CCNA 4 Chapter 4 Exam Answers 2020 (v5.0.3 + v6.0) – Full 100% PDF

Preview

Summary

CCNA 4 Chapter 4 Exam Answers 2020 (v5.0.3 + v6.0) - Full 100%...

Description

1. Which range represents all the IP addresses that are affected when network 10.120.160.0 with a wildcard mask of 0.0.7.255 is used in an ACE?  10. 120. 160. 0t o10. 120. 168. 0  10. 120. 160. 0t o10. 127. 255. 255  10. 120. 160. 0t o10. 120. 191. 255  10.120.160.0 to 10.120.167.255* Awi l dcar dmaskof0. 0. 7. 255meanst hatt hefir st5bi t soft he3r doct etmustr emai nt hesamebutt hel as t 3bi t scanhaveval uesf r om 000t o111.Thel as toct ethasaval ueof255,whi c hmeanst hel as toct etcan havev al uesf r om al l z er ost oal l 1s . 2. What two functions describe uses of an access control list? (Choose two.)  ACLsas si stt her out eri ndet er mi ni ngt hebestpat ht oades t i nat i on.  St andar dACLscanr es t r i c tac cesst ospeci ficappl i cat i onsandpor t s .  ACLs provide a basic level of security for network access.*  ACLscanper mi tordenyt r afficbasedupont heMACaddr essor i gi nat i ngont her out er .  ACLs can control which areas a host can access on a network.* 3. Which two statements describe the effect of the access control list wildcard mask 0.0.0.15? (Choose two.)  The first 28 bits of a supplied IP address will be matched.*  Thel as tf ourbi t sofasuppl i edI Paddr es swi l l bemat c hed.  Thefir st28bi t sofasuppl i edI Paddr esswi l l bei gnor ed.  The last four bits of a supplied IP address will be ignored.*  Thel as tfiv ebi t sofas uppl i edI Paddr es swi l l bei gnor ed.  Thefir st32bi t sofasuppl i edI Paddr esswi l l bemat c hed. Awi l dcar dmaskus es0st oi ndi c at et hatbi t smustmat c h.0si nt hefir s tt hr eeoct et sr epr es ent24bi t sand f ourmor ez er osi nt hel as toct et ,r epr es entat ot al of28bi t st hatmus tmat ch.Thef our1sr epr es ent edby t hedec i malv al ueof15r epr esent st hef ourbi t st oi gnor e. 4. Refer to the exhibit. A network administrator is configuring an ACL to limit the connection to R1 vty lines to only the IT group workstations in the network 192.168.22.0/28. The administrator verifies the successful Telnet connections from a workstation with IP 192.168.22.5 to R1 before the ACL is applied. However, after the ACL is applied to the interface Fa0/0, Telnet connections are denied. What is the cause of the connection failure?

 Theenabl es ec r etpas swor di snotc onfigur edonR1.  The IT group network is included in the deny statement.*  Theper mi tACEs pec i fiesawr ongpor tnumber .  Theper mi tACEs houl ds pec i f ypr ot ocol i pi nst eadoft cp.  Thel ogi ncommandhasnotbeenent er edf orv t yl i nes . Thes our c eI Pr angei nt hedenyACEi s192. 168. 20. 00. 0. 3. 255,whi c hc ov er sI Paddr essesf r om 192. 168. 20. 0t o192. 168. 23. 255.TheI Tgr oupnet wor k192. 168. 22. 0/ 28i si ncl udedi nt he192. 168. 20/ 22 net wor k .Ther ef or e,t heconnect i oni sdeni ed.T ofi xi t ,t heor deroft hedenyandper mi tACEshoul dbe s wi t c hed. 5. Refer to the exhibit. The network administrator that has the IP address of 10.0.70.23/25 needs to have access to the corporate FTP server (10.0.54.5/28). The FTP server is also a web server that is accessible to all internal employees on networks within the 10.x.x.x address. No other traffic should be allowed to this server. Which extended ACL would be used to filter this traffic, and how would this ACL be applied? (Choose two.)

