0 of 23 questions completed
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
0 of 23 questions answered correctly
Time has elapsed
You have reached 0 of 0 points, (0)
1. Question1 pointsWhich range represents all the IP addresses that are affected when network 10.120.160.0 with a wildcard mask of 0.0.7.255 is used in an ACE?CorrectIncorrect
HintA wildcard mask of 0.0.7.255 means that the first 5 bits of the 3rd octet must remain the same but the last 3 bits can have values from 000 to 111. The last octet has a value of 255, which means the last octet can have values from all zeros to all 1s.
2. Question1 pointsWhat two functions describe uses of an access control list? (Choose two.)CorrectIncorrect
3. Question1 pointsWhich two statements describe the effect of the access control list wildcard mask 0.0.0.15? (Choose two.)CorrectIncorrect
HintA wildcard mask uses 0s to indicate that bits must match. 0s in the first three octets represent 24 bits and four more zeros in the last octet, represent a total of 28 bits that must match. The four 1s represented by the decimal value of 15 represents the four bits to ignore.
4. Question1 pointsRefer to the exhibit. A network administrator is configuring an ACL to limit the connection to R1 vty lines to only the IT group workstations in the network 192.168.22.0/28. The administrator verifies the successful Telnet connections from a workstation with IP 192.168.22.5 to R1 before the ACL is applied. However, after the ACL is applied to the interface Fa0/0, Telnet connections are denied. What is the cause of the connection failure?CorrectIncorrect
HintThe source IP range in the deny ACE is 192.168.20.0 0.0.3.255, which covers IP addresses from 192.168.20.0 to 192.168.23.255. The IT group network 192.168.22.0/28 is included in the 192.168.20/22 network. Therefore, the connection is denied. To fix it, the order of the deny and permit ACE should be switched.
5. Question1 pointsTwo routers, R1 and R2, connect via a serial link. Both the R1 and R2 interfaces that connect to this network are labeled S0/0/0. Above the serial link are the words 10.0.56.252/30. R1 has two more connections: Gi0/0 and Gi0/1. The Gi0/0/ R1 interface connects to a switch. That switch connects to a server labeled FTP and web server 10.0.54.5/28. The R1 Gi0/1 interface connects to a switch. That switch connects to a host. Under the host are the words 10.0.55.23/24. The R2 router has another interface labeled Gi0/0. This interface connects to a switch. That switch connects to a host. Under the host are the words 10.0.70.23/25.Refer to the exhibit. The network administrator that has the IP address of 10.0.70.23/25 needs to have access to the corporate FTP server (10.0.54.5/28). The FTP server is also a web server that is accessible to all internal employees on networks within the 10.x.x.x address. No other traffic should be allowed to this server. Which extended ACL would be used to filter this traffic, and how would this ACL be applied? (Choose two.)CorrectIncorrect
HintThe first two lines of the ACL allow host 10.0.70.23 FTP access to the server that has the IP address of 10.0.54.5. The next line of the ACL allows HTTP access to the server from any host that has an IP address that starts with the number 10. The fourth line of the ACL denies any other type of traffic to the server from any source IP address. The last line of the ACL permits anything else in case there are other servers or devices added to the 10.0.54.0/28 network. Because traffic is being filtered from all other locations and for the 10.0.70.23 host device, the best place to put this ACL is closest to the server.
6. Question1 pointsA network administrator is designing an ACL. The networks 192.168.1.0/25, 192.168.0.0/25, 192.168.0.128/25, 192.168.1.128/26, and 192.168.1.192/26 are affected by the ACL. Which wildcard mask, if any, is the most efficient to use when specifying all of these networks in a single ACL permit entry?CorrectIncorrect
HintA single ACL command and wildcard mask should not be used to specify these particular networks or other traffic will be permitted or denied and present a security risk. Write all of the network numbers in binary and determine the binary digits that are identical in consecutive bit positions from left to right. In this example, 23 bits match perfectly. The wildcard mask of 0.0.1.255 designates that 25 bits must match.
