NETWORKING 3 SA2 reviewer <3

Ace your homework & exams now with Quizwiz!

A college student is studying for the Cisco CCENT certification and is visualizing extended access lists. Which three keywords could immediately follow the keywords permit or deny as part of an extended access list? (Choose three.) -telnet -tcp -udp -www -icmp -ftp

-tcp -udp -icmp

24. What wildcard mask will match network 10.10.100.64/26? 0.0.0.15 0.0.0.31 0.0.0.63 0.0.0.127

0.0.0.63

21. What wildcard mask will match networks 10.16.0.0 through 10.19.0.0? 0.252.255.255 0.0.255.255 0.0.3.255 0.3.255.255

0.3.255.255

5. Which three statements describe ACL processing of packets? (Choose three.) -A packet can either be rejected or forwarded as directed by the ACE that is matched. -A packet that does not match the conditions of any ACE will be forwarded by default. -Each statement is checked only until a match is detected or until the end of the ACE list. -Each packet is compared to the conditions of every ACE in the ACL before a forwarding decision is made. -An implicit deny any rejects any packet that does not match any ACE. -A packet that has been denied by one ACE can be permitted by a subsequent ACE.

1. A packet can either be rejected or forwarded as directed by the ACE that is matched. 2. Each statement is checked only until a match is detected or until the end of the ACE list. 3. An implicit deny any rejects any packet that does not match any ACE.

Which two conditions would cause a router to drop a packet? (Choose two.) -The ACL that is affecting the packet does not contain at least one deny ACE. -No routing table entry exists for the packet destination, but the packet matches a permitted address in an outbound ACL. -No outbound ACL exists on the interface where the packet exits the router. -No inbound ACL exists on the interface where the packet enters the router. -The packet source address does not match the source as permitted in a standard inbound ACE.

1. No routing table entry exists for the packet destination, but the packet matches a permitted address in an outbound ACL. 2.The packet source address does not match the source as permitted in a standard inbound ACE.

3. Which two statements describe appropriate general guidelines for configuring and applying ACLs? (Choose two.) -Multiple ACLs per protocol and per direction can be applied to an interface. -If a single ACL is to be applied to multiple interfaces, it must be configured with a unique number for each interface. -The most specific ACL statements should be entered first because of the top-down sequential nature of ACLs. -If an ACL contains no permit statements, all traffic is denied by default. -Standard ACLs are placed closest to the source, whereas extended ACLs are placed closest to the destination.

1. The most specific ACL statements should be entered first because of the top-down sequential nature of ACLs. 2. If an ACL contains no permit statements, all traffic is denied by default.

11. Which range represents all the IP addresses that are affected when network 10.120.160.0 with a wildcard mask of 0.0.7.255 is used in an ACE? 10.120.160.0 to 10.120.167.255 10.120.160.0 to 10.127.255.255 10.120.160.0 to 10.120.191.255 10.120.160.0 to 10.120.168.0

10.120.160.0 to 10.120.167.255

2. A network administrator configures an ACL with the command R1(config)# access-list 1 permit 172.16.0.0 0.0.15.255. Which two IP addresses will match this ACL statement? (Choose two.) -172.16.16.12 -172.16.31.24 -172,16.65.21 -172.16.0.255 - 172.16.15.36

172.16.0.255 and 172.16.15.36

18. In the following example, you forgot to enter an ACE to deny the user at IP address 192.168.10.10. Which command would correctly enter the ACE to filter this address? R1# show access-lists Extended IP access list PERMIT-NET 10 permit ip 192.168.10.0 0.0.0.255 any 20 permit ip 192.168.11.0 0.0.0.255 any R1# -------------------------------------------------- deny ip host 192.168.10.10 5 deny ip host 192.168.10.10 15 deny ip host 192.168.10.10 25 deny ip host 192.168.10.10

5 deny ip host 192.168.10.10

19. A network administrator configures the border router with the ip nat inside source list 4 pool NAT-POOL global configuration command. What is required to be configured in order for this particular command to be functional? A NAT pool named NAT-POOL that defines the starting and ending public IPv4 addresses A VLAN named NAT-POOL that is enabled and active and routed by R1 An access list named NAT-POOL that defines the private addresses that are affected by NAT An access list numbered 4 that defines the starting and ending public IPv4 addresses ip nat outside enabled on the interface that connects to the LAN affected by NAT

