1. Consider the following output for an ACL applied to a router using the access-class command. What can a network administrator determine from the displayed output?
Default IP Access List 2
10 allows 192.168.10.0, wildcard bits 0.0.0.255 (2 matches)
20 deny (1 game)
Traffic from two devices was allowed to go in on one port on the router and out on another port on the router.
Two devices could access the router via SSH or Telnet.
Two devices connected to the router have the IP addresses 192.168.10.x.
Traffic from a device was not allowed to enter one port on the router and be forwarded to another port on the router.
2. On which router to run the show access-lists command?
On each router through which the packet referenced in the ACL traverses
on the router that forwards the packet referenced in the ACL to the final destination network
on the router forwarding the packet referenced in the originating network ACL
on the router where the ACL is configured
3. Look at the following output. What does the statement of 4 parties mean?
10 permission 192.168.1.56 0.0.0.7
20 permission 192.168.1.64 0.0.0.63 (4 match(es))
30 deny any (8 Spiel(e))
Four packets were allowed through the router to reach the destination network 192.168.1.64/26.
Four packets destined for the 192.168.1.64 network were rejected.
Four packets were allowed through the router from PCs on the 192.168.1.64 network.
Four packets coming from any IP address were rejected.
4. See the exhibition.
An ACL has been configured on R1 with the intention of denying traffic from the 172.16.4.0/24 subnet to the 172.16.3.0/24 subnet. All other traffic on the 172.16.3.0/24 subnet should be allowed. This default ACL was then applied outbound to interface Fa0/0. What conclusion can be drawn from this configuration?
Only traffic from the 172.16.4.0/24 subnet is blocked and all other traffic is allowed.
The ACL must be applied to all interfaces from the exit of R1.
All traffic is blocked, not just traffic from the 172.16.4.0/24 subnet.
The ACL must be applied to the FastEthernet 0/0 interface of the R1 entry to comply with the requirements.
In this situation, an extended ACL must be used.
5. If a router has two interfaces and routes both IPv4 and IPv6 traffic, how many ACLs can be created and applied?
6. Which function requires the use of a default named ACL instead of a default numbered ACL?
the ability to specify source and destination addresses to use when identifying traffic
the ability to filter traffic based on a specific protocol
the ability to add additional ACEs in the middle of the ACL without deleting and recreating the list
the ability to filter traffic based on a wide range of protocols and destinations
7. What type of ACL statements does Cisco IOS typically reorder as the first ACEs?
lowest sequence number
8. A network administrator sets up an ACL to restrict access to specific servers in the data center. The intent is to apply the ACL to the interface that is connected to the data center LAN. What happens if the ACL is incorrectly applied to an interface in the inbound address instead of the outbound address?
The ACL analyzes the traffic after it is routed to the exit interface.
All traffic is denied.
ACL is not working as expected.
All traffic is allowed.
9. Which single access list statement matches all of the following networks?
Access List 10 Permission 192.168.16.0 0.0.15.255
Access List 10 Permission 192.168.16.0 0.0.3.255
Access List 10 Permission 192.168.0.0 0.0.15.255
Access List 10 Permission 192.168.16.0 0.0.0.255
10. What is the fastest way to remove a single ACE from a named ACL?
Create a new ACL with a different number and apply the new ACL to the router interface.
Use the no access-list command to remove the entire ACL, and then recreate it without the ACE.
Use the keyword no and the sequence number of the ACE to delete.
Copy the ACL in a text editor, delete the ACE, and copy the ACL back to the router.
11. A network administrator must configure a default ACL so that only the administrator's workstation with IP address 192.168.15.23 can access the virtual terminal of the main router. Which two configuration commands can accomplish the task? (Choose two.)
router1 (config) # access list 10 permission 192.168.15.23 0.0.0.0
router1(config) # access list 10 permission 192.168.15.23 0.0.0.255
router1 (config) # access list 10 permission 192.168.15.23 255.255.255.255
router1 (config) # access list 10 permission 192.168.15.23 255.255.255.0
router1(config) # access list 10 allowed host 192.168.15.23
12. What does configuring an ACL with only ACEs that deny traffic do?
The ACL blocks all traffic.
The ACL can only be applied to the output.
The ACL allows any traffic that is not specifically denied.
The ACL can only be applied to incoming messages.
13. Take a look at the exhibition.
If the network administrator has created a default ACL that only allows devices connecting to the R2 G0/0 network to access devices on the R1 G0/1 interface, how should the ACL be applied?
