Which two pieces of information are required when creating a standard access control list? (Choose two.)

source address and wildcard mask

access list number between 1 and 99

destination address and wildcard mask

access list number between 100 and 199

What two steps provide the quickest way to completely remove an ACL from a router? (Choose two.)

Use the no access-list command to remove the entire ACL.

Remove the inbound/outbound reference to the ACL from the interface.

Use the no keyword and the sequence number of every ACE within the named ACL to be removed.

Copy the ACL into a text editor, add no before each ACE, then copy the ACL back into the router.

Modify the number of the ACL so that it doesn't match the ACL associated with the interface.

If the provided ACEs are in the same ACL, which ACE should be listed first in the ACL according to best practice?

permit udp 172.16.0.0 0.0.255.255 host 172.16.1.5 eq snmptrap

permit tcp 172.16.0.0 0.0.3.255 any established

permit udp any any range 10000 20000

deny udp any host 172.16.1.5 eq snmptrap

Which two types of addresses should be denied inbound on a router interface that attaches to the Internet? (Choose two.)

any IP address that starts with the number 127

any IP address that starts with the number 1

In the creation of an IPv6 ACL, what is the purpose of the implicit final command entries, permit icmp any any nd-na and permit icmp any any nd-ns ?

to allow IPv6 to MAC address resolution

to allow forwarding of IPv6 multicast packets

to allow automatic address configuration

to allow forwarding of ICMPv6 packets

What two statements describe characteristics of IPv6 access control lists? (Choose two.)

They use prefix lengths to indicate how much of an address to match.

They include two implicit permit statements by default.

They are applied to an interface with the ip access-group command .

They permit ICMPv6 router advertisements by default.

A security specialist designs an ACL to deny access to a web server from all sales staff. The sales staff are assigned addressing from the IPv6 subnet 2001:db8:48:2c::/64. The web server is assigned the address 2001:db8:48:1c::50/64. Configuring the WebFilter ACL on the LAN interface for the sales staff will require which three commands? (Choose three.)

deny tcp any host 2001:db8:48:1c::50 eq 80

ipv6 traffic-filter WebFilter in

permit tcp any host 2001:db8:48:1c::50 eq 80

Refer to the exhibit. A network administrator created an IPv6 ACL to block the Telnet traffic from the 2001:DB8:CAFE:10::/64 network to the 2001:DB8:CAFE:30::/64 network. What is a command the administrator could use to allow only a single host 2001:DB8:CAFE:10::A/64 to telnet to the 2001:DB8:CAFE:30::/64 network?

permit tcp host 2001:DB8:CAFE:10::A 2001:DB8:CAFE:30::/64 eq 23 sequence 5

permit tcp 2001:DB8:CAFE:10::A/64 2001:DB8:CAFE:30::/64 eq 23

permit tcp 2001:DB8:CAFE:10::A/64 eq 23 2001:DB8:CAFE:30::/64

permit tcp host 2001:DB8:CAFE:10::A eq 23 2001:DB8:CAFE:30::/64

What is one benefit of using a stateful firewall instead of a proxy server?

ability to perform user authentication

ability to perform packet filtering

What is one limitation of a stateful firewall?

not as effective with UDP- or ICMP-based traffic

cannot filter unnecessary traffic

What are two characteristics of a stateful firewall? (Choose two.)

uses connection information maintained in a state table

analyzes traffic at Layers 3, 4 and 5 of the OSI model

uses static packet filtering techniques

uses complex ACLs which can be difficult to configure

When implementing components into an enterprise network, what is the purpose of a firewall?

A firewall is a system that enforces an access control policy between internal corporate networks and external networks.

firewall is a system that stores vast quantities of sensitive and business-critical information.

A firewall is a system that inspects network traffic and makes forwarding decisions based solely on Layer 2 Ethernet MAC addresses.

A firewall is a system that is designed to secure, monitor, and manage mobile devices, including corporate-owned devices and employee-owned devices.

What are two possible limitations of using a firewall in a network? (Choose two.)

A misconfigured firewall can create a single point of failure.

Network performance can slow down.

It cannot sanitize protocol flows.

It provides accessibility of applications and sensitive resources to external untrusted users.

It increases security management complexity by requiring off-loading network access control to the device.

What are two differences between stateful and stateless firewalls? (Choose two.)

A stateless firewall will examine each packet individually while a stateful firewall observes the state of a connection.

A stateful firewall will prevent spoofing by determining whether packets belong to an existing connection while a stateless firewall follows pre-configured rule sets.

A stateless firewall is able to filter sessions that use dynamic port negotiations while a stateful firewall cannot.

A stateless firewall will provide more logging information than a stateful firewall.

A stateless firewall provides more stringent control over security than a stateful firewall.

Which statement describes a typical security policy for a DMZ firewall configuration?

