Acls

Access List Questions
A network administrator wants to add a line to an access list that will block only Telnet access by
the hosts on subnet 192.168.1.128/28 to the server at 192.168.1.5.
What command should be issued to accomplish this task?
access-list 101 deny tcp 192.168.1.128 0.0.0.15 192.168.1.5 0.0.0.0 eq 23
access-list 101 permit ip any any
access-list 1 deny tcp 192.168.1.128 0.0.0.15 host 192.168.1.5 eq 23
-------------------------------------------------------------------------------------------------------------------The following access list below was applied outbound on the E0 interface connected to the
192.169.1.8/29 LAN:
access-list 135 deny tcp 192.169.1.8 0.0.0.7 eq 20 any
access-list 135 deny tcp 192.169.1.8 0.0.0.7 eq 21 any
How will the above access lists affect traffic?
FTP traffic from 192.169.1.22 will be denied
No traffic, except for FTP traffic will be allowed to exit E0
FTP traffic from 192.169.1.9 to any host will be denied
All traffic exiting E0 will be denied
All FTP traffic to network 192.169.1.9/29 will be denied
-------------------------------------------------------------------------------------------------------------------The following configuration line was added to router R1
Access-list 101 permit ip 10.25.30.0 0.0.0.255 any
What is the effect of this access list configuration?
permit all packets matching the first three octets of the source address to all destinations
permit all packet matching the last octet of the destination address and accept all source
addresses
permit all packet matching the host bits in the source address to all destinations
permit all packet from the third subnet of the network address to all destinations
-------------------------------------------------------------------------------------------------------------------Which two statements apply to dynamic access lists?
they offer simpler management in large internetworks.
you can control logging messages.
they allow packets to be filtered based on upper-layer session information.
you can set a time-based security policy.
they provide a level of security against spoofing.
they are used to authenticate individual users.
--------------------------------------------------------------------------------------------------------------------
Refer to the exhibit.

Your boss is learning a CCNA training course, The access list has been configured on the S0/0
interface of router RTB in the outbound direction. Which two packets, if routed to the interface,
will be denied?
access-list
list 101 deny tcp 192.168.15.32 0.0.0.15 any eq telnet
access-list 101 permit ip any anyy
source ip address: 192.168.15.5; destination port: 21
source ip address: 192.168.15.37 destination port: 21
source ip address: 192.168.15.46; des
destination port: 23
-------------------------------------------------------------------------------------------------------------------A standard IP access list is applied to an Ethernet interface of a router.
What does this standard access list filter on?
The source and destination addresses
The destination port number
The destination address
The source IP address
Source MAC address
All of the above
-------------------------------------------------------------------------------------------------------------------Which command shows if an access list is assigned to an interface?
show ip interface [interface] access
access-lists
show ip access-lists interface
ce [interface]
show ip interface [interface]
show ip access-lists [interface]
-------------------------------------------------------------------------------------------------------------------Which item represents the standard IP ACL?
access-list 50 deny 192.168.1.1 0.0.0.255

access-list
list 110 permit ip any any
access-list
list 2500 deny tcp any host 192.168.1.1 eq 22
access-list
list 101 deny tcp any host 192.168.1.1
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Which statement about access lists that are applied to an interface is true?
you can apply only one access list on any interface
you can configure one access list, per direction, per layer 3 protocol
you can place as many access lists as you want on any interface
you can configure one access list, per direction, per layer 2 protocol
-------------------------------------------------------------------------------------------------------------------A network engineer wants to allow a te
temporary
mporary entry for a remote user with a specific username
and password so that the user can access the entire network over the internet. Which ACL can be
used?
reflexive
extended
standard
dynamic
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------In which solution is a router ACL used?
protecting a server from unauthorized access
controlling path selection, based on the route metric
reducing router CPU utilization
filtering packets that are passing through a router
-------------------------------------------------------------------------------------------------------------------Refer to the exhibit.
Why would the network administrator configure RA in this manner?
to give students access to the Internet

