1

Shar HOME CCNA v6.0 CCNA Security V2 IT-Essentials Sign In Register

CCNA 2 v5.0 Routing and Switching

16

2
CCNA 2 Chapter 9 v5 Exam Answers 2016

CCNA 2 Chapter 9 v5 Exam Answers 2016

1
A network administrator needs to configure a standard ACL so that only the
workstation of the administrator with the IP address 192.168.15.23 can access the
virtual terminal of the main router. Which two configuration commands can achieve
the task? (Choose two.)

Router1(config)# access-list 10 permit 192.168.15.23 255.255.255.0

Router1(config)# access-list 10 permit 192.168.15.23 0.0.0.0*
Custom Search
Router1(config)# access-list 10 permit 192.168.15.23 0.0.0.255
Router1(config)# access-list 10 permit 192.168.15.23 255.255.255.255
Search
Router1(config)# access-list 10 permit host 192.168.15.23*

2
CCNA6
LikePage

Bethefirstofyourfriendstolikethis

CCNA6
Refer to the exhibit. A router has an existing ACL that permits all traffic from the February22
172.16.0.0 network. The administrator attempts to add a new ACE to the ACL that
CCNASecurityv2.0Exam
denies packets from host 172.16.0.1 and receives the error message that is shown in
Answers2017
the exhibit. What action can the administrator take to block packets from host
172.16.0.1 while still permitting all other traffic from the 172.16.0.0 network?

Manually add the new deny ACE with a sequence number of 5.*
Manually add the new deny ACE with a sequence number of 15. A
e
scd
C
h
o
i
Add a deny any any ACE to access-list 1.
ExamAnswers
Create a second access list denying the host and apply it to the same interface.
PracticeExam
3

Launch PT Hide and Save PT

Open the PT Activity. Perform the tasks in the activity instructions and then answer
the question.

Why is the ACL not working?

The ACL is missing a deny ip any any ACE.

The ACL is missing a deny ip any any ACE.
The ACL is applied in the wrong direction.
The access-list 105 command or commands are incorrect.
The ACL is applied to the wrong interface.*
No ACL is needed for this scenario.

4
Which statement describes a characteristic of standard IPv4 ACLs?

They are configured in the interface configuration mode.

They can be created with a number but not with a name.
They filter traffic based on source IP addresses only.*
They can be configured to filter traffic based on both source IP addresses and source
ports.

Refer to the exhibit. The network administrator that has the IP address of
10.0.70.23/25 needs to have access to the corporate FTP server (10.0.54.5/28). The
FTP server is also a web server that is accessible to all internal employees on
networks within the 10.x.x.x address. No other traffic should be allowed to this
server. Which extended ACL would be used to filter this traffic, and how would this
ACL be applied? (Choose two.)

access-list 105 permit ip host 10.0.70.23 host 10.0.54.5

access-list 105 permit tcp any host 10.0.54.5 eq www
access-list 105 permit ip any any

R1(config)# interface s0/0/0

R1(config-if)# ip access-group 105 out

R1(config)# interface gi0/0

R1(config-if)# ip access-group 105 out ******************

access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20

access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21
access-list 105 permit tcp 10.0.0.0 0.255.255.255 host 10.0.54.5 eq www
access-list 105 deny ip any host 10.0.54.5
access-list 105 permit ip any any ********************

access-list 105 permit tcp host 10.0.54.5 any eq www

access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20
access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21

R2(config)# interface gi0/0

R2(config-if)# ip access-group 105 in
6
What are two possible uses of access control lists in an enterprise network? (Choose
two.)

limiting debug outputs*

reducing the processing load on routers
controlling the physical status of router interfaces
controlling virtual terminal access to routers*
allowing Layer 2 traffic to be filtered by a router

7
An administrator has configured an access list on R1 to allow SSH administrative
access from host 172.16.1.100. Which command correctly applies the ACL?
access from host 172.16.1.100. Which command correctly applies the ACL?

R1(config-line)# access-class 1 out

R1(config-line)# access-class 1 in*
R1(config-if)# ip access-group 1 out
R1(config-if)# ip access-group 1 in

8
Which three statements are generally considered to be best practices in the
placement of ACLs? (Choose three.)

Place extended ACLs close to the source IP address of the traffic.*

For every inbound ACL placed on an interface, there should be a matching outbound
ACL.
Place extended ACLs close to the destination IP address of the traffic.
Place standard ACLs close to the destination IP address of the traffic.*
Filter unwanted traffic before it travels onto a low-bandwidth link.*
Place standard ACLs close to the source IP address of the traffic.

