CCNA-4 ch.4
8. Which two statements are correct about extended ACLs? (Choose two)
Extended ACLs evaluate the source and destination addresses.* Port numbers can be used to add greater definition to an ACL.*
15. What two ACEs could be used to deny IP traffic from a single source host 10.1.1.1 to the 192.168.0.0/16 network? (Choose two.)
access-list 100 deny ip 10.1.1.1 0.0.0.0 192.168.0.0 0.0.255.255* access-list 100 deny ip host 10.1.1.1 192.168.0.0 0.0.255.255*
Which set of access control entries would allow all users on the 192.168.10.0/24 network to access a web server that is located at 172.17.80.1, but would not allow them to use Telnet?
access-list 103 permit tcp 192.168.10.0 0.0.0.255 host 172.17.80.1 eq 80access-list 103 deny tcp 192.168.10.0 0.0.0.255 any eq 23*
19. Which IPv6 ACL command entry will permit traffic from any host to an SMTP server on network 2001:DB8:10:10::/64?
permit tcp any host 2001:DB8:10:10::100 eq 25*
9. Which three values or sets of values are included when creating an extended access control list entry? (Choose three.)
source address and wildcard mask* access list number between 100 and 199* destination address and wildcard mask*
20. In applying an ACL to a router interface, which traffic is designated as outbound?
traffic that is leaving the router and going toward the destination host*
2. What two functions describe uses of an access control list? (Choose two.)
ACLs provide a basic level of security for network access.* ACLs can control which areas a host can access on a network.*
1. Which range represents all the IP addresses that are affected when network 10.120.160.0 with a wildcard mask of 0.0.7.255 is used in an ACE?
10.120.160.0 to 10.120.167.255*
18. What is the wildcard mask that is associated with the network 192.168.12.0/24?
0.0.0.255
6. A network administrator is designing an ACL. The networks 192.168.1.0/25, 192.168.0.0/25, 192.168.0.128/25, 192.168.1.128/26, and 192.168.1.192/26 are affected by the ACL. Which wildcard mask, if any, is the most efficient to use when specifying all of these networks in a single ACL permit entry?
0.0.1.255*
3. Which two statements describe the effect of the access control list wildcard mask 0.0.0.15? (Choose two.)
The first 28 bits of a supplied IP address will be matched.* The last four bits of a supplied IP address will be ignored.*
13. Which two ACE commands will block traffic that is destined for a web server which is listening to default ports? (Choose two.)
access-list 110 deny tcp any any eq https* access-list 110 deny tcp any any gt 75*
14. Which feature is unique to IPv6 ACLs when compared to those of IPv4 ACLs?
an implicit permit of neighbor discovery packets*
12. Which two packet filters could a network administrator use on an IPv4 extended ACL? (Choose two.)
destination UDP port number* ICMP message type*
17. Which command is used to activate an IPv6 ACL named ENG_ACL on an interface so that the router filters traffic prior to accessing the routing table?
ipv6 traffic-filter ENG_ACL in*