CCNA 3 Midterm 1-5

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

To identify any IP address

A technician is tasked with using ACLs to secure a router. When would the technician use the ANY configuration option or command? To identify any IP address To identify one specific IP address To restrict specific traffic access through an interface To insert a comment into the packet header

To restrict specific traffic access through an interface

A technician is tasked with using ACLs to secure a router. When would the technician use the DENY configuration option or command? To display all restricted traffic To restrict specific traffic access through an interface To identify one specific IP address To generate and send an informational message whenever the ACE is matched

To allow returning reply traffic to enter the internal network

A technician is tasked with using ACLs to secure a router. When would the technician use the ESTABLISHED configuration option or command? To add a text entry for documentation purposes To allow returning reply traffic to enter the internal network To display all restricted traffic To allow specified traffic through an interface

To identify a single IP address

A technician is tasked with using ACLs to secure a router. When would the technician use the HOST configuration option or command? To add a text entry for documentation purposes To allow specified traffic through an interface To identify a single IP address To insert a comment into the packet header

To secure remote administrative access to the router

A technician is tasked with using ACLs to secure a router. When would the technician use the access-class 20 in the configuration option or command? To apply a standard ACL to an interface To secure management traffic into the router To remove a configured ACL To secure remote administrative access to the router

To apply an extended ACL to an interface

A technician is tasked with using ACLs to secure a router. When would the technician use the ip access-group 101 in the configuration option or command? To verify the ACL applied on the interface To secure administrative access to the router To display all restricted traffic To apply an extended ACL to an interface

Social engineering

A user receives a phone call from a person who claims to represent IT services and then asks that user for confirmation of username and password for auditing purposes. Which security threat does this phone call represent? Spam DDoS Anonymous keylogging Social engineering

HQ# clear ip ospf process

After modifying the router ID on an OSPF router, what is the preferred method to make the new router ID effective? HQ# copy running-config startup-config HQ# clear ip route * HQ# resume HQ# clear ip ospf process

A Telnet or SSH session is allowed from any device on the 192.168.10.0 into the router with this access list assigned. AND Devices on the 192.168.10.0/24 network are allowed to reply to any ping requests.

Consider the following access list. access-list 100 permit ip host 192.168.10.1 any access-list 100 deny icmp 192.168.10.0 0.0.0.255 any echo access-list 100 permit ip any any Which two actions are taken if the access list is placed inbound on a router Gigabit Ethernet port that has the IP address 192.168.10.254 assigned? Only Layer 3 connections are allowed to be made from the router to any other network device. AND Only the network device assigned the IP address 192.168.10.1 is allowed to access the router. Devices on the 192.168.10.0/24 network are allowed to reply to any ping requests. AND Only Layer 3 connections are allowed to be made from the router to any other network device. A Telnet or SSH session is allowed from any device on the 192.168.10.0 into the router with this access list assigned. AND Devices on the 192.168.10.0/24 network are allowed to reply to any ping requests. Only Layer 3 connections are allowed to be made from the router to any other network device. AND Devices on the 192.168.10.0/24 network can successfully ping devices on the 192.168.11.0 network.

Outside global

In NAT terms, what address type refers to the globally routable IPv4 address of a destination host on the Internet? Inside local Outside global Inside global Outside local

A private key

If an asymmetric algorithm uses a public key to encrypt data, what is used to decrypt it? A private key A different public key A digital certificate DH

When the routers are interconnected over a common Ethernet network

In an OSPF network when are DR and BDR elections required? When the two adjacent neighbors are interconnected over a point-to-point link When all the routers in an OSPF area cannot form adjacencies When the routers are interconnected over a common Ethernet network When the two adjacent neighbors are in two different networks

It tells the router which interface to turn on for the OSPF routing process.

In an OSPFv2 configuration, what is the effect of entering the command network 192.168.1.1 0.0.0.0 area 0 ? It changes the router ID of the router to 192.168.1.1. It allows all 192.168.1.0 networks to be advertised. It enables OSPF on all interfaces on the router. It tells the router which interface to turn on for the OSPF routing process.

DoS

In what type of attack is a cybercriminal attempting to prevent legitimate users from accessing network services? MITM Address spoofing Session hijacking DoS

They are infected machines that carry out a DDoS attack.

In what way are zombies used in security attacks? They probe a group of machines for open ports to learn which services are running. They are infected machines that carry out a DDoS attack. They are maliciously formed code segments used to replace legitimate applications. They target specific individuals to gain corporate or personal information.