A NAT pool named NAT-POOL that defines the starting and ending public IPv4 addresses

15. What two functions describe uses of access control lists? (Choose two.) ACLs assist a router in determining the best path to a destination. ACLs can control which areas a host can access on a network. ACLs provide a basic level of security for network access. Standard ACLs can filter traffic based on source and destination network addresses. Standard ACLs can restrict access to specific applications and ports

ACLs can control which areas a host can access on a network. ACLs provide a basic level of security for network access.

16. Which three statements describe how an ACL processes packets? (Choose three.) A packet is compared with all ACEs in the ACL before a forwarding decision is made. A packet that has been denied by one ACE can be permitted by a subsequent ACE. An implicit deny at the end of an ACL rejects any packet that does not match an ACE. Each ACE is checked only until a match is detected or until the end of the ACL. If an ACE is matched, the packet is either rejected or forwarded, as directed by the ACE. If an ACE is not matched, the packet is forwarded by default.

An implicit deny at the end of an ACL rejects any packet that does not match an ACE. Each ACE is checked only until a match is detected or until the end of the ACL. If an ACE is matched, the packet is either rejected or forwarded, as directed by the ACE.

7. What address translation is performed by static NAT? An inside local address is translated to a specified outside local address. An inside local address is translated to a specified inside global address. An inside local address is translated to a specified outside global address. An outside local address is translated to a specified outside global address

An inside local address is translated to a specified inside global address.

2. Consider the configured access list. R1# show access-lists extended IP access list 100 deny tcp host 10.1.1.2 host 10.1.1.1 eq telnet deny tcp host 10.1.2.2 host 10.1.2.1 eq telnet permit ip any any (15 matches) What are two characteristics of this access list? (Choose two.) Only the 10.1.1.2 device can telnet to the router that has the 10.1.1.1 IP address assigned. The 10.1.2.1 device is not allowed to telnet to the 10.1.2.2 device. Any device can telnet to the 10.1.2.1 device. A network administrator would not be able to tell if the access list has been applied to an interface or not. Any device on the 10.1.1.0/24 network (except the 10.1.1.2 device) can telnet to the router that has the IP address 10.1.1.1 assigned. The access list has been applied to an interface.

Any device on the 10.1.1.0/24 network (except the 10.1.1.2 device) can telnet to the router that has the IP address 10.1.1.1 assigned. The access list has been applied to an interface.

10. Why is NAT not needed in IPv6? The end-to-end connectivity problems that are caused by NAT are solved because the number of routes increases with the number of nodes that are connected to the Internet. Because IPv6 has integrated security, there is no need to hide the IPv6 addresses of internal networks. The problems that are induced by NAT applications are solved because the IPv6 header improves packet handling by intermediate routers. Any host or user can get a public IPv6 network address because the number of available IPv6 addresses is extremely large.

Any host or user can get a public IPv6 network address because the number of available IPv6 addresses is extremely large

7. Which scenario would cause an ACL misconfiguration and deny all traffic? -Apply a standard ACL using the ip access-group outcommand. -Apply a named ACL to a VTY line. -Apply an ACL that has all deny ACE statements. -Apply a standard ACL in the inbound direction.

Apply an ACL that has all deny ACE statements.

18. Which two characteristics are shared by standard and extended ACLs? (Choose two.) Both filter packets for a specific destination host IP address. Both include an implicit deny as a final entry. Both permit or deny specific services by port number. They both filter based on protocol type. They can be created by using either descriptive names or numbers.

Both include an implicit deny as a final entry. They can be created by using either descriptive names or numbers.

5. What is one advantage of using NAT at the edge of the network? Changing ISPs is simpler because the devices on the inside network do not have to be configured with new addresses when the outside address changes. Dynamic NAT allows devices from outside the local network to easily initiate TCP connections to inside hosts. NAT enables end-to-end IPv4 traceability, making troubleshooting easier. Performance is significantly increased because the router does not have to perform as many route lookups

Changing ISPs is simpler because the devices on the inside network do not have to be configured with new addresses when the outside address changes.

