CCNA Access List Questions

Similar documents
Cisco CCNA ACL Part II

2002, Cisco Systems, Inc. All rights reserved.

Router and ACL ACL Filter traffic ACL: The Three Ps One ACL per protocol One ACL per direction One ACL per interface

Understanding Access Control Lists (ACLs) Semester 2 v3.1

Antonio Cianfrani. Access Control List (ACL) Part I

Choices for Using Wildcard Masks

Sybex CCENT Chapter 12: Security. Instructor & Todd Lammle

CCNA Course Access Control Lists

CCNA Discovery 3 Chapter 8 Reading Organizer

Routers use access lists to control incoming or outgoing traffic. You should know the following characteristics of an access list.

Lab 6: Access Lists. Device Interface IP Address Subnet Mask Gateway/Clock Rate Fa 0/ R1

Implementing Traffic Filtering with ACLs

Lab Configuring and Verifying Extended ACLs Topology

Access Control List Overview

Object Groups for ACLs

Configuring IP Session Filtering (Reflexive Access Lists)

Object Groups for ACLs

Configuring Commonly Used IP ACLs

Object Groups for ACLs

CCNA 1 Final Exam Answers UPDATE 2012 eg.2

7 Filtering and Firewalling

Lab - Troubleshooting ACL Configuration and Placement Topology

Extended ACL Configuration Mode Commands

Implementing Access Lists and Prefix Lists

Cisco EXAM CCNA Cisco Certified Network Associate. Buy Full Product.

Bridging Traffic CHAPTER3

Lab - Troubleshooting Standard IPv4 ACL Configuration and Placement Topology

V Commands. virtual ip, page 2 virtual ipv6, page 5 vrf, page 8. Cisco Nexus 7000 Series NX-OS Intelligent Traffic Director Command Reference 1

Implementing Access Lists and Prefix Lists on Cisco ASR 9000 Series Routers

Lab b Standard ACLs Instructor Version 2500

PT Activity: Configuring a Zone-Based Policy Firewall (ZPF)

Lab Configuring and Verifying Standard ACLs Topology

1. Which OSI layers offers reliable, connection-oriented data communication services?

Lab Configuring and Verifying Standard IPv4 ACLs Topology

Access Control List Enhancements on the Cisco Series Router

Inspection of Router-Generated Traffic

Lab Configure Cisco IOS Firewall CBAC on a Cisco Router

CSC Network Security

Actual4Test. Actual4test - actual test exam dumps-pass for IT exams

Object Groups for ACLs

Study Guide. Using ACLs to Secure Networks

2. What flavor of Network Address Translation can be used to have one IP address allow many users to connect to the global Internet? A. NAT B.

Reflexive Access List Commands

Implementing Traffic Filters for IPv6 Security

Firewall Simulation COMP620

CS 326e Lab 2, Edmondson-Yurkanan, Spring 2004 Router Configuration, Routing and Access Lists

Appendix B Policies and Filters

Firewall Policy. Edit Firewall Policy/ACL CHAPTER7. Configure a Firewall Before Using the Firewall Policy Feature

IP Named Access Control Lists

Connecting to the Management Network and Securing Access

Chapter 4 Software-Based IP Access Control Lists (ACLs)

CCNA 1 Chapter 11 V4.0 Answers

This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial distribution and

IP Access List Overview

Case Study. Routing & Switching. Cisco Networking Academy Routing and Switching: Scaling Network Case Study

Creating an IP Access List to Filter IP Options, TCP Flags, or Noncontiguous Ports

Port Forwarding Setup (NB7)

Lab Configuring and Verifying Standard IPv4 ACLs (Instructor Version Optional Lab)

Configuring NAT for IP Address Conservation

SE 4C03 Winter Sample Midterm Test. Instructor: Kartik Krishnan

IP Access List Overview

CS356 Lab NIL (Lam) In this lab you will learn: Cisco 2600 Router Configuration Static Routing PartB 20 min Access Control Lists PartC 30 min Explore!

HOW TURBO ACL S WORK

SE 4C03 Winter Midterm Test Answer Key. Instructor: Kartik Krishnan

Lab Configure Cisco IOS Firewall CBAC

EXAM - HP0-Y52. Applying HP FlexNetwork Fundamentals. Buy Full Product.

Configuring Network Security with ACLs

Case Study. WANs. Cisco Networking Academy Program CCNA 4: WAN Technologies v3.0

Table of Contents. Cisco Configuring IP Access Lists

CISCO EXAM QUESTIONS & ANSWERS

IP Access List Entry Sequence Numbering

Quality of Service Setup Guide (NB14 Series)

Lab b Simple Extended Access Lists

The Quickest Way To Get Certified TestKing's Interconnecting Cisco Networking Devices Exam (ICND ) Version 9.

