access control list

Download Report

Transcript access control list

Question N °1 You are securing a network for TestKing and want to apply an ACL (access control list) to an interface of a router. Which one of the following commands would you use?

A. permit access-list 101 out B. ip access-group 101 out C. apply access-list 101 out D. access-class 101 out E. ip access-list e0 out

Question N°2 You're the systems administrator at Testing, and you create the following access control lists.

access-list101 deny tcp 5.1.1.10 0.0.0.0 5.1.3.0 0.0.0.255 eq telnet access-list101 permit any any You then enter the command "ip access-group 101 in" to apply access control list 101 to router TK1s e0 interface.

Which of the following Telnet sessions will be blocked as a result of your access lists? (Select all that apply)

A. Telnet sessions from host A to host 5.1.1.10

B. Telnet sessions from host A to host 5.1.3.10

C. Telnet sessions from host B to host 5.1.2.10

D. Telnet sessions from host B to host 5.1.3.8

E. Telnet sessions from host C to host 5.1.3.10

F. Telnet sessions from host F to host 5.1.1.10

Question N °3 Which of the following statements regarding the use of multiple access lists are valid when configuring a single interface on a Cisco router?

A. Application of up to three access lists per protocol to a single interface.

B. No more than two access lists per interface.

C. One access list may be configured per direction for each Layer 3 protocol configured on an interface.

D. The maximum number allowed varies due to RAM availability in the router.

E. An infinite number of access lists that can be applied to an interface, from most specific to most general.

F. Cisco IOS allows only one access list to an interface.

Question N °4 On the serial interface of a router, an inbound access list is configured to deny all traffic from UDP and TCP ports 21, 23, and 25. All other traffic is permitted. Based on this information, which types of traffic will be allowed through this interface? (Choose three)

A. SMTP B. DNS C. FTP D. Telnet E. HTTP F. POP3

Question N°5 The following access list below was applied outbound on the E0 interface connected to the 192.169.1.8/29 LAN:

access-list 135 deny tcp 192.169.1.8 0.0.0.7 eq 20 any access-list 135 deny tcp 192.169.1.8 0.0.0.7 eq 21 any

How will the above access lists affect traffic?

A. FTP traffic from 192.169.1.22 will be denied.

B. No traffic, except for FTP traffic will be allowed to exit E0.

C. FTP traffic from 192.169.1.9 to any host will be denied.

D. All traffic exiting E0 will be denied.

E. All FTP traffic to network 192.169.1.9/29 will be denied.

Question N°6 Which of the following commands would successfully implement an access list on a routers virtual terminal line? (Select only one answer choice)

A. RouterTK(config-line)# access-class 10 in B. RouterTK(config-if)# ip access-class 23 out C. RouterTK(config-line)# access-list 150 in D. RouterTK(config-if)# ip access-list 128 out E. RouterTK(config-line)# access-group 15 out F. RouterTK(config-if)# ip access-group 110 in

Question N°7 You want to apply an access list to the e0 interface on the router, with the goal of halting HTTPS traffic from the Production Department from reaching the HR server via the router. Which of the following access lists would you use?

A. Permit ip any any Deny tcp 172.16.16.0 0.0.0.255 172.17.17.252 0.0.0.0 eq 443 B. Permit ip any any Deny tcp 172.17.17.252 0.0.0.0 172.16.16.0 0.0.0.255 eq 443 C. Deny tcp 172.17.17.252 0.0.0.0 172.16.16.0 0.0.0.255 eq 443 Permit ip any any D. Deny tcp 172.16.16.0 0.0.0.255 172.17.17.252 0.0.0.0 eq 443 Permit ip any any

Question N°8 What are some general guidelines regarding the placement of access control lists?

(Select two answer choices)

A. You should place standard ACLS as close as possible to the source of traffic to be denied.

B. You should place extended ACLS as close as possible to the source of traffic to be denied.

C. You should place standard ACLS as close as possible to the destination of traffic to be denied.

D. You should place extended ACLS should be places as close as possible to the destination of traffic to be denied.

Question N°9 On your newly installed router, you apply the access list illustrated below to interface Ethernet 0 on a Cisco router. The interface is connected to the 192.168.1.8/29 LAN.

access-list 123 deny tcp 192.168.166.18 0.0.0.7 eq 20 any access-list 123 deny tcp 192.168.166.18 0.0.0.7 eq 21 any

How will the above access lists affect traffic?

A. All traffic will be allowed to exit E0 except FTP traffic.

B. FTP traffic from 192.168.166.19 to any host will be denied.

C. FTP traffic from 192.168.166.22 to any host will be denied.

D. All traffic exiting E0 will be denied.

E. All FTP traffic to network 192.168.166.18/29 from any host will be denied.

Question N°10 On a newly installed router, the following access list is added to the HSSI interface for incoming traffic:

Access-list 101 permit tcp any 10.18.10.0 0.0.0.255 eq tcp

What is the effect of the "any" keyword in the above access list?

A. check any of the bits in the source address B. permit any wildcard mask for the address C. accept any source address D. check any bit in the destination address E. permit 255.255.255.255 0.0.0.0

F. accept any destination

Question N°11 Which one of the following commands will display the placement and direction of an IP access control list on the interfaces of a router?

A. show interface list B. show ip route C. show ip interface D. show ip interface brief E. show interface

Question N°12 You are a technician at TestKing. Your assistant applied an IP access control list to Router TK1. You want to check the placement and direction of the access control list.

Which command should you use?

A. show access-list B. show ip access-list C. show ip interface D. show interface E. show interface list

Question N°13 Refer to the graphic. It has been decided that Workstation 1 should be denied access to Server1. Which of the following commands are required to prevent only Workstation 1 from accessing Server1 while allowing all other traffic to flow normally? (Choose two)

A. RouterTK1(config)# interface fa0/0 RouterTK1(config-if)# ip access-group 101 out B. RouterTK1(config)# interface fa0/0 RouterTK1(config-if)# ip access-group 101 in C. RouterTK1(config)# access-list 101 deny ip host 172.16.161.150 host 172.16.162.163

RouterTK1(config)# access-list 101 permit ip any any D. RouterTK1(config)# access-list 101 deny ip 172.16.161.150 0.0.0.255 172.16.162.163 0.0.0.0

RouterTK1(config)# access-list 101 permit ip any any

Question N°14 Which wild card mask will enable a network administrator to permit access to the Internet for only hosts that are assigned an address in the range 192.168.8.0 through 192.168.15.255?

A. 0.0.0.0

B. 0.0.0.255

C. 0.0.255.255

D. 0.0.7.255

E. 0.0.3.255

F. None of the above