SYN flood attack

In which TCP attack is the cybercriminal attempting to overwhelm a target host with half-open TCP connections? Reset attack Port scan attack SYN flood attack Session hijacking attack

DNS cache poisoning

In which type of attack is falsified information used to redirect users to malicious Internet sites? Domain generation DNS amplification and reflection DNS cache poisoning ARP cache poisoning

A) Establish and maintain adjacencies B) Advertise new information C) Compare local topology to that sent by another router D) Query another router for additional information

Match each OSPF packet type to how it is used by a router. (Not all options are used.) A) Hello Packet B) Link-state update packet C) Database description packet D) Link-state request packet 1) Establish and maintain adjacencies 2) Query another router for additional information 3) Advertise new information 4) Compare local topology to that sent by another router 5) Confirm receipt of an update

If the router no longer receives hello packets

What indicates to a link-state router that a neighbor is unreachable? If the router no longer receives routing updates If the router receives an LSP with previously learned information If the router no longer receives hello packets If the router receives an update with a hop count of 16

If the router no longer receives hello packets

What indicates to a link-state router that a neighbor is unreachable? If the router receives an LSP with previously learned information If the router no longer receives routing updates If the router no longer receives hello packets If the router receives an update with a hop count of 16

Topology changes in one area do not cause SPF recalculations in other areas.

What is a benefit of multiarea OSPF routing? Routers in all areas share the same link-state database and have a complete picture of the entire network. Topology changes in one area do not cause SPF recalculations in other areas. Automatic route summarization occurs by default between areas. A backbone area is not required.

End-to-end IPv4 traceability is lost.

What is a disadvantage when both sides of communication use PAT? Host IPv4 addressing is complicated. End-to-end IPv4 traceability is lost. The flexibility of connections to the Internet is reduced. The security of the communication is negatively impacted.

It can stop malicious packets.

What is a feature of an IPS? It is primarily focused on identifying possible incidents. It has no impact on latency. It can stop malicious packets. It is deployed in offline mode.

The inside local and the inside global

What two addresses are specified in a static NAT configuration? The outside global and the outside local The inside global and the outside local The inside local and the outside global The inside local and the inside global

Extended

What type of ACL offers greater flexibility and control over network access? Flexible Extended Numbered standard Named standard

Private

What type of address is 10.100.34.34? Public Private

Private

What type of address is 10.131.48.7? Public Private

Public

What type of address is 128.107.240.239? Public Private

Public

What type of address is 198.133.219.148? Public Private

Public

What type of address is 64.100.190.189? Public Private

0.3.255.255

What wild card mask will match networks 172.16.0.0 through 172.19.0.0? 0.3.255.255 0.0.255.255 0.0.3.255 0.252.255.255

Every 30 minutes

When an OSPF network is converged and no network topology change has been detected by a router, how often will LSU packets be sent to neighboring routers? Every 10 minutes Every 5 minutes Every 60 minutes Every 30 minutes

Database description

Which type of OSPFv2 packet contains an abbreviated list of the LSDB of a sending router and is used by receiving routers to check against the local LSDB? Link-state update Database description Link-state acknowledgment Link-state request

Hacktivist

Which type of hacker is motivated to protest against political and social issues? Hacktivist Cybercriminal Script kiddie Vulnerability broker

The commands are added at the end of the existing Managers ACL.

https://gyazo.com/19407cde0992361683f2d8c697412629 Refer to the exhibit. The named ACL "Managers" already exists on the router. What will happen when the network administrator issues the commands that are shown in the exhibit? The commands overwrite the existing Managers ACL. The commands are added at the end of the existing Managers ACL. The network administrator receives an error that states that the ACL already exists. The commands are added at the beginning of the existing Managers ACL.

The traffic is dropped.

https://gyazo.com/0d99b31ace7affeb740dd27536649de8 Refer to the exhibit. An administrator has configured a standard ACL on R1 and applied it to interface serial 0/0/0 in the outbound direction. What happens to traffic leaving interface serial 0/0/0 that does not match the configured ACL statements? The source IP address is checked and if a match is not found, traffic is routed out interface serial 0/0/1. The resulting action is determined by the destination IP address and port number. The traffic is dropped. The resulting action is determined by the destination IP address.

Access-list 101 permit tcp any host 192.168.1.1 eq 80

Which ACE will permit a packet that originates from any network and is destined for a web server at 192.168.1.1? Access-list 101 permit tcp any host 192.168.1.1 eq 80 Access-list 101 permit tcp any eq 80 host 192.168.1.1 Access-list 101 permit tcp host 192.168.1.1 any eq 80 Access-list 101 permit tcp host 192.168.1.1 eq 80 any

Link-state database

Which OSPF data structure is identical on all OSPF routers that share the same area? Forwarding database Link-state database Routing table Adjacency database

ExStart

Which OSPF state is NOT involved when two routers are forming an adjacency? Two-way Init Down ExStart

Man-in-the-middle attack

Which attack involves threat actors positioning themselves between a source and destination with the intent of transparently monitoring, capturing, and controlling the communication? ICMP attack Man-in-the-middle attack SYN flood attack DoS attack

DHCP

Which protocol is attacked when a cybercriminal provides an invalid gateway in order to create a man-in-the-middle attack? ICMP HTTP or HTTPS DHCP DNS

Integrity

Which requirement of secure communications is ensured by the implementation of MD5 or SHA hash generating algorithms?​ Integrity Authentication Nonrepudiation Confidentiality

access-list 103 permit tcp 192.168.10.0 0.0.0.255 host 172.17.80.1 eq 80 AND access-list 103 deny tcp ​192.168.10.0 0.0.0.255 any eq 23