21. What are two of the required steps to configure PAT? (Choose two.) Create a standard access list to define applications that should be translated. Define a pool of global addresses to be used for overload translation. Define the Hello and Interval timers to match the adjacent neighbor router. Define the range of source ports to be used. Identify the inside interface.

Define a pool of global addresses to be used for overload translation. Identify the inside interface.

14. Which two packet filters could a network administrator use on an IPv4 extended ACL? (Choose two.) Computer type Destination MAC address Destination UDP port number ICMP message type Source TCP hello address

Destination UDP port number ICMP message type

15. In the second ACE shown in the following example, port 400 was incorrectly specified instead of port 443. What is the best way to correct this error? R1# show access-lists Extended IP access list SURFING 10 permit tcp 192.168.10.0 0.0.0.255 any eq www 20 permit tcp 192.168.10.0 0.0.0.255 any eq 400 R1# ------------------------------------------------------- Copy the ACL into a text editor, correct the ACE, and recopy the ACE to the router. Create a new named ACL and apply it to the router interface. Enter permit tcp 192.168.10.0 0.0.0.255 any eq 443. Enter the no 20 keyword, and then enter permit tcp 192.168.10.0 0.0.0.255 any eq 443. Remove the entire ACL and then re-create it with the correct ACE

Enter the no 20 keyword, and then enter permit tcp 192.168.10.0 0.0.0.255 any eq 443.

22. What type of ACL offers increased flexibility and control over network traffic? Extended Extensive Named standard Numbered standard

Extended

2. True or False? With NAT overload, each inside local IP address is translated to a unique inside global IP address on a one-for-one basis.

False

3. True or False? The use of NAT makes end-to-end traceability between source and destination easier.

False

17. Which three statements are best practices related to placement of ACLs? (Choose three.) Filter unwanted traffic before it travels onto a low-bandwidth link. For every inbound ACL placed on an interface, ensure that there is a matching outbound ACL. Place extended ACLs close to the destination IP address of the traffic. Place extended ACLs close to the source IP address of the traffic. Place standard ACLs close to the destination IP address of the traffic. Place standard ACLs close to the source IP address of the traffic.

Filter unwanted traffic before it travels onto a low-bandwidth link. Place extended ACLs close to the source IP address of the traffic. Place standard ACLs close to the destination IP address of the traffic.

3. What are two tasks to perform when configuring static NAT? (Choose two.) Configure a NAT pool. Identify the participating interfaces as inside or outside interfaces. Define the outside global address. Define the inside global address on the server Create a mapping between the inside local and inside global addresses.

Identify the participating interfaces as inside or outside interfaces. Create a mapping between the inside local and inside global addresses.

19. Which two statement describes a difference between the operation of inbound and outbound ACLs? (Choose two.) Inbound ACLs are processed before the packets are routed. Inbound ACLs can be used in both routers and switches. Multiple inbound ACLs can be applied to an interface. Multiple outbound ACLs can be applied to an interface. Outbound ACLs are processed after the routing is completed. Outbound ACLs can be used only on routers. Unlike outbound ACLs, inbound ACLs can be used to filter packets with multiple criteria.

Inbound ACLs are processed before the packets are routed. Outbound ACLs are processed after the routing is completed.

22. What is the name for the public IPv4 addresses used on a NAT-enabled router? Inside global addresses Inside local addresses Outside global addresses Outside local addresses

Inside global addresses

6. What benefit does NAT64 provide? It allows sites to use private IPv6 addresses and translates them to global IPv6 addresses. It allows sites to use private IPv4 addresses, and thus hides the internal addressing structure from hosts on public IPv4 networks. It allows sites to connect multiple IPv4 hosts to the Internet via the use of a single public IPv4 address. It allows sites to connect IPv6 hosts to an IPv4 network by translating the IPv6 addresses to IPv4 addresses.

It allows sites to connect IPv6 hosts to an IPv4 network by translating the IPv6 addresses to IPv4 addresses.