 R1( config) #i nt er f aces 0/ 0/ 0 R1( configi f ) #i pacc es s gr oup105out R2( c onfi g) #i nt er f acegi 0/ 0 R2( configi f ) #i pacc es s gr oup105i n  access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20 access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21 access-list 105 permit tcp 10.0.0.0 0.255.255.255 host 10.0.54.5 eq www access-list 105 deny ip any host 10.0.54.5 access-list 105 permit ip any any*  ac cess l i s t105per mi ti phos t10. 0. 70. 23host10. 0. 54. 5 ac cess l i s t105per mi tt c panyhost10. 0. 54. 5eqwww ac cess l i s t105per mi ti panyany  R1(config)# interface gi0/0 R1(config-if)# ip access-group 105 out*  ac cess l i s t105per mi tt c phost10. 0. 54. 5anyeqwww ac cess l i s t105per mi tt c phost10. 0. 70. 23hos t10. 0. 54. 5eq20 ac cess l i s t105per mi tt c phost10. 0. 70. 23hos t10. 0. 54. 5eq21 Thefir s tt wol i nesoft heACLal l owhos t10. 0. 70. 23FTPacc esst ot hes er v ert hathast heI Paddr essof 10. 0. 54. 5.Thenextl i neoft heACLal l owsHTTPaccesst ot heser v erf r om anyhostt hathasanI P addr es st hatst ar t swi t ht henumber10.Thef our t hl i neoft heACLdeni esan yot hert ypeoft r affict ot he s er v erf r om anys our ceI Paddr ess .Thel as tl i neoft heACLper mi t sany t hi ngel s ei ncaset her ear eot her s er v er sordev i cesaddedt ot he10. 0. 54. 0/ 28net wor k.Becauset r affici sbei ngfil t er edf r om al l ot her l oc at i onsandf ort he10. 0. 70. 23hos tdevi c e,t hebes tpl ac et oputt hi sACLi sc l os estt ot hes er v er .

6. A network administrator is designing an ACL. The networks 192.168.1.0/25, 192.168.0.0/25, 192.168.0.128/25, 192.168.1.128/26, and 192.168.1.192/26 are affected by the ACL. Which wildcard mask, if any, is the most efficient to use when specifying all of these networks in a single ACL permit entry?  0. 0. 0. 127  0. 0. 0. 255  0.0.1.255*  0. 0. 255. 255 Asi ngl eACLc ommandandwi l dc ar dmasks houl dnotbeus edt os peci f yt hes epar t i c ul arnet wor k sor ot hert r afficwi l l beper mi t t edordeni edandpr es entasecur i t yr i sk . Wr i t eal l oft henet wor knumber si nbi nar yanddet er mi net hebi nar ydi gi t st hatar ei dent i cal i ncons ecut i ve bi tpos i t i onsf r om l ef tt or i ght .I nt hi sex ampl e,23bi t smat c hper f ect l y .Thewi l dcar dmas kof0. 0. 1. 255 desi gnat est hat25bi t smus tmat ch. 7. The exhibit shows router R2 connected through int fa0/0 to a switch which in turn is connected to host with an IP address 192.168.1.1 /24. R2 is connected to another switch through interface fa0/1 and the switch is connected to a server with the IP address 192.168.2.1 /24.Refer to the exhibit. A network administrator wants to permit only host 192.168.1.1 /24 to be able to access the server 192.168.2.1 /24. Which three commands will achieve this using best ACL placement practices? (Choose three.)

 R2( configi f ) #i pacc ess gr oup101out  R2( config) #acc ess l i s t101per mi ti p192. 168. 1. 0255. 255. 255. 0192. 168. 2. 0255. 255. 255. 0  R2( config) #i nt er f acef ast et her net0/ 1  R2(config)# interface fastethernet 0/0*  R2(config)# access-list 101 permit ip host 192.168.1.1 host 192.168.2.1*  R2(config-if)# ip access-group 101 in*  R2( config) #acc ess l i s t101per mi ti panyany Anex t endedACLi spl acedascl oset ot hes our c eoft het r afficaspossi bl e.I nt hi scase. i ti spl ac edi nan i nbounddi r ect i ononi nt er f ac ef a0/ 0onR2f ort r afficent er i ngt her out erf r om hostwi t ht heI P addr es s192. 168. 1. 1boundf ort hes er v erwi t ht heI Paddr es s192. 168. 2. 1. 8. Which two statements are correct about extended ACLs? (Choose two)  Extended ACLs evaluate the source and destination addresses.*  Port numbers can be used to add greater definition to an ACL.*  Ex t endedACLsendwi t hani mpl i ci tper mi ts t at ement .  Ex t endedACLsus eanumberr angef r om 199.  Mul t i pl eACLsc anbepl ac edont hes amei nt er f aceasl ongast heyar ei nt hes amedi r ec t i on.

