Check answers here:
Modules 3 – 5: Network Security Exam Answers
Quiz-summary
0 of 74 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
Information
CCNA 3 v7 Modules 3 – 5: Network Security Test Online
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 74 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 points, (0)
Average score |
|
Your score |
|
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- Answered
- Review
-
Question 1 of 74
1. Question
1 pointsThe IT department is reporting that a company web server is receiving an abnormally high number of web page requests from different locations simultaneously. Which type of security attack is occurring?Correct
Incorrect
-
Question 2 of 74
2. Question
1 pointsWhat causes a buffer overflow?Correct
Incorrect
-
Question 3 of 74
3. Question
1 pointsWhich objective of secure communications is achieved by encrypting data?Correct
Incorrect
-
Question 4 of 74
4. Question
1 pointsWhat type of malware has the primary objective of spreading across the network?Correct
Incorrect
-
Question 5 of 74
5. Question
1 pointsWhat commonly motivates cybercriminals to attack networks as compared to hactivists or state-sponsored hackers?Correct
Incorrect
Hint
Cybercriminals are commonly motivated by money. Hackers are known to hack for status. Cyberterrorists are motivated to commit cybercrimes for religious or political reasons. -
Question 6 of 74
6. Question
1 pointsWhich type of hacker is motivated to protest against political and social issues?Correct
Incorrect
Hint
Hackers are categorized by motivating factors. Hacktivists are motivated by protesting political and social issues. -
Question 7 of 74
7. Question
1 pointsWhat is a ping sweep?Correct
Incorrect
Hint
A ping sweep is a tool that is used during a reconnaissance attack. Other tools that might be used during this type of attack include a ping sweep, port scan, or Internet information query. A reconnaissance attack is used to gather information about a particular network, usually in preparation for another type of network attack. -
Question 8 of 74
8. Question
1 pointsIn what type of attack is a cybercriminal attempting to prevent legitimate users from accessing network services?Correct
Incorrect
Hint
In a DoS or denial-of-service attack, the goal of the attacker is to prevent legitimate users from accessing network services. -
Question 9 of 74
9. Question
1 pointsWhich requirement of secure communications is ensured by the implementation of MD5 or SHA hash generating algorithms?Correct
Incorrect
Hint
Integrity is ensured by implementing either MD5 or SHA hash generating algorithms. Many modern networks ensure authentication with protocols, such as HMAC. Data confidentiality is ensured through symmetric encryption algorithms, including DES, 3DES, and AES. Data confidentiality can also be ensured using asymmetric algorithms, including RSA and PKI. -
Question 10 of 74
10. Question
1 pointsIf an asymmetric algorithm uses a public key to encrypt data, what is used to decrypt it?Correct
Incorrect
Hint
When an asymmetric algorithm is used, public and private keys are used for the encryption. Either key can be used for encryption, but the complementary matched key must be used for the decryption. For example if the public key is used for encryption, then the private key must be used for the decryption. -
Question 11 of 74
11. Question
1 pointsRefer to the exhibit. Which two ACLs would permit only the two LAN networks attached to R1 to access the network that connects to R2 G0/1 interface? (Choose two.)Correct
Incorrect
Hint
The permit 192.168.10.0 0.0.0.127 command ignores bit positions 1 through 7, which means that addresses 192.168.10.0 through 192.168.10.127 are allowed through. The two ACEs of permit 192.168.10.0 0.0.0.63 and permit 192.168.10.64 0.0.0.63 allow the same address range through the router. -
Question 12 of 74
12. Question
1 pointsWhich two packet filters could a network administrator use on an IPv4 extended ACL? (Choose two.)Correct
Incorrect
Hint
Extended access lists commonly filter on source and destination IPv4 addresses and TCP or UDP port numbers. Additional filtering can be provided for protocol types. -
Question 13 of 74
13. Question
1 pointsWhat type of ACL offers greater flexibility and control over network access?Correct
Incorrect
Hint
The two types of ACLs are standard and extended. Both types can be named or numbered, but extended ACLs offer greater flexibility. -
Question 14 of 74
14. Question
1 pointsWhat is the quickest way to remove a single ACE from a named ACL?Correct
Incorrect
Hint
Named ACL ACEs can be removed using the no command followed by the sequence number. -
Question 15 of 74
15. Question
1 pointsRefer to the exhibit. A network administrator is configuring a standard IPv4 ACL. What is the effect after the command no access-list 10 is entered?Correct
