1. The computers used by the network administrators for a school are on the 10.7.0.0/27 network. Which two commands are needed at a minimum to apply an ACL that will ensure that only devices that are used by the network administrators will be allowed Telnet access to the routers? (Choose two.)
- access-class 5 in
- access-list standard VTY
permit 10.7.0.0 0.0.0.127
- access-list 5 permit 10.7.0.0 0.0.0.31
- ip access-group 5 in
- ip access-group 5 out
- access-list 5 deny any
2. Consider the configured access list.
R1# show access-lists extended IP access list 100 deny tcp host 10.1.1.2 host 10.1.1.1 eq telnet deny tcp host 10.1.2.2 host 10.1.2.1 eq telnet permit ip any any (15 matches)
What are two characteristics of this access list? (Choose two.)
- Only the 10.1.1.2 device can telnet to the router that has the 10.1.1.1 IP address assigned.
- The 10.1.2.1 device is not allowed to telnet to the 10.1.2.2 device.
- Any device can telnet to the 10.1.2.1 device.
- A network administrator would not be able to tell if the access list has been applied to an interface or not.
- Any device on the 10.1.1.0/24 network (except the 10.1.1.2 device) can telnet to the router that has the IP address 10.1.1.1 assigned.
- The access list has been applied to an interface.
3. Which command will verify the number of packets that are permitted or denied by an ACL that restricts SSH access?
- show ip interface brief
- show ip ssh
- show running-config
- show access-lists
4. Which access list statement permits HTTP traffic that is sourced from host 10.1.129.100 port 4300 and destined to host 192.168.30.10?
- access-list 101 permit tcp any eq 4300
- access-list 101 permit tcp 192.168.30.10 0.0.0.0 eq 80 10.1.0.0 0.0.255.255
- access-list 101 permit tcp 10.1.129.0 0.0.0.255 eq www 192.168.30.10 0.0.0.0 eq www
- access-list 101 permit tcp 10.1.128.0 0.0.1.255 eq 4300 192.168.30.0 0.0.0.15 eq www
- access-list 101 permit tcp host 192.168.30.10 eq 80 10.1.0.0 0.0.255.255 eq 4300
5. When configuring router security, which statement describes the most effective way to use ACLs to control Telnet traffic that is destined to the router itself?
- The ACL must be applied to each vty line individually.
- The ACL is applied to the Telnet port with the ip access-group command.
- The ACL should be applied to all vty lines in the in direction to prevent an unwanted user from connecting to an unsecured port.
- Apply the ACL to the vty Ilines without the in or out option required when applying ACLS to interfaces.
6. What packets would match the access control list statement that is shown below?
access-list 110 permit tcp 172.16.0.0 0.0.0.255 any eq 22
- any TCP traffic from the 172.16.0.0 network to any destination network
- SSH traffic from the 172.16.0.0 network to any destination network
- SSH traffic from any source network to the 172.16.0.0 network
- any TCP traffic from any host to the 172.16.0.0 network
7. Consider the access list command applied outbound on a router serial interface.
access-list 100 deny icmp 192.168.10.0 0.0.0.255 any echo reply
What is the effect of applying this access list command?
- Users on the 192.168.10.0/24 network are not allowed to transmit traffic to any other destination.
- The only traffic denied is ICMP-based traffic. All other traffic is allowed.
- The only traffic denied is echo-replies sourced from the 192.168.10.0/24 network. All other traffic is allowed.
- No traffic will be allowed outbound on the serial interface.
8. Consider the following output for an ACL that has been applied to a router via the access-class in command. What can a network administrator determine from the output that is shown?
R1# <output omitted> Standard IP access list 2 10 permit 192.168.10.0, wildcard bits 0.0.0.255 (2 matches) 20 deny any (1 match)
- Traffic from one device was not allowed to come into one router port and be routed outbound a different router port.
- Two devices were able to use SSH or Telnet to gain access to the router.
- Two devices connected to the router have IP addresses of 192.168.10.x.
- Traffic from two devices was allowed to enter one router port and be routed outbound to a different router port.
9. Which two commands will configure a standard ACL? (Choose two.)
- Router(config)# access-list 45 permit 192.168.200.4 host
- Router(config)# access-list 10 permit 10.20.5.0 0.255.255.255 any
- Router(config)# access-list 20 permit host 192.168.5.5 any any
- Router(config)# access-list 35 permit host 172.31.22.7
- Router(config)# access-list 90 permit 192.168.10.5 0.0.0.0
10. To facilitate the troubleshooting process, which inbound ICMP message should be permitted on an outside interface?
- time-stamp reply
- time-stamp request
- echo request
- echo reply
- router advertisement
11. What two ACEs could be used to deny IP traffic from a single source host 10.1.1.1 to the 192.168.0.0/16 network? (Choose two.)
- access-list 100 deny ip 192.168.0.0 0.0.255.255 10.1.1.1 0.0.0.0
- access-list 100 deny ip 192.168.0.0 0.0.255.255 host 10.1.1.1
- access-list 100 deny ip host 10.1.1.1 192.168.0.0 0.0.255.255
- access-list 100 deny ip 192.168.0.0 0.0.255.255 10.1.1.1 255.255.255.255
- access-list 100 deny ip 10.1.1.1 255.255.255.255 192.168.0.0 0.0.255.255
- access-list 100 deny ip 10.1.1.1 0.0.0.0 192.168.0.0 0.0.255.255
12. An administrator has configured an access list on R1 to allow SSH administrative access from host 172.16.1.100. Which command correctly applies the ACL?
- R1(config-line)# access-class 1 in
- R1(config-line)# access-class 1 out
- R1(config-if)# ip access-group 1 out
- R1(config-if)# ip access-group 1 in