Ex t endedACLsc anbeusedf orpr eci s et r affic fil t er i ng.Ext endedACLsc hec kf orbot hsour ceand dest i nat i onaddr es sesofpac ket s .Theyal socheckt hepr ot ocol sandpor tnumber s( ors er v i ces) ,t hus al l owi ngf oragr eat err angeofcr i t er i aonwhi c ht obas et heACL. 9. Which three values or sets of values are included when creating an extended access control list entry? (Choose three.)  source address and wildcard mask*  access list number between 100 and 199* s our ces ubnetmas kandwi l dc ar dmask  ac cessl i s tnumberbet ween1and99  destination address and wildcard mask*  dest i nat i onsubnetmaskandwi l dcar dmask  def aul tgat ewayaddr essandwi l dcar dmask 10. Refer to the exhibit. This ACL is applied on traffic outbound from the router on the interface that directly connects to the 10.0.70.5 server. A request for information from a secure web page is sent from host 10.0.55.23 and is destined for the 10.0.70.5 server. Which line of the access list will cause the router to take action (forward the packet onward or drop the packet)?

1  3* 2 t hedenyi panyanyt hati satt heendofev er yACL 5 4 Thefir s tt wol i nesoft heACLal l owt r afficf r om apar t i c ul arappl i cat i onf r om t heI Paddr es s10. 0. 55. 23 dest i nedf or10. 0. 70. 55.Becaus enei t heroft hesel i nesmeet st hecr i t er i onofr eques tf ori nf or mat i onf r om asec ur ewebpage( por t443i sHTTPS)f r om 10. 0. 55. 23t ot hewebs er v erl oc at edat10. 0. 70. 5,noact i on i st ak enbyt her out er .Thet hi r dl i nei samat c handbec auset he“ per mi s si on”i st odenyt hepack et ,t he pack eti sdr opped.Nof ur t herex ami nat i oni sdonebyt her out er . 11. Which set of access control entries would allow all users on the 192.168.10.0/24 network to access a web server that is located at 172.17.80.1, but would not allow them to use Telnet?  ac cess l i s t103denyt cphos t192. 168. 10. 0anyeq23 ac cess l i s t103per mi tt c phost192. 168. 10. 1eq80  access-list 103 permit tcp 192.168.10.0 0.0.0.255 host 172.17.80.1 eq 80 access-list 103 deny tcp 192.168.10.0 0.0.0.255 any eq 23*  ac cess l i s t103per mi tt c p192. 168. 10. 00. 0. 0. 255anyeq80 ac cess l i s t103denyt c p192. 168. 10. 00. 0. 0. 255anyeq23  ac cess l i s t103per mi t192. 168. 10. 00. 0. 0. 255hos t172. 17. 80. 1 ac cess l i s t103denyt c p192. 168. 10. 00. 0. 0. 255anyeqt el net Foranext endedACLt omeett hes er equi r ement st hef ol l owi ngneedt obei ncl udedi nt heaccessc ont r ol ent r i es : i dent i ficat i onnumberi nt her ange100199or20002699 per mi tordenypar amet er pr ot ocol s our ceaddr essandwi l dcar d

