CCNA 2 - Chapitre 7

The statement is true. In a standard named access control list (ACL), the name is case-sensitive. This means that the ACL will only match the exact case of the name when determining access control permissions.

A standard access control list (ACL) filters network traffic based on the source IP address, not the destination MAC address. MAC addresses are used at the data link layer of the OSI model to identify devices within a local network, while IP addresses are used at the network layer to identify devices across different networks. Therefore, a standard ACL would not be able to filter traffic based on the destination MAC address.

The command "show access-lists" should be executed on the router on which the access control list is configured. This is because the command is used to display the configured access lists on a router, so it should be executed on the router where the access list is actually configured.

La commande access-class peut être utilisée pour définir le type de connexion VTY sur un routeur. Cette commande permet de spécifier une liste d'accès qui contrôle les connexions entrantes sur les lignes de terminal virtuel (VTY). En utilisant la commande access-class, on peut restreindre les connexions à certaines adresses IP ou à certains groupes d'adresses IP. Par conséquent, la réponse correcte est VTY.

The given network address is 10.120.160.0 and the subnet mask is 0.0.7.255. The subnet mask determines the range of IP addresses that are included in the network. In this case, the subnet mask of 0.0.7.255 means that the first three octets (10.120.160) of the IP address are fixed, and the last octet can range from 0 to 7.255. Therefore, the correct range of IP addresses affected by this network is from 10.120.160.0 to 10.120.167.255.

The correct answer is "show access-lists". This command is used to display all the access lists configured on the device. It will show the details of each access list, including the permit and deny statements, as well as the number of matches for each statement.

The correct answer is "Le trafic sortant du routeur en direction de l'hôte de destination". This means that the traffic leaving the router and heading towards the destination host is designated as outgoing traffic.

The correct answer is "Adresse IP source". In the syntax of a standard access control list command, the source IP address is required. This is because access control lists are used to filter network traffic based on various criteria, such as the source or destination IP address. By specifying the source IP address in the command, the access control list can determine which packets should be allowed or denied based on their source IP.

The correct answer is Router(config)# access-list 90 permit 192.168.10.5 0.0.0.0 and Router(config)# access-list 35 permit host 172.31.22.7. These two commands are used to configure a standard access control list on a router. The first command permits all traffic from the host with IP address 192.168.10.5. The second command permits traffic from the specific host with IP address 172.31.22.7.

This answer accurately describes the difference between the functioning of incoming and outgoing access control lists. It states that incoming access control lists are processed before packets are routed, while outgoing access control lists are processed after routing is completed.

The correct answer is that the access control list blocks all traffic. This means that any traffic attempting to pass through the network will be denied and not allowed to proceed. This can be useful in situations where the administrator wants to implement strict security measures and only allow specific types of traffic to pass through the network. By denying all traffic, the administrator has complete control over what is allowed and what is not.

Appliquer une liste de contrôle d'accès dont toutes les entrées ACE sont deny entraînerait une mauvaise configuration de liste de contrôle d'accès et le refus de tout trafic. Cela signifie que toutes les adresses IP, tous les protocoles et tous les ports seraient bloqués, empêchant ainsi tout type de communication entrant ou sortant.

The correct answer is "Router(config)# access-list 95 deny 172.16.0.0 0.0.255.255" and "Router(config)# access-list 95 permit any". These commands will create an access control list (ACL) named 95 that denies any traffic coming from the network 172.16.0.0/16 and allows all other traffic. The first command denies traffic from the specified network using a wildcard mask of 0.0.255.255, which matches any address within the 172.16.x.x range. The second command permits any other traffic that is not denied by the previous statement. Together, these commands create the desired ACL to restrict network traffic.

The given IP addresses fall within the range of 192.168.16.0 to 192.168.19.0. The subnet mask 0.0.3.255 allows for a range of IP addresses from 192.168.16.0 to 192.168.19.255. Therefore, the correct access-list instruction that matches the given IP addresses is "access-list 10 permit 192.168.16.0 0.0.3.255".

After executing the command "no access-list 10", the access control list 10 will be removed from the current configuration. This means that any rules or restrictions defined in access list 10 will no longer be applied to network traffic. The access control list will be completely deleted from the configuration, including any references to it on interface Fa0/1. It does not mention anything about disabling or removing the access control list after restarting R1.

If a router has two interfaces and routes both IPV4 and IPV6 traffic, a total of 8 access control lists (ACLs) can be created and applied to it. This is because each interface can have separate ACLs for both IPV4 and IPV6 traffic. Therefore, there can be 4 ACLs for IPV4 traffic (2 interfaces x 2 traffic types) and 4 ACLs for IPV6 traffic (2 interfaces x 2 traffic types), resulting in a total of 8 ACLs.

The command "clear access-list counters" is used by the network admin to troubleshoot an access control list (ACL) and determine the number of packet matches. By clearing the counters, the admin can start fresh and accurately track the number of packets that match the ACL. This can help in identifying any issues or inconsistencies in the ACL configuration and ensure that it is functioning correctly.

To delete a specific ACE entry from an access control list, the "no" keyword followed by the sequence number of the ACE to be removed should be used. This method allows for the targeted removal of a single entry without affecting the rest of the access control list.

The preferable configuration for placing an outbound ACL list is when the ACL list is applied to an outgoing interface to filter packets coming from multiple incoming interfaces before they exit the interface. This configuration allows for better control and filtering of the traffic leaving the interface, ensuring that only the desired packets are allowed to pass through.

Four packets are allowed to access the router via the source PC of the network 192.168.1.64.

