ICT Module 5 - Module Quiz - ACLs for IPv4 Configuration

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/20

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

21 Terms

1
New cards

The computers used by the network administrators for a school are on the 10.7.0.0/27 network. Which two commands are needed at a minimum to apply an ACL that will ensure that only devices that are used by the network administrators will be allowed Telnet access to the routers?

1. access-class 5 in
2. access-list 5 permit 10.7.0.0 0.0.0.31

2
New cards

Consider the configured access list.

R1# show access-lists
extended IP access list 100
deny tcp host 10.1.1.2 host 10.1.1.1 eq telnet
deny tcp host 10.1.2.2 host 10.1.2.1 eq telnet
permit ip any any (15 matches)

What are two characteristics of this access list? (Choose two.)

1. Any device on the 10.1.1.0/24 network (except the 10.1.1.2 device) can telnet to the router that has the IP address 10.1.1.1 assigned.
2. The access list has been applied to an interface.

3
New cards

Which command will verify the number of packets that are permitted or denied by an ACL that restricts SSH access?

show access-lists

4
New cards

Which access list statement permits HTTP traffic that is sourced from host 10.1.129.100 port 4300 and destined to host 192.168.30.10?

access-list 101 permit tcp 10.1.128.0 0.0.1.255 eq 4300 192.168.30.0 0.0.0.15 eq www

5
New cards

When configuring router security, which statement describes the most effective way to use ACLs to control Telnet traffic that is destined to the router itself?

The ACL should be applied to all vty lines in the in direction to prevent an unwanted user from connecting to an unsecured port.

6
New cards

What packets would match the access control list statement that is shown below?

access-list 110 permit tcp 172.16.0.0 0.0.0.255 any eq 22

SSH traffic from the 172.16.0.0 network to any destination network

7
New cards

Consider the access list command applied outbound on a router serial interface.

access-list 100 deny icmp 192.168.10.0 0.0.0.255 any echo reply

What is the effect of applying this access list command?

No traffic will be allowed outbound on the serial interface.

8
New cards

Consider the following output for an ACL that has been applied to a router via the access-class in command. What can a network administrator determine from the output that is shown?
R1# <output omitted>
Standard IP access list 2
10 permit 192.168.10.0, wildcard bits 0.0.0.255 (2 matches)
20 deny any (1 match)

Two devices were able to use SSH or Telnet to gain access to the router.

9
New cards

Which two commands will configure a standard ACL?

1. Router(config)# access-list 35 permit host 172.31.22.7
2. Router(config)# access-list 90 permit 192.168.10.5 0.0.0.0

10
New cards

To facilitate the troubleshooting process, which inbound ICMP message should be permitted on an outside interface?

echo reply

11
New cards

What two ACEs could be used to deny IP traffic from a single source host 10.1.1.1 to the 192.168.0.0/16 network?

1. access-list 100 deny ip host 10.1.1.1 192.168.0.0 0.0.255.255
2. access-list 100 deny ip 10.1.1.1 0.0.0.0 192.168.0.0 0.0.255.255

12
New cards

An administrator has configured an access list on R1 to allow SSH administrative access from host 172.16.1.100. Which command correctly applies the ACL?

R1(config-line)# access-class 1 in

13
New cards

Which two keywords can be used in an access control list to replace a wildcard mask or address and wildcard mask pair?

1. any
2. host

14
New cards

Which two packet filters could a network administrator use on an IPv4 extended ACL?

1. Destination UDP port number
2. ICMP message type

15
New cards

In the second ACE shown in the following example, port 400 was incorrectly specified instead of port 443. What is the best way to correct this error?
R1# show access-lists
Extended IP access list SURFING
10 permit tcp 192.168.10.0 0.0.0.255 any eq www
20 permit tcp 192.168.10.0 0.0.0.255 any eq 400
R1#

Enter the no 20 keyword, and then enter permit tcp 192.168.10.0 0.0.0.255 any eq 443.

16
New cards

A network administrator needs to configure a standard ACL so that only the workstation of the administrator with the IP address 10.1.1.10 can access the virtual terminal of the main router. Which two configuration commands can achieve the task?

1. R1(config)# access-list 10 permit host 10.1.1.10
2. R1(config)# access-list 10 permit 10.1.1.10 0.0.0.0

17
New cards

A network administrator is writing a standard ACL to deny any traffic from the 10.10.0.0/16 network but permit all other traffic. Which two commands should be used?

1. R1(config)# access-list 55 permit any
2. R1(config)# access-list 55 deny 10.10.0.0 0.0.255.255

18
New cards

In the following example, you forgot to enter an ACE to deny the user at IP address 192.168.10.10. Which command would correctly enter the ACE to filter this address?
R1# show access-lists
Extended IP access list PERMIT-NET
10 permit ip 192.168.10.0 0.0.0.255 any
20 permit ip 192.168.11.0 0.0.0.255 any
R1#

5 deny ip host 192.168.10.10

19
New cards

You create a standard ACL called PERMIT-VTY to permit only an administrative host vty access to the router. Which line configuration command would correctly apply this ACL to the vty lines?

access-class PERMIT-VTY in

20
New cards

What effect does the permit tcp 10.10.100 0.0.0.255 any eq www extended named ACE have when implemented inbound on a G0/0 interface?

Traffic originating from 10.10.100/24 is permitted to all TCP port 80 destinations.

21
New cards

What does the CLI prompt change to after you enter the command ip access-list extended AAAFILTER in global configuration mode?

R1(config-ext-nacl)#