Beruflich Dokumente
Kultur Dokumente
A network administrator wants to add a line to an access list that will block only Telnet access by
the hosts on subnet 192.168.1.128/28 to the server at 192.168.1.5.
What command should be issued to accomplish this task?
access-list 101 deny tcp 192.168.1.128 0.0.0.15 192.168.1.5 0.0.0.0 eq 23
access-list 101 permit ip any any
access-list 101 deny tcp 192.168.1.128 0.0.0.240 192.168.1.5 0.0.0.0 eq 23
access-list 101 permit ip any any
access-list 1 deny tcp 192.168.1.128 0.0.0.255 192.168.1.5 0.0.0.0 eq 21
access-list 1 permit ip any any
access-list 1 deny tcp 192.168.1.128 0.0.0.15 host 192.168.1.5 eq 23
access-list 1 permit ip any any
-------------------------------------------------------------------------------------------------------------------The following access list below was applied outbound on the E0 interface connected to the
192.169.1.8/29 LAN:
access-list 135 deny tcp 192.169.1.8 0.0.0.7 eq 20 any
access-list 135 deny tcp 192.169.1.8 0.0.0.7 eq 21 any
How will the above access lists affect traffic?
FTP traffic from 192.169.1.22 will be denied
No traffic, except for FTP traffic will be allowed to exit E0
FTP traffic from 192.169.1.9 to any host will be denied
All traffic exiting E0 will be denied
All FTP traffic to network 192.169.1.9/29 will be denied
-------------------------------------------------------------------------------------------------------------------The following configuration line was added to router R1
Access-list 101 permit ip 10.25.30.0 0.0.0.255 any
What is the effect of this access list configuration?
permit all packets matching the first three octets of the source address to all destinations
permit all packet matching the last octet of the destination address and accept all source
addresses
permit all packet matching the host bits in the source address to all destinations
permit all packet from the third subnet of the network address to all destinations
-------------------------------------------------------------------------------------------------------------------Which two statements apply to dynamic access lists?
they offer simpler management in large internetworks.
you can control logging messages.
they allow packets to be filtered based on upper-layer session information.
you can set a time-based security policy.
they provide a level of security against spoofing.
they are used to authenticate individual users.
--------------------------------------------------------------------------------------------------------------------
access-list
list 101 deny tcp 192.168.15.32 0.0.0.15 any eq telnet
access-list 101 permit ip any anyy
source ip address: 192.168.15.5; destination port: 21
source ip address: 192.168.15.37 destination port: 21
source ip address: 192.168.15.41 destination port: 21
source ip address: 192.168.15.36 destination port: 23
source ip address: 192.168.15.46; des
destination port: 23
source ip address: 192.168.15.49 destination port: 23
-------------------------------------------------------------------------------------------------------------------A standard IP access list is applied to an Ethernet interface of a router.
What does this standard access list filter on?
The source and destination addresses
The destination port number
The destination address
The source IP address
Source MAC address
All of the above
-------------------------------------------------------------------------------------------------------------------Which command shows if an access list is assigned to an interface?
show ip interface [interface] access
access-lists
show ip access-lists interface
ce [interface]
show ip interface [interface]
show ip access-lists [interface]
-------------------------------------------------------------------------------------------------------------------Which item represents the standard IP ACL?
access-list
list 10 permit 172.29.16.0 0.0.0.255
access-list
list 10 permit 172.29.16.0 0.0.1.255
access-list
list 10 permit 172.29.16.0 0.0.3.255
access-list 10 permit 172.29.16.0 0.0.15.255
access-list
list 10 permit 172.29.0.0 0.0.255.255
-------------------------------------------------------------------------------------------------------------------As a network administrator, you have been instructed to prevent all traffic originating on the
LAN from entering the R2 router. Which the following command would implement the access
list on the interface of the R2 router?
access-list 101 in
access-list 101 out
ip access-group 101 in
ip access-group 101 out
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------The access control list shown in the graphic has been applied to the Ethernet interface of router
R1 using the ip access-group
group 101 in command. Which of the following Telnet sessions will be
blocked by this ACL? (Choose two)
OUT
Router 3
HTTPS
IN
Router 1
-------------------------------------------------------------------------------------------------------------------What are two reasons that a network administrator would us
use access lists?
