Module 5 - ACL for IPv4 Review Quiz

1.

MULTIPLE SELECT QUESTION

1 min • 1 pt

The computers used by the network administrators for a school are on the 10.7.0.0/27 network. Which two commands are needed at a minimum to apply an ACL that will ensure that only devices that are used by the network administrators will be allowed Telnet access to the routers? (Choose two.)

access-list standard VTY permit 10.7.0.0.0.0.0.127

ip access-group 5 in

ip access-group 5 out

access-list 5 permit 10.7.0.0.0.0.0.31

access-class 5 in

2.

MULTIPLE SELECT QUESTION

1 min • 1 pt

Consider the configured access list.
R1# show access-lists
extended IP access list 100
deny tcp host 10.1.1.2 host 10.1.1.1 eq telnet
deny tcp host 10.1.2.2 host 10.1.2.1 eq telnet
permit ip any any (15 matches)
Which two actions are taken if the access list is placed inbound on a router Gigabit Ethernet port that has the IP address 192.168.10.254 assigned? (Choose two.)

Any device on the 10.1.1.0/24 network (except the 10.1.1.2 device) can telenet to the router that has the IP address 10.1.1.1 assigned.

A network administrator would not be able to tell if the access list has been applied to an interface or not.

Only the 10.1.1.2 device can telnet to the router that has the 10.1.1.1 IP address assigned.

The access list has been applied to an interface.

Any device can telnet to the 10.1.2.1 device.

3.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Which command will verify the number of packets that are permitted or denied by an ACL that restricts SSH access?

show running-config

show ip ssh

show ip interface brief

show access-lists

4.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

When configuring router security, which statement describes the most effective way to use ACLs to control Telnet traffic that is destined to the router itself?

The ACL is applied to the Telnet port with the ip access-group command.

The ACL should be applied to all vty lines in the in direction to prevent an unwanted user from connecting to an unsecured port.

Apply the ACL to the vty lines without the in and out option required when applying ACLs to interfaces.

The ACL must be applied to each vty line individually.

5.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

What packets would match the access control list statement that is shown below?
access-list 110 permit tcp 172.16.0.0 0.0.0.255 any eq 22

any TCP traffic from the 172.16.0.0 network to the destination network.

SSH traffic from the 172.16.0.0 network to any destination network

SSH traffic from the source network to the 172.16.0.0 network.

any TCP traffic from the host to the 172.16.0.0 network.

6.

MULTIPLE SELECT QUESTION

1 min • 1 pt

A network administrator needs to configure a standard ACL so that only the workstation of the administrator with the IP address 192.168.15.23 can access the virtual terminal of the main router. Which two configuration commands can achieve the task? (Choose two.)

Router1(config)# access-list 10 permit host 192.168.15.23

Router1(config)# access-list 10 permit 192.168.15.23 0.0.0.0

Router1(config)# access-list 10 permit 192.168.15.23 0.0.0.255

Router1(config)# access-list 10 permit 192.168.15.23 255.255.255.0

Router1(config)# access-list 10 permit 192.168.15.23 255.255.255.255

Answer explanation

o permit or deny one specific IP address, either the wildcard mask 0.0.0.0 (used after the IP address) or the wildcard mask keyword host (used before the IP address) can be used.
This item references content from the following areas:
Enterprise Networking, Security, and Automation1.5.1 Configure Standard IPv4 ACLs

7.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Refer to the exhibit. Which command would be used in a standard ACL to allow only devices on the network attached to R2 G0/0 interface to access the networks attached to R1?

access-list 1 permit 192.168.10.0 0.0.0.63

access-list 1 permit 192.168.10.96 0.0.0.31

access-list 1 permit 192.168.10.0 0.0.0.255

access-list 1 permit 192.168.10.128 0.0.0.63

Answer explanation

tandard access lists only filter on the source IP address. In the design, the packets would be coming from the 192.168.10.96/27 network (the R2 G0/0 network). The correct ACL is access-list 1 permit 192.168.10.96 0.0.0.31 .

8.

MULTIPLE SELECT QUESTION

1 min • 1 pt

A network administrator is writing a standard ACL that will deny any traffic from the 172.16.0.0/16 network, but permit all other traffic. Which two commands should be used? (Choose two.)

Router(config)# access-list 95 deny any

Router(config)# access-list 95 deny 172.16.0.0 0.0.255.255

Router(config)# access-list 95 deny 172.16.0.0 255.255.0.0

Router(config)# access-list 95 permit any

Router(config)# access-list 95 172.16.0.0 255.255.255.255

Answer explanation

To deny traffic from the 172.16.0.0/16 network, the access-list 95 deny 172.16.0.0 0.0.255.255 command is used. To permit all other traffic, the access-list 95 permit any statement is added.
This item references content from the following areas:
Enterprise Networking, Security, and Automation1.5.1 Configure Standard IPv4 ACLs

9.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Refer to the exhibit. An ACL was configured on R1 with the intention of denying traffic from subnet 172.16.4.0/24 into subnet 172.16.3.0/24. All other traffic into subnet 172.16.3.0/24 should be permitted. This standard ACL was then applied outbound on interface Fa0/0. Which conclusion can be drawn from this configuration?

