WAN Q7

  1. access-list 199 deny tcp 178.15.0.0 0.0.255.255 any eq 23
    access-list 199 permit ip any any

    Assuming this ACL is correctly applied to a router interface, which two statements describe traffic on the network? (Choose two.)

    a) Telnet and FTP will be permitted from all hosts on network 178.15.0.0 to any destination.
    b) Telnet will not be permitted from any hosts on network 178.15.0.0 to any destination.
    c) All FTP traffic from network 178.15.0.0 will be permitted.
    d) Telnet will not be permitted to any hosts on network 178.15.0.0 from any destination.
    e) All Telnet traffic destined for network 178.15.0.0 will be denied.
    • b) Telnet will not be permitted from any hosts on network 178.15.0.0 to any destination.     
    • c) All FTP traffic from network 178.15.0.0 will be permitted.
  2. The figure shows an ACL that already exists on the router. The network administrator entered the following command in the global configuration mode on the router.
      
     access-list 101 deny tcp any 192.168.1.0 0.0.0.255 eq ftp

    What effect does this have?

    Image Upload 1




    B) It insert the line as the last statement in the ACL.
  3. An administrator wants to implement authentication for access to a host for specific users who are connecting from outside the company network. What type of ACL would best suit the situation?




    C) dynamic
  4. Categorize the following descriptions with the appropriate ACL type.

    Descriptions:
    only checks source address
    access list numbers 100-199
    check protocol and port numbers
    only permits/denies entire protocols based on network address
    access list numbers 1-99
    checks source and destination address

    ACL Type:
    Standard IP ACL
    Extended IP ACL
    • only checks source address =>  Standard IP ACL
    • access list numbers 100-199 => Extended IP ACL
    • check protocol and port numbers => Extended IP ACL
    • only permits/denies entire protocols based on network address => Standard IP ACL
    • access list numbers 1-99 => Standard IP ACL
    • checks source and destination address => Extended IP ACL
  5. Match the following commands used with ACL to their descriptions:

    Commands:
    any
    ip access-group
    access-class
    host

    Descriptions:
    substitute for the 0.0.0.0 wildcard mask
    apply a particular ACL on VTY lines
    substitute for the 255.255.255.255 wildcard mask
    apply a particular ACL on the interface
    • any => substitute for the 255.255.255.255 wildcard mask
    • ip access-group => apply a particular ACL on the interface
    • access-class => apply a particular ACL on VTY lines
    • host => substitute for the 0.0.0.0 wildcard mask
  6. Match the protocol to the well-known port number.

    Protocols:
    FTP
    Telnet
    SMTP
    HTTP    
    DNS
    TFTP

    Ports:
    UDP port 69
    TCP port 21
    TCP port 23
    TCP/UDP port 53
    TCP port 80
    TCP port 25
    • FTP => TCP port 21  
    • Telnet => TCP port 23  
    • SMTP => TCP port 25  
    • HTTP => TCP port 80  
    • DNS => TCP/UDP port 53  
    • TFTP => UDP port 69
  7. What kind of access-list is created with the command ip access-list standard fastaccess?




    D) named ACL
  8. What type of ACL should the network administrator implement to limit Internet traffic during the peak hours of the day?




    C) time-based
  9. Which statement correctly describes a reflexive access control list?




    C) An ACL that allows IP traffic for sessions originating from inside the network, while denying traffic for sessions originating from the outside.
  10. Which statement correctly describes how Router1 processes packets with the configuration shown in the figure? 

    Image Upload 2




    D) A packet entering interface s0/0/0 is compared to each statement in ACL 101 until one statement matches the packet. Then the router drops or forwards the packet without considering the remaining statement in ACL 101.
  11. Which statement is correct regarding applying an access control list to an interface?




    C) Standard access lists should be applied to an interface as close to the destination as possible.
  12. Which two solutions can be implemented with ACLs? (Choose two.)





    • A) Create a "firewall" on a router to filter inbound traffic from an external untrusted network.     
    • e) Control traffic entering or exiting different areas of a local network.
  13. Which two statements correctly describe Cisco access control lists? (Choose two.)





    • B) Standard ACLs are numbered 1-99, and extended ACL are numbered 100-199.     
    • d) Extended ACLs filter traffic based on source and destination IP address, port number  and protocol.
  14. Which wildcard mask will be used to test for hosts from the network 192.168.12.0/29?




    C) 0.0.0.7
Author
kirin
ID
167267
Card Set
WAN Q7
Description
Wide Area Network Quiz 7 - Access Control List (ACL)
Updated