Time limit: 0
Quiz-summary
0 of 23 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
Information
Good luck!
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 23 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 points, (0)
Average score |
|
Your score |
|
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- Answered
- Review
-
Question 1 of 23
1. Question
1 pointsWhich range represents all the IP addresses that are affected when network 10.120.160.0 with a wildcard mask of 0.0.7.255 is used in an ACE?Correct
Incorrect
Hint
A wildcard mask of 0.0.7.255 means that the first 5 bits of the 3rd octet must remain the same but the last 3 bits can have values from 000 to 111. The last octet has a value of 255, which means the last octet can have values from all zeros to all 1s. -
Question 2 of 23
2. Question
1 pointsWhat two functions describe uses of an access control list? (Choose two.)Correct
Incorrect
-
Question 3 of 23
3. Question
1 pointsWhich two statements describe the effect of the access control list wildcard mask 0.0.0.15? (Choose two.)Correct
Incorrect
Hint
A wildcard mask uses 0s to indicate that bits must match. 0s in the first three octets represent 24 bits and four more zeros in the last octet, represent a total of 28 bits that must match. The four 1s represented by the decimal value of 15 represents the four bits to ignore. -
Question 4 of 23
4. Question
1 pointsRefer to the exhibit. A network administrator is configuring an ACL to limit the connection to R1 vty lines to only the IT group workstations in the network 192.168.22.0/28. The administrator verifies the successful Telnet connections from a workstation with IP 192.168.22.5 to R1 before the ACL is applied. However, after the ACL is applied to the interface Fa0/0, Telnet connections are denied. What is the cause of the connection failure?Correct
Incorrect
Hint
The source IP range in the deny ACE is 192.168.20.0 0.0.3.255, which covers IP addresses from 192.168.20.0 to 192.168.23.255. The IT group network 192.168.22.0/28 is included in the 192.168.20/22 network. Therefore, the connection is denied. To fix it, the order of the deny and permit ACE should be switched. -
Question 5 of 23
5. Question
1 pointsTwo routers, R1 and R2, connect via a serial link. Both the R1 and R2 interfaces that connect to this network are labeled S0/0/0. Above the serial link are the words 10.0.56.252/30. R1 has two more connections: Gi0/0 and Gi0/1. The Gi0/0/ R1 interface connects to a switch. That switch connects to a server labeled FTP and web server 10.0.54.5/28. The R1 Gi0/1 interface connects to a switch. That switch connects to a host. Under the host are the words 10.0.55.23/24. The R2 router has another interface labeled Gi0/0. This interface connects to a switch. That switch connects to a host. Under the host are the words 10.0.70.23/25.Refer to the exhibit. The network administrator that has the IP address of 10.0.70.23/25 needs to have access to the corporate FTP server (10.0.54.5/28). The FTP server is also a web server that is accessible to all internal employees on networks within the 10.x.x.x address. No other traffic should be allowed to this server. Which extended ACL would be used to filter this traffic, and how would this ACL be applied? (Choose two.)Correct
Incorrect
Hint
The first two lines of the ACL allow host 10.0.70.23 FTP access to the server that has the IP address of 10.0.54.5. The next line of the ACL allows HTTP access to the server from any host that has an IP address that starts with the number 10. The fourth line of the ACL denies any other type of traffic to the server from any source IP address. The last line of the ACL permits anything else in case there are other servers or devices added to the 10.0.54.0/28 network. Because traffic is being filtered from all other locations and for the 10.0.70.23 host device, the best place to put this ACL is closest to the server. -
Question 6 of 23
6. Question
1 pointsA network administrator is designing an ACL. The networks 192.168.1.0/25, 192.168.0.0/25, 192.168.0.128/25, 192.168.1.128/26, and 192.168.1.192/26 are affected by the ACL. Which wildcard mask, if any, is the most efficient to use when specifying all of these networks in a single ACL permit entry?Correct
Incorrect
Hint
A single ACL command and wildcard mask should not be used to specify these particular networks or other traffic will be permitted or denied and present a security risk. Write all of the network numbers in binary and determine the binary digits that are identical in consecutive bit positions from left to right. In this example, 23 bits match perfectly. The wildcard mask of 0.0.1.255 designates that 25 bits must match. -
