center LAN. What happens if the ACL is incorrectly applied to an interface in the inbound direction instead of the outbound direction?
The ACL does not perform as designed.
Refer to the exhibit. A network administrator configures a named ACL on the router. Why is there no output displayed when the show command is issued?
The ACL name is case sensitive.
What is the effect of configuring an ACL with only ACEs that deny traffic?
The ACL will block all traffic.
An access list has been applied to a router LAN interface in the inbound direction. The IP address of the LAN segment is 192.168.83.64/26. The entire ACL appears below: access-list 101 deny tcp 192.168.83.64 0.0.0.63 any eq 23 access-list 101 permit ip 192.168.83.64 0.0.0.63 192.168.83.128 0.0.0.63 Drag the descriptions of the packets on the left to the action that the router will perform on the right.
The router will drop the pack: destination: 202.16.83.131 protocol: HTTP destination: 192.168.83.157 protocol: Telnet The router will forward the packet: destination: 192.168.83.189 protocol: FTP
Which statement describes a characteristic of standard IPv4 ACLs?
They filter traffic based on source IP addresses only.
What single access list statement matches all of the following networks? 192.168.16.0 192.168.17.0 192.168.18.0 192.168.19.0
access-list 10 permit 192.168.16.0 0.0.3.255
What two ACEs could be used to deny IP traffic from a single source host 10.1.1.1 to the 192.168.0.0/16 network? (Choose two.)
access-list 100 deny ip host 10.1.1.1 192.168.0.0 0.0.255.255 access-list 100 deny ip 10.1.1.1 0.0.0.0 192.168.0.0 0.0.255.255
Which set of access control entries would allow all users on the 192.168.10.0/24 network to access a web server that is located at 172.17.80.1, but would not allow them to use Telnet?
access-list 103 permit tcp 192.168.10.0 0.0.0.255 host 172.17.80.1 eq 80 access-list 103 deny tcp 192.168.10.0 0.0.0.255 any eq 23
Refer to the exhibit. The network administrator that has the IP address of 10.0.70.23/25 needs to have access to the corporate FTP server (10.0.54.5/28). The FTP server is also a web server that is accessible to all internal employees on networks within the 10.x.x.x address. No other traffic should be allowed to this server. Which extended ACL would be used to filter this traffic, and how would this ACL be applied? (Choose two.)
access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20 access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21 access-list 105 permit tcp 10.0.0.0 0.255.255.255 host 10.0.54.5 eq www access-list 105 deny ip any host 10.0.54.5access-list 105 permit ip any any R1(config)# interface gi0/0R1(config-if)# ip access-group 105 out
Which two ACE commands will block traffic that is destined for a web server which is listening to default ports? (Choose two.)
access-list 110 deny tcp any any eq https access-list 110 deny tcp any any gt 75
Which feature is unique to IPv6 ACLs when compared to those of IPv4 ACLs?
an implicit permit of neighbor discovery packets
Which three implicit access control entries are automatically added to the end of an IPv6 ACL? (Choose three.)
deny ipv6 any any permit icmp any any nd-ns permit icmp any any nd-na
A standard ACL filters network traffic based on the destination MAC address.
false
Which type of ACL statements are commonly reordered by the Cisco IOS as the first ACEs?
host
Which two keywords can be used in an access control list to replace a wildcard mask or address and wildcard mask pair? (Choose two.)
host any
Match each statement with the example subnet and wildcard that it describes. (Not all options are used.) all IP address bits must match exactly
host 192.168.15.12
Which command is used to activate an IPv6 ACL named ENG_ACL on an interface so that the router filters traffic prior to accessing the routing table?
ipv6 traffic-filter ENG_ACL in
What is the only type of ACL available for IPv6?
named extended
On which router should the show access-lists command be executed?
on the router that has the ACL configured
Refer to the exhibit. If the network administrator created a standard ACL that allows only devices that connect to the R2 G0/0 network access to the devices on the R1 G0/1 interface, how should the ACL be applied?
outbound on the R1 G0/1 interface
Which IPv6 ACL command entry will permit traffic from any host to an SMTP server on network 2001:DB8:10:10::/64?
permit tcp any host 2001:DB8:10:10::100 eq 25
Which command produced the following output? R1# 10 permit 192.168.1.56 0.0.0.7 20 permit 192.168.1.64 0.0.0.63 (4 match(es)) 30 deny any (8 match(es))
show access-lists
Which address is required in the command syntax of a standard ACL?
source IP address
Which feature will require the use of a named standard ACL rather than a numbered standard ACL?
the ability to add additional ACEs in the middle of the ACL without deleting and re-creating the list
In applying an ACL to a router interface, which traffic is designated as outbound?
traffic that is leaving the router and going toward the destination host
Fill in the blanks. Use dotted decimal format.The wildcard mask that is associated with the network 192.168.12.0/24 is ____________________.
0.0.0.255
The wildcard mask that is associated with 192.168.12.96/27 is ______________________.
0.0.0.31
A network administrator is designing an ACL. The networks 192.168.1.0/25, 192.168.0.0/25, 192.168.0.128/25, 192.168.1.128/26, and 192.168.1.192/26 are affected by the ACL. Which wildcard mask, if any, is the most efficient to use when specifying all of these networks in a single ACL permit entry?
0.0.1.255
Which range represents all the IP addresses that are affected when network 10.120.160.0 with a wildcard mask of 0.0.7.255 is used in an ACE?
10.120.160.0 to 10.120.167.255
An ____________________ permits or denies traffic through a router based on specific defined criteria.
ACL (access control list)
Refer to the exhibit. A network administrator is configuring a standard IPv4 ACL. What is the effect after the command no access-list 10 is entered?