dest i nat i onaddr es sandwi l dc ar d por tnumberorname 12. Which two packet filters could a network administrator use on an IPv4 extended ACL? (Choose two.)  destination UDP port number* s our ceTCPhel l oaddr ess  ICMP message type*  dest i nat i onMACaddr es s c omput ert ype Ex t endedacc essl i s t sc ommonl yfil t eronsour ceanddest i nat i onI Pv 4addr es sesandTCPorUDPpor t number s .Addi t i onal fil t er i ngcanbepr ov i dedf orpr ot ocol t y pes. 13. Which two ACE commands will block traffic that is destined for a web server which is listening to default ports? (Choose two.)  ac cess l i s t110denyt cpanyan yl t80  ac cess l i s t110denyt cpanyan yeq21  access-list 110 deny tcp any any eq https*  access-list 110 deny tcp any any gt 75*  ac cess l i s t110denyt cpanyan ygt443 T r affict hati sdest i nedf orawebser v erwi l l usepor t80or443.Thek eywor deqr epr esent sequal ,gt r epr es ent sgr eat ert han,andl tl esst han. 14. Which feature is unique to IPv6 ACLs when compared to those of IPv4 ACLs? t heuseofwi l dcar dmask s  an implicit permit of neighbor discovery packets*  ani mpl i c i tdenyanyanyACE t heuseofnamedACLACE Oneoft hemaj ordi ffer encesbet weenI Pv 6andI Pv4ACLsar et woi mpl i c i tper mi tACEsatt heendofany I Pv6ACL.Theset woper mi tACEsal l ownei ghbordi scov er yoper at i onst of unct i onont her out eri nt er f ace. 15. What two ACEs could be used to deny IP traffic from a single source host 10.1.1.1 to the 192.168.0.0/16 network? (Choose two.)  ac cess l i s t100denyi p10. 1. 1. 1255. 255. 255. 255192. 168. 0. 00. 0. 255. 255  access-list 100 deny ip 10.1.1.1 0.0.0.0 192.168.0.0 0.0.255.255*  ac cess l i s t100denyi p192. 168. 0. 00. 0. 255. 255hos t10. 1. 1. 1  access-list 100 deny ip host 10.1.1.1 192.168.0.0 0.0.255.255*  ac cess l i s t100denyi p192. 168. 0. 00. 0. 255. 25510. 1. 1. 10. 0. 0. 0  ac cess l i s t100denyi p192. 168. 0. 00. 0. 255. 25510. 1. 1. 1255. 255. 255. 255 Ther ear et woway st oi dent i f yas i ngl ehosti nanac ces sl i s tent r y .One,i st ouset hehostk ey wor dwi t h t hehostI Paddr ess ,t heot heri st ouseawi l dc ar dmaskof0. 0. 0. 0wi t ht hehos tI Paddr es s.Thes our c eof t het r affict obei ns pect edbyt heac ces sl i stgoesfir s ti nt hes ynt axandt hedest i nat i ongoesl ast . 16. Refer to the exhibit. The IPv6 access list LIMITED_ACCESS is applied on the S0/0/0 interface of R1 in the inbound direction. Which IPv6 packets from the ISP

will be dropped by the ACL on R1?

 ICMPv6 packets that are destined to PC1*  nei ghboradv er t i s ement st hatar er ecei vedf r om t heI SPr out er  HTTPSpack et st oPC1  pack et st hatar edes t i nedt oPC1onpor t80 Theac cessl i stLI MI TED_ACCESSwi l lbl ockI CMPv6pac k et sf r om t heI SP.Bot hpor t80,HTTPt r affic , andpor t443,HTTPSt r affic ,ar eex pl i c i t l yper mi t t edbyt heACL.Thenei ghboradv er t i sement sf r om t he I SPr out erar ei mpl i ci t l yper mi t t edbyt hei mpl i ci tper mi ti cmpanyanyndnast at ementatt heendofal l I Pv6ACLs . 17. Which command is used to activate an IPv6 ACL named ENG_ACL on an interface so that the router filters traffic prior to accessing the routing table? i pv6acc ess cl assENG_ACLi n i pv6t r afficfil t erENG_ACLout  ipv6 traffic-filter ENG_ACL in* i pv6acc ess cl assENG_ACLout Fort hepur pos eofappl yi nganacc essl i stt oapar t i c ul ari nt er f ace,t hei pv 6t r affic fi l t erI Pv6commandi s equi val entt ot heac cess gr oupI Pv4c ommand.Thedi r ect i oni nwhi cht het r affici sexami ned( i norout )i s al s or equi r ed. 18. What is the wildcard mask that is associated with the network 192.168.12.0/24?  0.0.0.255  0. 0. 255. 255  0. 0. 0. 256  255. 255. 255. 0 Thewi l dc ar dmas kcanbef oundbys ubt r act i ngt hesubnetmaskf r om 255. 255. 255. 255. 19. Which IPv6 ACL command entry will permit traffic from any host to an SMTP server on network 2001:DB8:10:10::/64?  per mi tt c phos t2001: DB8: 10: 10: : 100anyeq23  permit tcp any host 2001:DB8:10:10::100 eq 25*  per mi tt c panyhos t2001: DB8: 10: 10: : 100eq23  per mi tt c phos t2001: DB8: 10: 10: : 100anyeq25

