CCNA – The IT Certification Exam About Computer Security Quiz

1. The standard access lists are ranged from 101 to 199 and from 1100 to 1199.

True

False

The statement is false because standard access lists are ranged from 1 to 99 and from 1300 to 1999, not from 101 to 199 and from 1100 to 1199.

Explanation

The statement is false because standard access lists are ranged from 1 to 99 and from 1300 to 1999, not from 101 to 199 and from 1100 to 1199.

2. The authentication process is completed by the router or central access.

True

False

The statement is true because the authentication process is indeed completed by the router or central access. These devices are responsible for verifying the identity of the user or device trying to access the network. They typically use various authentication methods such as passwords, digital certificates, or biometrics to ensure that only authorized users can gain access to the network.

Explanation

The statement is true because the authentication process is indeed completed by the router or central access. These devices are responsible for verifying the identity of the user or device trying to access the network. They typically use various authentication methods such as passwords, digital certificates, or biometrics to ensure that only authorized users can gain access to the network.

3. Which item represents the standard IP ACL?

Access-list 50 deny 192.168.1.1 0.0.0.255

Access-list 110 permit IP any any

Access-list 2500 denies tcp any host 192.168.1.1 eq 22

Access-list 101 denies tcp any host 192.168.1.1

The correct answer is "access-list 50 deny 192.168.1.1 0.0.0.255" because it represents a standard IP ACL. Standard IP ACLs are used to filter traffic based on source IP addresses only. In this case, the ACL is denying any traffic coming from the IP address 192.168.1.1 with a wildcard mask of 0.0.0.255, which means it will match any source IP address in the 192.168.1.0/24 range.

Explanation

The correct answer is "access-list 50 deny 192.168.1.1 0.0.0.255" because it represents a standard IP ACL. Standard IP ACLs are used to filter traffic based on source IP addresses only. In this case, the ACL is denying any traffic coming from the IP address 192.168.1.1 with a wildcard mask of 0.0.0.255, which means it will match any source IP address in the 192.168.1.0/24 range.

4. There can be any number of inbound access lists on an interface, irrespective of other details.

True

False

The statement is false because there can only be one inbound access list per interface. Multiple access lists cannot be applied to the same interface in the inbound direction.

Explanation

The statement is false because there can only be one inbound access list per interface. Multiple access lists cannot be applied to the same interface in the inbound direction.

5. On which options are standard access lists based?

Destination address and wildcard mask

Destination address and subnet mask

The source address and subnet mask

The source address and wildcard mask

Standard access lists are based on the source address and wildcard mask. This means that when creating a standard access list, the criteria for permitting or denying traffic is determined based on the source IP address of the packets. The wildcard mask is used to specify which bits in the source address should be matched. By using the source address and wildcard mask, network administrators can control access to specific source IP addresses or ranges of addresses.

Explanation

Standard access lists are based on the source address and wildcard mask. This means that when creating a standard access list, the criteria for permitting or denying traffic is determined based on the source IP address of the packets. The wildcard mask is used to specify which bits in the source address should be matched. By using the source address and wildcard mask, network administrators can control access to specific source IP addresses or ranges of addresses.

6. Refer to the exhibit.

Statements A, B, C, and D of ACL 10 have been entered in the shown order and applied to interface E0 inbound to prevent all hosts (except those whose addresses are the first and last IP of subnet 172.21.1.128/28) from accessing the network. But as is, the ACL does not restrict anyone from the network. How can the ACL statements be re-arranged so that the system works as intended?

ACDB

BADC

DBAC

CDBA

The correct order of ACL statements should be CDBA. In this order, statement C will be evaluated first, which denies access to all hosts except those with the first and last IP of subnet 172.21.1.128/28. Statement D will be evaluated next, denying access to all hosts. Statement B will then permit access to the first and last IP addresses of the subnet. Finally, statement A will permit access to all other hosts. This re-arrangement ensures that the ACL works as intended by preventing access to all hosts except the specified ones.

Explanation

The correct order of ACL statements should be CDBA. In this order, statement C will be evaluated first, which denies access to all hosts except those with the first and last IP of subnet 172.21.1.128/28. Statement D will be evaluated next, denying access to all hosts. Statement B will then permit access to the first and last IP addresses of the subnet. Finally, statement A will permit access to all other hosts. This re-arrangement ensures that the ACL works as intended by preventing access to all hosts except the specified ones.