A technician is testing connection problems in the internetwork. What is the problem indicated
by the output from HostA?
The routing on Router2 is not functioning properly.
The Fa0/24 interface of Switch1 is dowm.
An access list is applied to an interface of router3.
The gateway address of HostA is incorrect or not configured.
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Refer to the exhibit.
A technician is testing internetwork connetion problems. What is the troublem indicated be the
output from Host A?
An access list is applied to an interface of Router 3.
The routing on Router 2 is not functioning properly.
The Fa0/24 interface of Switch1 is down.
The gateway address of Host A is incorrect or not configured.
Refer to the exhibit.
A network technician enters the following line into the router Tidmore1.
Tidmore1(config)#interface
)#interface FastEthernet 0/0
Tidmore1(config-if)#no
if)#no ip access
access-group 106 in
Tidmore1(config)#interface Serial 0/0
Tidmore1(config-if)#ip access-group
group 106 in
Wath is the effect of this configuration?
The change has no effect on the packets being filtered.
All traffic from the 192.168.254.0 LAN to the internet is permitted.
Web pages from the internet cannot be accessed by hosts in the 192.168.254.0 LAN.
No hosts in the 192.168.254.0 LAN except 192.168.254.7 can access web pages from the
Internet.
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Refer to the exhibit. A network technician enters the following line the router.
Tidmore1(config)#access-list
list 106 deny tcp 192.168.
192.168.254.0
254.0 0.0.0.255 any eq www.
What is the effect of this configuration?
The change has no effect on the packets being filtered.
All traffic from the 192.168.254.0 LAN to the internet is permitted.
Web pages from the internet cannot be accessed by hosts in tthe
he 192.168.254.0 LAN.
No hosts in the 192.168.254.0 LAN except 192.168.254.7 can access web pages from the
Internet.
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
command.
Configure a virtual terminal password and login process.
Enter an access list and apply it to the virtual terminal interfaces using tthe
he access-class
access
command.
-------------------------------------------------------------------------------------------------------------------An inbound access list has been configured on a serial interface to deny packet entry for TCP
and UDP ports 21, 23 and 25. What types of packets will be permitted by this ACL? (Choose
three)
FTP
Telnet
SMTP
DNS
HTTP
POP3
-------------------------------------------------------------------------------------------------------------------Refer to the exhibit. The FMJ manufacturing company is concerned about unauthorized access to
the Payroll Server. The Accounting1, CEO, Mgr1, and Mgr2 workstations should be the only
computers with access to the Payroll Server. What two technologies should be implemented to
help prevent unauthorized access to the server? (Choose two)
access lists
encrypted router passwords
STP
VLANs
VTP
wireless LANs
-------------------------------------------------------------------------------------------------------------------Refer to the exhibit. What statement is true of the configuration for this network?
Which command is required to apply an access list on a virtual terminal line of a router?
Router(config-line)# access-class 10 in
Router(config-if)# ip access-class 23 out
Router(config-line)# access-group 15 out
Router(config-if)# ip access-group 110 in
Router(config-line)# access-list 150 in
Router(config-if)# ip access-list 128 out
-------------------------------------------------------------------------------------------------------------------Unauthorized users have user Telnet to login access to a company router. The network
administrator wants to configure and apply an access list to allow Telnet access to the router, but
only from the network administrators computer. Which group of commands would be the best
choice to allow only the IP address 172.16.3.3 to have Telnet access to the router?
access-list 3 permit host 172.16.3.3
line vty 0 4
ip access-group 3 in
access-list 3 permit host 172.16.3.3
line vty 0 4
ip access-class 3 in
access-list 101 permit tcp any host 172.16.3.3 eq telnet
interface s0/0
ip access-group 101 in
access-list 101 permit tcp any host 172.16.3.3 eq telnet
access-list 101 permit ip any any
interface s0/0
ip access-group 101 in
-------------------------------------------------------------------------------------------------------------------Which of the following access list statements will deny all telnet connections to subnet 10.0.1.0
/24?
access-list 15 deny tcp 10.0.1.0 255.255.255.0 eq telnet
access-list 115 deny tcp any 10.0.1.0 eq telnet
access-list 115 deny udp any 10.0.1.0 eq 23
access-list 115 deny tcp any 10.0.1.0 0.0.0.255 eq 23
access-list 15 deny telnet any 10.0.1.0 0.0.0.255 eq 23
-------------------------------------------------------------------------------------------------------------------Which of the following access list statements would deny traffic from a specific host?