to prevent students from accessing the command line of RA
to prevent administrators from accessing the console of RA
to give administrators access to the Internet
to prevent students from accessing the Internet
to prevent students from accessing
essing the Admin network
-------------------------------------------------------------------------------------------------------------------An access list was written with the four statements shown in the graphi
graphic.
Which single access list statement will combine all four of these statements into a single
statement that will have exactly the same effect?
access-list
list 10 permit 172.29.16.0 0.0.0.255
access-list
list 10 permit 172.29.16.0 0.0.1.255
access-list
list 10 permit 172.29.16.0 0.0.3.255
access-list 10 permit 172.29.16.0 0.0.15.255
access-list
list 10 permit 172.29.0.0 0.0.255.255
-------------------------------------------------------------------------------------------------------------------As a network administrator, you have been instructed to prevent all traffic originating on the
LAN from entering the R2 router. Which the following command would implement the access
list on the interface of the R2 router?
access-list 101 in
access-list 101 out
ip access-group 101 in
ip access-group 101 out
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------The access control list shown in the graphic has been applied to the Ethernet interface of router
R1 using the ip access-group
group 101 in command. Which of the following Telnet sessions will be
blocked by this ACL? (Choose two)
from host PC1 to host 5.1.1.10

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Refer to the exhibit.
What will happen to HTTP traffic coming from the Internet that is destined for 172.16.12.10 if
the traffic is processed by this ACL?
router#show access-lists
Extended IP access list 110
10 deny tcp 172.16.0.0 0.0.255.255 any eq telnet
20 deny tcp 172.16.0.0 0.0.255.255 any eq smtp
30 deny tcp 172.16.0.0 0.0.255.255 any eq http
40 permit tcp 172.16.0.0 0.0.255.255 any
Traffic will be dropped per line 30 of the ACL.
Traffic will be accepted per line 40 of the ACL.
Traffic will be dropped, because of the implicit deny all at the end of the ACL.
Traffic will be accepted, because the source address is not covered by the ACL.
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Refer to the exhibit.
Which statement describes the effect that the Router1 configuration has on devices in the
172.16.16.0 subnet when they try to connect to SVR
SVR-A using Telnet or SSH?
Devices will not be able to use Telnet or SSH.

Devices will be able to use SSH, but not Telnet.
Devices will be able to use Telnet, but not SSH.
Devices will be able to use Telnet and SSH.
-------------------------------------------------------------------------------------------------------------------Refer to the exhibit.
Which three variables (router, protocol port, and router ACL direction) apply to an extended
ACL that will prevent student
udent 01 from securely browsing the internet?
OUT
Router 3
HTTPS
IN
Router 1
-------------------------------------------------------------------------------------------------------------------What are two reasons that a network administrator would us
use access lists?
to control vty access into a router