7. Question1 pointsThe exhibit shows router R2 connected through int fa0/0 to a switch which in turn is connected to host with an IP address 192.168.1.1 /24. R2 is connected to another switch through interface fa0/1 and the switch is connected to a server with the IP address 192.168.2.1 /24.Refer to the exhibit. A network administrator wants to permit only host 192.168.1.1 /24 to be able to access the server 192.168.2.1 /24. Which three commands will achieve this using best ACL placement practices? (Choose three.)CorrectIncorrect
HintAn extended ACL is placed as close to the source of the traffic as possible. In this case.it is placed in an inbound direction on interface fa0/0 on R2 for traffic entering the router from host with the IP address192.168.1.1 bound for the server with the IP address192.168.2.1.
8. Question1 pointsWhich two statements are correct about extended ACLs? (Choose two)CorrectIncorrect
HintExtended ACLs can be used for precise traffic-filtering. Extended ACLs check for both source and destination addresses of packets. They also check the protocols and port numbers (or services), thus allowing for a greater range of criteria on which to base the ACL.
9. Question1 pointsWhich three values or sets of values are included when creating an extended access control list entry? (Choose three.)CorrectIncorrect
10. Question1 pointsRefer to the exhibit. This ACL is applied on traffic outbound from the router on the interface that directly connects to the 10.0.70.5 server. A request for information from a secure web page is sent from host 10.0.55.23 and is destined for the 10.0.70.5 server. Which line of the access list will cause the router to take action (forward the packet onward or drop the packet)?CorrectIncorrect
HintThe first two lines of the ACL allow traffic from a particular application from the IP address 10.0.55.23 destined for 10.0.70.55. Because neither of these lines meets the criterion of request for information from a secure web page (port 443 is HTTPS) from 10.0.55.23 to the web server located at 10.0.70.5, no action is taken by the router. The third line is a match and because the “permission” is to deny the packet, the packet is dropped. No further examination is done by the router.
11. Question1 pointsWhich set of access control entries would allow all users on the 192.168.10.0/24 network to access a web server that is located at 172.17.80.1, but would not allow them to use Telnet?CorrectIncorrect
HintFor an extended ACL to meet these requirements the following need to be included in the access control entries: identification number in the range 100-199 or 2000-2699 permit or deny parameter protocol source address and wildcard destination address and wildcard port number or name
12. Question1 pointsWhich two packet filters could a network administrator use on an IPv4 extended ACL? (Choose two.)CorrectIncorrect
HintExtended access lists commonly filter on source and destination IPv4 addresses and TCP or UDP port numbers. Additional filtering can be provided for protocol types.
13. Question1 pointsWhich two ACE commands will block traffic that is destined for a web server which is listening to default ports? (Choose two.)CorrectIncorrect
HintTraffic that is destined for a web server will use port 80 or 443. The keyword eq represents equal, gt represents greater than, and lt less than.
14. Question1 pointsWhich feature is unique to IPv6 ACLs when compared to those of IPv4 ACLs?CorrectIncorrect
HintOne of the major differences between IPv6 and IPv4 ACLs are two implicit permit ACEs at the end of any IPv6 ACL. These two permit ACEs allow neighbor discovery operations to function on the router interface.
15. Question1 pointsWhat two ACEs could be used to deny IP traffic from a single source host 10.1.1.1 to the 192.168.0.0/16 network? (Choose two.)CorrectIncorrect
HintThere are two ways to identify a single host in an access list entry. One, is to use the host keyword with the host IP address, the other is to use a wildcard mask of 0.0.0.0 with the host IP address. The source of the traffic to be inspected by the access list goes first in the syntax and the destination goes last.