Router(config)# access-list 1 deny 172.31.212.74 any
Router(config)# access-list 1 deny 10.6.111.48 host
Router(config)# access-list 1 deny 172.16.4.13 0.0.0.0
Router(config)# access-list 1 deny 192.168.14.132 255.255.255.0
Router(config)# access-list 1 deny 192.168.166.127 255.255.255.255
--------------------------------------------------------------------------------------------------------------------
Refer to the graphiIt has been decided that Workstation 1 should be denied access to Server1.
Which of the following commands are required to prevent only Workstation 1 from accessing
Server1 while allowing all other traffic to flow normally? (Choose two)
RouterA(config)#interface fa0/0
RouterA(config-if)#ip access-group
group 101 out
RouterA(config)#interface fa0/0
RouterA(config-if)#ip access-group
group 101 in
RouterA(config)#access-list
list 101 deny ip host 172.16.161.150 host 172.161.162.163
RouterA(config)#access-list
list 101 permit ip an
any any
RouterA(config)#access-list
list 101 deny ip 172.16.161.150 0.0.0.255 172.161.162.163 0.0.0.0
RouterA(config)#access-list
list 101 permit ip any any
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Which of the following statements are true regarding the meaning of the access control list
wildcard mask 0.0.0.15? (Choose two.)
The first 32 bits of a supplied IP address will be matched.
The first 28 bits of a supplied IP address will be matched
matched.
The last five bits of a supplied IP address will be ignored.
The first 28 bits of a supplied IP address will be ignored.
The last four bits of a supplied IP address will be ignored.
The last four bits of a supplied IP address will be matched.
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------When using access control lists to filter traffic, which of the following is used to track multiple
sessions occurring between hosts?
subnet masks
routed protocols
port numbers
routing protocols
IP addresses
interfaces
-------------------------------------------------------------------------------------------------------------------Which three of the following are uses of access control lists (ACLs)? (Choose three.)
protect hosts from viruses
classify network traffic
provide high network availability
identify interesting traffic for DDR
IP route filtering
monitor the number of bytes and packets
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Which commands are used to verify the content and placement of access control lists? (Choose
three.)
show ip interface
show running-config
show ip route
show cdp neighbor
show processes
show access-lists
-------------------------------------------------------------------------------------------------------------------Which commands can a network administrator use to monitor and verify access list operations?
(Choose two.)
Router# show ip route
Router# show protocols
Router# show IOS version
Router# show ip interface
Router# show access-lists
Router# show cdp neighbor
-------------------------------------------------------------------------------------------------------------------Whichh command is used to display the placement and direction of on
n IP access control list on a
router?
show access-list
show ip route
show ip interface
show interface
show interface list
show ip interface brief
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Refer to the graphic. It has become necessary to prevent accounting department users on the
Amherst router from accessing the human resources server attached to interface E0 of the
Northampton router. The following access control lost has been created:
access-list
list 19 deny 192.168.16.128 0.0.0.31
access-list 19 permit any
On which interface and in which direction should this access list be prevent accounting uses
from accessing the network attached to the E0 interface of the Northampton router?,
router? Access to
other network should be unaffected.
Amherst S0, out
Amherst E1, in
Amherst E0, out
Northampton S1, in
Northampton E0, out
Northampton E1, in
-------------------------------------------------------------------------------------------------------------------The CATEE Network is displayed in the flowing diagram:
You need to place an access list on the Fa0 interface of the wan connected router; that will deny
access to all hosts that lie within the range 192.168.160.0
192.168.160.0-192.168.191.0.