Which set of access control entries would allow all users on the 192.168.10.0/24 network to access a web server that is located at 172.17.80.1, but would not allow them to use Telnet? access-list 103 permit 192.168.10.0 0.0.0.255 host 172.17.80.1 AND access-list 103 deny tcp 192.168.10.0 0.0.0.255 any eq telnet​​ access-list 103 permit tcp 192.168.10.0 0.0.0.255 any eq 80 AND access-list 103 deny tcp 192.168.10.0 0.0.0.255 any eq 23 access-list 103 deny tcp host 192.168.10.0 any eq 23 AND access-list 103 permit tcp host 192.168.10.1 eq 80 access-list 103 permit tcp 192.168.10.0 0.0.0.255 host 172.17.80.1 eq 80 AND access-list 103 deny tcp ​192.168.10.0 0.0.0.255 any eq 23

209.165.200.245

https://gyazo.com/1c8b290a759ee60591ee831ac0390e45 Refer to the exhibit. NAT is configured on RT1 and RT2. The PC is sending a request to the webserver. What IPv4 address is the source IP address in the packet between RT2 and the webserver? 172.16.1.254 192.168.1.5 209.165.200.245 172.16.1.10 192.0.2.2 203.0.113.10

Exchanging link-state advertisements

Which step in the link-state routing process is described by a router flooding link-state and cost information about each directly connected link? Injecting the default route Exchanging link-state advertisements Building the topology table Selecting the router ID

Choosing the best route

Which step in the link-state routing process is described by a router inserting best paths into the routing table? Choosing the best route Load balancing equal-cost paths Declaring a neighbor to be inaccessible Executing the SPF algorithm

Executing the SPF algorithm

Which step in the link-state routing process is described by a router running an algorithm to determine the best path to each destination? Declaring a neighbor to be inaccessible Choosing the best route Executing the SPF algorithm Load balancing equal-cost paths

Establishing neighbor adjacencies

Which step in the link-state routing process is described by a router sending Hello packets out all of the OSPF-enabled interfaces? Electing the designated router Establishing neighbor adjacencies Injecting the default route Exchanging link-state advertisements

C) Router(config)# access-list 95 deny any AND Router(config)# access-list 95 deny 172.16.0.0 0.0.255.255

A network administrator is writing a standard ACL that will deny any traffic from the 172.16.0.0/16 network, but permit all other traffic. Which two commands should be used? A) Router(config)# access-list 95 deny any AND Router(config)# access-list 95 172.16.0.0 255.255.255.255 B) Router(config)# access-list 95 deny 172.16.0.0 255.255.0.0 AND Router(config)# access-list 95 permit any C) Router(config)# access-list 95 deny any AND Router(config)# access-list 95 deny 172.16.0.0 0.0.255.255 D) Router(config)# access-list 95 host 172.16.0.0 AND Router(config)# access-list 95 172.16.0.0 255.255.255.255

Router1(config)# access-list 10 permit host 192.168.15.23 AND Router1(config)# access-list 10 permit 192.168.15.23 0.0.0.0

A network administrator needs to configure a standard ACL so that only the workstation of the administrator with the IP address 192.168.15.23 can access the virtual terminal of the main router. Which two configuration commands can achieve the task? permit 192.168.15.23 0.0.0.0 AND Router1(config)# access-list 10 permit 192.168.15.23 0.0.0.255 Router1(config)# access-list 10 permit host 192.168.15.23 AND Router1(config)# access-list 10 permit 192.168.15.23 0.0.0.0 Router1(config)# access-list 10 permit 192.168.15.23 0.0.0.255 AND Router1(config)# access-list 10 permit 192.168.15.23 255.255.255.0 Router1(config)# access-list 10 permit 192.168.15.23 255.255.255.0 AND Router1(config)# access-list 10 permit 192.168.15.23 255.255.255.255

The dead interval will now be 60 seconds.

A network engineer has manually configured the hello interval to 15 seconds on an interface of a router that is running OSPFv2. By default, how will the dead interval on the interface be affected? The dead interval will now be 30 seconds. The dead interval will now be 60 seconds. The dead interval will now be 15 seconds. The dead interval will not change from the default value.

To create an entry in a numbered ACL

A technician is tasked with using ACLs to secure a router. When would the technician use the 40 deny host 192.168.23.8 configuration option or command? To remove an ACL from an interface To apply an extended ACL to an interface To secure management traffic into the router To create an entry in a numbered ACL

A) Adjacency Database B) Shortest Path First (SPF) C) Single-Area OSPF D) Link-state database

Match the description to the term. (Not all options are used.) A) This is where the details of the neighboring routers can be found. B) This is the algorithm used by OSPF. C) All the routers are in the backbone area. D) This is where you can find the topology table. 1) Adjacency Database 2) Shortest Path First (SPF) 3) Single-Area OSPF 4) Link-state database 5) Dual 6) Multiarea OSPF

1) Down State 2) Init State 3) Two-way state 4) Exstart State 5) Exchange State 6) Loading Start 7) Full State

Put the OSPF States in order ( One of the options isn't used) Init State Active State Full State Exchange State Down State Exstart State Two-Way State Loading State

The R1 dead timer expires between hello packets from R2.

