What Are Two Uses Of An Access Control List? (Choose Two.)

CCNA 4 v6.0 Chapter iv Test Answers 100%

one. Which range represents all the IP addresses that are afflicted when network 10.120.160.0 with a wildcard mask of 0.0.vii.255 is used in an ACE?

ten.120.160.0 to ten.127.255.255

10.120.160.0 to ten.120.167.255*

10.120.160.0 to 10.120.168.0

x.120.160.0 to 10.120.191.255

2. What 2 functions describe uses of an admission command list? (Choose two.)

ACLs assistance the router in determining the best path to a destination.

Standard ACLs tin can restrict access to specific applications and ports.

ACLs provide a basic level of security for network access.*

ACLs can permit or deny traffic based upon the MAC address originating on the router.

ACLs tin command which areas a host can access on a network.*

3. Which two statements depict the event of the access control list wildcard mask 0.0.0.xv? (Choose ii.)

The commencement 28 bits of a supplied IP address will exist ignored.

The last four $.25 of a supplied IP address volition be ignored.*

The first 32 $.25 of a supplied IP address volition exist matched.

The first 28 bits of a supplied IP address will exist matched.*

The last five bits of a supplied IP accost will exist ignored.

The last iv $.25 of a supplied IP accost volition exist matched.

iv. Refer to the exhibit.

A network administrator is configuring an ACL to limit the connexion to R1 vty lines to simply the Information technology group workstations in the network 192.168.22.0/28. The administrator verifies the successful Telnet connections from a workstation with IP 192.168.22.5 to R1 before the ACL is practical. However, subsequently the ACL is applied to the interface Fa0/0, Telnet connections are denied. What is the cause of the connectedness failure?

The permit ACE specifies a incorrect port number.

The enable clandestine password is non configured on R1.

The login command has not been entered for vty lines.

The IT grouping network is included in the deny statement.*

The permit ACE should specify protocol ip instead of tcp.

5. Refer to the showroom.

The network administrator that has the IP address of 10.0.lxx.23/25 needs to have admission to the corporate FTP server (10.0.54.v/28). The FTP server is besides a web server that is accessible to all internal employees on networks within the 10.x.ten.ten address. No other traffic should be allowed to this server. Which extended ACL would be used to filter this traffic, and how would this ACL be practical? (Choose two.)

access-list 105 permit ip host x.0.70.23 host 10.0.54.5
access-list 105 permit tcp any host 10.0.54.5 eq world wide web
access-listing 105 permit ip any any

access-listing 105 permit tcp host x.0.54.5 any eq www
access-list 105 allow tcp host x.0.70.23 host 10.0.54.5 eq xx
admission-listing 105 permit tcp host ten.0.seventy.23 host x.0.54.five eq 21

access-list 105 permit tcp host 10.0.70.23 host x.0.54.5 eq 20
admission-list 105 permit tcp host 10.0.lxx.23 host 10.0.54.5 eq 21
access-listing 105 permit tcp ten.0.0.0 0.255.255.255 host x.0.54.v eq www
access-list 105 deny ip any host 10.0.54.5
access-list 105 permit ip whatsoever any**

R2(config)# interface gi0/0
R2(config-if)# ip access-grouping 105 in

R1(config)# interface gi0/0
R1(config-if)# ip admission-group 105 out**

R1(config)# interface s0/0/0
R1(config-if)# ip access-group 105 out

half-dozen. A network administrator is designing an ACL. The networks 192.168.1.0/25, 192.168.0.0/25, 192.168.0.128/25, 192.168.1.128/26, and 192.168.ane.192/26 are affected by the ACL. Which wildcard mask, if whatever, is the most efficient to apply when specifying all of these networks in a unmarried ACL let entry?

0.0.0.127

0.0.0.255

0.0.1.255*

0.0.255.255

A single ACL command and wildcard mask should not be used to specify these particular networks or other traffic volition be permitted or denied and present a security risk.

7. Refer to the exhibit.

A network administrator wants to let only host 192.168.ane.1 /24 to be able to admission the server 192.168.ii.1 /24. Which iii commands will achieve this using best ACL placement practices? (Cull three.)

R2(config)# access-list 101 permit ip host 192.168.ane.1 host 192.168.2.ane*

R2(config)# admission-list 101 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0

R2(config)# interface fastethernet 0/0*

R2(config-if)# ip access-grouping 101 out

R2(config)# access-list 101 permit ip whatever any

R2(config)# interface fastethernet 0/1

R2(config-if)# ip admission-group 101 in*

8. Which two statements are correct virtually extended ACLs? (Choose ii)

Extended ACLs employ a number range from 1-99.

Extended ACLs end with an implicit allow statement.

Extended ACLs evaluate the source and destination addresses.*

Port numbers tin can be used to add together greater definition to an ACL.*

Multiple ACLs tin can exist placed on the same interface as long as they are in the same direction.