Only traffic from the 172.16.4.0/24 subnet is blocked, and all other traffic is allowed.

An extended ACL must be used in this situation.

The ACL should be applied to the FastEthernet 0/0 interface of R1 inbound to accomplish the requirements.

All traffic will be blocked, not just traffic from the 172.16.4.0/24 subnet.

The ACL should be applied outbound on all interfaces of R1.

Answer explanation

Because of the implicit deny at the end of all ACLs, the access-list 1 permit any command must be included to ensure that only traffic from the 172.16.4.0/24 subnet is blocked and that all other traffic is allowed.
This item references content from the following areas:
Enterprise Networking, Security, and Automation1.5.1 Configure Standard IPv4 ACLs

10.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Refer to the exhibit. A network administrator needs to add an ACE to the TRAFFIC-CONTROL ACL that will deny IP traffic from the subnet 172.23.16.0/20. Which ACE will meet this requirement?

15 deny 172.23.16.0 0.0.15.255

5 deny 172.23.16.0 0.0.15.255

30 deny 172.23.16.0 0.0.15.255

5 deny 172.23.16.0 0.0.255.255

Answer explanation

The only filtering criteria specified for a standard access list is the source IPv4 address. The wild card mask is written to identify what parts of the address to match, with a 0 bit, and what parts of the address should be ignored, which a 1 bit. The router will parse the ACE entries from lowest sequence number to highest. If an ACE must be added to an existing access list, the sequence number should be specified so that the ACE is in the correct place during the ACL evaluation process.
This item references content from the following areas:
Enterprise Networking, Security, and Automation1.5.2 Modify IPv4 ACLs

Module 5 - ACL for IPv4 Review

30 questions

The computers used by the network administrators for a school are on the 10.7.0.0/27 network. Which two commands are needed at a minimum to apply an ACL that will ensure that only devices that are used by the network administrators will be allowed Telnet access to the routers? (Choose two.)

Which command will verify the number of packets that are permitted or denied by an ACL that restricts SSH access?

When configuring router security, which statement describes the most effective way to use ACLs to control Telnet traffic that is destined to the router itself?

What packets would match the access control list statement that is shown below?
access-list 110 permit tcp 172.16.0.0 0.0.0.255 any eq 22

A network administrator needs to configure a standard ACL so that only the workstation of the administrator with the IP address 192.168.15.23 can access the virtual terminal of the main router. Which two configuration commands can achieve the task? (Choose two.)

Refer to the exhibit. Which command would be used in a standard ACL to allow only devices on the network attached to R2 G0/0 interface to access the networks attached to R1?

tandard access lists only filter on the source IP address. In the design, the packets would be coming from the 192.168.10.96/27 network (the R2 G0/0 network). The correct ACL is access-list 1 permit 192.168.10.96 0.0.0.31 .

A network administrator is writing a standard ACL that will deny any traffic from the 172.16.0.0/16 network, but permit all other traffic. Which two commands should be used? (Choose two.)

Refer to the exhibit. A network administrator needs to add an ACE to the TRAFFIC-CONTROL ACL that will deny IP traffic from the subnet 172.23.16.0/20. Which ACE will meet this requirement?

Create a free account and access millions of resources

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Computers

Module 5 - ACL for IPv4 Review

30 questions

The computers used by the network administrators for a school are on the 10.7.0.0/27 network. Which two commands are needed at a minimum to apply an ACL that will ensure that only devices that are used by the network administrators will be allowed Telnet access to the routers? (Choose two.)

Which command will verify the number of packets that are permitted or denied by an ACL that restricts SSH access?

When configuring router security, which statement describes the most effective way to use ACLs to control Telnet traffic that is destined to the router itself?

What packets would match the access control list statement that is shown below?access-list 110 permit tcp 172.16.0.0 0.0.0.255 any eq 22

A network administrator needs to configure a standard ACL so that only the workstation of the administrator with the IP address 192.168.15.23 can access the virtual terminal of the main router. Which two configuration commands can achieve the task? (Choose two.)

Refer to the exhibit. Which command would be used in a standard ACL to allow only devices on the network attached to R2 G0/0 interface to access the networks attached to R1?

tandard access lists only filter on the source IP address. In the design, the packets would be coming from the 192.168.10.96/27 network (the R2 G0/0 network). The correct ACL is access-list 1 permit 192.168.10.96 0.0.0.31 .

A network administrator is writing a standard ACL that will deny any traffic from the 172.16.0.0/16 network, but permit all other traffic. Which two commands should be used? (Choose two.)

Refer to the exhibit. A network administrator needs to add an ACE to the TRAFFIC-CONTROL ACL that will deny IP traffic from the subnet 172.23.16.0/20. Which ACE will meet this requirement?

Create a free account and access millions of resources

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Computers

What packets would match the access control list statement that is shown below?
access-list 110 permit tcp 172.16.0.0 0.0.0.255 any eq 22