9
Which three implicit access control entries are automatically added to the end of an
IPv6 ACL? (Choose three.)

deny icmp any any

deny ipv6 any any*
permit icmp any any nd-ns*
permit ipv6 any any
deny ip any any
permit icmp any any nd-na*

10
Which two characteristics are shared by both standard and extended ACLs? (Choose
two.)

Both filter packets for a specific destination host IP address.

Both can be created by using either a descriptive name or number.*
Both include an implicit deny as a final ACE.*
Both can permit or deny specific services by port number.
Both kinds of ACLs can filter based on protocol type.

11

Place the options in the following order:

192.168.15.65 255.255.255.240 ==> the first valid host address in a subnet

192.168.15.144 0.0.0.15 ==> subnetwork address of a subnet with 14 valid host
addreses
host 192.168.15.2 ==> all IP address bits must match exactly
192.168.5.0 0.0.3.255 ==> hosts in a subnet with SM 255.255.252.0
192.168.3.64 0.0.0.7 ==> address with a subnet 255.255.255.248
12
Consider the following access list that allows IP phone configuration file transfers
from a particular host to a TFTP server:

R1(config)# access-list 105 permit udp host 10.0.70.23 host 10.0.54.5

range 1024 5000
R1(config)# access-list 105 deny ip any any
R1(config)# interface gi0/0
R1(config-if)# ip access-group 105 out
R1(config-if)# ip access-group 105 out
Which method would allow the network administrator to modify the ACL and
include FTP transfers from any source IP address?

R1(config)# interface gi0/0

R1(config-if)# no ip access-group 105 out
R1(config)# access-list 105 permit tcp any host 10.0.54.5 eq 20
R1(config)# access-list 105 permit tcp any host 10.0.54.5 eq 21
R1(config)# interface gi0/0
R1(config-if)# ip access-group 105 out

R1(config)# access-list 105 permit tcp any host 10.0.54.5 eq 20

R1(config)# access-list 105 permit tcp any host 10.0.54.5 eq 21

R1(config)# access-list 105 permit udp host 10.0.70.23 host 10.0.54.5 range 1024 5000
R1(config)# access-list 105 permit tcp any host 10.0.54.5 eq 20
R1(config)# access-list 105 permit tcp any host 10.0.54.5 eq 21
R1(config)# access-list 105 deny ip any any
R1(config)# interface gi0/0
R1(config-if)# no ip access-group 105 out
R1(config)# no access-list 105
R1(config)# access-list 105 permit udp host 10.0.70.23 host 10.0.54.5 range 1024
5000
R1(config)# access-list 105 permit tcp any host 10.0.54.5 eq 20
R1(config)# access-list 105 permit tcp any host 10.0.54.5 eq 21
R1(config)# access-list 105 deny ip any any
R1(config)# interface gi0/0
R1(config-if)# ip access-group 105 out ******************

13
What two functions describe uses of an access control list? (Choose two.)

ACLs provide a basic level of security for network access.*

ACLs can control which areas a host can access on a network.*
Standard ACLs can restrict access to specific applications and ports.
ACLs can permit or deny traffic based upon the MAC address originating on the router.
ACLs assist the router in determining the best path to a destination.

14
Which feature is unique to IPv6 ACLs when compared to those of IPv4 ACLs?

an implicit permit of neighbor discovery packets*

an implicit deny any any ACE
the use of named ACL entries
the use of wildcard masks

15
Which three statements describe ACL processing of packets? (Choose three.)

Each packet is compared to the conditions of every ACE in the ACL before a forwarding
decision is made.
A packet that has been denied by one ACE can be permitted by a subsequent ACE.
Each statement is checked only until a match is detected or until the end of the ACE
list.*
An implicit deny any rejects any packet that does not match any ACE.*
A packet that does not match the conditions of any ACE will be forwarded by default.
A packet can either be rejected or forwarded as directed by the ACE that is
matched.*

16
Which statement describes a difference between the operation of inbound and
outbound ACLs?

On a network interface, more than one inbound ACL can be configured but only one
outbound ACL can be configured.
In contrast to outbound ALCs, inbound ACLs can be used to filter packets with multiple
criteria.
Inbound ACLs are processed before the packets are routed while outbound ACLs are
processed after the routing is completed.*
Inbound ACLs are processed before the packets are routed while outbound ACLs are
processed after the routing is completed.*
Inbound ACLs can be used in both routers and switches but outbound ACLs can be used
only on routers.