to control broadcast traffic through a router
to filter traffic as it passes through a router
to filter traffic that originates from the router
to replace passwords as a line of defense against security incursions
-------------------------------------------------------------------------------------------------------------------The company internetwork is subnetted using 29 bits. Which wildcard mask should be used to
configure an extended access list to permit or deny access to an entire subnetwork?
255.255.255.224
255.255.255.248
0.0.0.224
0.0.0.8
0.0.0.7
0.0.0.3
-------------------------------------------------------------------------------------------------------------------Which wild card mask will enable a network administrator to permit access to the internet for
only hosts that are assigned an address in the range of 192.168.8.0 through 192.168.15.255?
0.0.0.0
0.0.0.255
0.0.255.255
0.0.7.255
0.0.3.255
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------The access list shown in the graphic should deny hosts located on network 172.16.1.0, except
host 172.16.1.5, from accessing the 172.16.4.0 network. All other networks should be accessible.
Which command sequence will correctly apply this access list?
routerA(config)# interface fa0/0
routerA(config-if)# ip access-group
group 10 in
routerA(config)# interface s0/0
group 10 out
routerA(config-if)# ip access-group
routerB(config)# interface fa0/1
routerB(config-if)# ip access-group
group 10 out
routerB(config)# interface fa0/0
group 10 out
routerB(config)# interface s0/1
group 10 out
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Refer to the exhibit.
A technician is testing connection problems in the internetwork. What is the problem indicated
by the output from HostA?
The routing on Router2 is not functioning properly.
The Fa0/24 interface of Switch1 is dowm.
An access list is applied to an interface of router3.
The gateway address of HostA is incorrect or not configured.
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Refer to the exhibit.
A technician is testing internetwork connetion problems. What is the troublem indicated be the
output from Host A?
An access list is applied to an interface of Router 3.
The routing on Router 2 is not functioning properly.
The Fa0/24 interface of Switch1 is down.
The gateway address of Host A is incorrect or not configured.
Refer to the exhibit.
A network technician enters the following line into the router Tidmore1.
Tidmore1(config)#interface
)#interface FastEthernet 0/0
Tidmore1(config-if)#no
if)#no ip access
access-group 106 in
Tidmore1(config)#interface Serial 0/0
Tidmore1(config-if)#ip access-group
group 106 in
Wath is the effect of this configuration?
The change has no effect on the packets being filtered.
All traffic from the 192.168.254.0 LAN to the internet is permitted.
Web pages from the internet cannot be accessed by hosts in the 192.168.254.0 LAN.
No hosts in the 192.168.254.0 LAN except 192.168.254.7 can access web pages from the
Internet.
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Refer to the exhibit. A network technician enters the following line the router.
Tidmore1(config)#access-list
list 106 deny tcp 192.168.
192.168.254.0
254.0 0.0.0.255 any eq www.
What is the effect of this configuration?
The change has no effect on the packets being filtered.
All traffic from the 192.168.254.0 LAN to the internet is permitted.
Web pages from the internet cannot be accessed by hosts in tthe
he 192.168.254.0 LAN.
No hosts in the 192.168.254.0 LAN except 192.168.254.7 can access web pages from the
Internet.
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
This graphic shows

hows the results of an attempt to open a telnet connection to router ACCESS1
from router Remote 27. Which of the following command sequences will correct this problem?
ACCESS1(config)#line console 0
ACCESS1(config-line)#password
line)#password cisco
Remote27(config)#line
ine console 0
Remote27(config-line)#login
Remote27(config-line)#password
ACCESS1(config)#line vty 0 4
ACCESS1(config-line)#login
ACCESS1(config-line)#password
Remote27 (config)#line vty 0 4
Remote27 (config-line)#login
password cisco
Remote27 (config-line)#password
ACCESS1(config)#enable password cisco
Remote27 (config)#enable password cisco
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------What three pieces of information can bbe used in an extended access list to filter traffic? (Choose
three)
Protocol
VLAN number
TCP or UDP port numbers
Source switch port numbers
Source IP address and destination IP address
Source MAC address and destination MAC address
-------------------------------------------------------------------------------------------------------------------What can be done to secure the virtual terminal interfaces on a router? (Choose two)
Administratively shut down the interface.
Physically secure the interface.
Create an access list and apply it to the virtual terminal interfaces with the access-group
access
command.
Configure a virtual terminal password and login process.
Enter an access list and apply it to the virtual terminal interfaces using tthe
he access-class
access
command.
-------------------------------------------------------------------------------------------------------------------An inbound access list has been configured on a serial interface to deny packet entry for TCP
and UDP ports 21, 23 and 25. What types of packets will be permitted by this ACL? (Choose
three)
FTP
Telnet
SMTP
DNS
HTTP
POP3
-------------------------------------------------------------------------------------------------------------------Refer to the exhibit. The FMJ manufacturing company is concerned about unauthorized access to
the Payroll Server. The Accounting1, CEO, Mgr1, and Mgr2 workstations should be the only
computers with access to the Payroll Server. What two technologies should be implemented to
help prevent unauthorized access to the server? (Choose two)
access lists
encrypted router passwords
STP
VLANs
VTP
wireless LANs
-------------------------------------------------------------------------------------------------------------------Refer to the exhibit. What statement is true of the configuration for this network?
The configuration that is shown provides inadequate outside addre

