ACL Quiz 2 Ans codie Test PDF

Preview

Summary

Quiz 2 Ans codie...

Description

0 / 1 point An PC has IP address 1.2.3.4/24. Which item is equivalent to host 1.2.3.4 in an extended ACL? 1.2.3.4 0.0.0.0 1.2.3.4 0.0.0.255 1.2.3.4 255.255.255.0 1.2.3.4 255.255.255.255 None of the above. Question 2

1/1 point

Which option allows a network administrator to add a comment to an ACL Start the line with ! Start the line with # Start the line with Comment Start the line with Remark Question 3

0/1 point

What is the result of the ACL entry: permit tcp any eq www 10.10.10.0 0.0.0.255? All tcp traffic from anywhere to server listening on port 80 in the 10.10.10.0/24 network is allowed. All tcp traffic from anywhere to any server listening on port 80 in the 10.10.10.0/8 network is allowed. All tcp traffic from any server listening on port 80 to any host in the 10.10.10.0/24 network is allowed. All tcp traffic from any server listening on port 80 to any host in the 10.10.10.0/8 network is allowed. The entry will be rejected because of a syntax error. Question 4

0/1 point

An access-list contains only the following line: access-list 101 deny icmp any 1.2.3.0 0.0.0.255 echo What is the effect of applying this access-list inbound on the link connecting to the ISP? Only incoming icmp echo-request messages are denied Only incoming icmp echo-request messages to the 1.2.3.0/24 network are denied All incoming traffic is denied The IOS expands the echo option to echo-reply and incoming icmp replies to the 1.2.3.0/24 network are denied The statement is rejected by the IOS because of a configuration error. Question 5

0/1 point

Which of the following can NOT be controlled by an extended ACL? permit or deny traffic based on source network permit or deny traffic based on network layer protocol permit or deny traffic based on transport layer protocol permit or deny traffic based on source port permit or deny traffic based on mac-address. An extended ACL can do all of the above. Question 6 Where is the access-class 10 in configuration command used. To apply a standard acl inbound on an interface To apply an extended acl inbound on a interface

0/1 point

To restrict access to in-band configuration To restrict access to out-of-band configuration None of the above. 0/1 point ACL Deny_Access has been applied inbound on the interface connecting to the 192.168.10.0/24 network. The 192.168.10.248/29 subnet should be denied access to any external www or telnet services. After applying the ACL,

Question 7

ip access-list extended Deny_Access deny tcp 192.168.10.248 0.0.0.7 any eq www deny tcp 192.168.10.248 0.0.0.7 any eq telnet The wildcard masks in the deny statements are wrong The access-list should have been applied outbound The source and destination addresses should be reversed for an inbound acl The ACL is implicitly denying access to all traffic. 1/1 point The network administration PC for a small network has IP address 1.2.3.4/24. Access-list 15 permits only this host. Which statement will apply acl 15 so that only this host has ssh administrative access.

Question 8

access-class 15 out access-class 15 in ip access-group 1 out ip access-group 1 in Question 9 The command "ip access-list standard Control" creates

0/1 point

A named ACL A dynamic ACL A reflexive ACL An extended ACL An advanced ACL 0/1 point ACL 13 has been applied on the outbound interface connecting to the ISP. Host 192.168.10.1 still has internet access. Identify the error in the ACL which is allowing this.

Question 10

ip access-list standard 13 permit 192.168.8.0 0.0.3.255 permit 192.168.9.0 0.0.3.255 permit 192.168.10.0 0.0.3.255 permit 192.168.11.0 0.0.3.255 deny 192.168.10.1 0.0.0.0

The wildcard masks in the permit statements should be 0.0.0.255 Only the first permit statement is required. The others are redundant. The ACL entries are in the wrong order. The wildcard mask in the deny statement is incorrect. 1/1 point Which traffic will be permitted by the ACL entry: permit tcp any 172.16.0.0 0.0.255.255 established

Question 11

All TCP traffic that comes from 172.16.0.0/16 will be allowed. All TCP traffic that is destined for 172.16.0.0/16 is permitted. All TCP SYN packets that are sent to 172.16.0.0/16 will be permitted. All TCP ACK packets that are sent from 172.16.0.0/16 will be permitted.