9. Which statement accurately describes dynamic NAT? It always maps a private IP address to a public IP address. It provides an automated mapping of inside local to inside global IP addresses. It dynamically provides IP addressing to internal hosts. It provides a mapping of internal host names to IP addresses

It provides an automated mapping of inside local to inside global IP addresses.

1. Which two statements accurately describe an advantage or a disadvantage when deploying NAT for IPv4 in a network? (Choose two.) NAT adds authentication capability to IPv4. NAT introduces problems for some applications that require end-to-end connectivity. NAT provides a solution to slow down the IPv4 address depletion. NAT causes routing tables to include more information. NAT improves packet handling. NAT will impact negatively on switch performance.

NAT introduces problems for some applications that require end-to-end connectivity. NAT provides a solution to slow down the IPv4 address depletion

7. Consider the access list command applied outbound on a router serial interface. access-list 100 deny icmp 192.168.10.0 0.0.0.255 any echo reply ---------------------------------------------------- Users on the 192.168.10.0/24 network are not allowed to transmit traffic to any other destination. The only traffic denied is ICMP-based traffic. All other traffic is allowed. The only traffic denied is echo-replies sourced from the 192.168.10.0/24 network. All other traffic is allowed. No traffic will be allowed outbound on the serial interface.

No traffic will be allowed outbound on the serial interface.

15. Which version of NAT allows many hosts inside a private network to simultaneously use a single inside global address for connecting to the Internet? port forwarding PAT dynamic NAT static NAT

PAT

17. When NAT is used in a small office, which address type or types are typically used for hosts on the local LAN? Both private and public IPv4 addresses Global public IPv4 addresses Internet-routable addresses Private IPv4 addresses

Private IPv4 addresses

16. A network administrator needs to configure a standard ACL so that only the workstation of the administrator with the IP address 10.1.1.10 can access the virtual terminal of the main router. Which two configuration commands can achieve the task? (Choose two.) R1(config)# access-list 10 permit host 10.1.1.10 R1(config)# access-list 10 permit 10.1.1.10 255.255.255.0 R1(config)# access-list 10 permit 10.1.1.10 255.255.255.255 R1(config)# access-list 10 permit 10.1.1.10 0.0.0.0 R1(config)# access-list 10 permit 10.1.1.10 0.0.0.255

R1(config)# access-list 10 permit host 10.1.1.10 R1(config)# access-list 10 permit 10.1.1.10 0.0.0.0

17. A network administrator is writing a standard ACL to deny any traffic from the 10.10.0.0/16 network but permit all other traffic. Which two commands should be used? (Choose two.) R1(config)# access-list 55 deny any R1(config)# access-list 55 permit any R1(config)# access-list 55 host 10.10.0.0 R1(config)# access-list 55 deny 10.10.0.0 0.0.255.255 R1(config)# access-list 55 deny 10.10.0.0 255.255.0.0 R1(config)# access-list 55 10.10.0.0 255.255.255.255

R1(config)# access-list 55 permit any R1(config)# access-list 55 deny 10.10.0.0 0.0.255.255

21. What does the CLI prompt change to after you enter the command ip access-list extended AAAFILTER in global configuration mode? R1(config-ext-nacl)# R1(config-if)# R1(config-line)# R1(config-router)# R1(config-std-nacl)#

R1(config-ext-nacl)#

12. An administrator has configured an access list on R1 to allow SSH administrative access from host 172.16.1.100. Which command correctly applies the ACL? R1(config-line)# access-class 1 in R1(config-line)# access-class 1 out R1(config-if)# ip access-group 1 out R1(config-if)# ip access-group 1 in

R1(config-line)# access-class 1 in

16. Typically, which network device would be used to perform NAT for a corporate environment? DHCP server Host device Router Server Switch

Router

2. A network administrator wants to examine the active NAT translations on a border router. Which command would perform the task? Router# clear ip nat translations Router# show ip nat translations Router# debug ip nat translations Router# show ip nat statistics