Incorrect
Hint
The R1(config)# no access-list <access-list number> command removes the ACL from the running-config immediately. However, to disable an ACL on an interface, the command R1(config-if)# no ip access-group should be entered. -
Question 16 of 74
16. Question
1 pointsRefer to the exhibit. A network administrator has configured ACL 9 as shown. Users on the 172.31.1.0 /24 network cannot forward traffic through router CiscoVille. What is the most likely cause of the traffic failure?Correct
Incorrect
Hint
When verifying an ACL, the statements are always listed in a sequential order. Even though there is an explicit permit for the traffic that is sourced from network 172.31.1.0 /24, it is being denied due to the previously implemented ACE of CiscoVille(config)# access-list 9 deny 172.31.0.0 0.0.255.255. The sequence of the ACEs must be modified to permit the specific traffic that is sourced from network 172.31.1.0 /24 and then to deny 172.31.0.0 /16. -
Question 17 of 74
17. Question
1 pointsA network administrator needs to configure a standard ACL so that only the workstation of the administrator with the IP address 192.168.15.23 can access the virtual terminal of the main router. Which two configuration commands can achieve the task? (Choose two.)Correct
Incorrect
Hint
To permit or deny one specific IP address, either the wildcard mask 0.0.0.0 (used after the IP address) or the wildcard mask keyword host (used before the IP address) can be used. -
Question 18 of 74
18. Question
1 pointsRefer to the exhibit. Which command would be used in a standard ACL to allow only devices on the network attached to R2 G0/0 interface to access the networks attached to R1?Correct
Incorrect
Hint
Standard access lists only filter on the source IP address. In the design, the packets would be coming from the 192.168.10.96/27 network (the R2 G0/0 network). The correct ACL is access-list 1 permit 192.168.10.96 0.0.0.31. -
Question 19 of 74
19. Question
1 pointsA network administrator is writing a standard ACL that will deny any traffic from the 172.16.0.0/16 network, but permit all other traffic. Which two commands should be used? (Choose two.)Correct
Incorrect
Hint
To deny traffic from the 172.16.0.0/16 network, the access-list 95 deny 172.16.0.0 0.0.255.255 command is used. To permit all other traffic, the access-list 95 permit any statement is added. -
Question 20 of 74
20. Question
1 pointsRefer to the exhibit. An ACL was configured on R1 with the intention of denying traffic from subnet 172.16.4.0/24 into subnet 172.16.3.0/24. All other traffic into subnet 172.16.3.0/24 should be permitted. This standard ACL was then applied outbound on interface Fa0/0. Which conclusion can be drawn from this configuration?Correct
Incorrect
Hint
Because of the implicit deny at the end of all ACLs, the access-list 1 permit any command must be included to ensure that only traffic from the 172.16.4.0/24 subnet is blocked and that all other traffic is allowed. -
Question 21 of 74
21. Question
1 pointsRefer to the exhibit. A network administrator needs to add an ACE to the TRAFFIC-CONTROL ACL that will deny IP traffic from the subnet 172.23.16.0/20. Which ACE will meet this requirement?Correct
Incorrect
Hint
The only filtering criteria specified for a standard access list is the source IPv4 address. The wild card mask is written to identify what parts of the address to match, with a 0 bit, and what parts of the address should be ignored, which a 1 bit. The router will parse the ACE entries from lowest sequence number to highest. If an ACE must be added to an existing access list, the sequence number should be specified so that the ACE is in the correct place during the ACL evaluation process. -
Question 22 of 74
22. Question
1 pointsRefer to the exhibit. A network administrator configures an ACL on the router. Which statement describes the result of the configuration?Correct
Incorrect
Hint
In an extended ACL, the first address is the source IP address and the second one is the destination IP address. TCP port number 22 is a well-known port number reserved for SSH connections. Telnet connections use TCP port number 23. -
Question 23 of 74
23. Question
1 pointsRefer to the exhibit. What can be determined from this output?Correct
Incorrect
Hint
ACL entry 10 in MyACL matches any Telnet packets between host 10.35.80.22 and 10.23.77.101. No matches have occurred on this ACE as evidenced by the lack of a “(xxx matches)” ACE. The deny ip any any ACE is not required because there is an implicit deny ACE added to every access control list. When no matches exist for an ACL, it only means that no traffic has matched the conditions that exist for that particular line. The ACL is monitoring traffic that matches three specific hosts going to very specific destination devices. All other traffic is not permitted by the implicit deny ip any any ACE. -