Traffic that originates from the DMZ interface is selectively permitted to the outside interface.

Traffic that originates from the outside interface is permitted to traverse the firewall to the inside interface with few or no restrictions.

Traffic that originates from the inside interface is generally blocked entirely or very selectively permitted to the outside interface.

Return traffic from the outside that is associated with traffic originating from the inside is permitted to traverse from the outside interface to the DMZ interface.

Return traffic from the inside that is associated with traffic originating from the outside is permitted to traverse from the inside interface to the outside interface.

How does a firewall handle traffic when it is originating from the public network and traveling to the private network?

Traffic that is originating from the public network is usually blocked when traveling to the private network.

Traffic that is originating from the public network is not inspected when traveling to the private network.

Traffic that is originating from the public network is usually permitted with little or no restrictions when traveling to the private network.

Traffic that is originating from the public network is selectively permitted when traveling to the private network.

When implementing a ZPF, what is the default security setting when forwarding traffic between two interfaces in the same zone?

Traffic between interfaces in the same zone is not subject to any policy and passes freely.

Traffic between interfaces in the same zone is selectively forwarded based on Layer 3 information.

Traffic between interfaces in the same zone is blocked.

Traffic between interfaces in the same zone is selectively forwarded based on the default policy restrictions.

Which two statements describe the two configuration models for Cisco IOS firewalls? (Choose two.)

The IOS Classic Firewall and ZPF cannot be combined on a single interface.

IOS Classic Firewalls and ZPF models can be enabled on a router concurrently.

ZPF must be enabled in the router configuration before enabling an IOS Classic Firewall.

IOS Classic Firewalls must be enabled in the router configuration before enabling ZPF.

Both IOS Classic Firewall and ZPF models require ACLs to define traffic filtering policies.

Designing a ZPF requires several steps. Which step involves dictating the number of devices between most-secure and least-secure zones and determining redundant devices?

design the physical infrastructure

establish policies between zones

identify subsets within zones and merge traffic requirements

What is the result in the self zone if a router is the source or destination of traffic?

Only traffic that originates in the router is permitted.

Only traffic that is destined for the router is permitted.

Which two rules about interfaces are valid when implementing a Zone-Based Policy Firewall? (Choose two.)

If neither interface is a zone member, then the action is to pass traffic.

If both interfaces are members of the same zone, all traffic will be passed.

If one interface is a zone member, but the other is not, all traffic will be passed.

If both interfaces belong to the same zone-pair and a policy exists, all traffic will be passed.

If one interface is a zone member and a zone-pair exists, all traffic will be passed.

What is the first step in configuring a Cisco IOS zone-based policy firewall via the CLI?

Assign policy maps to zone pairs.

Assign router interfaces to zones.

Which statement describes Cisco IOS Zone-Based Policy Firewall operation?

The pass action works in only one direction.

A router interface can belong to multiple zones.

Service policies are applied in interface configuration mode.

Router management interfaces must be manually assigned to the self zone.

C3 - Quiz

Professional Development

•

35 Qs

Similar activities

ISPRMT - Quiz 1

Professional Development

•

30 Qs

Toyota Value Chain Quiz Bee (After-Sales Edition)

Professional Development

•

31 Qs

UC2 : Tecnico programmatore siti web

Professional Development

•

30 Qs

Formulas in Excel

6th Grade - Professional Development

•

37 Qs

Oxy Fuel & Safety

KG - Professional Development

•

37 Qs

PO0205 Applying Fillers and Foundation Materials

Professional Development

•

37 Qs

CCNA Final Exam

Professional Development

•

30 Qs

Effective Communication

Professional Development

•

30 Qs

C3 - Quiz

Quiz

•

Instructional Technology

•

Professional Development

•

Practice Problem

•

Hard

Instructor Instructor

Used 1+ times

FREE Resource

35 questions

Show all answers

MULTIPLE SELECT QUESTION

1 min • 1 pt

What are two characteristics of ACLs? (Choose two.)

Extended ACLs can filter on destination TCP and UDP ports.

Standard ACLs can filter on source TCP and UDP ports.

Extended ACLs can filter on source and destination IP addresses.

Standard ACLs can filter on source and destination IP addresses.

Standard ACLs can filter on source and destination TCP and UDP ports.

Answer explanation

Standard ACLs can only filter on source addresses. That is why they are normally placed closest to the destination. Extended ACLs can filter on source and destination IP addresses, port numbers, and specific message types within a particular protocol such as echo request within the ICMP protocol.

MULTIPLE SELECT QUESTION

1 min • 1 pt

Which three statements describe ACL processing of packets? (Choose three.)

An implicit deny any rejects any packet that does not match any ACE.

A packet can either be rejected or forwarded as directed by the ACE that is matched.

A packet that has been denied by one ACE can be permitted by a subsequent ACE.

A packet that does not match the conditions of any ACE will be forwarded by default.