Router# show ip nat translations

9. Which two commands will configure a standard ACL? (Choose two.) Router(config)# access-list 45 permit 192.168.200.4 host Router(config)# access-list 10 permit 10.20.5.0 0.255.255.255 any Router(config)# access-list 20 permit host 192.168.5.5 any any Router(config)# access-list 35 permit host 172.31.22.7 R outer(config)# access-list 90 permit 192.168.10.5 0.0.0.0

Router(config)# access-list 35 permit host 172.31.22.7 R outer(config)# access-list 90 permit 192.168.10.5 0.0.0.0

6. What packets would match the access control list statement that is shown below? access-list 110 permit tcp 172.16.0.0 0.0.0.255 any eq 22 --------------------------------------------------- any TCP traffic from the 172.16.0.0 network to any destination network SSH traffic from the 172.16.0.0 network to any destination network SSH traffic from any source network to the 172.16.0.0 network any TCP traffic from any host to the 172.16.0.0 network

SSH traffic from the 172.16.0.0 network to any destination network

18. Which type of NAT maps a single inside local address to a single inside global address? Dynamic NAT NAT overloading Port Address Translation Static NAT

Static NAT

6. A network administrator is configuring an ACL to restrict access to certain servers in the data center. The intent is to apply the ACL to the interface connected to the data center LAN. What happens if the ACL is incorrectly applied to an interface in the inbound direction instead of the outbound direction? -All traffic is denied. -All traffic is permitted. -The ACL does not perform as designed. -The ACL will analyze traffic after it is routed to the outbound interface.

The ACL does not perform as designed.

5. When configuring router security, which statement describes the most effective way to use ACLs to control Telnet traffic that is destined to the router itself? The ACL must be applied to each vty line individually. The ACL is applied to the Telnet port with the ip accessgroup command. The ACL should be applied to all vty lines in the in direction to prevent an unwanted user from connecting to an unsecured port. Apply the ACL to the vty Ilines without the in or out option required when applying ACLS to interfaces.

The ACL should be applied to all vty lines in the in direction to prevent an unwanted user from connecting to an unsecured port.

13. When dynamic NAT without overloading is being used, what happens if seven users attempt to access a public server on the Internet when only six addresses are available in the NAT pool? The first user gets disconnected when the seventh user makes the request. All users can access the server. The request to the server for the seventh user fails. No users can access the server.

The request to the server for the seventh user fails.

4. What is a disadvantage of NAT? The router does not need to alter the checksum of the IPv4 packets. There is no end-to-end addressing. The costs of readdressing hosts can be significant for a publicly addressed network The internal hosts have to use a single public IPv4 address for external communication.

There is no end-to-end addressing.

23. Which statement describes a characteristic of standard IPv4 ACLs? They can be configured to filter traffic based on both source IP addresses and source ports. They can be created with a number but not with a name. They filter traffic based on destination IP addresses only. They filter traffic based on source IP addresses only.

They filter traffic based on source IP addresses only.

20. What effect does the permit tcp 10.10.100 0.0.0.255 any eq www extended named ACE have when implemented inbound on a G0/0 interface? All TCP traffic is permitted, and all other traffic is denied. All traffic from 10.10.100/24 is permitted anywhere on any port. The command is rejected by the router because it is incomplete. Traffic originating from 10.10.100/24 is permitted to all TCP port 80 destinations.

Traffic originating from 10.10.100/24 is permitted to all TCP port 80 destinations.

1. True or False? A side effect of NAT is that it hides the inside local IP address of a host from the outside network.

True

4. True or False? Tunneling protocols such as IPsec do not work well through NAT.

True

8. Consider the following output for an ACL that has been applied to a router via the access-class in command. What can a network administrator determine from the output that is shown? R1# <output omitted> Standard IP access list 2 10 permit 192.168.10.0, wildcard bits 0.0.0.255 (2 matches) 20 deny any (1 match) ------------------------------------------------ Traffic from one device was not allowed to come into one router port and be routed outbound a different router port. Two devices were able to use SSH or Telnet to gain access to the router. Two devices connected to the router have IP addresses of 192.168.10.x. Traffic from two devices was allowed to enter one router port and be routed outbound to a different router port.

Two devices were able to use SSH or Telnet to gain access to the router.

