ACL Module Quiz 2 maha01 PDF

Preview

Summary

ACL Module Quiz...

Description

Quiz Submissions - 21S - CST8371 ACL Module 2 Quiz Attempt 1 ubmission View Your quiz has been submitted successfully. 0 / 1 point Create the first line in an extended ACL number 180 which drops packets from host 202.95.117.74 to any www server in subnet 195.21.156.0/27. Requirement: drop the traffic by registered port number NOT by name

Answer:

access-list 180 deny tcp host 202.95.117.74

(access-list 180 deny tcp host 202.95.117.74 195.21.156.0 0.0.0.31 eq 80) 1/1 point

Question 2 Use a numbered standard ACL to deny packets from the network 150.95.8.0/23, using the ACL number 57. ___access-list 57 deny 150.95.8.0 0.0.1.255___ 0.3 / 1 point Consider this topology.

Code the entry in an ACL called TEST to permit traffic from 192.2.2.2 to any http server in the network connected to S2. Requirement: filter the traffic by protocol name ___permit udp 172.16.10.0 0.0.0.7 host 193.3.3.3 eq domain___

(permit tcp host 192.2.2.2 172.16.9.0 0.0.0.15 eq www)

Which is the best interface to apply the acl? ___g6___

(g5)

Code the command required to apply the TEST acl. ___ip access-group TEST in___(30 %) 1 / 1 point Use a numbered standard ACL to deny packets from the host 94.2.207.123, using the wildcard 0.0.0.0 and ACL number 86 ___access-list 86 deny 94.2.207.123 0.0.0.0___ 0 / 1 point

All hosts in NETA should have tcp access to the NETB server except for pop3 which should be denied. All other access from NETA to NETB should be implicitly denied. Traffic between NETA and NETC should not be filtered. Code the first line in a numbered ACL statement to accomplish this. Filter the traffic using registered protocol port number and NOT by protocol name. ___/access-list [1-9][0-9]? permit 10.10.10.192 0.0.0.63/___ 2.2.2.254 eq 110/)

(/access-list [1-9][0-9][0-9] deny tcp 1.1.1.0 0.0.0.255 host

Code the 2nd line required ________

(/access-list [1-9][0-9][0-9] permit tcp 1.1.1.0 0.0.0.255 host 2.2.2.254/)

Which interface should be used to apply the acl? ___g3___

(g0/1)

Code the statement required to apply the acl. ___/ip access-group [1-9][0-9]? out/___

(/ip access-group [1-9][0-9][0-9] out/)

1 / 1 point Use a numbered standard ACL to permit the packets from hosts with 170.91.112 as the first three octates using the ACL number 17. ___access-list 17 permit 170.91.112.0 0.0.0.255___ 0 / 1 point Create the first line in an extended ACL number 114 which drops packets from any telnet server to host 198.69.149.51.

Requirement: drop the traffic by registered port number NOT by name Answer:

access-list 114 deny tcp any eq 21 host 198.69.149.51

(access-list 114 deny tcp any eq 23 host 198.69.149.51)

0/1 point Create the first line in an extended ACL number 173 which allows dns-lookup packets from host 192.77.143.78 to any server in subnet 192.87.126.0/27. Question 8

Requirement: filter the traffic by registered port number NOT by name Answer:

access-list 173 permit udp host 192.77.143.78 192.87.1126.0 0.0.0.31 eq 514

Question 9

(access-list 173 permit udp host 192.77.143.78 192.87.126.0 0.0.0.31 eq 53) 1/1 point

The command "ip access-list standard Control" creates A named ACL A dynamic ACL

A reflexive ACL An extended ACL An advanced ACL 1/1 point The network administration PC for a small network has IP address 1.2.3.4/24. Access-list 15 permits only this host. Which statement will apply acl 15 so that only this host has ssh administrative access. Question 10

access-class 15 out

access-class 15 in

ip access-group 1 out

ip access-group 1 in 1/1 point ACL 13 has been applied on the outbound interface connecting to the ISP. Host 192.168.10.1 still has internet access. Identify the error in the ACL which is allowing this. Question 11

ip access-list standard 13 permit 192.168.8.0 0.0.3.255 permit 192.168.9.0 0.0.3.255 permit 192.168.10.0 0.0.3.255 permit 192.168.11.0 0.0.3.255 deny 192.168.10.1 0.0.0.0

The wildcard masks in the permit statements should be 0.0.0.255

Only the first permit statement is required. The others are redundant.