Each statement is checked only until a match is detected or until the end of the ACE list.

Answer explanation

When a packet comes into a router that has an ACL configured on the interface, the router compares the condition of each ACE to determine if the defined criteria has been met. If met, the router takes the action defined in the ACE (allows the packet through or discards it). If the defined criteria has not been met, the router proceeds to the next ACE. An implicit deny any statement is at the end of every standard ACL.

MULTIPLE SELECT QUESTION

1 min • 1 pt

A network administrator configures an ACL with the command R1(config)# access-list 1 permit 172.16.0.0 0.0.15.255 . Which two IP addresses will match this ACL statement? (Choose two.)

172.16.0.255

172.16.15.36

172.16.16.12

172.16.34.24

172.16.65.21

Answer explanation

The wildcard mask indicates that any IP address within the range of 172.16.0.0 to 172.16.15.255 matches.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

What single access list statement matches all of the following networks?
192.168.16.0
192.168.17.0
192.168.18.0
192.168.19.0

access-list 10 permit 192.168.16.0 0.0.3.255

access-list 10 permit 192.168.16.0 0.0.0.255

access-list 10 permit 192.168.16.0 0.0.15.255

access-list 10 permit 192.168.0.0 0.0.15.255

Answer explanation

The ACL statement access-list 10 permit 192.168.16.0 0.0.3.255 will match all four network prefixes. All four prefixes have the same 22 high order bits. These 22 high order bits are matched by the network prefix and wildcard mask of 192.168.16.0 0.0.3.255.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

When creating an ACL, which keyword should be used to document and interpret the purpose of the ACL statement on a Cisco device?

established

remark

description

Answer explanation

In order to document the purpose of an ACL and identify its function more easily, the remark keyword is used when building the ACL. The established keyword is used to allow connections that were initially sourced from the current device. The eq operator is used to specify a port number for denying or permitting traffic. The description keyword is used when configuring and documenting interfaces.

MULTIPLE SELECT QUESTION

1 min • 1 pt

Which two characteristics are shared by both standard and extended ACLs? (Choose two.)

Both kinds of ACLs can filter based on protocol type.

Both can permit or deny specific services by port number.

Both include an implicit deny as a final statement.

Both filter packets for a specific destination host IP address.

Both can be created by using either a descriptive name or number.

Answer explanation

Standard ACLs filter traffic based solely on a specified source IP address. Extended ACLs can filter by source or destination, protocol, or port. Both standard and extended ACLs contain an implicit deny as a final statement. Standard and extended ACLs can be identified by either names or numbers.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Refer to the exhibit. What is the result of adding the established argument to the end of the ACE?

Any traffic is allowed to reach the 192.168.254.0 255.255.254.0 network.

Any IP traffic is allowed to reach the 192.168.254.0 255.255.254.0 network as long as it is in response to an originated request.

192.168.254.0 /23 traffic is allowed to reach any network.

Any TCP traffic is allowed to reach the 192.168.254.0 255.255.254.0 network if it is in response to an originated request.

Answer explanation

The established argument allows TCP return traffic from established connections to be sent on an outgoing interface to a network.

Create a free account and access millions of resources

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

30 questions

UC2 : Tecnico programmatore siti web

Quiz

•

Professional Development

35 questions

Banking

Quiz

•

Professional Development

37 questions

Formulas in Excel

Quiz

•

6th Grade - Professio...

37 questions

PO0205 Applying Fillers and Foundation Materials

Quiz

•

Professional Development

30 questions

CCNA Final Exam

Quiz

•

Professional Development

30 questions

Effective Communication

Quiz

•

Professional Development

30 questions

ISPRMT - Quiz 1

Quiz

•

Professional Development

31 questions

Toyota Value Chain Quiz Bee (After-Sales Edition)

Quiz

•

Professional Development

Popular Resources on Wayground

5 questions

This is not a...winter edition (Drawing game)

Quiz

•

1st - 5th Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

10 questions

Identify Iconic Christmas Movie Scenes

Interactive video

•

6th - 10th Grade

20 questions

Christmas Trivia

Quiz

•

6th - 8th Grade

18 questions

Kids Christmas Trivia

Quiz

•

KG - 5th Grade

11 questions

How well do you know your Christmas Characters?

Lesson

•

3rd Grade

14 questions

Christmas Trivia

Quiz

•

5th Grade

20 questions

How the Grinch Stole Christmas

Quiz

•

5th Grade

Discover more resources for Instructional Technology

26 questions

Christmas Movie Trivia

Lesson

•

8th Grade - Professio...