192.168.191.0. Hosts in the
192.168.195.0 network should be granted full access. Which one of the following answer choices
fulfills your needs?
list 1 deny 192.168.163.0 0.
0.0.0.255
access-list
access-list
list 1 deny 192.168.128.0 0.0.127.255
access-list
list 1 deny 192.168.160.0 0.0.255.255
access-list
list 1 deny 192.168.160.0 0.0.31.255
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Refer to the graphic. Assuming the following goals:
1-)) Allow Telnet from the internet to the HR server
2-)) Allow HTTP access from the internet to the web server
3-)) Allow other traffic from the internet should be blocked.
Which of the following access
ess list statements are necessary to accomplish three goals? (Choose
two)
access-list
list 101 permit tcp any 172.17.18.252 0.0.0.0 eq 80
access-list
list 1 permit tcp any 172.17.17.252 0.0.0.0 eq 23
access-list
list 101 deny tcp any 172.17.18.252 0.0.0.0 eq 80
access-list
st 101 permit tcp 172.17.17.252 0.0.0.0 any eq 23
access-list
list 101 deny tcp any 172.17.17.252 0.0.0.0 eq 23
access-list
list 101 permit tcp any 172.17.17.252 0.0.0.0 eq 23
-------------------------------------------------------------------------------------------------------------------The following access control list needs to be applied to one of the routers shown in the graphic.
Access-list
list 101 permit tcp 192.168.1.16 00.0.0.15 192.168.2.16 0.0.0.15 eq 23.
What can be concluded about this ACL? (Choose two)
Access-list
list 101 deny ip 192.168.45.0 0.0.0.255 any.
Access-list
list 101 deny ip 192.168.45.0 0.0.0.0 any.
Access-list
list 101 deny ip 192.168.46.0 0.0.0.255 192.168.45.0 0.0.0.255.
Access-list
list 101 deny ip 192.168.46.0 0.0.0.255 any.
-------------------------------------------------------------------------------------------------------------------A network associate creates the configuration shown in the exhibit. What will be the results
r
of
this configuration?
The configuration
tion creates four access lists.
The fourth line of the configuration creates an access list that allows all traffic from the host
172.16.232.253 except Telnet and ping traffi
traffic
The configuration creates an access lists that allow all traffic from the 172.16.232.253
72.16.232.253 except
Telnet and ping traffic.
The configuration creates an access lists that allows all the hosts in the 172.16.232.0/24 subnet to
use Telnet not to access web pages.
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------In order to control access on the CATEE network, the following access list is created:
access-list
list 101 permit tcp 192.168.1.16 0.0.0.15 192.168.2 16 0.0.0.15 eq 23
What would happen if you applied the following ACL to any one of the KTE routers in the
above exhibit?, On what interface and what direction should you apply it?, Once applied, what
will this access list accomplish? (Select all valid answer choices)
Telnett traffic from 192.168.1.16 0.0.0.15 to 168.2.16 0.0.0.15 is allowed
allowed.
SMTP traffic from 192.168.1.16 0.0.0.15 to 168.2.16 0.0.0.15 is allowed.
The ACL is configured to allow traffic from one specific host to another.
The ACL should be applied inbound to th
the e0 interface of Router KTE1.
The ACL should be applied outbound to the e0 interface of Router KTE1.
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Which of the following answer
er choices are correct characteristics of named access list? (Select
all that apply)
You can delete individual statements in a named access list
Named access lists require a numbered range from 1000 to 1099.
Named access lists must be specified as standar
standard or extended.
You can use the ip access-list
list command to create named access lists.
You cannot delete individual statements in a named access list.
You can use the ip name-group
group command to apply named access lists.
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------The KTE
TE network is shown below:
The network administrator would like to permit only hosts on the 172.30.16.0/24 network
to access the Internet.
Which wild card mask and address combination will only match addresses on this network?
172.30.0.0 0.0.0.0
172.30.16.0 0.0.0.255
172.30.0.0 0.0.15.255
172.30.16.0 0.0.31.255
172.30.16.0 0.0.255.255
--------------------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------------------