CCNAv7 Module 5 Quiz: IPv4 Configuration ACLs Answers (2023)

1. The computers used by a school's network administrators are on the network. What are the minimum two commands required to apply an ACL that ensures only devices used by network administrators have telnet access to routers? (Choose two.)

  • Access class 5 inches
  • VTY access list pattern
  • Access List 5 Permission
  • access group ip 5 in
  • IP access group 5 off
  • Access list 5 denied all

Explanation:Named and numbered access lists can be used on VTY lines to control remote access. The first ACL commandAccess List 5 Permission, allows traffic from any device on the network. The second ACL command,Access class 5 inches, applies the access list to a vty line.

2. View the configured access list.

R1# show access-listsextended IP access list 100deny tcp host host eq telnetdeny tcp host host eq telnetpermit ip any any (15 Korrespondenzen)

What are two characteristics of this access list? (Choose two.)

  • Only the device can telnet to the router assigned the IP address
  • Device must not telnet to device
  • Any device can telnet to device
  • A network administrator would not be able to determine whether or not the access list was applied to an interface.
  • Any device on the network (except device) can telnet to the router assigned the IP address
  • The access list was applied to an interface.

Explanation:The access list stops telnet traffic from device to device It also stops telnet traffic from device to device All other TCP/IP based transfers are allowed. The access list works because there were 15 matches in the last ACE.

(Video) CCNA3 v7 Module 5 Extended ACLs Configuration

3. Which command checks the number of packets allowed or denied by an ACL restricting SSH access?

  • Show summary of IP interface
  • mostrar ip ssh
  • show running configuration
  • View Access Lists

Explanation:ÖView Access ListsThe command displays each line of an access list and the number of matches for each statement. EITHERshow running configurationThe command displays the configured directives but does not provide any information about the matches. EITHERmostrar ip sshThe command provides general information about the SSH configuration.

4. Which access-list directive allows HTTP traffic originating from host, port 4300 and destined for host

  • access list 101 allows tcp any eq 4300
  • Access list 101 allows TCP eq 80
  • Access List 101 TCP Permission www eq www eq
  • access list 101 tcp permission eq 4300 eq www
  • Access list 101 allows tcp host eq 80 eq 4300

Explanation:The HTTP protocol uses port 80 and is denoted in an ACL with the parameter "eq 80" or with "eq www". The first IP address listed in an ACL is the source address along with the appropriate wildcard mask. With a source IP address of and a wildcard mask of, IP addresses from to are allowed.

5. When configuring router security, which statement describes the most effective way to use ACLs to control Telnet traffic destined for the router itself?

(Video) 5.2.7 Packet Tracer - Configure and Modify Standard IPv4 ACLs

  • The ACL must be applied to each vty line individually.
  • The ACL is applied to the telnet port using the ip access-group command.
  • The ACL must be applied to all inbound vty lines to prevent an unwanted user from connecting to an unsecured port.
  • Apply ACL to vty ilines without requiring an ingress or egress option when applying ACLS to interfaces.

Explanation:Because someone outside the router is trying to access the router using a protocol like Telnet or SSH, the ACL address for the router must be internal over the vty lines.

6. Which packages would match the access control list declaration shown below?

Access list 110 allows TCP any eq 22
  • any TCP traffic from the network to any destination network
  • SSH traffic from network to any target network
  • SSH traffic from any source network to network
  • any TCP traffic from any host to the network

Explanation:the explanation,Access list 110 allows TCP any eq 22, it matches traffic on port 22, which is SSH and comes from network to any destination.

7. Consider the Access-List command applied outbound on a serial router interface.

Access list 100 denies icmp any echo reply

What is the effect of applying this access list command?

(Video) 5.1.9 Packet Tracer - Configure Named Standard IPv4 ACLs

  • Users on the network cannot route traffic to other destinations.
  • The only traffic rejected is ICMP-based traffic. Any other traffic is allowed.
  • The only denied traffic is echo responses from network Any other traffic is allowed.
  • Outgoing data traffic is not allowed on the serial interface.

Explanation:At the end of each extended access list is an implicit deny ip any any statement, so no traffic can be sent over the serial port.