address
ss space for translation of the
number of inside addresses that are supported.
Because of the addressing on interface FastE
FastEthernet0/1, the Serial0/0 interface
erface address will not
support the NAT configuration as shown.
The number 1 referred to in the ip nat inside source command references access
access--list number 1.
ExternalRouter must be configured with static routers to network 172.
172.16.2.0/24
-------------------------------------------------------------------------------------------------------------------Which of the following are keywords that can be used in an access control list to replace a dotted
decimal wildcard mask? (Choose two.)
all
some
any
sum
host
most
-------------------------------------------------------------------------------------------------------------------Where should extended access control lists be placed?
They should be placed as close as possible to the source of the traffic to be denied.
They should be placed as close as possible to the destination of the traffic to be denied.
They should be placed on the fastest interface available.
They should be placed on the destination WAN link.
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Which of the following must be in an extended access control list? (Choose three.)
destination address and wildcard mask
access list number between 1 and 99
subnet mask and wild card mask

source address and wildcard mask
access list number between 100 and 199
default gateway address and wildcard mask
-------------------------------------------------------------------------------------------------------------------Which of the following are required when creating a standard access control list? (Choose two.)
subnet mask and wildcard mask
access list number between 100 and 199 or 2000 and 2699
source address and wildcard mask
destination address and wildcard mask
access list number between 1 and 99 or 1300 to 1999
-------------------------------------------------------------------------------------------------------------------Which IP address and wildcard mask would you use in your ACL to block all the hosts in the
subnet 192.168.16.43/28?
192.168.16.32 0.0.0.16
192.168.16.43 0.0.0.212
192.168.16.0 0.0.0.15
192.168.16.32 0.0.0.15
192.168.16.0 0.0.0.31
192.168.16.16 0.0.0.31
-------------------------------------------------------------------------------------------------------------------How is an access list implemented in a router?
Enter the access list statements globally and apply the list globally.
Enter the access list statements globally and apply the list to a specific interface.
Enter the access list statements on a specific interface and apply the list globally.
Enter the access list statements on a specific interface and apply the list to that same interface.
-------------------------------------------------------------------------------------------------------------------For security reasons, the network administrator needs to prevent pings into the corporate
networks from hosts outside the network. Which protocol should be blocked with access control
list?
IP
ICMP
TCP
UDP
-------------------------------------------------------------------------------------------------------------------You wish to limit telnet access into your Cisco router to only a single host. In order to
accomplish this, access list 1 has been written to allow host 172.16.1.224 access to the router vty
lines. What command would assign this access- list to the Virtual Terminal Lines?
router(config-line)# ip access-group 1 in
router(config-line)# access-class 1 in
router(config-line)# ip access-list 1 in
router(config-line)# access-line 1 in
--------------------------------------------------------------------------------------------------------------------
Which command is required to apply an access list on a virtual terminal line of a router?
Router(config-line)# access-class 10 in
Router(config-if)# ip access-class 23 out
Router(config-line)# access-group 15 out
Router(config-if)# ip access-group 110 in
Router(config-line)# access-list 150 in
Router(config-if)# ip access-list 128 out
-------------------------------------------------------------------------------------------------------------------Unauthorized users have user Telnet to login access to a company router. The network
administrator wants to configure and apply an access list to allow Telnet access to the router, but
only from the network administrators computer. Which group of commands would be the best
choice to allow only the IP address 172.16.3.3 to have Telnet access to the router?
access-list 3 permit host 172.16.3.3
line vty 0 4
access-list 3 permit host 172.16.3.3
line vty 0 4
ip access-class 3 in
access-list 101 permit tcp any host 172.16.3.3 eq telnet
interface s0/0
access-list 101 permit tcp any host 172.16.3.3 eq telnet
interface s0/0
-------------------------------------------------------------------------------------------------------------------Which of the following access list statements will deny all telnet connections to subnet 10.0.1.0
/24?
access-list 15 deny tcp 10.0.1.0 255.255.255.0 eq telnet
access-list 115 deny tcp any 10.0.1.0 eq telnet
access-list 115 deny udp any 10.0.1.0 eq 23
access-list 115 deny tcp any 10.0.1.0 0.0.0.255 eq 23
access-list 15 deny telnet any 10.0.1.0 0.0.0.255 eq 23
-------------------------------------------------------------------------------------------------------------------Which of the following access list statements would deny traffic from a specific host?