20. In which configuration would an outbound ACL placement be preferred over an inbound ACL placement? When a router has more than one ACL When an interface is filtered by an outbound ACL and the network attached to the interface is the source network being filtered within the ACL When an outbound ACL is closer to the source of the traffic flow When the ACL is applied to an outbound interface to filter packets coming from multiple inbound interfaces before the packets exit the interface

When the ACL is applied to an outbound interface to filter packets coming from multiple inbound interfaces before the packets exit the interface

10. Which location is recommended for extended numbered or extended named ACLs? -a location as close to the destination of traffic as possible -a location as close to the source of traffic as possible -a location centered between traffic destinations and sources to filter as much traffic as possible -if using the established keyword, a location close to the destination to ensure that return traffic is allowed

a location as close to the source of traffic as possible

1. The computers used by the network administrators for a school are on the 10.7.0.0/27 network. Which two commands are needed at a minimum to apply an ACL that will ensure that only devices that are used by the network administrators will be allowed Telnet access to the routers? (Choose two.) access-class 5 in access-list standard VTY permit 10.7.0.0 0.0.0.127 access-list 5 permit 10.7.0.0 0.0.0.31 ip access-group 5 in ip access-group 5 out access-list 5 deny any

access-class 5 in access-list 5 permit 10.7.0.0 0.0.0.31

19. You create a standard ACL called PERMIT-VTY to permit only an administrative host vty access to the router. Which line configuration command would correctly apply this ACL to the vty lines? access-class PERMIT-VTY in access-class PERMIT-VTY out ip access-group PERMIT-VTY in ip access-group PERMIT-VTY out

access-class PERMIT-VTY in

20. Which configuration would be appropriate for a small business that has the public IPv4 address 209.165.200.225/30 assigned to the external interface on the router that connects to the internet? access-list 1 permit 10.0.0.0 0.255.255.255 ip nat pool NAT-POOL 192.168.2.1 192.168.2.8 netmask 255.255.255.240 ip nat inside source list 1 pool access-list 1 permit 10.0.0.0 0.255.255.255 ip nat pool NAT-POOL 192.168.2.1 192.168.2.8 netmask 255.255.255.240 ip nat inside source list 1 pool NAT-POOL overload access-list 1 permit 10.0.0.0 0.255.255.255 ip nat inside source list 1 interface serial 0/0/0 overload access-list 1 permit 10.0.0.0 0.255.255.255 ip nat pool NAT-POOL 192.168.2.1 192.168.2.8 netmask 255.255.255.240 ip nat inside source list 1 pool NAT-POOL overload ip nat inside source static 10.0.0.5 209.165.200.225

access-list 1 permit 10.0.0.0 0.255.255.255 ip nat inside source list 1 interface serial 0/0/0 overload

4. What single access list statement matches all of the following networks? 192.168.16.0 192.168.17.0 192.168.18.0 192.168.19.0 -access-list 10 permit 192.168.16.0 0.0.3.255 -access-list 10 permit 192.168.0.0 0.0.15.255 -access-list 10 permit 192.168.16.0 0.0.0.255 -access-list 10 permit 192.168.16.0 0.0.15.255

access-list 10 permit 192.168.16.0 0.0.3.255

11. What two ACEs could be used to deny IP traffic from a single source host 10.1.1.1 to the 192.168.0.0/16 network? (Choose two.) access-list 100 deny ip 192.168.0.0 0.0.255.255 10.1.1.1 0.0.0.0 access-list 100 deny ip 192.168.0.0 0.0.255.255 host 10.1.1.1 access-list 100 deny ip host 10.1.1.1 192.168.0.0 0.0.255.255 access-list 100 deny ip 192.168.0.0 0.0.255.255 10.1.1.1 255.255.255.255 access-list 100 deny ip 10.1.1.1 255.255.255.255 192.168.0.0 0.0.255.255 access-list 100 deny ip 10.1.1.1 0.0.0.0 192.168.0.0 0.0.255.255

access-list 100 deny ip host 10.1.1.1 192.168.0.0 0.0.255.255 access-list 100 deny ip 10.1.1.1 0.0.0.0 192.168.0.0 0.0.255.255

