CCNA 2 v6.0 (Routing & Switching Essentials v6) Chapter 7: Access Control Lists: Check Your Understanding Questions Answers
1. Which three statements describe ACL processing of packets? (Choose three.)
- A packet can either be rejected or forwarded as directed by the ACE that is matched.
- A packet that does not match the conditions of any ACE will be forwarded by default.
- A packet that has been denied by one ACE can be permitted by a subsequent ACE.
- An implicit deny any rejects any packet that does not match any ACE.
- Each packet is compared to the conditions of every ACE in the ACL before a forwarding decision is made.
- Each statement is checked only until a match is detected or until the end of the ACE list.
2. What two functions describe uses of an access control list? (Choose two.)
- ACLs assist the router in determining the best path to a destination.
- ACLs can control which areas a host can access on a network.
- ACLs can permit or deny traffic based upon the MAC address originating on the router.
- ACLs provide a basic level of security for network access.
- Standard ACLs can restrict access to specific applications and ports.
3. In which configuration would an outbound ACL placement be preferred over an inbound ACL placement?
- When a router has more than one ACL
- When an interface is filtered by an outbound ACL and the network attached to the interface is the source network being filtered within the ACL
- When an outbound ACL is closer to the source of the traffic flow
- When the ACL is applied to an outbound interface to filter packets coming from multiple inbound interfaces before the packets exit the interface
4. A network administrator needs to configure a standard ACL so that only the workstation of the administrator with the IP address 192.168.15.23 can access the virtual terminal of the main router. Which two configuration commands can achieve the task? (Choose two.)
- R1(config)# access-list 10 permit 192.168.15.23 0.0.0.0
- R1(config)# access-list 10 permit 192.168.15.23 0.0.0.255
- R1(config)# access-list 10 permit 192.168.15.23 255.255.255.0
- R1(config)# access-list 10 permit 192.168.15.23 255.255.255.255
- R1(config)# access-list 10 permit host 192.168.15.23
5. What single access-list statement matches networks 192.168.16.0, 192.168.17.0, 192.168.18.0, and 192.168.19.0.
- access-list 10 permit 192.168.0.0 0.0.15.255
- access-list 10 permit 192.168.16.0 0.0.0.255
- access-list 10 permit 192.168.16.0 0.0.3.255
- access-list 10 permit 192.168.16.0 0.0.15.255
6. If a router has two interfaces and is routing both IPv4 and IPv6 traffic, how many ACLs could be created and applied to it?
7. Which three statements are generally considered to be best practices in the placement of ACLs? (Choose three.)
- Filter unwanted traffic before it travels onto a low-bandwidth link.
- For every inbound ACL placed on an interface, there should be a matching outbound ACL.
- Place extended ACLs close to the destination IP address of the traffic.
- Place extended ACLs close to the source IP address of the traffic.
- Place standard ACLs close to the source IP address of the traffic.
- Place standard ACLs close to the destination IP address of the traffic.
8. An administrator has configured an access list on R1 to allow SSH administrative access from host 172.16.1.100. Which command correctly applies the ACL?
- R1(config-line)# access-class 1 in
- R1(config-line)# access-class 1 out
- R1(config-if)# ip access-group 1 in
- R1(config-if)# ip access-group 1 out
9. Which statement describes a difference between the operation of inbound and outbound ACLs?
- On a network interface, more than one inbound ACL can be configured, but only one outbound ACL can be configured.
- Inbound ACLs are processed before the packets are routed, whereas outbound ACLs are processed after the routing is completed.
- Inbound ACLs can be used in both routers and switches, but outbound ACLs can be used only on routers.
- In contrast to outbound ALCs, inbound ACLs can be used to filter packets with multiple criteria.