Question 7 of 23
7. Question
1 pointsThe exhibit shows router R2 connected through int fa0/0 to a switch which in turn is connected to host with an IP address 192.168.1.1 /24. R2 is connected to another switch through interface fa0/1 and the switch is connected to a server with the IP address 192.168.2.1 /24.Refer to the exhibit. A network administrator wants to permit only host 192.168.1.1 /24 to be able to access the server 192.168.2.1 /24. Which three commands will achieve this using best ACL placement practices? (Choose three.)Correct
Incorrect
Hint
An extended ACL is placed as close to the source of the traffic as possible. In this case.it is placed in an inbound direction on interface fa0/0 on R2 for traffic entering the router from host with the IP address192.168.1.1 bound for the server with the IP address192.168.2.1. -
Question 8 of 23
8. Question
1 pointsWhich two statements are correct about extended ACLs? (Choose two)Correct
Incorrect
Hint
Extended ACLs can be used for precise traffic-filtering. Extended ACLs check for both source and destination addresses of packets. They also check the protocols and port numbers (or services), thus allowing for a greater range of criteria on which to base the ACL. -
Question 9 of 23
9. Question
1 pointsWhich three values or sets of values are included when creating an extended access control list entry? (Choose three.)Correct
Incorrect
-
Question 10 of 23
10. Question
1 pointsRefer to the exhibit. This ACL is applied on traffic outbound from the router on the interface that directly connects to the 10.0.70.5 server. A request for information from a secure web page is sent from host 10.0.55.23 and is destined for the 10.0.70.5 server. Which line of the access list will cause the router to take action (forward the packet onward or drop the packet)?Correct
Incorrect
Hint
The first two lines of the ACL allow traffic from a particular application from the IP address 10.0.55.23 destined for 10.0.70.55. Because neither of these lines meets the criterion of request for information from a secure web page (port 443 is HTTPS) from 10.0.55.23 to the web server located at 10.0.70.5, no action is taken by the router. The third line is a match and because the “permission” is to deny the packet, the packet is dropped. No further examination is done by the router. -
Question 11 of 23
11. Question
1 pointsWhich set of access control entries would allow all users on the 192.168.10.0/24 network to access a web server that is located at 172.17.80.1, but would not allow them to use Telnet?Correct
Incorrect
Hint
For an extended ACL to meet these requirements the following need to be included in the access control entries: identification number in the range 100-199 or 2000-2699 permit or deny parameter protocol source address and wildcard destination address and wildcard port number or name -
Question 12 of 23
12. Question
1 pointsWhich two packet filters could a network administrator use on an IPv4 extended ACL? (Choose two.)Correct
Incorrect
Hint
Extended access lists commonly filter on source and destination IPv4 addresses and TCP or UDP port numbers. Additional filtering can be provided for protocol types. -
Question 13 of 23
13. Question
1 pointsWhich two ACE commands will block traffic that is destined for a web server which is listening to default ports? (Choose two.)Correct
Incorrect
Hint
Traffic that is destined for a web server will use port 80 or 443. The keyword eq represents equal, gt represents greater than, and lt less than. -
Question 14 of 23
14. Question
1 pointsWhich feature is unique to IPv6 ACLs when compared to those of IPv4 ACLs?Correct
Incorrect
Hint
One of the major differences between IPv6 and IPv4 ACLs are two implicit permit ACEs at the end of any IPv6 ACL. These two permit ACEs allow neighbor discovery operations to function on the router interface. -
Question 15 of 23
15. Question
1 pointsWhat two ACEs could be used to deny IP traffic from a single source host 10.1.1.1 to the 192.168.0.0/16 network? (Choose two.)Correct
Incorrect
Hint
There are two ways to identify a single host in an access list entry. One, is to use the host keyword with the host IP address, the other is to use a wildcard mask of 0.0.0.0 with the host IP address. The source of the traffic to be inspected by the access list goes first in the syntax and the destination goes last. -