The ACL entries are in the wrong order.

The wildcard mask in the deny statement is incorrect. Question 12

1/1 point

Which traffic will be permitted by the ACL entry: permit tcp any 172.16.0.0 0.0.255.255 established All TCP traffic that comes from 172.16.0.0/16 will be allowed. All TCP traffic that is destined for 172.16.0.0/16 is permitted. All TCP SYN packets that are sent to 172.16.0.0/16 will be permitted. All TCP ACK packets that are sent from 172.16.0.0/16 will be permitted. All TCP ACK packets that are sent to 172.16.0.0/16 will be permitted. 1/1 point ACL Deny_Access has been applied inbound on the interface connecting to the 192.168.10.0/24 network. The 192.168.10.248/29 subnet should be denied access to any external www or telnet services. After applying the ACL, Question 13

ip access-list extended Deny_Access deny tcp 192.168.10.248 0.0.0.7 any eq www deny tcp 192.168.10.248 0.0.0.7 any eq telnet The wildcard masks in the deny statements are wrong

The access-list should have been applied outbound

The source and destination addresses should be reversed for an inbound acl

The ACL is implicitly denying access to all traffic.

Question 14 Where is the access-class 10 in configuration command used. To apply a standard acl inbound on an interface To apply an extended acl inbound on a interface

0/1 point

To restrict access to in-band configuration To restrict access to out-of-band configuration None of the above. 1/1 point Which ACL entry will permit a datagram which originates from any network destined for the telnet server at 172.16.16.16? Question 15

permit any host 172.16.16.16 eq telnet permit ip any eq telnet 172.16.16.16 permit tcp any eq telnet 172.16.16.16 permit tcp any host 172.16.16.16 eq telnet permit ip any host 172.16.16.16 eq telnet Question 16

0/1 point

Which ACL entry will allow all traffic to any telnet server

permit ip any any eq telnet

permit telnet any any

permit tcp any any eq telnet

permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq telnet Question 17 An access-list contains only the following line: access-list 101 deny icmp any 1.2.3.0 0.0.0.255 echo What is the effect of applying this access-list inbound on the link connecting to the ISP? Only incoming icmp echo-request messages are denied

Only incoming icmp echo-request messages to the 1.2.3.0/24 network are denied

All incoming traffic is denied

0/1 point

The IOS expands the echo option to echo-reply and incoming icmp replies to the 1.2.3.0/24 network are denied

The statement is rejected by the IOS because of a configuration error. 1/1 point The network administration PC for a small network has IP address 1.2.3.4/24. Which access-list will correctly allow only this host? Question 18

access-list 15 permit 1.2.3.4 255.255.255.0

access-list 15 permit 1.2.3.4 0.0.0.255

access-list 15 permit 1.2.3.4 0.0.0.0

access-list 15 permit 1.2.3.4 255.255.255.255

Question 19

1/1 point

Which of the following can NOT be controlled by an extended ACL? permit or deny traffic based on source network permit or deny traffic based on network layer protocol permit or deny traffic based on transport layer protocol permit or deny traffic based on source port permit or deny traffic based on mac-address. An extended ACL can do all of the above. 1/1 point Create a one-line extended ACL number 165 which permits packets from host 202.47.137.72 to any www server in subnet 196.66.165.0/28. Requirement: filter the traffic by protocol name Question 20

Answer access-list 165 permit tcp host 202.47.137.72 196.66.165.0 0.0.0.15 eq www :...