Lab VTY Restriction Instructor Version 2500

Configuring IP Version 6

CCNA MCQS with Answers Set-1

PreLab for CS356 Lab NIL (Lam) (To be submitted when you come for the lab)

CCNA 1 Final Exam Answers UPDATE 2012 eg.1

Lab - Examining Telnet and SSH in Wireshark

How to Create an IP Access List to Filter IP Options TCP Flags Noncontiguous Ports or TTL Values,

Prerequisites for Creating an IP Access List to Filter IP Options TCP Flags Noncontiguous Ports

CCNA Security PT Practice SBA

Creating an IP Access List to Filter IP Options TCP Flags Noncontiguous Ports or TTL Values

Avaya Virtual Services Platform 9000 Implementation Exam

CCNA Exam File with Answers. Note: Underlines options are correct answers.

IP Access List Entry Sequence Numbering

IP Access List Entry Sequence Numbering

Lab Catalyst 2950 and 3550 Series Intra-VLAN Security

Configuring Lock-and-Key Security (Dynamic Access Lists)

Hands-On Activity. Firewall Simulation. Simulated Network. Firewall Simulation 3/19/2010. On Friday, February 26, we will be meeting in

CCNA 1 Chapter 2 v5.0 Exam Answers %

Actual4Test. Actual4test - actual test exam dumps-pass for IT exams

Configuring PPP over Ethernet with NAT

Chapter 7. IP Addressing Services. IP Addressing Services. Part I

Teacher s Reference Manual

Information about Network Security with ACLs

Vendor: Cisco. Exam Code: Exam Name: Cisco Interconnecting Cisco Networking Devices Part 1 (ICND1 v3.0) Version: Demo

Interconnecting Cisco Networking Devices Part1 ( ICND1) Exam.

Case Study. Routing & Switching. Cisco Networking Academy Routing and Switching: Scaling Network Case Study

Transcription:

CCNA Access List Questions Here you will find answers to CCNA Access list questions Note: If you are not sure about how to use Access list, please read my Access list tutorial Question 1 Your boss is learning a CCNA training course, refer to the exhibit. The access list has been configured on the S0/0 interface of router RTB in the outbound direction. Which two packets, if routed to the interface, will be denied? (Choose two) access-list 101 deny tcp 192.168.15.32 0.0.0.15 any eq telnet access-list 101 permit ip any any A. source ip address: 192.168.15.5; destination port: 21 B. source ip address: 192.168.15.37 destination port: 21 C. source ip address: 192.168.15.41 destination port: 21 D. source ip address: 192.168.15.36 destination port: 23 E. source ip address: 192.168.15.46; destination port: 23 F. source ip address: 192.168.15.49 destination port: 23 Answer: D E First we notice that telnet uses port 23 so only D, E & F can satisfy this requirement. The purpose of this access-list is to deny traffic from network 192.168.15.32 255.255.255.240 (to find out the subnet mask just convert all bit 0 to 1 and all bit 1 to 0 of the wildcard mask) to telnet to any device. So we need to figure out the range of this network to learn which ip address will be denied. Increment: 16 Network address: 192.168.15.32 Broadcast address: 192.168.15.47

-> Only 192.168.15.36 (Answer D) & 192.168.15.46 (Answer E) belong to this range so they are the correct answer. Question 2 Refer to the graphic. It has been decided that PC1 should be denied access to Server. Which of the following commands are required to prevent only PC1 from accessing Server1 while allowing all other traffic to flow normally? (Choose two) A Router(config)# interface fa0/0 Router(config-if)# ip access-group 101 out B Router(config)# interface fa0/0 Router(config-if)# ip access-group 101 in C Router(config)# access-list 101 deny ip host 172.16.161.150 host 172.16.162.163 Router(config)# access-list 101 permit ip any any D Router(config)# access-list 101 deny ip 172.16.161.150 0.0.0.255 172.16.162.163 0.0.0.0 Router(config)# access-list 101 permit ip any any Answer: B C Question 3 Refer to the exhibit. Why would the network administrator configure RA in this manner? A. to give students access to the Internet B. to prevent students from accessing the command prompt of RA

C. to prevent administrators from accessing the console of RA D. to give administrators access to the Internet E. to prevent students from accessing the Internet F. to prevent students from accessing the Admin network Answer: B Although the access-list is used to permit network 10.1.1.0/24 but the best answer here is to prevent students from accessing the command prompt of RA. From the picture above, we know that 10.1.1.0/24 is the Admin network. This access list is applied to line vty 0 4 so it will permit only Telnet traffic from Admin to RA while drop all other traffic (because of the implicit deny all command at the end of the access list). Therefore we can deduce that it will prevent students from accessing the command prompt of RA. This access list only filters Telnet traffic (because it is applied to vty line) so it will not prevent or allow anyone to access the Internet -> A, D, E are not correct. C is not correct as this access list allows administrators to access the console of RA. F is not correct as this access list does not proceed TCP, UDP or IP traffic so the students still access the Admin network. (Notice that the command prompt here implies telnet as telnet is the only way to remotely access RA) Question 4 An access list was written with the four statements shown in the graphic. Which single access list statement will combine all four of these statements into a single statement that will have exactly the same effect? A. access-list 10 permit 172.29.16.0 0.0.0.255 B. access-list 10 permit 172.29.16.0 0.0.1.255 C. access-list 10 permit 172.29.16.0 0.0.3.255 D. access-list 10 permit 172.29.16.0 0.0.15.255 E. access-list 10 permit 172.29.0.0 0.0.255.255 Answer: C Four statements above allow 4 networks (from 172.29.16.0/24 to 172.29.19.0/24) to go through so we can summary them as network 172.29.16.0/22.