7. Refer to the exhibit.

An attempt to deny web access to a subnet blocks all traffic from the subnet. Which interface command immediately removes the effect of ACL 102?

No IP access-class 102 in

No IP access-class 102 out

No IP access-group 102 in

No IP access-group 102 out

No IP access-list 102 in

The correct answer is "no IP access-group 102 out". This command removes the effect of ACL 102 on outgoing traffic, allowing traffic from the subnet to pass through the interface without any restrictions.

Explanation

The correct answer is "no IP access-group 102 out". This command removes the effect of ACL 102 on outgoing traffic, allowing traffic from the subnet to pass through the interface without any restrictions.

8. Which statement about access lists that are applied to an interface is true?

You can apply only one access list on any interface.

You can configure one access list, per direction, per layer 3 protocol.

You can place as many access lists as you want on any interface.

You can configure one access list, per direction, per layer 2 protocol.

You can configure one access list, per direction, per layer 3 protocol. This means that you can apply one access list to control traffic in one direction (inbound or outbound) for a specific layer 3 protocol (such as IPv4 or IPv6). This allows for granular control over the traffic that is allowed or denied on the interface based on the specified layer 3 protocol.

Explanation

You can configure one access list, per direction, per layer 3 protocol. This means that you can apply one access list to control traffic in one direction (inbound or outbound) for a specific layer 3 protocol (such as IPv4 or IPv6). This allows for granular control over the traffic that is allowed or denied on the interface based on the specified layer 3 protocol.

9. A network administrator is configuring ACLs on a Cisco router to allow traffic from hosts on networks 192.168.146.0, 192.168.147.0, 192.168.148.0, and 192.168.149.0 only. Which two ACL statements, when combined, would you use to accomplish this task? (Choose two)

Access-list 10 permit ip 192.168.146.0 0.0.1.255

Access-list 10 permit ip 192.168.147.0 0.0.255.255

Access-list 10 permit ip 192.168.148.0 0.0.1.255

Access-list 10 permit ip 192.168.149.0 0.0.255.255

Access-list 10 permit ip 192.168.146.0 0.0.0.255

Access-list 10 permit ip 192.168.146.0 255.255.255.0

The two ACL statements that would allow traffic from the specified networks are "access-list 10 permit ip 192.168.146.0 0.0.1.255" and "access-list 10 permit ip 192.168.148.0 0.0.1.255". The first statement allows traffic from the network 192.168.146.0 to 192.168.147.255, which includes all hosts in that network. The second statement allows traffic from the network 192.168.148.0 to 192.168.149.255, which includes all hosts in that network. Together, these two statements cover all the specified networks and allow traffic from hosts within them.

Explanation

The two ACL statements that would allow traffic from the specified networks are "access-list 10 permit ip 192.168.146.0 0.0.1.255" and "access-list 10 permit ip 192.168.148.0 0.0.1.255". The first statement allows traffic from the network 192.168.146.0 to 192.168.147.255, which includes all hosts in that network. The second statement allows traffic from the network 192.168.148.0 to 192.168.149.255, which includes all hosts in that network. Together, these two statements cover all the specified networks and allow traffic from hosts within them.

Submit

10. A network engineer wants to allow a temporary entry for a remote user with a specific username and password so that the user can access the entire network over the internet. Which ACL can be used?

Reflexive

Extended

Standard

Dynamic

A dynamic ACL can be used to allow temporary entry for a remote user with a specific username and password. Dynamic ACLs are created dynamically and can be modified or deleted based on certain conditions or events. In this case, the network engineer can create a dynamic ACL that allows access for the remote user with the specific username and password, and then remove or modify the ACL once the temporary access is no longer needed.

Explanation

A dynamic ACL can be used to allow temporary entry for a remote user with a specific username and password. Dynamic ACLs are created dynamically and can be modified or deleted based on certain conditions or events. In this case, the network engineer can create a dynamic ACL that allows access for the remote user with the specific username and password, and then remove or modify the ACL once the temporary access is no longer needed.