Refer to the exhibit. A network administrator has configured the OSPF timers to the values that are shown in the graphic. What is the result of having those manually configured timers? The hello timer on R2 expires every ten seconds. The neighbor adjacency has formed. R1 automatically adjusts its own timers to match the R2 timers.

Answer ACL 10 is removed from the running configuration.

Refer to the exhibit. A network administrator is configuring a standard IPv4 ACL. What is the effect after the command no access-list 10 is entered? Answer ACL 10 is removed from the running configuration. ACL 10 is disabled on Fa0/1. ACL 10 is removed from both the running configuration and the interface Fa0/1. ACL 10 will be disabled and removed after R1 restarts.

Ping packets will be permitted. AND SSH packets will be permitted.

Refer to the exhibit. An administrator first configured an extended ACL as shown by the output of the show access-lists command. The administrator then edited this access-list by issuing the commands below. Router(config)# ip access-list extended 101 Router(config-ext-nacl)# no 20 Router(config-ext-nacl)# 5 permit tcp any any eq 22 Router(config-ext-nacl)# 20 deny udp any any Which two conclusions can be drawn from this new configuration?​ Ping packets will be permitted. AND Telnet packets will be permitted. Telnet packets will be permitted. AND All TCP and UDP packets will be denied.​ All TCP and UDP packets will be denied.​ AND TFTP packets will be permitted.​ Ping packets will be permitted. AND SSH packets will be permitted.

PAT using an external interface

Refer to the exhibit. Based on the output that is shown, what type of NAT has been implemented? Static NAT with a NAT pool Dynamic NAT with a pool of two public IP addresses PAT using an external interface Static NAT with one entry

1

Refer to the exhibit. Given the commands as shown, how many hosts on the internal LAN off R1 can have simultaneous NAT translations on R1? 255 1 244 10

A = 10.1.0.13 AND B = 209.165.201.1

Refer to the exhibit. Static NAT is being configured to allow PC 1 access to the webserver on the internal network. What two addresses are needed in place of A and B to complete the static NAT configuration? A = 10.1.0.13 AND B = 209.165.201.7 A = 209.165.201.2 AND B = 10.0.254.5 A = 10.1.0.13 AND B = 209.165.201.1 A = 209.165.201.2 AND B = 209.165.201.7

Not enough information is given to determine if both static and dynamic NAT are working.

Refer to the exhibit. The NAT configuration applied to the router is as follows: ERtr(config)# access-list 1 permit 10.0.0.0 0.255.255.255 ERtr(config)# ip nat pool corp 209.165.201.6 209.165.201.30 netmask 255.255.255.224 ERtr(config)# ip nat inside source list 1 pool corp overload ERtr(config)# ip nat inside source static 10.10.10.55 209.165.201.4 ERtr(config)# interface gigabitethernet 0/0 ERtr(config-if)# ip nat inside ERtr(config-if)# interface serial 0/0/0 ERtr(config-if)# ip nat outside Based on the configuration and the output shown, what can be determined about the NAT status within the organization? Dynamic NAT is working, but static NAT is not. Not enough information is given to determine if both static and dynamic NAT are working. Static NAT is working, but dynamic NAT is not. NAT is working.

Interface S0/0/0 should be configured with the command ip nat outside .

Refer to the exhibit. What has to be done in order to complete the static NAT configuration on R1? Interface S0/0/0 should be configured with the command ip nat outside . Interface Fa0/0 should be configured with the command no ip nat inside . R1 should be configured with the command ip nat inside source static 209.165.200.1 192.168.11.11 . R1 should be configured with the command ip nat inside source static 209.165.200.200 192.168.11.11 .

Hello interval AND Dead interval

To establish a neighbor adjacency two OSPF routers will exchange hello packets. Which two values in the hello packets must match on both routers? Router ID AND Router priority Dead interval AND Router ID Router priority AND List of neighbors Hello interval AND Dead interval

Financial gain

What commonly motivates cyber criminals to attack networks as compared to hacktivists or state-sponsored hackers? Political reasons Financial gain Status among peers Fame seeking

Port numbers

What does NAT overloading use to track multiple internal hosts that use one inside global address? MAC addresses Autonomous system numbers Port numbers IP addresses

Router(config-std-nacl)#

What does the CLI prompt change to after entering the command ip access-list standard aaa from global configuration mode? Router(config-line)# Router(config-if)# Router(config)# Router(config-router)# Router(config-std-nacl)#

Traffic originating from 172.16.4.0/24 is permitted to all TCP port 80 destinations.

What effect would the Router1(config-ext-nacl)# permit tcp 172.16.4.0 0.0.0.255 any eq www command have when implemented inbound on the f0/0 interface? All traffic from 172.16.4.0/24 is permitted anywhere on any port. Traffic originating from 172.16.4.0/24 is permitted to all TCP port 80 destinations. All TCP traffic is permitted, and all other traffic is denied. The command is rejected by the router because it is incomplete.