Input on interface R1 G0/1
Output at interface R1 G0/1
Output on interface R2 S0/0/1
Entry on interface R2 G0/0
14. Take a look at the exhibition. Which command would be used in a default ACL to allow only devices on the network attached to the R2 G0/0 interface to access networks attached to R1?
Access List 1 Permission 192.168.10.96 0.0.0.31
Access List 1 Permission 192.168.10.0 0.0.0.255
Access List 1 Permission 192.168.10.128 0.0.0.63
Access List 1 Permission 192.168.10.0 0.0.0.63
15. In which configuration would the outbound ACL location be preferred over the inbound ACL location?
When an outgoing ACL is closer to the source of the traffic flow
when an interface is filtered by an outgoing ACL and the network attached to the interface is the source network that is filtered within the ACL
if a router has more than one ACL
when ACL is applied to an output interface to filter packets coming from multiple input interfaces before the packets leave the interface
16. Which statement describes a difference between inbound and outbound operational ACLs?
Inbound ACLs can be used on routers and switches, but Outbound ACLs can only be used on routers.
Incoming ACLs are processed before packets are routed, while outgoing ACLs are processed after routing is complete.
More than one ingress ACL can be configured on a network interface, but only one egress ACL can be configured.
Unlike outbound ALCs, inbound ACLs can be used to filter packets based on various criteria.
17. Which address is required in the command syntax of a standard ACL?
destination IP address
Ursprungs IP address
destination MAC address
18. An administrator has configured an access list on R1 to allow SSH administrative access from host 172.16.1.100. Which command applies the ACL correctly?
R1 (config-if) # IP access group 1 disabled
R1 (configuration line) # class 1 access disabled
R1 (config-if) # IP access group 1 in
R1 (configuration line) # access class 1 in
19. Which three statements are generally accepted as best practices when placing ACLs? (Choose three.)
Filter unwanted traffic before it reaches a low-bandwidth connection.
Place extended ACLs close to the IP address of the traffic source.
For every ingress ACL placed on an interface, there must be a corresponding egress ACL.
Place the default ACLs close to the destination IP address of the traffic.
Place extended ACLs close to the destination IP address of the traffic.
Place the default ACLs close to the IP address of the traffic source.
20. See exhibition. A router has an existing ACL that allows all traffic from the 172.16.0.0 network. The administrator tries to add a new ACE to the ACL that rejects packets from host 172.16.0.1 and receives the error message shown on the screen. What actions can the administrator take to block packets from host 172.16.0.1 while allowing all other traffic from the 172.16.0.0 network?
Add the new deny ACE manually with a sequence number of 15.
Add a deny of any ACE to access list 1.
Add the new deny ACE manually with a sequence number of 5.
Create a second access list that denies the host and apply it to the same interface.
21. What type of router connection can be secured with the access class command?
22. When would a network administrator use the clear access list counters command?
when buffer is low
when removing an ACE from an ACL
when troubleshooting an ACL and need to know how many packets match
while getting a baseline
23. Match each statement with the example subnet and the placeholder described in it. (Not all options are used.)
Place the options in the following order:
192.168.15.65 255.255.255.240 ==> the first valid host address in a subnet
192.168.15.144 0.0.0.15 ==> subnet address of a subnet with 14 valid host addresses
Host 192.168.15.12 ==> all bits of the IP address must match exactly
192.168.5.0 0.0.3.255 ==> Hosts in a subnet with SM 255.255.252.0
192.168.3.64 0.0.0.7 ==> Address with a subnet of 255.255.255.248
24. See exhibition. What happens to the 10 ACE access list if the router is rebooted before other commands are implemented?
Access list 10 ACEs are removed.
It is listed on the 10 ACE access list.
The 10 ACE access list is not affected.
The ACEs of the wildcard masks in access list 10 are converted to subnet masks.
25. Which three directives describe the processing of ACL packets? (Choose three.)
An implicit deny rejects all packets that do not match an ACE.
Each packet is checked against the conditions of each ACE in the ACL before a forwarding decision is made.
Each statement is only checked until a match is found or until the end of the ACE list is reached.
A packet may be rejected or forwarded as indicated by the appropriate ACE.
A packet that does not meet the conditions of an ACE is forwarded by default.
A packet denied by one ACE may be allowed by a subsequent ACE.