Access-list - Practice Test

The two types of IP access lists are standard and extended. Standard access lists are used to filter traffic based on the source IP address only, while extended access lists can filter traffic based on source and destination IP addresses, as well as additional criteria such as protocol type, port numbers, etc.

The correct answer is "Access Control List". An Access Control List (ACL) is a list of permissions attached to an object, such as a file or a network resource, that determines which users or system processes are granted access to that object and what operations they can perform on it. ACLs are commonly used in computer security to control access to resources and ensure that only authorized users can access them.

Every access list carries an implicit "deny any" statement. This means that if there is no explicit permit statement for a particular traffic, it will be denied by default. In other words, the access list will deny any traffic that is not specifically permitted.

The correct answer is "ip access-group 101 [in/out]". This command is used to apply an IP access list with the number 101 to an interface. The "in" or "out" keyword specifies the direction in which the access list should be applied, either inbound or outbound traffic.

In a standard IP access list, the only field within the IP packet that can be tested is the source address. The source address is used to determine the origin of the packet, allowing the network to control access based on the source of the traffic. The destination address, protocol, and port are not available for testing in a standard IP access list.

The given access list command "Access-list 1 permit 172.16.36.0 0.0.0.255" allows traffic originating from the 172.16.36.0 subnet. The command is specifying a permit statement for the source IP address range 172.16.36.0 to 172.16.36.255, which means any traffic originating from this subnet will be allowed through the access list.

Standard IP access lists have a range from 1 to 99. This means that the access list numbers can be any number between 1 and 99, inclusive.

The given access list is valid because it follows the correct syntax for defining a deny statement. It denies traffic from the specific IP address 136.146.27.236 with a wildcard mask of 0.0.0.0, which means it matches exactly that IP address. Since there are no additional statements or an implied deny any at the end, the access list only denies traffic from that specific IP address and allows all other traffic.

Standard access-lists should be placed close to the destination. This is because standard access-lists filter traffic based on the source IP address only. By placing them close to the destination, unnecessary traffic can be filtered out earlier in the network, reducing network congestion and improving overall network performance. Additionally, placing them close to the destination allows for more granular control over which specific hosts or networks are allowed or denied access.

The access list "access-list 1 deny 192.168.33.8 0.0.0.0" will block traffic from 192.168.33.8 because it specifically denies traffic from that IP address. The "deny any" statement also contributes to blocking all traffic.

The access list function "access-list 1 deny 136.147.27.236 0.0.0.0" is used to block or deny traffic originating from the IP address 136.146.27.236 from being transmitted through ethernet 0. It prevents any data or packets from that specific IP address from being sent out through that particular interface.

The given access list is denying all IP traffic originating from the host 172.16.36.236 and allowing traffic from others only on the 172.16.36.0 subnet. This means that any traffic coming from the host 172.16.36.236 will be blocked, but traffic from other hosts within the 172.16.36.0 subnet will be allowed.

The default direction of the access-list is outbound. This means that by default, the access-list is applied to traffic leaving the interface. It allows the administrator to control which traffic is allowed to leave the network.