The correct answer is "access-list 1 permit 192.168.10.0 0.0.0.31". This command allows only the devices connected to interface g0/0 of R2 to access the networks connected to R1. The wildcard mask 0.0.0.31 ensures that only the first 5 bits of the fourth octet of the source IP address are matched, allowing a range of IP addresses from 192.168.10.0 to 192.168.10.31 to pass through the access list. This effectively limits the access to only the devices within this range, fulfilling the requirement stated in the question.

An access control list (ACL) is a set of rules that determines what traffic is allowed or denied on a network device. In this question, the options are different types of ACLs and their current status on a production router. The correct answer states that an unnamed ACL that has not been applied yet is easier to modify on a production router. This is because an unnamed ACL can be modified directly without the need to remove or reapply it. On the other hand, a named ACL that has already been applied with the "access-class" command would require removing the ACL before making any modifications.

The correct answer is to manually add the new deny ACE with the order number 5. This means that the administrator should add a new entry to the access control list (ACL) with the command "deny host 172.16.0.1" and specify the order number as 5. This will block packets from the host 172.16.0.1 while allowing all other traffic from the 172.16.0.0 network.

The correct answer is "R1(config-line)# ip access-class 1 in". This command applies the access control list (ACL) with the number 1 to incoming traffic on the line configuration mode. In this scenario, the admin wants to allow SSH administrative access to the host 172.16.1.100, so the ACL needs to be applied to inbound traffic.

The given result indicates that there are two matches for the permit statement in the access list, which means that two devices were able to access the router using SSH or Telnet. Therefore, the conclusion that can be drawn by the network admin is that two devices were able to successfully access the router using SSH or Telnet.

Les deux utilisations d'une liste de contrôle d'accès sont :
1. Les ACL procurent un niveau de sécurité d'accès au réseau de base, ce qui signifie qu'elles permettent de contrôler les autorisations d'accès des utilisateurs ou des hôtes sur le réseau, garantissant ainsi la sécurité du réseau.
2. Les listes de contrôle d'accès peuvent contrôler les zones auxquelles un hôte peut accéder sur un réseau, ce qui signifie qu'elles permettent de limiter l'accès à certaines parties du réseau en fonction des besoins et des autorisations des utilisateurs.

If the access control list (ACL) is applied in the wrong direction (in this case, incoming instead of outgoing), it will not function as intended. This means that the ACL will not filter or control the traffic as expected. It may result in all traffic being allowed or refused, depending on the default behavior of the device. The ACL is designed to analyze traffic before it is routed to the outgoing interface, so applying it in the wrong direction will render it ineffective.

The correct answer is "Tous le trafics seront bloques, pas seulement le trafic venant du subnet 172.16.4.0/24". This is because the access control list (ACL) configured on R1 is set to deny all traffic from the 172.16.0/24 subnet to the 172.16.3.0/24 subnet. This means that any traffic from the 172.16.0/24 subnet, regardless of its destination, will be blocked.

The correct answer is "en sortie sur l'interface g0/1 de R1". This means that the access control list should be applied on the outbound traffic from the g0/1 interface of R1. This ensures that only the devices connected to the g0/0 interface of R2 can access the devices connected to the g0/1 interface of R1. Applying the access control list on the outbound traffic from R1's interface g0/1 allows for better control and filtering of the traffic leaving R1.

The correct answer is "host". In Cisco IOS, the access control list (ACL) entries are generally organized in ascending order based on the sequence number. The "host" type of instruction is used to specify a single host or a specific IP address in the ACL. This allows for more granular control and specificity in defining access rules for a particular host.

If the router is restarted before implementing another command, the ACE entries in access list 10 will be renumbered. This means that the numbering of the entries will be changed, possibly causing confusion or misconfiguration if the entries were referenced or configured based on their original numbers.

The correct answer is "Router1(config)# access-list 10 permit host 192.168.15.23" and "Router1(config)# access-list 10 permit host 192.168.15.23 0.0.0.0". These commands are used to configure an access control list (ACL) on the network administrator's workstation. The first command allows only the specific IP address 192.168.15.23 to access the main router's virtual terminal. The second command is similar but uses a wildcard mask of 0.0.0.0, which means that only the exact IP address 192.168.15.23 is allowed access.

The correct answer is based on the best practices for access control list (ACL) placement. It suggests that standard ACLs should be placed near the destination IP address of the traffic, while extended ACLs should be placed near the source IP address of the traffic. This allows for more specific and granular filtering based on the specific needs of the network. Additionally, it is recommended to filter unwanted traffic before it traverses a low-bandwidth link, which helps to optimize network performance.

An access-list is a feature in a router that controls the flow of network traffic based on specific criteria. It authorizes or denies traffic based on predefined rules. It allows network administrators to define what types of traffic are allowed or blocked, providing an additional layer of security and control over network communications.

The correct answer states that an implicit deny statement refuses any packet that does not match any ACE entry. This means that if a packet does not meet the conditions specified in any ACE, it will be denied by default. Additionally, a packet can be either refused or transmitted based on the corresponding ACE. Each instruction is checked only until a match is found or until the end of the ACE list. This means that once a match is found, the processing stops and the decision is made.

The correct answer is R1 Gi0/0 en entrée. This is because the administrator wants to prevent traffic from network 1 from being transmitted to the Research and Development network. By applying the access control list on the R1 Gi0/0 interface in the incoming direction, any traffic coming from network 1 will be filtered and blocked before it enters the router, effectively preventing it from being transmitted to the Research and Development network.