Question 24 of 74
24. Question
1 pointsRefer to the exhibit. A network administrator wants to permit only host 192.168.1.1 /24 to be able to access the server 192.168.2.1 /24. Which three commands will achieve this using best ACL placement practices? (Choose three.)Correct
Incorrect
Hint
An extended ACL is placed as close to the source of the traffic as possible. In this case.it is placed in an inbound direction on interface fa0/0 on R2 for traffic entering the router from host with the IP address192.168.1.1 bound for the server with the IP address192.168.2.1. -
Question 25 of 74
25. Question
1 pointsConsider the following access list.access-list 100 permit ip host 192.168.10.1 any access-list 100 deny icmp 192.168.10.0 0.0.0.255 any echo access-list 100 permit ip any any
Which two actions are taken if the access list is placed inbound on a router Gigabit Ethernet port that has the IP address 192.168.10.254 assigned? (Choose two.)Correct
Incorrect
Hint
The first ACE allows the 192.168.10.1 device to do any TCP/IP-based transactions with any other destination. The second ACE stops devices on the 192.168.10.0/24 network from issuing any pings to any other location. Everything else is permitted by the third ACE. Therefore, a Telnet/SSH session or ping reply is allowed from a device on the 192.168.10.0/24 network. -
Question 26 of 74
26. Question
1 pointsRefer to the exhibit. The named ACL “Managers” already exists on the router. What will happen when the network administrator issues the commands that are shown in the exhibit?Correct
Incorrect
-
Question 27 of 74
27. Question
1 pointsIn which TCP attack is the cybercriminal attempting to overwhelm a target host with half-open TCP connections?Correct
Incorrect
Hint
In a TCP SYN flood attack, the attacker sends to the target host a continuous flood of TCP SYN session requests with a spoofed source IP address. The target host responds with a TCP-SYN-ACK to each of the SYN session requests and waits for a TCP ACK that will never arrive. Eventually the target is overwhelmed with half-open TCP connections. -
Question 28 of 74
28. Question
1 pointsWhich protocol is attacked when a cybercriminal provides an invalid gateway in order to create a man-in-the-middle attack?Correct
Incorrect
Hint
A cybercriminal could set up a rogue DHCP server that provides one or more of the following:- Wrong default gateway that is used to create a man-in-the-middle attack and allow the attacker to intercept data
- Wrong DNS server that results in the user being sent to a malicious website
- Invalid default gateway IP address that results in a denial of service attack on the DHCP client
-
Question 29 of 74
29. Question
1 pointsRefer to the exhibit. An administrator has configured a standard ACL on R1 and applied it to interface serial 0/0/0 in the outbound direction. What happens to traffic leaving interface serial 0/0/0 that does not match the configured ACL statements?Correct
Incorrect
Hint
Any traffic that does not match one of the statements in an ACL has the implicit deny applied to it, which means the traffic is dropped. -
Question 30 of 74
30. Question
1 pointsRefer to the exhibit. The Gigabit interfaces on both routers have been configured with subinterface numbers that match the VLAN numbers connected to them. PCs on VLAN 10 should be able to print to the P1 printer on VLAN 12. PCs on VLAN 20 should print to the printers on VLAN 22. What interface and in what direction should you place a standard ACL that allows printing to P1 from data VLAN 10, but stops the PCs on VLAN 20 from using the P1 printer? (Choose two.)Correct
Incorrect
Hint
A standard access list is commonly placed as close to the destination network as possible because access control expressions in a standard ACL do not include information about the destination network. The destination in this example is printer VLAN 12 which has router R1 Gigabit subinterface 0/1/.12 as its gateway. A sample standard ACL that only allows printing from data VLAN 10 (192.168.10.0/24), for example, and no other VLAN would be as follows:R1(config)# access-list 1 permit 192.168.10.0 0.0.0.255 R1(config)# access-list 1 deny any R1(config)# interface gigabitethernet 0/1.12 R1(config-if)# ip access-group 1 out
-
Question 31 of 74
31. Question
1 pointsWhich statement describes a characteristic of standard IPv4 ACLs?Correct
Incorrect
Hint
A standard IPv4 ACL can filter traffic based on source IP addresses only. Unlike an extended ACL, it cannot filter traffic based on Layer 4 ports. However, both standard and extended ACLs can be identified with either a number or a name, and both are configured in global configuration mode. -