25 questions

Christmas Movies

Quiz

•

Professional Development

20 questions

Christmas Trivia

Quiz

•

Professional Development

15 questions

Fun Holiday Trivia

Quiz

•

Professional Development

25 questions

Name That Tune - Christmas

Quiz

•

Professional Development

29 questions

Christmas Song Emoji Pictionary

Quiz

•

Professional Development

9 questions

Holiday Movie Trivia

Lesson

•

Professional Development

34 questions

Winter Trivia

Quiz

•

Professional Development

C3 - Quiz

35 questions

What are two characteristics of ACLs? (Choose two.)

Standard ACLs can only filter on source addresses. That is why they are normally placed closest to the destination. Extended ACLs can filter on source and destination IP addresses, port numbers, and specific message types within a particular protocol such as echo request within the ICMP protocol.

Which three statements describe ACL processing of packets? (Choose three.)

A network administrator configures an ACL with the command R1(config)# access-list 1 permit 172.16.0.0 0.0.15.255 . Which two IP addresses will match this ACL statement? (Choose two.)

The wildcard mask indicates that any IP address within the range of 172.16.0.0 to 172.16.15.255 matches.

What single access list statement matches all of the following networks?
192.168.16.0
192.168.17.0
192.168.18.0
192.168.19.0

The ACL statement access-list 10 permit 192.168.16.0 0.0.3.255 will match all four network prefixes. All four prefixes have the same 22 high order bits. These 22 high order bits are matched by the network prefix and wildcard mask of 192.168.16.0 0.0.3.255.

When creating an ACL, which keyword should be used to document and interpret the purpose of the ACL statement on a Cisco device?

Which two characteristics are shared by both standard and extended ACLs? (Choose two.)

Standard ACLs filter traffic based solely on a specified source IP address. Extended ACLs can filter by source or destination, protocol, or port. Both standard and extended ACLs contain an implicit deny as a final statement. Standard and extended ACLs can be identified by either names or numbers.

Refer to the exhibit. What is the result of adding the established argument to the end of the ACE?

The established argument allows TCP return traffic from established connections to be sent on an outgoing interface to a network.

Which two keywords can be used in an access control list to replace a wildcard mask or address and wildcard mask pair? (Choose two.)

Which two pieces of information are required when creating a standard access control list? (Choose two.)

Standard ACLs can be numbered 1 to 99 and 1300 to 1999. Standard IP ACLs filter only on the source IP address.

What two steps provide the quickest way to completely remove an ACL from a router? (Choose two.)

To completely remove an ACL from a router requires two steps. Removing the actual ACL with the no access-list command and removing the association of the ACL from the appropriate interface.

Create a free account and access millions of resources

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Instructional Technology

C3 - Quiz

35 questions

What are two characteristics of ACLs? (Choose two.)

Standard ACLs can only filter on source addresses. That is why they are normally placed closest to the destination. Extended ACLs can filter on source and destination IP addresses, port numbers, and specific message types within a particular protocol such as echo request within the ICMP protocol.

Which three statements describe ACL processing of packets? (Choose three.)

A network administrator configures an ACL with the command R1(config)# access-list 1 permit 172.16.0.0 0.0.15.255 . Which two IP addresses will match this ACL statement? (Choose two.)

The wildcard mask indicates that any IP address within the range of 172.16.0.0 to 172.16.15.255 matches.

What single access list statement matches all of the following networks?192.168.16.0192.168.17.0192.168.18.0192.168.19.0

The ACL statement access-list 10 permit 192.168.16.0 0.0.3.255 will match all four network prefixes. All four prefixes have the same 22 high order bits. These 22 high order bits are matched by the network prefix and wildcard mask of 192.168.16.0 0.0.3.255.

When creating an ACL, which keyword should be used to document and interpret the purpose of the ACL statement on a Cisco device?​

Which two characteristics are shared by both standard and extended ACLs? (Choose two.)

Standard ACLs filter traffic based solely on a specified source IP address. Extended ACLs can filter by source or destination, protocol, or port. Both standard and extended ACLs contain an implicit deny as a final statement. Standard and extended ACLs can be identified by either names or numbers.

Refer to the exhibit. What is the result of adding the established argument to the end of the ACE?

The established argument allows TCP return traffic from established connections to be sent on an outgoing interface to a network.

Which two keywords can be used in an access control list to replace a wildcard mask or address and wildcard mask pair? (Choose two.)

Which two pieces of information are required when creating a standard access control list? (Choose two.)

Standard ACLs can be numbered 1 to 99 and 1300 to 1999. Standard IP ACLs filter only on the source IP address.

What two steps provide the quickest way to completely remove an ACL from a router? (Choose two.)

To completely remove an ACL from a router requires two steps. Removing the actual ACL with the no access-list command and removing the association of the ACL from the appropriate interface.

Create a free account and access millions of resources

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Instructional Technology

What single access list statement matches all of the following networks?
192.168.16.0
192.168.17.0
192.168.18.0
192.168.19.0

When creating an ACL, which keyword should be used to document and interpret the purpose of the ACL statement on a Cisco device?