The use of multiple areas

What is used to facilitate hierarchical routing in OSPF? Frequent SPF calculations The use of multiple areas Autosummarization The election of designated routers

A network scanning technique that indicates the live hosts in a range of IP addresses.

What is a ping sweep? A scanning technique that examines a range of TCP or UDP port numbers on a host to detect listening services. A query and response protocol that identifies information about a domain, including the addresses that are assigned to that domain. A software application that enables the capture of all network packets that are sent across a LAN. A network scanning technique that indicates the live hosts in a range of IP addresses.

Place identical restrictions on all VTY lines.

What is considered a best practice when configuring ACLs on VTY lines? Place identical restrictions on all VTY lines. Remove the VTY password since the ACL restricts access to trusted users. Apply the ip access-group command inbound. Use only extended access lists.

It appears as useful software but hides malicious code.

What is the best description of Trojan horse malware? It is malware that can only be distributed over the Internet. It is the most easily detected form of malware. It is software that causes annoying but not fatal computer problems. It appears as useful software but hides malicious code.

1

What is the default router priority value for all Cisco OSPF routers? 1 10 255 0

A 32-bit number formatted like an IPv4 address

What is the format of the router ID on an OSPF-enabled router? A 32-bit number formatted like an IPv4 address A unique router hostname that is configured on the router A character string with no space A unique phrase with no more than 16 characters An 8-bit number with a decimal value between 0 and 255

It allows many inside hosts to share one or a few inside global addresses.

What is the purpose of the overload keyword in the ip nat inside source list 1 pool NAT_POOL overload command? It allows a list of internal hosts to communicate with a specific group of external hosts. It allows external hosts to initiate sessions with internal hosts. It allows many inside hosts to share one or a few inside global addresses. It allows a pool of inside global addresses to be used by internal hosts.

Use the no keyword and the sequence number of the ACE to be removed.

What is the quickest way to remove a single ACE from a named ACL? Copy the ACL into a text editor, remove the ACE, then copy the ACL back into the router. Use the no keyword and the sequence number of the ACE to be removed. Use the no access-list command to remove the entire ACL, then recreate it without the ACE. Create a new ACL with a different number and apply the new ACL to the router interface.

To more accurately reflect the cost of links greater than 100 Mb/s

What is the reason for a network engineer to alter the default reference bandwidth parameter when configuring OSPF? To enable the link for OSPF routing To force that specific link to be used in the destination route To more accurately reflect the cost of links greater than 100 Mb/s To increase the speed of the link

Origin authentication

What is the term used to describe a guarantee that the message is not a forgery and does actually come from whom it states? Origin authentication Risk Mitigation Exploit

Exploit

What is the term used to describe a mechanism that takes advantage of a vulnerability? Threat Vulnerability Exploit Mitigation

Threat

What is the term used to describe a potential danger to a company's assets, data, or network functionality? Vulnerability Exploit Asset Threat

Hacktivists

What is the term used to describe gray hat hackers who publicly protest organizations or governments by posting articles, videos, leaking sensitive information, and performing network attacks? Grey hat hackers Hacktivists White hat hackers State-sponsored hacker

Symmetric encryption algorithm

What is the term used to describe the same pre-shared key or secret key, known by both the sender and receiver to encrypt and decrypt data? Mitigation Risk Data integrity Symmetric encryption algorithm

Black hat hackers

What is the term used to describe unethical criminals who compromise computer and network security for personal gain, or for malicious reasons? Vulnerability broker Hacktivists Black hat hackers Script kiddies

The use of multiple areas

What is used to facilitate hierarchical routing in OSPF? Frequent SPF calculations The election of designated routers The use of multiple areas Autosummarization

Internal threats can cause even greater damage than external threats.

Which statement accurately characterizes the evolution of threats to network security? Internet architects planned for network security from the beginning. Threats have become less sophisticated while the technical knowledge needed by an attacker has grown. Internal threats can cause even greater damage than external threats. Early Internet users often engaged in activities that would harm other users.

They filter traffic based on source IP addresses only.

Which statement describes a characteristic of standard IPv4 ACLs? They are configured in the interface configuration mode. They can be configured to filter traffic based on both source IP addresses and source ports. They filter traffic based on source IP addresses only. They can be created with a number but not with a name.

Inbound ACLs are processed before the packets are routed while outbound ACLs are processed after the routing is completed.

Which statement describes a difference between the operation of inbound and outbound ACLs? On a network interface, more than one inbound ACL can be configured but only one outbound ACL can be configured. In contrast to outbound ALCs, inbound ACLs can be used to filter packets with multiple criteria. Inbound ACLs are processed before the packets are routed while outbound ACLs are processed after the routing is completed. Inbound ACLs can be used in both routers and switches but outbound ACLs can be used only on routers.