Question 32 of 74
32. Question
1 pointsWhat is considered a best practice when configuring ACLs on vty lines?Correct
Incorrect
-
Question 33 of 74
33. Question
1 pointsRefer to the exhibit. An administrator first configured an extended ACL as shown by the output of the show access-lists command. The administrator then edited this access-list by issuing the commands below.Router(config)# ip access-list extended 101 Router(config-ext-nacl)# no 20 Router(config-ext-nacl)# 5 permit tcp any any eq 22 Router(config-ext-nacl)# 20 deny udp any any
Which two conclusions can be drawn from this new configuration? (Choose two.)Correct
Incorrect
Hint
After the editing, the final configuration is as follows: Router# show access-lists Extended IP access list 101 5 permit tcp any any eq ssh 10 deny tcp any any 20 deny udp any any 30 permit icmp any any So, only SSH packets and ICMP packets will be permitted. -
Question 34 of 74
34. Question
1 pointsWhich set of access control entries would allow all users on the 192.168.10.0/24 network to access a web server that is located at 172.17.80.1, but would not allow them to use Telnet?Correct
Incorrect
Hint
For an extended ACL to meet these requirements the following need to be included in the access control entries:- identification number in the range 100-199 or 2000-2699
- permit or deny parameter
- protocol
- source address and wildcard
- destination address and wildcard
- port number or name
-
Question 35 of 74
35. Question
1 pointsWhat is the term used to describe a mechanism that takes advantage of a vulnerability?Correct
Incorrect
-
Question 36 of 74
36. Question
1 pointsRefer to the exhibit. The network administrator has an IP address of 192.168.11.10 and needs access to manage R1. What is the best ACL type and placement to use in this situation?Correct
Incorrect
Hint
Standard ACLs permit or deny packets based only on the source IPv4 address. Because all traffic types are permitted or denied, standard ACLs should be located as close to the destination as possible. Extended ACLs permit or deny packets based on the source IPv4 address and destination IPv4 address, protocol type, source and destination TCP or UDP ports and more. Because the filtering of extended ACLs is so specific, extended ACLs should be located as close as possible to the source of the traffic to be filtered. Undesirable traffic is denied close to the source network without crossing the network infrastructure. -
Question 37 of 74
37. Question
1 pointsA technician is tasked with using ACLs to secure a router. When would the technician use the any configuration option or command?Correct
Incorrect
-
Question 38 of 74
38. Question
1 pointsWhich statement accurately characterizes the evolution of threats to network security?Correct
Incorrect
Hint
Internal threats can be intentional or accidental and cause greater damage than external threats because the internal user has direct access to the internal corporate network and corporate data. -
Question 39 of 74
39. Question
1 pointsA user receives a phone call from a person who claims to represent IT services and then asks that user for confirmation of username and password for auditing purposes. Which security threat does this phone call represent?Correct
Incorrect
Hint
Social engineering attempts to gain the confidence of an employee and convince that person to divulge confidential and sensitive information, such as usernames and passwords. DDoS attacks, spam, and keylogging are all examples of software based security threats, not social engineering. -
Question 40 of 74
40. Question
1 pointsIn what way are zombies used in security attacks?Correct
Incorrect
Hint
Zombies are infected computers that make up a botnet. The zombies are used to deploy a distributed denial of service (DDoS) attack. -
Question 41 of 74
41. Question
1 pointsWhich attack involves threat actors positioning themselves between a source and destination with the intent of transparently monitoring, capturing, and controlling the communication?Correct
Incorrect
Hint
The man-in-the-middle attack is a common IP-related attack where threat actors position themselves between a source and destination to transparently monitor, capture, and control the communication. -
Question 42 of 74
42. Question
1 pointsWhich two keywords can be used in an access control list to replace a wildcard mask or address and wildcard mask pair? (Choose two.)Correct
Incorrect
Hint
The host keyword is used when using a specific device IP address in an ACL. For example, the deny host 192.168.5.5 command is the same is the deny 192.168.5.5 0.0.0.0 command. The any keyword is used to allow any mask through that meets the criteria. For example, the permit any command is the same as permit 0.0.0.0 255.255.255.255 command. -
Question 43 of 74
43. Question