/22 = 255.255.252.0 so it equals 0.0.3.255 when converting into wildcard mask -> C is correct. A, B, D are not correct as their wildcard masks are false. For example: Answer A allows from 172.29.16.0 to 172.29.16.255 Answer B allows from 172.29.16.0 to 172.29.17.255 Answer D allows from 172.29.16.0 to 172.29.31.255 Both the network address and wildcard mask of answer E are false as it allows the whole major network 172.29.0.0/16 to go through. Question 5 A network administrator wants to add a line to an access list that will block only Telnet access by the hosts on subnet 192.168.1.128/28 to the server at 192.168.1.5. What command should be issued to accomplish this task? A access-list 101 deny tcp 192.168.1.128 0.0.0.15 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any B access-list 101 deny tcp 192.168.1.128 0.0.0.240 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any C access-list 1 deny tcp 192.168.1.128 0.0.0.255 192.168.1.5 0.0.0.0 eq 21 access-list 1 permit ip any any D access-list 1 deny tcp 192.168.1.128 0.0.0.15 host 192.168.1.5 eq 23 access-list 1 permit ip any any Answer: A : First the question asks to block only Telnet access so the port we have to use is 23 -> C is not correct. Next we need to block traffic from hosts on the subnet 192.168.1.128/28, which is 192.168.1.128 0.0.0.15 if we convert to wildcard mask (just invert all bits of the subnet mask,from 0 to 1 and from 1 to 0 we will get the equivalent wildcard mask of that subnet mask) -> so B is incorrect In this case, we have to use extended access list because we need to specify which type of traffic (TCP) and which port (23) we want to block -> so D is incorrect because it uses standard access list. Question 6 As a network administrator, you have been instructed to prevent all traffic originating on the LAN from entering the R2 router. Which the following command would implement the access list on the interface of the R2 router?

A access-list 101 in B access-list 101 out C ip access-group 101 in D ip access-group 101 out Answer: C Question 7 The following access list below was applied outbound on the E0 interface connected to the 192.169.1.8/29 LAN: access-list 135 deny tcp 192.169.1.8 0.0.0.7 eq 20 any access-list 135 deny tcp 192.169.1.8 0.0.0.7 eq 21 any How will the above access lists affect traffic? A FTP traffic from 192.169.1.22 will be denied B No traffic, except for FTP traffic will be allowed to exit E0 C FTP traffic from 192.169.1.9 to any host will be denied D All traffic exiting E0 will be denied E All FTP traffic to network 192.169.1.9/29 will be denied Answer: D : There is always an implicit deny all command at the end of every access list, so if an access list doesn t have any permit command, it will block all the traffic. Note: This access list is applied on outbound direction so only packets exiting E0 will be checked. Packets entering E0 will not be checked and they all are allowed to pass through. Question 8 The access control list shown in the graphic has been applied to the Ethernet interface of router R1 using the ip access-group 101 in command. Which of the following Telnet sessions will be blocked by this ACL? (Choose two)

A from host PC1 to host 5.1.1.10 B from host PC1 to host 5.1.3.10 C from host PC2 to host 5.1.2.10 D from host PC2 to host 5.1.3.8 Answer: B D Below is the simple syntax of an extended access list: access-list access-list-number {deny permit} {ip tcp udp icmp} source [source-mask] dest [dest-mask] [eq dest-port] Notice that this access list is applied to the Ethernet interface of R1 in the in direction so in this case, it will filter all the packets originated from E1 network (host PC1 and PC2) with these parameters: Source network: 5.1.1.8 0.0.0.3 which means 5.1.1.8/252 (just invert all the wildcard bits to get the equivalent subnet mask) -> Packets from 5.1.1.8 to 5.1.1.11 will be filtered. Destination network: 5.1.3.0 0.0.0.255 which means 5.1.3.0/24-> Packets to 5.1.3.0/24 will be filtered Therefore packets originated from 5.1.1.8 to 5.1.1.11 and have the destination to the host 5.1.3.x (via Telnet) will be denied. Question 9 The following configuration line was added to router R1 Access-list 101 permit ip 10.25.30.0 0.0.0.255 any What is the effect of this access list configuration? A permit all packets matching the first three octets of the source address to all destinations B permit all packet matching the last octet of the destination address and accept all source addresses C permit all packet matching the host bits in the source address to all destinations D permit all packet from the third subnet of the network address to all destinations

Answer: A

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback