CCNA 4 Exploration v4.0 Chapter 5 Quiz Answers

Apr 22, 2024 Last Updated: Apr 23, 2024 CCNA 4 v4.0 EWAN No Comments
Tweet Share Pin it

1. Which two statements correctly describe Cisco access control lists? (Choose two.)

  • Extended ACLs are created in interface configuration mode.
  • Extended ACLs filter traffic based on source and destination IP, port number, and protocol.
  • Standard IP ACLs are numbered 1-99, and extended IP ACLs are numbered 100-199.
  • Standard ACLs permit or deny traffic to specific IP addresses.
  • Standard ACLs do not permit the use of wildcard masks.

Explanation: Standard ACLs filter packets based solely on the source IP addresses and are numbered 1 to 99. Extended ACLs filter IP packets based on several attributes, such as protocol type, source and IP address, destination IP address, source TCP or UDP ports, destination TCP or UDP ports, and optional protocol type information. Extended ACLs are numbered 100 to 199.

2. Which statement is correct regarding applying an access list to an interface?

  • Access lists are applied in global configuration mode.
  • Named access lists are applied using the ip access-name command.
  • Standard access lists should be applied to an interface as close as possible to the destination.
  • The command for applying access list 101 inbound is ip access-list 101.

3. Which statement is a guideline to be followed when designing access control lists?

  • Since ACL tests are executed in order, they should be organized from the most general condition to the most specific.
  • Since ACL tests are executed in order, they should be organized from the most specific condition to the most general.
  • Since all statements in an ACL are evaluated before they are executed, an explicit deny any statement must be written in order for an ACL to function properly.
  • Since all statements in an ACL are evaluated before they are executed, an explicit permit any statement must be written in order for an ACL to function properly.

Explanation: An ACL is executed in order of the statements. The most specific condition must be examined before the more general conditions. Otherwise, the packet might pass the test condition of the general condition and never be examined by the more specific condition.

4. Which two solutions can be implemented with ACLs? (Choose two.)

  • Segment the network to increase available bandwidth.
  • Create a “firewall” on a router to filter inbound traffic from an external network.
  • Control traffic entering or exiting different areas of a local network.
  • Distribute DHCP traffic to allow easier network availability.
  • Allow or deny traffic into the network based on the MAC address.

Explanation: ACLs can be used to help create a firewall by filtering inbound and outbound traffic. This includes controlling the traffic entering and exiting LANs. ACLs don’t distribute DHCP traffic.

5. Match the following commands used with ACLs to their descriptions:

CCNA 4 Exploration v4.0 Chapter 5 Quiz Answers 1

6. Which IP address and wildcard mask will test for hosts from an entire subnet of network 192.168.12.0 using a 29-bit mask?

  • 192.168.12.56 0.0.0.15
  • 192.168.12.56 0.0.0.8
  • 192.168.12.56 0.0.0.31
  • 192.168.12.84 0.0.0.7
  • 192.168.12.84 0.0.0.3
  • 192.168.12.84 0.0.0.255

7. What kind of access list is created with the command ip access-list standard fastaccess?

  • turbo ACL
  • reflexive ACL
  • named ACL
  • dynamic ACL

Explanation: A standard named access list is created with the global configuration command ip access-list standard name.

8. Refer to the exhibit. The exhibit shows an ACL that already exists on the router. The network administrator wants to insert the command access-list 101 deny ip any 192.168.1.0 0.0.0.255 eq ftp as the third line in the ACL shown. The network administrator enters the command in global configuration mode on the router. What effect does this have?

CCNA 4 Exploration v4.0 Chapter 5 Quiz Answers 2

  • It inserts the line in the desired position in the ACL.
  • It inserts the line as the first statement in the ACL.
  • It inserts the line as the last statement in the ACL.
  • It deletes the entire list and replaces it with the new line only.

Explanation: Additional access list statements are automatically added to the end of the sequence of statements. Named ACLs can use optional sequence numbers to make this modification easier.

9. Refer to the exhibit. Which statement correctly describes how Router1 processes packets with the configuration shown?

CCNA 4 Exploration v4.0 Chapter 5 Quiz Answers 3

  • Traffic exiting interface s0/0/0 is filtered by both ACL 101 and ACL 201.
  • If a packet entering interface s0/0/0 matches a condition in ACL 101, the router continues comparing the packet to the rest of the statements in ACL 101 to make sure that no other statements might also apply.
  • Router1 compares packets entering interface s0/0/0 first to all the ACL 101 statements for the IP protocol and then to all the ACL 101 statements for the ICMP protocol.
  • A packet entering interface s0/0/0 is compared to each statement in ACL 101 until one statement matches the packet. Then the router drops or forwards the packet without considering the remaining statements in ACL 101.

10. An administrator wants to implement lock-and-key access to a host within the company network for specific users who are connecting from outside the company network. What type of ACL would best suit the situation?

  • dynamic
  • reflexive
  • extended
  • time-based

Explanation: Lock-and-key ACLs are also called dynamic ACLs.

11. What type of ACL should the network administrator implement to limit Internet traffic during peak hours of the day?

  • dynamic
  • policy-based
  • reflexive
  • time-based

Explanation: Time-based ACLs filter packets based on a time range that defines specific times of the day and week.

12. Which statement correctly describes a reflexive access list?

  • An ACL that allows IP traffic for sessions originating from inside the network, while denying traffic for sessions originating from the outside.
  • An ACL that controls traffic based on the time.
  • An ACL that uses an extended list to block users from traversing a router until they are authenticated.
  • An ACL that only identifies the source of traffic.

Explanation: Reflexive ACLs are used to allow IP traffic for sessions originating from their network while denying IP traffic for sessions originating outside the network. These ACLs allow the router to manage session traffic dynamically. The router examines the outbound traffic, and when it sees a new connection, it adds an entry to a temporary ACL to allow replies back in.

13. Categorize the following descriptions with the appropriate ACL type.

CCNA 4 Exploration v4.0 Chapter 5 Quiz Answers 4

Answer

CCNA 4 Exploration v4.0 Chapter 5 Quiz Answers 5

14. Assuming this ACL is correctly applied to a router interface, which two statements describe traffic on the network? (Choose two.)

access-list 199 deny tcp 178.15.0.0 0.0.255.255 any eq 23
access-list 199 permit ip any any
  • All FTP traffic from network 178.15.0.0 will be permitted.
  • All Telnet traffic destined for network 178.15.0.0 will be denied.
  • Telnet and FTP will be permitted from all hosts on network 178.15.0.0 to any destination.
  • Telnet will not be permitted from any hosts on network 178.15.0.0 to any destination.
  • Telnet will not be permitted to any host on network 178.15.0.0 from any destination.

Explanation: The first line of the ACL denies Telnet traffic originating from the 178.15.0.0/16 network to any destination network. The second line permits all other IP traffic, including FTP.

Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x