CCNA 4 v6.0 (Connecting Networks v6) Chapter 4: Access Control Lists: Check Your Understanding Questions Answers
1. Which three statements describe ACL processing of packets? (Choose three.)
- A packet can either be rejected or forwarded as directed by the ACE that is matched.
- A packet that does not match the conditions of any ACE will be forwarded by default.
- A packet that has been denied by one ACE can be permitted by a subsequent ACE.
- An implicit deny any rejects any packet that does not match any ACE.
- Each statement is checked only until a match is detected or until the end of the ACE list.
- Each packet is compared to the conditions of every ACE in the ACL before a forwarding decision is made.
2. What two functions describe uses of an access control list? (Choose two.)
- ACLs assist the router in determining the best path to a destination.
- ACLs can control which areas a host can access on a network.
- ACLs can permit or deny traffic based on the MAC address originating on the router.
- ACLs provide a basic level of security for network access.
- Standard ACLs can restrict access to specific applications and ports.
3. In which configuration would an outbound ACL placement be preferred over an inbound ACL placement?
- When a router has more than one ACL
- When an interface is filtered by an outbound ACL and the network attached to the interface is the source network being filtered within the ACL
- When an outbound ACL is closer to the source of the traffic flow
- When the ACL is applied to an outbound interface to filter packets coming from multiple inbound interfaces before the packets exit the interface
4. Which two characteristics are shared by both standard and extended ACLs? (Choose two.)
- Both kinds of ACLs can filter based on protocol type.
- Both can permit or deny specific services by port number.
- Both include an implicit deny as a final entry.
- Both filter packets for a specific destination host IP address.
- Both can be created by using either a descriptive name or number.
5. A network administrator needs to configure a standard ACL so that only the workstation of the administrator with the IP address 192.168.15.23 can access the virtual terminal of the main router. Which two configuration commands can achieve the task? (Choose two.)
- R1(config)# access-list 10 permit host 192.168.15.23
- R1(config)# access-list 10 permit 192.168.15.23 0.0.0.0
- R1(config)# access-list 10 permit 192.168.15.23 0.0.0.255
- R1(config)# access-list 10 permit 192.168.15.23 255.255.255.0
- R1(config)# access-list 10 permit 192.168.15.23 255.255.255.255
6. Which three statements are generally considered to be best practices in the placement of ACLs? (Choose three.)
- Filter unwanted traffic before it travels onto a low-bandwidth link.
- For every inbound ACL placed on an interface, there should be a matching outbound ACL.
- Place extended ACLs close to the destination IP address of the traffic.
- Place extended ACLs close to the source IP address of the traffic.
- Place standard ACLs close to the destination IP address of the traffic.
- Place standard ACLs close to the source IP address of the traffic.
7. What packets match access-list 110 permit tcp 172.16.0.0 0.0.0.255 any eq 22?
- Any TCP traffic from any host to the 172.16.0.0 network
- Any TCP traffic from the 172.16.0.0 network to any destination network
- SSH traffic from any source network to the 172.16.0.0 network
- SSH traffic from the 172.16.0.0 network to any destination network
8. Which statement describes a difference between the operation of inbound and outbound ACLs?
- In contrast to outbound ACLs, inbound ACLs can be used to filter packets with multiple criteria.
- Inbound ACLs are processed before the packets are routed, whereas outbound ACLs are processed after the routing is completed.
- Inbound ACLs can be used in both routers and switches, but outbound ACLs can be used only on routers.
- On a network interface, more than one inbound ACL can be configured, but only one outbound ACL can be configured.
9. What is a limitation when utilizing both IPv4 and IPv6 ACLs on a router?
- A device can run only IPv4 ACLs or IPv6 ACLs.
- Both IPv4 and IPv6 ACLs can be configured on a single device but cannot share the same name.
- IPv4 ACLs can be numbered or named, whereas IPv6 ACLs must be numbered.
- IPv6 ACLs perform the same functions as standard IPv4 ACLs.
10. What method is used to apply an IPv6 ACL to a router interface?
- The use of the access-class command
- The use of the ip access-group command
- The use of the ipv6 access-list command
- The use of the ipv6 traffic-filter command
11. Which IPv6 ACL command entry will permit traffic from any host to an SMTP server on network 2001:DB8:10:10::/64?
- permit tcp any host 2001:DB8:10:10::100 eq 23
- permit tcp any host 2001:DB8:10:10::100 eq 25
- permit tcp host 2001:DB8:10:10::100 any eq 23
- permit tcp host 2001:DB8:10:10::100 any eq 25
12. Which feature is unique to IPv6 ACLs when compared to those of IPv4 ACLs?
- An implicit deny any any ACE
- An implicit permit of neighbor discovery packets
- The use of named ACL entries
- The use of wildcard masks
13. Which three implicit access control entries are automatically added to the end of an IPv6 ACL? (Choose three.)
- deny icmp any any
- deny ip any any
- deny ipv6 any any
- permit icmp any any nd-na
- permit icmp any any nd-ns
- permit ipv6 any any
14. What is the only type of ACL available for IPv6?
- Named extended
- Named standard
- Numbered extended
- Numbered standard