Router(config)# access-list 1 deny 172.31.212.74 any
Router(config)# access-list 1 deny 10.6.111.48 host
Router(config)# access-list 1 deny 172.16.4.13 0.0.0.0
--------------------------------------------------------------------------------------------------------------------
Refer to the graphiIt has been decided that Workstation 1 should be denied access to Server1.
Which of the following commands are required to prevent only Workstation 1 from accessing
Server1 while allowing all other traffic to flow normally? (Choose two)
RouterA(config)#interface fa0/0
RouterA(config-if)#ip access-group
group 101 out
RouterA(config)#interface fa0/0
RouterA(config-if)#ip access-group
group 101 in
RouterA(config)#access-list
list 101 deny ip host 172.16.161.150 host 172.161.162.163
list 101 permit ip an
any any
list 101 deny ip 172.16.161.150 0.0.0.255 172.161.162.163 0.0.0.0
list 101 permit ip any any
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Which of the following statements are true regarding the meaning of the access control list
wildcard mask 0.0.0.15? (Choose two.)
The first 32 bits of a supplied IP address will be matched.
The first 28 bits of a supplied IP address will be matched
matched.
The last five bits of a supplied IP address will be ignored.
The first 28 bits of a supplied IP address will be ignored.
The last four bits of a supplied IP address will be ignored.
The last four bits of a supplied IP address will be matched.
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------When using access control lists to filter traffic, which of the following is used to track multiple
sessions occurring between hosts?
subnet masks
routed protocols
port numbers
routing protocols
IP addresses
interfaces
-------------------------------------------------------------------------------------------------------------------Which three of the following are uses of access control lists (ACLs)? (Choose three.)
protect hosts from viruses
classify network traffic
provide high network availability
identify interesting traffic for DDR
IP route filtering
monitor the number of bytes and packets
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Which commands are used to verify the content and placement of access control lists? (Choose
three.)
show ip interface
show running-config
show ip route
show cdp neighbor
show processes
show access-lists
-------------------------------------------------------------------------------------------------------------------Which commands can a network administrator use to monitor and verify access list operations?
(Choose two.)
Router# show ip route
Router# show protocols
Router# show IOS version
Router# show ip interface
Router# show access-lists
Router# show cdp neighbor
-------------------------------------------------------------------------------------------------------------------Whichh command is used to display the placement and direction of on
n IP access control list on a
router?
show access-list
show ip route
show ip interface
show interface
show interface list
show ip interface brief
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Refer to the graphic. It has become necessary to prevent accounting department users on the
Amherst router from accessing the human resources server attached to interface E0 of the
Northampton router. The following access control lost has been created:
access-list
list 19 deny 192.168.16.128 0.0.0.31
access-list 19 permit any
On which interface and in which direction should this access list be prevent accounting uses
from accessing the network attached to the E0 interface of the Northampton router?,
router? Access to
other network should be unaffected.
Amherst S0, out
Amherst E1, in
Amherst E0, out
Northampton S1, in
Northampton E0, out
Northampton E1, in
-------------------------------------------------------------------------------------------------------------------The CATEE Network is displayed in the flowing diagram:
You need to place an access list on the Fa0 interface of the wan connected router; that will deny
access to all hosts that lie within the range 192.168.160.0
192.168.160.0-192.168.191.0.
192.168.191.0. Hosts in the
192.168.195.0 network should be granted full access. Which one of the following answer choices
fulfills your needs?
list 1 deny 192.168.163.0 0.
0.0.0.255
access-list
access-list
list 1 deny 192.168.128.0 0.0.127.255
access-list
list 1 deny 192.168.160.0 0.0.255.255
access-list
list 1 deny 192.168.160.0 0.0.31.255
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Refer to the graphic. Assuming the following goals:
1-)) Allow Telnet from the internet to the HR server
2-)) Allow HTTP access from the internet to the web server
3-)) Allow other traffic from the internet should be blocked.
Which of the following access
ess list statements are necessary to accomplish three goals? (Choose
two)
access-list
list 101 permit tcp any 172.17.18.252 0.0.0.0 eq 80
access-list
access-list
list 101 deny tcp any 172.17.18.252 0.0.0.0 eq 80
access-list
st 101 permit tcp 172.17.17.252 0.0.0.0 any eq 23
access-list
list 101 deny tcp any 172.17.17.252 0.0.0.0 eq 23
access-list
-------------------------------------------------------------------------------------------------------------------The following access control list needs to be applied to one of the routers shown in the graphic.
Access-list
list 101 permit tcp 192.168.1.16 00.0.0.15 192.168.2.16 0.0.0.15 eq 23.
What can be concluded about this ACL? (Choose two)
Telnet traffic from 192.168.1.16 0.0.0.15 to 192.168.2.16 0.0.0.15 is allowed.