All TCP ACK packets that are sent to 172.16.0.0/16 will be permitted. 0/1 point Create the first line in an extended ACL number 116 which drops packets from any https server to host 198.77.103.16.

Question 12

Requirement: drop the traffic by registered port number NOT by name Answer:

access-list 116 deny tcp host 197.77.103.16 195.77.103.16 eq 80

(access-list 116 deny tcp any eq 443 host 198.77.103.16)

0/1 point Create a one-line extended ACL number 181 which permits packets from host 193.59.200.74 to any pop3 server in subnet 197.77.184.0/28. Requirement: filter the traffic by protocol name

Question 13

access-list 181 permit pop3 host (access-list 181 permit tcp host Answer: 193.59.200.74 197.77.184.0 0.0.0.15 193.59.200.74 197.77.184.0 0.0.0.15 eq 110 eq pop3) Question 14

0/1 point

Use a numbered standard ACL to permit the packets from hosts with 170.91.112 as the first three octates using the ACL number 17. ___access-list 17 permit 170.91.112.0 0.0.0.25___ (access-list 17 permit 170.91.112.0 0.0.0.255) 0 / 1 point Create the first line in an extended ACL number 175 which drops packets from host 204.17.178.81 to any https server in subnet 203.25.194.0/29. Requirement: drop the traffic by registered port number NOT by name access-list 175 deny tcp host (access-list 175 deny tcp host Answer: 204.17.178.81 203/25/194.0 0.0.0.7 204.17.178.81 203.25.194.0 0.0.0.7 eq eq 80 443) 1/1 point Create the first line in an extended ACL number 173 which allows dns-lookup packets from host 192.77.143.78 to any server in subnet 192.87.126.0/27.

Question 16

Requirement: filter the traffic by registered port number NOT by name Answer: access-list 173 permit udp host 192.77.143.78 192.87.126.0 0.0.0.31 eq 53 Question 17

0/1 point

Use a numbered standard ACL to deny packets from the network 150.95.8.0/23, using the ACL number 57. ___access-list deny 57 150.95.8.0 0.0.1.255___ (access-list 57 deny 150.95.8.0 0.0.1.255) 0.3 / 1 point Consider this topology.

Code the entry in an ACL called TEST to permit dns lookups from the network connected to S3 to the 193.3.3.3 server. Requirement: filter the traffic by protocol name ___permit tcp host 193.3.3.3 172.16.8.0 0.0.0.31 eq 443___ (permit udp 172.16.10.0 0.0.0.7 host 193.3.3.3 eq domain) Which is the best interface to apply the acl? ___g6___ (g3) Code the command required to apply the TEST acl. ___ip access-group TEST in___(30 %) 0 / 1 point

All hosts in NETA should have tcp access to the NETB server except for pop3 which should be denied. All other access from NETA to NETB should be implicitly denied. Traffic between NETA and NETC should not be filtered. Code the first line in a numbered ACL statement to accomplish this. Filter the traffic using registered protocol port number and NOT by protocol name. ___access-list 1.1.1.254 0.0.0.255___ (/access-list [1-9][0-9][0-9] deny tcp 1.1.1.0 0.0.0.255 host 2.2.2.254 eq 110/) Code the 2nd line required ________ (/access-list [1-9][0-9][0-9] permit tcp 1.1.1.0 0.0.0.255 host 2.2.2.254/)

Which interface should be used to apply the acl? ________ (g0/1)

Code the statement required to apply the acl. ________ (/ip access-group [1-9][0-9][0-9] out/) 0 / 1 point

Use a numbered standard ACL to deny packets from the host 94.2.207.123, using the wildcard 0.0.0.0 and ACL number 86 ___access-list 89 94.2.207.123 0.0.0.0___ (access-list 86 deny 94.2.207.123 0.0.0.0)...