8. Consider the following output for an ACL applied to a router using the access-class command. What can a network administrator determine from the displayed output?

R1# <skipped output> default IP access list 210 allowed, wildcard bits (2 matches) 20 denied all (1 match)
  • Traffic from a device could not enter one port of the router and be forwarded to another port of the router.
  • Two devices could access the router via SSH or Telnet.
  • Two devices connected to the router have the IP addresses 192.168.10.x.
  • Traffic from two devices was allowed to enter one port of the router and be forwarded to another port of the router.

Explanation:Öaccess classThe command is only used on VTY ports. The VTY ports support Telnet and/or SSH traffic. The allowed ACE match indicates how many attempts were allowed using the VTY ports. The Deny Match ACE shows that a device on a network other than could not reach the router via the VTY ports.

9. What are the two commands that set a default ACL? (Choose two.)

  • router (config) # access list 45 permission host
  • router (config) # access list 10 permission any
  • Router(config)# access-list 20 permissions host any any
  • Router(config)# access-list 35 host de permisos
  • Router(config)# access-list 90 permiso

Explanation:Default access lists have the syntax ofaccess listand a number between 1 and 99 followed byallowÖdenyKeyword and source IP address (including a wildcard mask).

(Video) 5.5.1 Packet Tracer - IPv4 ACL Implementation Challenge

10. What incoming ICMP message should be allowed on an external interface to help debug?

  • Response with timestamp
  • Timestamp Request
  • echo request
  • echo response
  • Router Advertisement

Explanation:By allowing the ICMP echo reply message to reach the organization, internal users can ping external addresses (and the reply message can be retrieved).

11. Which two ACEs can be used to deny IP traffic from a single source host to network (Choose two.)

  • Access list 100 deny IP
  • Access list 100 deny IP host
  • deny access list 100 host ip
  • Access list 100 deny IP
  • Access list 100 deny IP
  • Access list 100 deny IP

Explanation:There are two ways to identify a single host in an access list entry. One is to use the host keyword with the host's IP address, the other is to use a wildcard mask of with the host's IP address. The source of the traffic to be examined by the access list is first in the syntax and the destination is last.

12. An administrator configured an access list on R1 to allow SSH administrative access from host Which command applies the ACL correctly?

(Video) 5.1.8 Packet Tracer - Configure Numbered Standard IPv4 ACLs

  • R1 (configuration line) # access class 1 in
  • R1 (configuration line) # access to class 1 output
  • R1 (config-if) # IP access group 1 off
  • R1 (config-if) # IP access group 1 on

Explanation:Administrative SSH access to the router is through the vty lines. Therefore, the ACL must be applied to these lines in the input address. To do this, enter the line configuration mode and issue theaccess classDomain.


1. 5.5.2 Packet Tracer - Configure and Verify Extended IPv4 ACLs - Physical Mode
(Christian Augusto Romero Goyzueta)
2. [CCNA3 Exam] Network Security Exam Answers | Modules 3-5 | Network Security and ACL Concepts
(Gurutech Networking Training)
3. 11.5.5 Packet Tracer - Subnet an IPv4 Network
(Tech Acad)
4. 5.5.2 Lab - Configure and Verify Extended IPv4 ACLs
(Tech Acad)
5. 5.2.7 Packet Tracer Configure and Modify Standard IPv4 ACLs
(Cisco Packet Tracer Labs)
6. 5.1.8 Packet Tracer - Configure Numbered Standard IPv4 ACLs
(Christian Augusto Romero Goyzueta)
Top Articles
Latest Posts
Article information

Author: Duncan Muller

Last Updated: 07/01/2023

Views: 5798

Rating: 4.9 / 5 (59 voted)

Reviews: 82% of readers found this page helpful

Author information

Name: Duncan Muller

Birthday: 1997-01-13

Address: Apt. 505 914 Phillip Crossroad, O'Konborough, NV 62411

Phone: +8555305800947

Job: Construction Agent

Hobby: Shopping, Table tennis, Snowboarding, Rafting, Motor sports, Homebrewing, Taxidermy

Introduction: My name is Duncan Muller, I am a enchanting, good, gentle, modern, tasty, nice, elegant person who loves writing and wants to share my knowledge and understanding with you.