SMTP traffic from 192.168.2.16 0.0.0.15 to 192.168.1.16 0.0.0.15 is allowed.
The ACL is configured to allow traffic from one specific host to another.
When the ACL is applied, Server A will be able to ping Server
The ACL should be applied inbound to the e0 interface of Router A
The ACL should be applied outbound to the e0 interface of Router A.
-------------------------------------------------------------------------------------------------------------------A network administrator in Miami has been instructed to prevent all traffic originating on the
Chicago LAN from entering
ering the Miami router. Which statement would accomplish this filtering?
Access-list
list 101 deny ip 192.168.45.0 0.0.0.255 any.
Access-list
list 101 deny ip 192.168.45.0 0.0.0.0 any.
Access-list
list 101 deny ip 192.168.46.0 0.0.0.255 192.168.45.0 0.0.0.255.
Access-list
list 101 deny ip 192.168.46.0 0.0.0.255 any.
-------------------------------------------------------------------------------------------------------------------A network associate creates the configuration shown in the exhibit. What will be the results
r
of
this configuration?
The configuration
tion creates four access lists.
The fourth line of the configuration creates an access list that allows all traffic from the host
172.16.232.253 except Telnet and ping traffi
traffic
The configuration creates an access lists that allow all traffic from the 172.16.232.253
72.16.232.253 except
Telnet and ping traffic.
The configuration creates an access lists that allows all the hosts in the 172.16.232.0/24 subnet to
use Telnet not to access web pages.
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------In order to control access on the CATEE network, the following access list is created:
access-list
list 101 permit tcp 192.168.1.16 0.0.0.15 192.168.2 16 0.0.0.15 eq 23
What would happen if you applied the following ACL to any one of the KTE routers in the
above exhibit?, On what interface and what direction should you apply it?, Once applied, what
will this access list accomplish? (Select all valid answer choices)
Telnett traffic from 192.168.1.16 0.0.0.15 to 168.2.16 0.0.0.15 is allowed
allowed.
SMTP traffic from 192.168.1.16 0.0.0.15 to 168.2.16 0.0.0.15 is allowed.
The ACL is configured to allow traffic from one specific host to another.
The ACL should be applied inbound to th
the e0 interface of Router KTE1.
The ACL should be applied outbound to the e0 interface of Router KTE1.
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Which of the following answer
er choices are correct characteristics of named access list? (Select
all that apply)
You can delete individual statements in a named access list
Named access lists require a numbered range from 1000 to 1099.
Named access lists must be specified as standar
standard or extended.
You can use the ip access-list
list command to create named access lists.
You cannot delete individual statements in a named access list.
You can use the ip name-group
group command to apply named access lists.
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------The KTE
TE network is shown below:
The network administrator would like to permit only hosts on the 172.30.16.0/24 network
to access the Internet.
Which wild card mask and address combination will only match addresses on this network?
172.30.0.0 0.0.0.0
172.30.16.0 0.0.0.255
172.30.0.0 0.0.15.255
172.30.16.0 0.0.31.255
172.30.16.0 0.0.255.255
--------------------------------------------------------------------------------------------------------------------
The KTE University network is shown below:

In the above network, an access list was created in order to prevent students and outsiders on the
internet from changing student files in the Records Server, while still allowing other departments
in the enterprise access. The access control list was applied to the e0 interface of the R-3 router
going outbound. Which two of the following conditions below were contained in the access
control list? (Select two answer choices)
permit 172.16.64.254 0.0.0.0 172.16.0.0 0.0.255.255
permit 172.16.0.0 0.0.255.255 172.16.64.254 0.0.0.0
deny 172.16.64.254 0.0.0.0 172.16.62.0 0.0.0.255
deny 172.16.62.0 0.0.0.255 172.16.64.254 0.0.0.0
deny 172.16.64.254 0.0.0.0 any
permit any any
-------------------------------------------------------------------------------------------------------------------The KTE WAN is shown below:
Your goal is to allow FTP access to the HR server, while blocking out all other traffic.
Which of the access list configurations below will fulfill your goal? (Select two answer choices)
Access-list 101 Permit tcp any 192.168.44.252 0.0.0.0 eq 21
Access-list 101 Permit tcp any 192.168.44.252 0.0.0.0 eq 20
Access-list 101 Permit tcp 192.168.44.252 0.0.0.0 any eq 20
Access-list 101 Permit tcp 192.168.44.252 0.0.0.0 any eq 21
Access-list 101 Deny tcp any 192.168.44.255 0.0.0.0 gt 21
Access-list 101 Permit tcp 192.168.44.255 0.0.0.0 any gt 21
--------------------------------------------------------------------------------------------------------------------
Part of the KTE network is shown below:

The CATEE network administrator wants to prevent computers on the 192.168.23.64/26 subnet
from accessing the 192.168.23.128/26 subnet via FTP. All other hosts should be allowed to
access. What commands should be entered on the router to accomplish this task?
Router(config)#access-list 101 deny tcp 192.168.23.64 0.0.0.63 192.168.23.128 0.0.0.63 eq ftp
Router(config)#access-list 101 permit ip any any
Router(config)#interface fa0/0
Router(config-if)#ip access-group 101 in
Router(config)#access-list 101 deny tcp 192.168.23.64 0.0.255 192.168.23.128 0.0.0.255 eq ftp
Router(config-if)#access-list 101 out
Router(config)#access-list 101 deny tcp 192.168.23.64 0.0.0.255 192.168.23.128 0.0.0.255 eq
ftp
Router(config)#access-list 101 deny tcp 192.168.23.128 0.0.0.255 192.168.23.128 0.0.0.255 eq
ftp
Router(config-if)#ip access-group 101 out
--------------------------------------------------------------------------------------------------------------------

Acls

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Acls

Hochgeladen von

Copyright:

Verfügbare Formate

Access List Questions

Refer to the exhibit.

access-list 50 deny 192.168.1.1 0.0.0.255

to give students access to the Internet

from host PC1 to host 5.1.1.10

Devices will not be able to use Telnet or SSH.

to control vty access into a router

This graphic shows

The configuration that is shown provides inadequate outside addre

subnet mask and wild card mask

Telnet traffic from 192.168.1.16 0.0.0.15 to 192.168.2.16 0.0.0.15 is allowed.

The KTE University network is shown below:

Part of the KTE network is shown below:

Das könnte Ihnen auch gefallen