TheI Pv6acces sl i sts t at ement ,per mi tt cpanyhost2001: DB8: 10: 10: : 100eq25,wi l lal l owI Pv 6pack et s f r om anyhostt ot heSMTPser v erat2001: DB8: 10: 10: : 100.Thesour ceoft hepack eti sl i st edfir s ti nt he ACL,whi c hi nt hi sc asei sanys our ce,andt hedes t i nat i oni sl i st eds econd,i nt hi sc as et heI Pv 6addr es s oft heSMTPs er v er .Thepor tnumberi sl asti nt hest at ement ,por t25,whi chi st hewel l knownpor tf or SMTP. 20. In applying an ACL to a router interface, which traffic is designated as outbound? t r afficf orwhi c ht her out ercanfi ndnor out i ngt abl eent r y t r affict hati sgoi ngf r om t hedes t i nat i onI Paddr es si nt ot her out er  traffic that is leaving the router and going toward the destination host* t r affict hati sc omi ngf r om t hesour ceI Paddr es si nt ot her out er I nboundandout boundar ei nt er pr et edf r om t hepoi ntofv i ewoft her out er .Tr affict hati sdesi gnat edi nan i nboundACLwi l l bedeni edorper mi t t edwhencomi ngi nt ot hatr out eri nt er f acef r om asour ce.Tr affict hat i sdes i gnat edi nanout boundACLwi l lbedeni edorper mi t t edwhengoi ngoutt hei nt er f acet ot he dest i nat i on. 21. Fill in the blanks. Use dotted decimal format. Thewi l dc ar dmas kt hati sassoc i at edwi t ht henet wor k192. 168. 12. 0/ 24i s_______ Correct Answer: 0.0.0.255* Thewi l dc ar dmas kcanbef oundbys ubt r act i ngt hesubnetmaskf r om 255. 255. 255. 255. Mask255. 255. 255. 255 Subnetmask–255. 255. 255. 0 Wi l dcar dmask0.0.0.255 22. An access list has been applied to a router LAN interface in the inbound direction. The IP address of the LAN segment is 192.168.83.64/26. The entire ACL appears below: access-list 101 deny tcp 192.168.83.64 0.0.0.63 any eq 23 access-list 101 permit ip 192.168.83.64 0.0.0.63 192.168.83.128 0.0.0.63 Drag the descriptions of the packets on the left to the action that the router wilt perform on the right.

23. Match each statement with the example subnet and wildcard that it describes. (Not all options are used.)

Conv er t i ngt hewi l dc ar dmask0. 0. 3. 255t obi nar yandsubt r ac t i ngi tf r om 255. 255. 255. 255yi el dsas ubnet maskof255. 255. 252. 0. Usi ngt hehostpar amet eri nawi l dcar dmaskr equi r est hatal l bi t smat c ht hegi v enaddr es s . 192. 168. 15. 65i st hefir stval i dhostaddr essi nasubnet wor kbegi nni ngwi t ht hesubnet wor kaddr ess 192. 168. 15. 64.Thesubnetmaskc ont ai ns4hostbi t s ,y i el di ngs ubnet swi t h16addr esses . 192. 168. 15. 144i sav al i dsubnet wor kaddr es si nasi mi l ars ubnet wor k.Changet hewi l dcar dmask 0. 0. 0. 15t obi nar yandsubt r acti tf r om 255. 255. 255. 255,andt her es ul t i ngs ubnetmas ki s