Exchanges link-state advertisements

Which step does an OSPF-enabled router take immediately after establishing an adjacency with another router? Chooses the best path Exchanges link-state advertisements Builds the topology table Executes the SPF algorithm

Building the topology table

Which step in the link-state routing process is described by a router building a link-state database based on received LSAs? Selecting the router ID Declaring a neighbor to be inaccessible Executing the SPF algorithm Building the topology table

Host AND Any

Which two keywords can be used in an access control list to replace a wildcard mask or address and wildcard mask pair? Most And All Host AND Any Lt AND Gt Any AND Some

ICMP message type AND Destination UDP port number

Which two packet filters could a network administrator use on an IPv4 extended ACL? ICMP message type AND Destination UDP port number Source MAC address AND ICMP message type Destination UDP port number AND Computer type Source TCP hello address and ICMP message type

Database description

Which type of OSPFv2 packet contains an abbreviated list of the LSDB of a sending router and is used by receiving routers to check against the local LSDB? Link-state acknowledgment Database description Link-state update Link-state request

Access-list 3 permit 192.168.10.128 0.0.0.63

https://gyazo.com/1f294ee3ab71588986770db3668e5fc8 Refer to the exhibit. Write two ACLs that will permit only the two LAN networks attached to R1 to access the network that connects to R2 G0/1 interface. Which statement below will NOT be used as one of those two ACLs. Access-list 1 permit 192.168.10.0 0.0.0.127 Access-list 5 permit 192.168.10.0 0.0.0.63 Access-list 5 permit 192.168.10.64 0.0.0.63 Access-list 3 permit 192.168.10.128 0.0.0.63

All traffic will be blocked, not just traffic from the 172.16.4.0/24 subnet.

https://gyazo.com/25b6c0f3ca0b0aa8e591cac2ed6cb3f2 Refer to the exhibit. An ACL was configured on R1 with the intention of denying traffic from subnet 172.16.4.0/24 into subnet 172.16.3.0/24. All other traffic into subnet 172.16.3.0/24 should be permitted. This standard ACL was then applied outbound on interface Fa0/0. Which conclusion can be drawn from this configuration?​ The ACL should be applied to the FastEthernet 0/0 interface of R1 inbound to accomplish the requirements. An extended ACL must be used in this situation. The ACL should be applied outbound on all interfaces of R1. Only traffic from the 172.16.4.0/24 subnet is blocked, and all other traffic is allowed.​ All traffic will be blocked, not just traffic from the 172.16.4.0/24 subnet.

Standard ACL inbound on R1 G0/1

https://gyazo.com/274b60561cb4517971fbd35bc3c4c370 Refer to the exhibit. Employees on 192.168.11.0/24 work on critically sensitive information and are not allowed access off their network. What is the best ACL type and placement to use in this situation? Standard ACL inbound on R1 G0/1 Standard ACL inbound on R2 WAN interface connecting to the internet Standard ACL inbound on R1 VTY lines Extended ACL inbound on R2 S0/0/0

Apply an inbound extended ACL on R1 Gi0/0.

https://gyazo.com/274b60561cb4517971fbd35bc3c4c370 Refer to the exhibit. The student on the H1 computer continues to launch an extended ping with expanded packets at the student on the H2 computer. The school network administrator wants to stop this behavior but still allows both students access to web-based computer assignments. What would be the best plan for the network administrator? Apply an inbound extended ACL on R1 Gi0/0. Apply an outbound standard ACL on R2 S0/0/1. Apply an inbound extended ACL on R2 Gi0/1. Apply an inbound standard ACL on R1 Gi0/0. Apply an outbound extended ACL on R1 S0/0/1.

Extended ACL inbound on R3 G0/0

https://gyazo.com/29cb89fa42986c9aa0ec57be12ae5dc9 Refer to the exhibit. Network 192.168.30.0/24 contains all of the company servers. Policy dictates that traffic from the servers to both networks 192.168.10.0 and 192.168.11.0 be limited to replies for original requests. What is the best ACL type and placement to use in this situation? Extended ACLs inbound on R1 G0/0 and G0/1 Standard ACL inbound on R1 VTY lines Extended ACL inbound on R3 G0/0 Standard ACL inbound on R1 G0/0

Extended ACL inbound on R1 G0/0

https://gyazo.com/29cb89fa42986c9aa0ec57be12ae5dc9 Refer to the exhibit. The company has provided IP phones to employees on the 192.168.10.0/24 network and the voice traffic will need priority over data traffic. What is the best ACL type and placement to use in this situation? Extended ACLs inbound on R1 G0/0 and G0/1 Standard ACL outbound on R2 S0/0/0 Extended ACL inbound on R1 G0/0 Extended ACL inbound on R3 S0/0/1

Standard ACL inbound on R1 VTY lines

https://gyazo.com/29cb89fa42986c9aa0ec57be12ae5dc9 Refer to the exhibit. The network administrator has an IP address of 192.168.11.10 and needs access to manage R1. What is the best ACL type and placement to use in this situation? Standard ACL inbound on R1 VTY lines Standard ACL outbound on R1 G0/0 Standard ACL inbound on R2 WAN interface connecting to the internet Extended ACL inbound on R3 G0/0

