WAN Q7

access-list 199 deny tcp 178.15.0.0 0.0.255.255 any eq 23
access-list 199 permit ip any any

Assuming this ACL is correctly applied to a router interface, which two statements describe traffic on the network? (Choose two.)

a) Telnet and FTP will be permitted from all hosts on network 178.15.0.0 to any destination.
b) Telnet will not be permitted from any hosts on network 178.15.0.0 to any destination.
c) All FTP traffic from network 178.15.0.0 will be permitted.
d) Telnet will not be permitted to any hosts on network 178.15.0.0 from any destination.
e) All Telnet traffic destined for network 178.15.0.0 will be denied.

The figure shows an ACL that already exists on the router. The network administrator entered the following command in the global configuration mode on the router.
  
 access-list 101 deny tcp any 192.168.1.0 0.0.0.255 eq ftp

What effect does this have?



A) It insert the line as the last statement in the ACL.
B) It has no effect on the ACL.
C) It insert the line as the first statement in the ACL.
D) It delete the entire ACL and replace it with the new line only.

An administrator wants to implement authentication for access to a host for specific users who are connecting from outside the company network. What type of ACL would best suit the situation?

A) extended
B) time-based
C) reflexive
D) dynamic

Categorize the following descriptions with the appropriate ACL type.

Descriptions:
only checks source address
access list numbers 100-199
check protocol and port numbers
only permits/denies entire protocols based on network address
access list numbers 1-99
checks source and destination address

ACL Type:
Standard IP ACL
Extended IP ACL

Match the following commands used with ACL to their descriptions:

Commands:
any
ip access-group
access-class
host

Descriptions:
substitute for the 0.0.0.0 wildcard mask
apply a particular ACL on VTY lines
substitute for the 255.255.255.255 wildcard mask
apply a particular ACL on the interface

Match the protocol to the well-known port number.

Protocols:
FTP
Telnet
SMTP
HTTP    
DNS
TFTP

Ports:
UDP port 69
TCP port 21
TCP port 23
TCP/UDP port 53
TCP port 80
TCP port 25

What kind of access-list is created with the command ip access-list standard fastaccess?

A) turbo ACL
B) reflective ACL
C) named ACL
D) dynamic ACL

What type of ACL should the network administrator implement to limit Internet traffic during the peak hours of the day?

A) reflective
B) dynamic
C) time-based
D) policy-based

Which statement correctly describes a reflexive access control list?

A) An ACL that controls traffic based on time.
B) An ACL that uses an extended list to block users from traversing a router until they are authenticated.
C) An ACL that allows IP traffic for sessions originating from inside the network, while denying traffic for sessions originating from the outside.
D) An ACL that only identifies the source of traffic.

Which statement correctly describes how Router1 processes packets with the configuration shown in the figure? 



A) Traffic exiting interface s0/0/0 is filtered by both ACL 101 and ACL 201.
B) Router1 compares packets entering interface s0/0/0 to all the ACL 101 statements first, then compare the packets to all the ACL 201 statements.
C) If a packet entering interface s0/0/0 matches a condition in ACL 101, the router continues comparing the packet to the rest of the statements in ACL 101 to make sure that no other statements might also apply.
D) A packet entering interface s0/0/0 is compared to each statement in ACL 101 until one statement matches the packet. Then the router drops or forwards the packet without considering the remaining statement in ACL 101.

Which statement is correct regarding applying an access control list to an interface?

A) Named access lists are applied using the ip access-named command.
B) Standard access lists should be applied to an interface as close to the destination as possible.
C) Access lists are applied in global configuration mode.
D) The command for applying access list 101 inbound is ip access-list 101.

Which two solutions can be implemented with ACLs? (Choose two.)

A) Allow or deny traffic into network based on the MAC address.
B) Control traffic entering or exiting different areas of a local network.
C) Segment the network into subnets to increase available bandwidth
D) Distribute DHCP traffic to allow easier network availability.
E) Create a "firewall" on a router to filter inbound traffic from an external untrusted network.

Which two statements correctly describe Cisco access control lists? (Choose two.)

A) Extended ACLs filter traffic based on source and destination IP address, port number  and protocol.
B) ACLs are created in interface configuration mode.
C) Standard ACLs do not permit the use of wildcard masks
D) Standard ACLs are numbered 1-99, and extended ACL are numbered 100-199.
E) Standard ACLs permit or deny traffic to specific IP addresses.

Which wildcard mask will be used to test for hosts from the network 192.168.12.0/29?

A) 0.0.0.15
B) 0.0.0.7
C) 0.0.0.3
D) 0.0.0.31