4. Which access list statement permits HTTP traffic that is sourced from host 10.1.129.100 port 4300 and destined to host 192.168.30.10? access-list 101 permit tcp any eq 4300 access-list 101 permit tcp 192.168.30.10 0.0.0.0 eq 80 10.1.0.0 0.0.255.255 access-list 101 permit tcp 10.1.129.0 0.0.0.255 eq www 192.168.30.10 0.0.0.0 eq www access-list 101 permit tcp 10.1.128.0 0.0.1.255 eq 4300 192.168.30.0 0.0.0.15 eq www access-list 101 permit tcp host 192.168.30.10 eq 80 10.1.0.0 0.0.255.255 eq 4300

access-list 101 permit tcp 10.1.128.0 0.0.1.255 eq 4300 192.168.30.0 0.0.0.15 eq www

12. What is a security feature of using NAT on a network? denies all internal hosts from communicating outside their own network allows internal IP addresses to be concealed from external users denies all packets that originate from private IP addresses allows external IP addresses to be concealed from internal users

allows internal IP addresses to be concealed from external users

13. Which two keywords can be used in an access control list to replace a wildcard mask or address and wildcard mask pair? (Choose two.) all any gt host most some

any host

11. A company designs its network so that the PCs in the internal network are assigned IP addresses from DHCP servers, and the packets that are sent to the Internet are translated through a NAT-enabled router. What type of NAT enables the router to populate the translation table from a pool of unique public addresses, as the PCs send packets through the router to the Internet? ARP dynamic NAT static NAT PAT

dynamic NAT

14. A company has been assigned the 203.0.113.0/27 block of IP addresses by the ISP. The company has over 6000 internal devices. What type of NAT would be most appropriate for the employee workstations of the company? static NAT port forwarding dynamic NAT PAT off the external router interface dynamic NAT overload using the pool of addresses

dynamic NAT overload using the pool of addresses

10. To facilitate the troubleshooting process, which inbound ICMP message should be permitted on an outside interface? time-stamp reply time-stamp request echo request echo reply router advertisement

echo reply

14. Which operator is used in an ACL statement to match packets of a specific application? -established -It -eq -gt

8. Using NAT terminology, what is the address of the source host on a private network as seen from inside the network? inside local outside global outside local inside global

inside local

13. If the provided ACEs are in the same ACL, which ACE should be listed first in the ACL according to best practice? -permit tcp 172.16.0.0 0.0.3.255 any established -deny tcp any any eq telnet -deny udp any host 172.16.1.5 eq snmptrap -permit udp any any range 10000 20000 -permit udp 172.16.0.0 0.0.255.255 host 172.16.1.5 eq -snmptrap -permit ip any any

permit udp 172.16.0.0 0.0.255.255 host 172.16.1.5 eq snmptrap

9. When creating an ACL, which keyword should be used to document and interpret the purpose of the ACL statement on a Cisco device? -remark -description -established -eq

remark

3. Which command will verify the number of packets that are permitted or denied by an ACL that restricts SSH access? show ip interface brief show ip ssh show running-config show access-lists

show access-lists

8. In applying an ACL to a router interface, which traffic is designated as outbound? -traffic that is leaving the router and going toward the destination host -traffic that is coming from the source IP address into the router -traffic for which the router can find no routing table entry -traffic that is going from the destination IP address into the router

NETWORKING 3 SA2 reviewer <3

Related study sets

US History - Chapter 7 Section 1

Digital Marketing Mid-Term

Chapter 8 Biology LECTURE

Mastering Microbiology Ch. 30

PVN 142

EXIT ALL

Psychology Exam 4 Final

Exam 3 Practice Questions

Chapter 9 A&P

Art 1 Midterm

Renal neoplasms

Chapter 7 FIB

Computer Science Final Review

Economics test 3

A&E Questions Exam 3

Maxillofacial Trauma

1 - 5 - Defining and Implementing Networks - 5. Load Balancing

MKT 3350 Exam 1

Science Chapter 2 Forces Section 4 Action and Reaction

IME 320 Handout/TextBook Ch.1-3