Question 16 of 23
16. Question
1 pointsRefer to the exhibit. The IPv6 access list LIMITED_ACCESS is applied on the S0/0/0 interface of R1 in the inbound direction. Which IPv6 packets from the ISP will be dropped by the ACL on R1?Correct
Incorrect
Hint
The access list LIMITED_ACCESS will block ICMPv6 packets from the ISP. Both port 80, HTTP traffic, and port 443, HTTPS traffic, are explicitly permitted by the ACL. The neighbor advertisements from the ISP router are implicitly permitted by the implicit permit icmp any any nd-na statement at the end of all IPv6 ACLs. -
Question 17 of 23
17. Question
1 pointsWhich command is used to activate an IPv6 ACL named ENG_ACL on an interface so that the router filters traffic prior to accessing the routing table?Correct
Incorrect
Hint
For the purpose of applying an access list to a particular interface, the ipv6 traffic-filter IPv6 command is equivalent to the access-group IPv4 command. The direction in which the traffic is examined (in or out) is also required. -
Question 18 of 23
18. Question
1 pointsWhich IPv6 ACL command entry will permit traffic from any host to an SMTP server on network 2001:DB8:10:10::/64?Correct
Incorrect
Hint
The IPv6 access list statement, permit tcp any host 2001:DB8:10:10::100 eq 25, will allow IPv6 packets from any host to the SMTP server at 2001:DB8:10:10::100. The source of the packet is listed first in the ACL, which in this case is any source, and the destination is listed second, in this case the IPv6 address of the SMTP server. The port number is last in the statement, port 25, which is the well-known port for SMTP. -
Question 19 of 23
19. Question
1 pointsIn applying an ACL to a router interface, which traffic is designated as outbound?Correct
Incorrect
Hint
Inbound and outbound are interpreted from the point of view of the router. Traffic that is designated in an inbound ACL will be denied or permitted when coming into that router interface from a source. Traffic that is designated in an outbound ACL will be denied or permitted when going out the interface to the destination. -
Question 20 of 23
20. Question
1 pointsFill in the blanks. Use dotted decimal format.- The wildcard mask that is associated with the network 192.168.12.0/24 is (0.0.0.255)
Correct
Incorrect
Hint
The wildcard mask can be found by subtracting the subnet mask from 255.255.255.255. Mask 255.255.255.255 Subnet mask – 255.255.255.0 Wild card mask 0 . 0 . 0. 255 -
Question 21 of 23
21. Question
1 pointsQuestion as presented:Sort elements
- The router will drop the packet A
- The router will drop the packet B
- The router will forward the packet A
- The router will drop the packet C
- The router will forward the packet B
- The router will forward the packet C
-
destination: 202.16.83.131 protocol: HTTP
-
destination: 192.168.83.157 protocol: telnet
-
destination: 192.168.83.189 protocol: FTP
Correct
Incorrect
-
Question 22 of 23
22. Question
1 pointsQuestion as presented:Sort elements
- 192.168.5.0.0.0.3.255
- host 192.168.15.12
- 192.168.15.26 255.255.255.240
- 192.168.15.144 0.0.0.15
- 192.168.3.64 0.0.0.7
- 192.168.100.63 255.255.255.192
-
host in a subnet with the subnet mask 255.255.255.0
-
All IP address bits much match exactly
-
The first valid host address in a subnet
-
subnetwork address of a subnet with 14 valid host address
-
address with a subnet mask of 255.255.255.248
Correct
Incorrect
Hint
Converting the wildcard mask 0.0.3.255 to binary and subtracting it from 255.255.255.255 yields a subnet mask of 255.255.252.0. Using the host parameter in a wildcard mask requires that all bits match the given address. 192.168.15.65 is the first valid host address in a subnetwork beginning with the subnetwork address 192.168.15.64. The subnet mask contains 4 host bits, yielding subnets with 16 addresses. 192.168.15.144 is a valid subnetwork address in a similar subnetwork. Change the wildcard mask 0.0.0.15 to binary and subtract it from 255.255.255.255, and the resulting subnet mask is 255.255.255.240. 192.168.3.64 is a subnetwork address in a subnet with 8 addresses. Convert 0.0.0.7 to binary and subtract it from 255.255.255.255, and the resulting subnet mask is 255.255.255.248. That mask contains 3 host bits, and yields 8 addresses. -
Question 23 of 23
23. Question
1 pointsWhat is the wildcard mask that is associated with the network 192.168.12.0/24?Correct
Incorrect
Hint
The wildcard mask can be found by subtracting the subnet mask from 255.255.255.255.