Network Auth and Security Chapter 8
What wild card mask will match networks 172.16.0.0 through 172.19.0.0? -0.252.255.255 -0.0.3.255 -0.3.255.255 -0.0.255.255 -0.0.0.255
0.3.255.255
Which scenario would cause an ACL misconfiguration and deny all traffic? -Apply a standard ACL using the ip access-group out command. -Apply a named ACL to a VTY line. -Apply a standard ACL in the inbound direction. -Apply an ACL that has all deny ACE statements.
Apply an ACL that has all deny ACE statements.
Which ICMP message type should be stopped inbound? -Echo-reply. -Echo. -Source quench. -Echo-tango. -Unreachable.
Echo
Refer to the exhibit. A network administrator wants to create a standard ACL to prevent Network 1 traffic from being transmitted to the Research and Development network. On which router interface and in which direction should the standard ACL be applied? -R1 Gi0/0 outbound -R2 S0/0/0 inbound -R1 S0/0/0 outbound -R2 Gi0/0 outbound. -R2 Gi0/0 inbound -R1 Gi0/0 inbound
R2 Gi0/0 outbound
Refer to the exhibit. A network administrator is configuring an IPv6 ACL to allow hosts on the 2001:DB8:CAFE:10::/64 network to access remote web servers, except for PC1. However, a user on PC1 can successfully access the web server PC2. Why is this possible? -The IPv6 ACL Deny_WEB is applied in the incorrect direction on router R1. -The IPv6 ACL Deny_WEB is permitting all web traffic before the specific host is blocked. -The IPv6 ACL Deny_WEB is applied to the wrong interface of router R1. -The IPv6 ACL Deny_WEB is spelled incorrectly when applied to the interface.
The IPv6 ACL Deny_WEB is permitting all web traffic before the specific host is blocked.
What method is used to apply an IPv6 ACL to a router interface? -The use of the ipv6 traffic-filter command. -The use of the access-class command. -The use of the ipv6 access-list command. -The use of the ip access-group command.
The use of the ipv6 traffic-filter command.
Refer to the exhibit. Which statement describes the function of the ACEs? -These are optional ACEs that can be added to the end of an IPv6 ACL to allow ICMP messages that are defined in object groups named nd-na and nd-ns. -These ACEs allow for IPv6 neighbor discovery traffic. -These ACEs must be manually added to the end of every IPv6 ACL to allow IPv6 routing to occur. -These ACEs automatically appear at the end of every IPv6 ACL to allow IPv6 routing to occur.
These ACEs allow for IPv6 neighbor discovery traffic.
In applying an ACL to a router interface, which traffic is designated as outbound? -Traffic that is coming from the source IP address into the router. -Traffic that is going from the destination IP address into the router. -Traffic that is leaving the router and going toward the destination host. -The IP atraffic for which the router can find no routing table entryddresses of IPsec peers.
Traffic that is leaving the router and going toward the destination host.
What is the quickest way to remove a single ACE from a named ACL? -Use the no access-list command to remove the entire ACL, then recreate it without the ACE. -Copy the ACL into a text editor, remove the ACE, then copy the ACL back into the router. -Use the no keyword and the sequence number of the ACE to be removed. -Create a new ACL with a different number and apply the new ACL to the router interface.
Use the no keyword and the sequence number of the ACE to be removed.
Which operator is used in an ACL statement to match packets of a specific application? -eq -gt -lt -established -implicit deny -match
eq
What type of ACL offers greater flexibility and control over network access? -named standard -numbered standard -flexible -extended -detracted
extended