Extended ACLs inbound on R1 G0/0 and G0/1

https://gyazo.com/2afc30848af88a291fe771d8293d96f7 Refer to the exhibit. Many employees are wasting company time accessing social media on their work computers. The company wants to stop this access. What is the best ACL type and placement to use in this situation? Extended ACLs inbound on R1 G0/0 and G0/1 Standard ACL inbound on R1 G0/1 Standard ACL inbound on R2 WAN interface connecting to the internet Standard ACL inbound on R1 G0/0

R1 Gi0/1.12 AND Outbound

https://gyazo.com/389a7e2c4ecdac98b420e540517d0799 Refer to the exhibit. The Gigabit interfaces on both routers have been configured with subinterface numbers that match the VLAN numbers connected to them. PCs on VLAN 10 should be able to print to the P1 printer on VLAN 12. PCs on VLAN 20 should print to the printers on VLAN 22. What interface and in what direction should you place a standard ACL that allows printing to P1 from data VLAN 10, but stops the PCs on VLAN 20 from using the P1 printer? R1 Gi0/1.12 AND Inbound R1 S0/0/0 and Outbound R1 Gi0/1.12 AND Outbound R2 S0/0/1 and Outbound R2 Gi0/1.20 and Inbound

R2(config)# interface fastethernet 0/1

https://gyazo.com/3a8a90dea75e751c3236a41e04292c58 Refer to the exhibit. A network administrator wants to permit only host 192.168.1.1 /24 to be able to access the server 192.168.2.1 /24. Which command will NOT be used to achieve this using best ACL placement practices? R2(config-if)# ip access-group 101 in R2(config)# interface fastethernet 0/0 R2(config)# interface fastethernet 0/1 R2(config)# access-list 101 permit ip host 192.168.1.1 host 192.168.2.1

209.165.200.225

https://gyazo.com/410f76d4d483e41f87a9a49d8bd726aa Refer to the exhibit. From the perspective of R1, the NAT router, which address is the inside global address? 209.165.200.254 192.168.0.10 192.168.0.1 209.165.200.225

The sequence of the ACEs is incorrect.

https://gyazo.com/458f57a318d5bca9bb6a6626b8d99e98 Refer to the exhibit. A network administrator has configured ACL 9 as shown. Users on the 172.31.1.0 /24 network cannot forward traffic through router CiscoVille. What is the most likely cause of the traffic failure? The port number for the traffic has not been identified with the eq keyword. The established keyword is not specified. The sequence of the ACEs is incorrect. The permit statement specifies an incorrect wildcard mask.

The router has not had any Telnet packets from 10.35.80.22 that are destined for 10.23.77.101.

https://gyazo.com/46dfac89b6c306f4a033b8ecdb39672d Refer to the exhibit. What can be determined from this output? The ACL is missing the deny ip any any ACE. The router has not had any Telnet packets from 10.35.80.22 that are destined for 10.23.77.101. Because there are no matches for line 10, the ACL is not working. The ACL is only monitoring traffic destined for 10.23.77.101 from three specific hosts.

The host with the address 209.165.200.235 will respond to requests by using a source address of 192.168.10.10.

https://gyazo.com/578e94fc81ce41783c131df1a1ff2754 Refer to the exhibit. Which statement is correct based on the output as shown in the exhibit? The output is the result of the show ip nat statistics command. The host with the address 209.165.200.235 will respond to requests by using a source address of 209.165.200.235. Traffic with the destination address of a public web server will be sourced from the IP of 192.168.1.10. The host with the address 209.165.200.235 will respond to requests by using a source address of 192.168.10.10.

NAT-POOL2 is bound to the wrong ACL.

https://gyazo.com/7717fe1b7b4366dd018c1e91a46a5d02 Refer to the exhibit. A network administrator has configured R2 for PAT. Why is the configuration incorrect? The overload keyword should not have been applied. The ACL does not define the list of addresses to be translated. The static NAT entry is missing. NAT-POOL2 is bound to the wrong ACL.

Inside global

https://gyazo.com/7831753f79033682c3ac3a46ab01bbbf Refer to the exhibit. From the perspective of users behind the NAT router, what type of NAT address is 209.165.201.1? Inside local Outside local Outside global Inside global

5 deny 172.23.16.0 0.0.15.255

https://gyazo.com/785b10df9b92ad6ceb68aa9a85952cba Refer to the exhibit. A network administrator needs to add an ACE to the TRAFFIC-CONTROL ACL that will deny IP traffic from the subnet 172.23.16.0/20. Which ACE will meet this requirement? 5 deny 172.23.16.0 0.0.15.255 5 deny 172.23.16.0 0.0.255.255 15 deny 172.23.16.0 0.0.15.255 30 deny 172.23.16.0 0.0.15.255

One port on the router is not participating in the address translation.

https://gyazo.com/7c89051a12e4e316b81f9051dd55f20c Refer to the exhibit. A network administrator has just configured address translation and is verifying the configuration. Which statement CANNOT be verified by this output? Address translation is working. A standard access list numbered 1 was used as part of the configuration process. Two types of NAT are enabled. One port on the router is not participating in the address translation.