1 pointsWhich statement describes a difference between the operation of inbound and outbound ACLs?Correct
Incorrect
Hint
With an inbound ACL, incoming packets are processed before they are routed. With an outbound ACL, packets are first routed to the outbound interface, then they are processed. Thus processing inbound is more efficient from the router perspective. The structure, filtering methods, and limitations (on an interface, only one inbound and one outbound ACL can be configured) are the same for both types of ACLs. -
Question 44 of 74
44. Question
1 pointsWhat effect would the Router1(config-ext-nacl)# permit tcp 172.16.4.0 0.0.0.255 any eq www command have when implemented inbound on the f0/0 interface?Correct
Incorrect
-
Question 45 of 74
45. Question
1 pointsWhich ACE will permit a packet that originates from any network and is destined for a web server at 192.168.1.1?Correct
Incorrect
-
Question 46 of 74
46. Question
1 pointsRefer to the exhibit. A new network policy requires an ACL denying FTP and Telnet access to a Corp file server from all interns. The address of the file server is 172.16.1.15 and all interns are assigned addresses in the 172.18.200.0/24 network. After implementing the ACL, no one in the Corp network can access any of the servers. What is the problem?Correct
Incorrect
Hint
Both named and numbered ACLs have an implicit deny ACE at the end of the list. This implicit deny blocks all traffic. -
Question 47 of 74
47. Question
1 pointsA technician is tasked with using ACLs to secure a router. When would the technician use the access-class 20 in configuration option or command?Correct
Incorrect
-
Question 48 of 74
48. Question
1 pointsWhat is the term used to describe the same pre-shared key or secret key, known by both the sender and receiver to encrypt and decrypt data?Correct
Incorrect
-
Question 49 of 74
49. Question
1 pointsRefer to the exhibit. Internet privileges for an employee have been revoked because of abuse but the employee still needs access to company resources. What is the best ACL type and placement to use in this situation?Correct
Incorrect
Hint
– Standard ACLs permit or deny packets based only on the source IPv4 address. Because all traffic types are permitted or denied, standard ACLs should be located as close to the destination as possible. – Extended ACLs permit or deny packets based on the source IPv4 address and destination IPv4 address, protocol type, source and destination TCP or UDP ports and more. Because the filtering of extended ACLs is so specific, extended ACLs should be located as close as possible to the source of the traffic to be filtered. Undesirable traffic is denied close to the source network without crossing the network infrastructure. -
Question 50 of 74
50. Question
1 pointsRefer to the exhibit. The student on the H1 computer continues to launch an extended ping with expanded packets at the student on the H2 computer. The school network administrator wants to stop this behavior, but still allow both students access to web-based computer assignments. What would be the best plan for the network administrator?Correct
Incorrect
Hint
This access list must be an extended ACL in order to filter on specific source and destination host addresses. Commonly, the best place for an extended ACL is closest to the source, which is H1. Traffic from H1 travels into the switch, then out of the switch into the R1 Gi0/0 interface. This Gi0/0 interface would be the best location for this type of extended ACL. The ACL would be applied on the inbound interface since the packets from H1 would be coming into the R1 router. -
Question 51 of 74
51. Question
1 pointsA technician is tasked with using ACLs to secure a router. When would the technician use the ‘ip access-group 101 in’ configuration option or command?Correct
Incorrect
-
Question 52 of 74
52. Question
1 pointsIn which type of attack is falsified information used to redirect users to malicious Internet sites?Correct
Incorrect
-
Question 53 of 74
53. Question
1 pointsWhat is a feature of an IPS?Correct
Incorrect
-
Question 54 of 74
54. Question
1 pointsWhat is the term used to describe a potential danger to a company’s assets, data, or network functionality?Correct
Incorrect
-
Question 55 of 74
55. Question
1 pointsRefer to the exhibit. Network 192.168.30.0/24 contains all of the company servers. Policy dictates that traffic from the servers to both networks 192.168.10.0 and 192.168.11.0 be limited to replies for original requests. What is the best ACL type and placement to use in this situation?Correct
Incorrect
-
Question 56 of 74
56. Question
1 pointsWhat does the CLI prompt change to after entering the command ip access-list standard aaa from global configuration mode?Correct
Incorrect
-
Question 57 of 74
57. Question