ACL 10 is removed from the running configuration.
What two functions describe uses of an access control list? (Choose two.)
ACLs provide a basic level of security for network access. ACLs can control which areas a host can access on a network.
What are two uses of an access control list? (Choose two.)
ACLs provide a basic level of security for network access. ACLs can control which areas a host can access on a network.
Refer to the exhibit. An ACL was configured on R1 with the intention of denying traffic from subnet 172.16.4.0/24 into subnet 172.16.3.0/24. All other traffic into subnet 172.16.3.0/24 should be permitted. This standard ACL was then applied outbound on interface Fa0/0. Which conclusion can be drawn from this configuration?
All traffic will be blocked, not just traffic from the 172.16.4.0/24 subnet.
Which three statements describe ACL processing of packets? (Choose three.)
An implicit deny any rejects any packet that does not match any ACE. A packet can either be rejected or forwarded as directed by the ACE that is matched. Each statement is checked only until a match is detected or until the end of the ACE list.
Which three statements describe ACL processing of packets? (Choose three.)
An implicit deny any rejects any packet that does not match any ACL statement. A packet can either be rejected or forwarded as directed by the statement that is matched. Each statement is checked only until a match is detected or until the end of the ACL statement list is reached.
Which scenario would cause an ACL misconfiguration and deny all traffic?
Apply an ACL that has all deny ACE statements.
Refer to the following output. What is the significance of the 4 match(es) statement? R1# <output omitted> 10 permit 192.168.1.56 0.0.0.7 20 permit 192.168.1.64 0.0.0.63 (4 match(es) 30 deny any (8 match(es))
Four packets have been allowed through the router from PCs in the network of 192.168.1.64.
Which two packet filters could a network administrator use on an IPv4 extended ACL? (Choose two.)
ICMP message type destination UDP port number
Refer to the exhibit. The IPv6 access list LIMITED_ACCESS is applied on the S0/0/0 interface of R1 in the inbound direction. Which IPv6 packets from the ISP will be dropped by the ACL on R1?
ICMPv6 packets that are destined to PC1
Refer to the exhibit. A router has an existing ACL that permits all traffic from the 172.16.0.0 network. The administrator attempts to add a new ACE to the ACL that denies packets from host 172.16.0.1 and receives the error message that is shown in the exhibit. What action can the administrator take to block packets from host 172.16.0.1 while still permitting all other traffic from the 172.16.0.0 network?
Manually add the new deny ACE with a sequence number of 5.
An administrator has configured an access list on R1 to allow SSH administrative access from host 172.16.1.100. Which command correctly applies the ACL?
R1(config-line)# access-class 1 in
Refer to the exhibit. A network administrator wants to create a standard ACL to prevent network 1 traffic from being transmitted to the Research and Development network. On which router interface and in which direction should the standard ACL be applied?
R2 Gi0/0 outbound
Which two commands will configure a standard ACL? (Choose two.)
Router(config)# access-list 90 permit 192.168.10.5 0.0.0.0 Router(config)# access-list 35 permit host 172.31.22.7
A network administrator is writing a standard ACL that will deny any traffic from the 172.16.0.0/16 network, but permit all other traffic. Which two commands should be used? (Choose two.)
Router(config)# access-list 95 deny 172.16.0.0 0.0.255.255 Router(config)# access-list 95 permit any
A network administrator needs to configure a standard ACL so that only the workstation of the administrator with the IP address 192.168.15.23 can access the virtual terminal of the main router. Which two configuration commands can achieve the task? (Choose two.)
Router1(config)# access-list 10 permit host 192.168.15.23 Router1(config)# access-list 10 permit 192.168.15.23 0.0.0.0
Refer to the exhibit. A network administrator is configuring an ACL to limit the connection to R1 vty lines to only the IT group workstations in the network 192.168.22.0/28. The administrator verifies the successful Telnet connections from a workstation with IP 192.168.22.5 to R1 before the ACL is applied. However, after the ACL is applied to the interface Fa0/0, Telnet connections are denied. What is the cause of the connection failure?
The IT group network is included in the deny statement.
Which two statements describe the effect of the access control list wildcard mask 0.0.0.15? (Choose two.)
The last four bits of a supplied IP address will be ignored. The first 28 bits of a supplied IP address will be matched.
Consider the following output for an ACL that has been applied to a router via the access-class in command. What can a network administrator determine from the output that is shown? R1# <output omitted> Standard IP access list 2 10 permit 192.168.10.0, wildcard bits 0.0.0.255 (2 matches) 20 deny any (1 match)
Two devices were able to use SSH or Telnet to gain access to the router.
What is the quickest way to remove a single ACE from a named ACL?
Use the no keyword and the sequence number of the ACE to be removed.
Which type of standard ACL is easiest to modify on a production router?
a named ACL that has not been applied yet
Which three values or sets of values are included when creating an extended access control list entry? (Choose three.)
access list number between 100 and 199 destination address and wildcard mask source address and wildcard mask
Refer to the exhibit. Which command would be used in a standard ACL to allow only devices on the network attached to R2 G0/0 interface to access the networks attached to R1?
access-list 1 permit 192.168.10.96 0.0.0.31
True or False? The name of a named standard ACL is case sensitive.
true
Which type of router connection can be secured by the access-class command?
vty
In which configuration would an outbound ACL placement be preferred over an inbound ACL placement?
when the ACL is applied to an outbound interface to filter packets coming from multiple inbound interfaces before the packets exit the interface
When would a network administrator use the clear access-list counters command?
when troubleshooting an ACL and needing to know how many packets matched