access control list

advertisement
Question N°1
You are securing a network for TestKing and
want to apply an ACL (access control list) to an
interface of a router. Which one of the following
commands would you use?
A. permit access-list 101 out
B. ip access-group 101 out
C. apply access-list 101 out
D. access-class 101 out
E. ip access-list e0 out
Question N°2
You're the systems administrator at Testing, and you create the following access control
lists.
access-list101 deny tcp 5.1.1.10 0.0.0.0 5.1.3.0 0.0.0.255 eq telnet
access-list101 permit any any
You then enter the command "ip access-group 101 in" to apply access control list 101 to
router TK1s e0 interface.
Which of the following Telnet sessions will be blocked as a result of your access lists?
(Select all that apply)
A. Telnet sessions from host A to host 5.1.1.10
B. Telnet sessions from host A to host 5.1.3.10
C. Telnet sessions from host B to host 5.1.2.10
D. Telnet sessions from host B to host 5.1.3.8
E. Telnet sessions from host C to host 5.1.3.10
F. Telnet sessions from host F to host 5.1.1.10
Question N°3
Which of the following statements regarding the use of multiple
access lists are valid when configuring a single interface on a
Cisco router?
A. Application of up to three access lists per protocol to a single
interface.
B. No more than two access lists per interface.
C. One access list may be configured per direction for each Layer 3
protocol configured on an interface.
D. The maximum number allowed varies due to RAM availability in
the router.
E. An infinite number of access lists that can be applied to an
interface, from most specific to most general.
F. Cisco IOS allows only one access list to an interface.
Question N°4
On the serial interface of a router, an inbound access
list is configured to deny all traffic from UDP and TCP
ports 21, 23, and 25. All other traffic is permitted.
Based on this information, which types of traffic will
be allowed through this interface? (Choose three)
A. SMTP
B. DNS
C. FTP
D. Telnet
E. HTTP
F. POP3
Question N°5
The following access list below was applied outbound on the E0 interface
connected to the 192.169.1.8/29 LAN:
access-list 135 deny tcp 192.169.1.8 0.0.0.7 eq 20 any
access-list 135 deny tcp 192.169.1.8 0.0.0.7 eq 21 any
How will the above access lists affect traffic?
A. FTP traffic from 192.169.1.22 will be denied.
B. No traffic, except for FTP traffic will be allowed to exit E0.
C. FTP traffic from 192.169.1.9 to any host will be denied.
D. All traffic exiting E0 will be denied.
E. All FTP traffic to network 192.169.1.9/29 will be denied.
Question N°6
Which of the following commands would successfully implement an
access list on a
routers virtual terminal line? (Select only one answer choice)
A. RouterTK(config-line)# access-class 10 in
B. RouterTK(config-if)# ip access-class 23 out
C. RouterTK(config-line)# access-list 150 in
D. RouterTK(config-if)# ip access-list 128 out
E. RouterTK(config-line)# access-group 15 out
F. RouterTK(config-if)# ip access-group 110 in
Question N°7
You want to apply an access list to the e0 interface on the router, with the goal of
halting HTTPS traffic from the Production Department from reaching the HR
server via the router. Which of the following access lists would you use?
A. Permit ip any any
Deny tcp 172.16.16.0 0.0.0.255 172.17.17.252 0.0.0.0 eq 443
B. Permit ip any any
Deny tcp 172.17.17.252 0.0.0.0 172.16.16.0 0.0.0.255 eq 443
C. Deny tcp 172.17.17.252 0.0.0.0 172.16.16.0 0.0.0.255 eq 443
Permit ip any any
D. Deny tcp 172.16.16.0 0.0.0.255 172.17.17.252 0.0.0.0 eq 443
Permit ip any any
Question N°8
What are some general guidelines regarding the placement of access control
lists?
(Select two answer choices)
A. You should place standard ACLS as close as possible to the source of traffic to
be denied.
B. You should place extended ACLS as close as possible to the source of traffic to
be denied.
C. You should place standard ACLS as close as possible to the destination of traffic
to be denied.
D. You should place extended ACLS should be places as close as possible to the
destination of traffic to be denied.
Question N°9
On your newly installed router, you apply the access list illustrated
below to interface Ethernet 0 on a Cisco router. The interface is
connected to the 192.168.1.8/29 LAN.
access-list 123 deny tcp 192.168.166.18 0.0.0.7 eq 20
any
access-list 123 deny tcp 192.168.166.18 0.0.0.7 eq 21
any
How will the above access lists affect traffic?
A. All traffic will be allowed to exit E0 except FTP traffic.
B. FTP traffic from 192.168.166.19 to any host will be denied.
C. FTP traffic from 192.168.166.22 to any host will be denied.
D. All traffic exiting E0 will be denied.
E. All FTP traffic to network 192.168.166.18/29 from any host will be denied.
Question N°10
On a newly installed router, the following access list is added to the
HSSI interface
for incoming traffic:
Access-list 101 permit tcp any 10.18.10.0 0.0.0.255 eq tcp
What is the effect of the "any" keyword in the above access list?
A. check any of the bits in the source address
B. permit any wildcard mask for the address
C. accept any source address
D. check any bit in the destination address
E. permit 255.255.255.255 0.0.0.0
F. accept any destination
Question N°11
Which one of the following commands will display the placement
and direction of
an IP access control list on the interfaces of a router?
A. show interface list
B. show ip route
C. show ip interface
D. show ip interface brief
E. show interface
Question N°12
You are a technician at TestKing. Your assistant applied an IP
access control list to
Router TK1. You want to check the placement and direction of the
access control
list.
Which command should you use?
A. show access-list
B. show ip access-list
C. show ip interface
D. show interface
E. show interface list
Question N°13
Refer to the graphic. It has been decided that Workstation 1 should be denied
access to Server1. Which of the following commands are required to prevent
only Workstation 1 from accessing Server1 while allowing all other traffic to
flow normally? (Choose two)
A. RouterTK1(config)# interface fa0/0
RouterTK1(config-if)# ip access-group 101 out
B. RouterTK1(config)# interface fa0/0
RouterTK1(config-if)# ip access-group 101 in
C. RouterTK1(config)# access-list 101 deny ip host 172.16.161.150 host
172.16.162.163
RouterTK1(config)# access-list 101 permit ip any any
D. RouterTK1(config)# access-list 101 deny ip 172.16.161.150 0.0.0.255
172.16.162.163 0.0.0.0
RouterTK1(config)# access-list 101 permit ip any any
Question N°14
Which wild card mask will enable a network administrator to permit
access to the Internet for only hosts that are assigned an address in
the range 192.168.8.0 through
192.168.15.255?
A. 0.0.0.0
B. 0.0.0.255
C. 0.0.255.255
D. 0.0.7.255
E. 0.0.3.255
F. None of the above
Download