1 pointsRefer to the exhibit. Many employees are wasting company time accessing social media on their work computers. The company wants to stop this access. What is the best ACL type and placement to use in this situation?Correct
Incorrect
-
Question 58 of 74
58. Question
1 pointsA technician is tasked with using ACLs to secure a router. When would the technician use the 40 deny host 192.168.23.8 configuration option or command?Correct
Incorrect
-
Question 59 of 74
59. Question
1 pointsWhat is the best description of Trojan horse malware?Correct
Incorrect
-
Question 60 of 74
60. Question
1 pointsWhat wild card mask will match networks 172.16.0.0 through 172.19.0.0?Correct
Incorrect
-
Question 61 of 74
61. Question
1 pointsWhat is the term used to describe gray hat hackers who publicly protest organizations or governments by posting articles, videos, leaking sensitive information, and performing network attacks?Correct
Incorrect
-
Question 62 of 74
62. Question
1 pointsA technician is tasked with using ACLs to secure a router. When would the technician use the no ip access-list 101 configuration option or command?Correct
Incorrect
-
Question 63 of 74
63. Question
1 pointsWhat is the term used to describe unethical criminals who compromise computer and network security for personal gain, or for malicious reasons?Correct
Incorrect
-
Question 64 of 74
64. Question
1 pointsWhat is the term used to describe a guarantee that the message is not a forgery and does actually come from whom it states?Correct
Incorrect
-
Question 65 of 74
65. Question
1 pointsA technician is tasked with using ACLs to secure a router. When would the technician use the ip access-group 101 in configuration option or command?Correct
Incorrect
-
Question 66 of 74
66. Question
1 pointsA technician is tasked with using ACLs to secure a router. When would the technician use the remark configuration option or command?Correct
Incorrect
-
Question 67 of 74
67. Question
1 pointsRefer to the exhibit. The company CEO demands that one ACL be created to permit email traffic to the internet and deny FTP access. What is the best ACL type and placement to use in this situation?Correct
Incorrect
-
Question 68 of 74
68. Question
1 pointsA technician is tasked with using ACLs to secure a router. When would the technician use the established configuration option or command?Correct
Incorrect
-
Question 69 of 74
69. Question
1 pointsA technician is tasked with using ACLs to secure a router. When would the technician use the deny configuration option or command?Correct
Incorrect
-
Question 70 of 74
70. Question
1 pointsRefer to the exhibit. Only authorized remote users are allowed remote access to the company server 192.168.30.10. What is the best ACL type and placement to use in this situation?Correct
Incorrect
-
Question 71 of 74
71. Question
1 pointsRefer to the exhibit. Employees on 192.168.11.0/24 work on critically sensitive information and are not allowed access off their network. What is the best ACL type and placement to use in this situation?Correct
Incorrect
-
Question 72 of 74
72. Question
1 pointsA technician is tasked with using ACLs to secure a router. When would the technician use the host configuration option or command?Correct
Incorrect
-
Question 73 of 74
73. Question
1 pointsWhat commonly motivates cybercriminals to attack networks as compared to hacktivists or state-sponsored hackers?Correct
Incorrect
-
Question 74 of 74
74. Question
1 pointsRefer to the exhibit. The company has provided IP phones to employees on the 192.168.10.0/24 network and the voice traffic will need priority over data traffic. What is the best ACL type and placement to use in this situation?Correct
Incorrect
Exhibit missing question 55, 57. Thanks to add.
Added, thank you!
I didn’t get the link send to my email
question 25 is wrong. correct answers are:
Devices on the 192.168.10.0/24 network are allowed to reply to any ping requests.
A Telnet or SSH session is allowed from any device on the 192.168.10.0 into the router with this access list assigned.
thank you!
Question 25 has a wrong answer: “Devices on the 192.168.10.0/24 network can sucessfully ping devices on the 192.168.11.0 network.”
Fixed, thank you!
please insert the exhibits
please insert the exhibits
Q 25 has 5 answers, but the Exam Answer page indicates 6 (one of which is correct).
Fixed, thank you!
Some question does not have exhibit.
Question 31 wrong answer
Standard access list filter base only on source IP and can write as named access list
31. Question answer is, They filter traffic based on source IP addresses only. – maybe they updated it, because this is correct
55. Question, no exhibit so you had to guess either R1 or R3 inbound
57. Question, no exhibit, but you know that is must be extended and inbound, so only 1 option to pick