192.168.0.1 192.168.0.10 209.165.201.1 209.165.200.225

https://gyazo.com/9280219dc3e127c1b0ea4261c4a2479a Refer to the exhibit. R1 is configured for static NAT. What IP address will Internet hosts use to reach PC1? 192.168.0.1 192.168.0.10 209.165.201.1 209.165.200.225

Access-list 1 permit 192.168.10.96 0.0.0.31

https://gyazo.com/94eec45c39ec1c8b02f6145d5e061292 Refer to the exhibit. Which command would be used in a standard ACL to allow only devices on the network attached to R2 G0/0 interface to access the networks attached to R1? Access-list 1 permit 192.168.10.128 0.0.0.63 Access-list 1 permit 192.168.10.0 0.0.0.63 Access-list 1 permit 192.168.10.96 0.0.0.31 Access-list 1 permit 192.168.10.0 0.0.0.255

An SSH connection is allowed from a workstation with IP 192.168.25.18 to a device with IP 172.16.45.16.

https://gyazo.com/a8c586b5fe128cf79381f5cff7ca42f1 Refer to the exhibit. A network administrator configures an ACL on the router. Which statement describes the result of the configuration? A Telnet connection is allowed from a workstation with IP 172.16.45.16 to a device with IP 192.168.25.18. A Telnet connection is allowed from a workstation with IP 192.168.25.18 to a device with IP 172.16.45.16. An SSH connection is allowed from a workstation with IP 192.168.25.18 to a device with IP 172.16.45.16. An SSH connection is allowed from a workstation with IP 172.16.45.16 to a device with IP 192.168.25.18.

The ACL is implicitly denying access to all the servers.

https://gyazo.com/b7a4cd99421871ea8c0cd4bfa41256ff Refer to the exhibit. A new network policy requires an ACL denying FTP and Telnet access to a Corp file server from all interns. The address of the file server is 172.16.1.15 and all interns are assigned addresses in the 172.18.200.0/24 network. After implementing the ACL, no one in the Corp network can access any of the servers. What is the problem? The ACL is applied to the interface using the wrong direction. Named ACLs require the use of port numbers. The ACL is implicitly denying access to all the servers. Inbound ACLs must be routed before they are processed.

209.165.200.225

https://gyazo.com/cfa0f88ed2f1802efd3c554ef9a50165 Refer to the exhibit. Which source address is being used by router R1 for packets being forwarded to the Internet? 209.165.202.141 198.51.100.3 209.165.200.225 10.6.15.2

The traffic from a source IPv4 address of 192.168.254.253 is being translated to 192.0.2.88 by means of static NAT.

https://gyazo.com/d254729b0ae985420d3c047213ca0e1a Refer to the exhibit. A network administrator is viewing the output from the command show ip nat translations. Which statement correctly describes the NAT translation that is occurring on router RT2?​ The traffic from a source IPv4 public address that originates traffic on the internet would be able to reach private internal IPv4 addresses​. The traffic from a source IPv4 address of 192.0.2.88 is being translated by router RT2 to reach a destination IPv4 address of 192.168.254.253. The traffic from a source IPv4 address of 192.168.2.20 is being translated by router RT2 to reach a destination IPv4 address of 192.0.2.254. The traffic from a source IPv4 address of 192.168.254.253 is being translated to 192.0.2.88 by means of static NAT.

Outside Global - 203.0.113.5 (A) Inside Global - 192.0.2.1 (B) Inside Local - 10.130.5.76 (C)

https://gyazo.com/d6949cfa465a22df32b8934dd81f824d Refer to the exhibit. The PC is sending a packet to the Server on the remote network. Router R1 is performing NAT overload. From the perspective of the PC, match the NAT address type with the correct IP address. (Not all options are used.) Outside Global Inside Global Inside Local A) 203.0.113.5 B) 192.0.2.1 C) 10.130.5.76 D) 10.130.5.1 E) 192.0.2.2 F) 203.0.113.14

Extended ACL inbound on R2 WAN interface connected to the internet

https://gyazo.com/f8d22ce314ece65c50542b606decd617 Refer to the exhibit. Only authorized remote users are allowed remote access to the company server 192.168.30.10. What is the best ACL type and placement to use in this situation? Extended ACL outbound on R2 WAN interface towards the internet Extended ACL inbound on R2 WAN interface connected to the internet Extended ACLs inbound on R1 G0/0 and G0/1 Extended ACL inbound on R2 S0/0/0


Set pelajaran terkait

Chapter 10: Some lessons from capital market history

View Set

The Jewish Settlements in the Land of Israel 1881-1948

View Set

Training & Development Ch. 1 Cragun

View Set

2. Initiate: Identify Scrum Master and Stakeholder(s)

View Set

Security + practice test A part 2

View Set

ANSC 107 Test 3, Topic 3: Comparative Digestive Systems

View Set