9. Which three values or sets of values are included when creating an extended admission command list entry? (Choose 3.)

access list number between 1 and 99

access list number between 100 and 199*

default gateway accost and wildcard mask

destination address and wildcard mask*

source address and wildcard mask*

source subnet mask and wildcard mask

destination subnet mask and wildcard mask

10. Refer to the showroom.

This ACL is applied on traffic outbound from the router on the interface that directly connects to the 10.0.70.five server. A request for information from a secure web page is sent from host 10.0.55.23 and is destined for the 10.0.70.five server. Which line of the access list will cause the router to take action (forward the parcel onward or drop the packet)?

ane

two

the deny ip any any that is at the end of every ACL

11. Which set of access control entries would permit all users on the 192.168.10.0/24 network to access a spider web server that is located at 172.17.80.i, simply would not allow them to use Telnet?

access-list 103 deny tcp host 192.168.10.0 any eq 23
access-list 103 let tcp host 192.168.10.ane eq lxxx

access-list 103 permit 192.168.10.0 0.0.0.255 host 172.17.fourscore.i
access-listing 103 deny tcp 192.168.10.0 0.0.0.255 whatsoever eq telnet

access-list 103 permit tcp 192.168.10.0 0.0.0.255 host 172.17.80.one eq 80
admission-list 103 deny tcp 192.168.10.0 0.0.0.255 any eq 23*

access-list 103 permit tcp 192.168.10.0 0.0.0.255 any eq fourscore
access-list 103 deny tcp 192.168.10.0 0.0.0.255 whatever eq 23

12. Which two bundle filters could a network administrator use on an IPv4 extended ACL? (Cull two.)

destination MAC accost

ICMP message type*

computer type

source TCP hi address

destination UDP port number*

13. Which two ACE commands volition block traffic that is destined for a web server which is listening to default ports? (Choose two.)

access-list 110 deny tcp any any eq 21

access-list 110 deny tcp any any eq https*

admission-list 110 deny tcp any any gt 443

access-listing 110 deny tcp any whatsoever gt 75*

admission-list 110 deny tcp any whatever lt 80

14. Which feature is unique to IPv6 ACLs when compared to those of IPv4 ACLs?

the utilize of wildcard masks

an implicit deny any any ACE

the utilise of named ACL ACE

an implicit permit of neighbor discovery packets*

15. What ii ACEs could be used to deny IP traffic from a single source host 10.one.i.i to the 192.168.0.0/16 network? (Choose two.)

access-listing 100 deny ip host 10.1.one.1 192.168.0.0 0.0.255.255*

access-list 100 deny ip 192.168.0.0 0.0.255.255 host 10.1.i.1

admission-list 100 deny ip ten.one.i.1 255.255.255.255 192.168.0.0 0.0.255.255

admission-listing 100 deny ip ten.1.1.1 0.0.0.0 192.168.0.0 0.0.255.255*

admission-listing 100 deny ip 192.168.0.0 0.0.255.255 10.1.1.1 255.255.255.255

access-listing 100 deny ip 192.168.0.0 0.0.255.255 x.1.1.1 0.0.0.0

16. Refer to the exhibit.

The IPv6 admission list LIMITED_ACCESS is applied on the S0/0/0 interface of R1 in the inbound management. Which IPv6 packets from the ISP will be dropped by the ACL on R1?

HTTPS packets to PC1

ICMPv6 packets that are destined to PC1*

packets that are destined to PC1 on port 80

neighbour advertisements that are received from the Isp router

17. Which command is used to actuate an IPv6 ACL named ENG_ACL on an interface so that the router filters traffic prior to accessing the routing table?

ipv6 access-class ENG_ACL in

ipv6 access-form ENG_ACL out

ipv6 traffic-filter ENG_ACL in*

ipv6 traffic-filter ENG_ACL out

18. Which IPv6 ACL command entry volition allow traffic from whatsoever host to an SMTP server on network 2001:DB8:x:x::/64?

permit tcp any host 2001:DB8:10:10::100 eq 25*

let tcp host 2001:DB8:x:10::100 any eq 25

permit tcp any host 2001:DB8:x:10::100 eq 23

let tcp host 2001:DB8:10:10::100 whatsoever eq 23

xix. In applying an ACL to a router interface, which traffic is designated every bit outbound?

traffic that is coming from the source IP address into the router

traffic that is leaving the router and going toward the destination host*

traffic that is going from the destination IP accost into the router

traffic for which the router can observe no routing table entry

20. Fill in the blanks. Utilize dotted decimal format.

The wildcard mask that is associated with the network 192.168.12.0/24 is " 0.0.0.255 "

21. An access list has been applied to a router LAN interface in the entering management. The IP accost of the LAN segment is 192.168.83.64/26. The entire ACL appears below:

access-list 101 deny tcp 192.168.83.64 0.0.0.63 whatever eq 23

admission-listing 101 permit ip 192.168.83.64 0.0.0.63 192.168.83.128 0.0.0.63

Drag the descriptions of the packets on the left to the action that the router volition perform on the right.

The router will drop the packet

destination: 202.16.83.131 protocol: HTTP

destination: 192.168.83.157 protocol: Telnet

The router will forward the packet

destination: 192.168.83.189 protocol: FTP

22. Match each argument with the example subnet and wildcard that it describes. (Not all options are used.)

192.168.15.65 255.255.255.240 => the first valid host address in a subnet

192.168.xv.144 0.0.0.15 => subnetwork address of a subnet with 14 valid host addresses

host 192.168.xv.12 => all IP address $.25 must match exactly

192.168.5.0 0.0.3.255 => hosts in a subnet with the subnet mask 255.255.252.0

192.168.3.64 0.0.0.7 => addresses with a subnet mask of 255.255.255.248