1.
Which item represents the standard IP ACL?
Correct Answer
A. Access-list 50 deny 192.168.1.1 0.0.0.255
Explanation
The correct answer is "access-list 50 deny 192.168.1.1 0.0.0.255" because it represents a standard IP ACL. Standard IP ACLs are used to filter traffic based on source IP addresses only. In this case, the ACL is denying any traffic coming from the IP address 192.168.1.1 with a wildcard mask of 0.0.0.255, which means it will match any source IP address in the 192.168.1.0/24 range.
2.
A network administrator is configuring ACLs on a Cisco router to allow traffic from hosts on networks 192.168.146.0, 192.168.147.0, 192.168.148.0, and 192.168.149.0 only. Which two ACL statements, when combined, would you use to accomplish this task? (Choose two)
Correct Answer(s)
A. Access-list 10 permit ip 192.168.146.0 0.0.1.255
C. Access-list 10 permit ip 192.168.148.0 0.0.1.255
Explanation
The two ACL statements that would allow traffic from the specified networks are "access-list 10 permit ip 192.168.146.0 0.0.1.255" and "access-list 10 permit ip 192.168.148.0 0.0.1.255". The first statement allows traffic from the network 192.168.146.0 to 192.168.147.255, which includes all hosts in that network. The second statement allows traffic from the network 192.168.148.0 to 192.168.149.255, which includes all hosts in that network. Together, these two statements cover all the specified networks and allow traffic from hosts within them.
3.
There can be any number of inbound access lists on an interface, irrespective of other details.
Correct Answer
B. False
Explanation
The statement is false because there can only be one inbound access list per interface. Multiple access lists cannot be applied to the same interface in the inbound direction.
4.
Refer to the exhibit.An attempt to deny web access to a subnet blocks all traffic from the subnet. Which interface command immediately removes the effect of ACL 102?
Correct Answer
D. No IP access-group 102 out
Explanation
The correct answer is "no IP access-group 102 out". This command removes the effect of ACL 102 on outgoing traffic, allowing traffic from the subnet to pass through the interface without any restrictions.
5.
The authentication process is completed by the router or central access.
Correct Answer
A. True
Explanation
The statement is true because the authentication process is indeed completed by the router or central access. These devices are responsible for verifying the identity of the user or device trying to access the network. They typically use various authentication methods such as passwords, digital certificates, or biometrics to ensure that only authorized users can gain access to the network.
6.
On which options are standard access lists based?
Correct Answer
D. The source address and wildcard mask
Explanation
Standard access lists are based on the source address and wildcard mask. This means that when creating a standard access list, the criteria for permitting or denying traffic is determined based on the source IP address of the packets. The wildcard mask is used to specify which bits in the source address should be matched. By using the source address and wildcard mask, network administrators can control access to specific source IP addresses or ranges of addresses.
7.
Refer to the exhibit.Statements A, B, C, and D of ACL 10 have been entered in the shown order and applied to interface E0 inbound to prevent all hosts (except those whose addresses are the first and last IP of subnet 172.21.1.128/28) from accessing the network. But as is, the ACL does not restrict anyone from the network. How can the ACL statements be re-arranged so that the system works as intended?
Correct Answer
D. CDBA
Explanation
The correct order of ACL statements should be CDBA. In this order, statement C will be evaluated first, which denies access to all hosts except those with the first and last IP of subnet 172.21.1.128/28. Statement D will be evaluated next, denying access to all hosts. Statement B will then permit access to the first and last IP addresses of the subnet. Finally, statement A will permit access to all other hosts. This re-arrangement ensures that the ACL works as intended by preventing access to all hosts except the specified ones.
8.
The standard access lists are ranged from 101 to 199 and from 1100 to 1199.
Correct Answer
B. False
Explanation
The statement is false because standard access lists are ranged from 1 to 99 and from 1300 to 1999, not from 101 to 199 and from 1100 to 1199.
9.
Which statement about access lists that are applied to an interface is true?
Correct Answer
B. You can configure one access list, per direction, per layer 3 protocol.
Explanation
You can configure one access list, per direction, per layer 3 protocol. This means that you can apply one access list to control traffic in one direction (inbound or outbound) for a specific layer 3 protocol (such as IPv4 or IPv6). This allows for granular control over the traffic that is allowed or denied on the interface based on the specified layer 3 protocol.
10.
A network engineer wants to allow a temporary entry for a remote user with a specific username and password so that the user can access the entire network over the internet. Which ACL can be used?
Correct Answer
D. Dynamic
Explanation
A dynamic ACL can be used to allow temporary entry for a remote user with a specific username and password. Dynamic ACLs are created dynamically and can be modified or deleted based on certain conditions or events. In this case, the network engineer can create a dynamic ACL that allows access for the remote user with the specific username and password, and then remove or modify the ACL once the temporary access is no longer needed.