255. 255. 255. 240. 192. 168. 3. 64i sasubnet wor kaddr essi nas ubnetwi t h8addr es ses .Conv er t0. 0. 0. 7t obi nar yand s ubt r acti tf r om 255. 255. 255. 255,andt her es ul t i ngsubnetmaski s255. 255. 255. 248.Thatmaskc ont ai ns 3hos tbi t s,andyi el ds8addr es ses . Older Version 24. What is a characteristic of Frame Relay that provides more flexibility than a dedicated line?  Dedi c at edphy si cal ci r cui t sar ei nst al l edbet weeneachsi t e.  Cust omer sus ededi cat edc i r cui t si ni ncr ement sof64kb/ s.  TheFr ameRel aycl oudal l oc at esasmuc hbandwi dt hasr equi r edt oact i v ePVCst omai nt ai nt he c onnect i on.  One router WAN port can be used to connect to multiple destinations.* 25. What are the two major criteria that constitute the cost of a Frame Relay circuit? (Choose two.) c i r cui tmanagementf ees  local loop*  endt oendc onnec t i v i t y  required bandwidth*  QoS 26. A router interface connects to a Frame Relay network over a preconfigured logical circuit that does not have a direct electrical connection from end to end. Which type of circuit is being used?  SVC f ul l mesh  PVC*  hubandspok e  dedi cat edl eas edl i ne 27. Which Frame Relay topology provides a connection from every site to every other site and maintains a high amount of reliability?  par t i al mesh  full mesh* s t ar  hubandspok e 28. Which technology allows a Layer 3 IPv4 address to be dynamically obtained from a Layer 2 DLCI?  Inverse Address Resolution Protocol* I nver seNei ghborDi s cov er y  Addr es sResol ut i onPr ot ocol  Nei ghborDi sc ov er y 29. A network administrator has statically configured the LMI type on the interface of a Cisco router that is running Cisco IOS Release 11.2. If the service provider modifies its own LMI type in the future, what step must the network administrator take?  Thenet wor kadmi ni st r at ormus tmodi f yt hek eepal i v et i mei nt er v al t omai nt ai nconnec t i v i t ywi t h t heLMIt ypeoft hes er vi cepr ovi der .  Thenet wor kadmi ni st r at ors i mpl yhast ov er i f yconnect i v i t ywi t ht hepr ov i der ,bec auset her out er hasanLMIaut osensi ngf eat ur et hataut omat i cal l ydet ect st heLMIt ype.  The network administrator must statically set the LMI type to be compatible with the service provider.*  Thenet wor kadmi ni st r at ordoesnothavet odoanyt hi ng,bec auseal lLMIt ypesar ecompat i bl e wi t honeanot her . 30. Which two functions are provided by the Local Management Interface (LMI) that is used in Frame Relay networks? (Choose two.)  simple flow control*

 er r ornot i ficat i on c onges t i onnot i ficat i on  mappi ngofDLCI st onet wor kaddr ess es  exchange of information about the status of virtual circuits* 31. Which parameter would be specified in a Frame Relay provider contract for a particular company?  CIR*  DE I nver seARPenabl ed/ di sabl ed  QoS 32. Which three notification mechanisms are used when congestion is present in a Frame Relay network? (Choose three.)  BECN*  CI R  DE*  DLCI  FECN* i nv er s eARP 33. Why would a customer request a Frame Relay circuit with a CIR of zero? t ohav ebet t erQoS t ohav eaback upc i r c ui tf orc r i t i caldat at r ans mi ss i ons  to have a link with reduced costs* t ohav eac i r c ui tus edf orv oi cet r affic t ohav eac i r c ui tus edf ornet wor kmanagementt r affic 34. Which provider-negotiated parameter would allow a customer to send data above the rate of the bandwidth specified by the CIR?  Bc*  DE  Be  FECN 35. What is the purpose of apply...