16. Question1 pointsRefer to the exhibit. The IPv6 access list LIMITED_ACCESS is applied on the S0/0/0 interface of R1 in the inbound direction. Which IPv6 packets from the ISP will be dropped by the ACL on R1?CorrectIncorrect
HintThe access list LIMITED_ACCESS will block ICMPv6 packets from the ISP. Both port 80, HTTP traffic, and port 443, HTTPS traffic, are explicitly permitted by the ACL. The neighbor advertisements from the ISP router are implicitly permitted by the implicit permit icmp any any nd-na statement at the end of all IPv6 ACLs.
17. Question1 pointsWhich command is used to activate an IPv6 ACL named ENG_ACL on an interface so that the router filters traffic prior to accessing the routing table?CorrectIncorrect
HintFor the purpose of applying an access list to a particular interface, the ipv6 traffic-filter IPv6 command is equivalent to the access-group IPv4 command. The direction in which the traffic is examined (in or out) is also required.
18. Question1 pointsWhich IPv6 ACL command entry will permit traffic from any host to an SMTP server on network 2001:DB8:10:10::/64?CorrectIncorrect
HintThe IPv6 access list statement, permit tcp any host 2001:DB8:10:10::100 eq 25, will allow IPv6 packets from any host to the SMTP server at 2001:DB8:10:10::100. The source of the packet is listed first in the ACL, which in this case is any source, and the destination is listed second, in this case the IPv6 address of the SMTP server. The port number is last in the statement, port 25, which is the well-known port for SMTP.
19. Question1 pointsIn applying an ACL to a router interface, which traffic is designated as outbound?CorrectIncorrect
HintInbound and outbound are interpreted from the point of view of the router. Traffic that is designated in an inbound ACL will be denied or permitted when coming into that router interface from a source. Traffic that is designated in an outbound ACL will be denied or permitted when going out the interface to the destination.
20. Question1 pointsFill in the blanks. Use dotted decimal format.
- The wildcard mask that is associated with the network 192.168.12.0/24 is (0.0.0.255)
HintThe wildcard mask can be found by subtracting the subnet mask from 255.255.255.255. Mask 255.255.255.255 Subnet mask – 255.255.255.0 Wild card mask 0 . 0 . 0. 255
21. Question1 pointsQuestion as presented:
- The router will drop the packet A
- The router will drop the packet B
- The router will forward the packet A
- The router will drop the packet C
- The router will forward the packet B
- The router will forward the packet C
- destination: 18.104.22.168 protocol: HTTP
- destination: 192.168.83.157 protocol: telnet
- destination: 192.168.83.189 protocol: FTP
22. Question1 pointsQuestion as presented:
- host 192.168.15.12
- 192.168.15.26 255.255.255.240
- 192.168.15.144 0.0.0.15
- 192.168.3.64 0.0.0.7
- 192.168.100.63 255.255.255.192
- host in a subnet with the subnet mask 255.255.255.0
- All IP address bits much match exactly
- The first valid host address in a subnet
- subnetwork address of a subnet with 14 valid host address
- address with a subnet mask of 255.255.255.248
HintConverting the wildcard mask 0.0.3.255 to binary and subtracting it from 255.255.255.255 yields a subnet mask of 255.255.252.0. Using the host parameter in a wildcard mask requires that all bits match the given address. 192.168.15.65 is the first valid host address in a subnetwork beginning with the subnetwork address 192.168.15.64. The subnet mask contains 4 host bits, yielding subnets with 16 addresses. 192.168.15.144 is a valid subnetwork address in a similar subnetwork. Change the wildcard mask 0.0.0.15 to binary and subtract it from 255.255.255.255, and the resulting subnet mask is 255.255.255.240. 192.168.3.64 is a subnetwork address in a subnet with 8 addresses. Convert 0.0.0.7 to binary and subtract it from 255.255.255.255, and the resulting subnet mask is 255.255.255.248. That mask contains 3 host bits, and yields 8 addresses.
23. Question1 pointsWhat is the wildcard mask that is associated with the network 192.168.12.0/24?CorrectIncorrect
HintThe wildcard mask can be found by subtracting the subnet mask from 255.255.255.255.