17
What is the only type of ACL available for IPv6?

named standard
numbered extended
named extended*
numbered standard

18
Which IPv6 ACL command entry will permit traffic from any host to an SMTP server
on network 2001:DB8:10:10::/64?

permit tcp any host 2001:DB8:10:10::100 eq 23

permit tcp host 2001:DB8:10:10::100 any eq 23
permit tcp host 2001:DB8:10:10::100 any eq 25
permit tcp any host 2001:DB8:10:10::100 eq 25*

19

Refer to the exhibit. The IPv6 access list LIMITED_ACCESS is applied on the S0/0/0
interface of R1 in the inbound direction. Which IPv6 packets from the ISP will be
dropped by the ACL on R1?

neighbor advertisements that are received from the ISP router

ICMPv6 packets that are destined to PC1*
packets that are destined to PC1 on port 80
HTTPS packets to PC1

20
If a router has two interfaces and is routing both IPv4 and IPv6 traffic, how many
ACLs could be created and applied to it?

4
8*
6
16
12

21 . Which IPv4 address range covers all IP addresses that match the ACL filter
specified by 172.16.2.0 with wildcard mask 0.0.1.255?

172.16.2.1 to 172.16.255.255
172.16.2.1 to 172.16.3.254
172.16.2.0 to 172.16.2.255
172.16.2.0 to 172.16.3.255*

22. What packets would match the access control list statement that is shown
below?
+++++ access-list 110 permit tcp 172.16.0.0 0.0.0.255 any eq 22 +++++

SSH traffic from the 172.16.0.0 network to any destination network*

SSH traffic from the 172.16.0.0 network to any destination network*
SSH traffic from any source network to the 172.16.0.0 network
any TCP traffic from any host to the 172.16.0.0 network
any TCP traffic from the 172.16.0.0 network to any destination network

23. What single access list statement matches all of the following networks?
192.168.16.0
192.168.17.0
192.168.18.0
192.168.19.0

access-list 10 permit 192.168.16.0 0.0.3.255*

access-list 10 permit 192.168.16.0 0.0.0.255
access-list 10 permit 192.168.16.0 0.0.15.255
access-list 10 permit 192.168.0.0 0.0.15.255

24. What is a limitation when utilizing both IPv4 and IPv6 ACLs on a router?

A device can run only IPv4 ACLs or IPv6 ACLs.

Both IPv4 and IPv6 ACLs can be configured on a single device, but cannot share the
same name.*
IPv4 ACLs can be numbered or named whereas IPv6 ACLs must be numbered.
IPv6 ACLs perform the same functions as standard IPv4 ACLs.

25. In which configuration would an outbound ACL placement be preferred over an

inbound ACL placement?

when the ACL is applied to an outbound interface to filter packets coming from
multiple inbound interfaces before the packets exit the interface*
when a router has more than one ACL
when an outbound ACL is closer to the source of the traffic flow
when an interface is filtered by an outbound ACL and the network attached to the
interface is the source network being filtered within the ACL

26. What method is used to apply an IPv6 ACL to a router interface?

the use of the access-class command

the use of the ip access-group command
the use of the ipv6 traffic-filter command*
the use of the ipv6 access-list command

27.

Refer to the exhibit. What will happen to the access list 10 ACEs if the router is
rebooted before any other commands are implemented?
The ACEs of access list 10 will be deleted.

The ACEs of access list 10 will not be affected.

The ACEs of access list 10 will be renumbered.*

The ACEs of access list 10 wildcard masks will be converted to subnet masks.

28.

Refer to the exhibit. What is the result of adding the established argument to the
end of the ACE?

Any traffic is allowed to reach the 192.168.254.0 255.255.254.0 network.

Any IP traffic is allowed to reach the 192.168.254.0 255.255.254.0 network as long as it
Any traffic is allowed to reach the 192.168.254.0 255.255.254.0 network.
Any IP traffic is allowed to reach the 192.168.254.0 255.255.254.0 network as long as it
is in response to an originated request.
192.168.254.0 /23 traffic is allowed to reach any network.
Any TCP traffic is allowed to reach the 192.168.254.0 255.255.254.0 network if it is in
response to an originated request.*

CCNA2v5.0 CCNA2R&S CCNA2Chapter2 CCNA2Chapter4

Routingand... Routingand... v5Exam... v5Exam...

CCNA1Chapter9 CCNA2Chapter7 CCNA2Chapter5 CCNA2Chapter

v5Exam... v5Exam... v5Exam... 10v5Exam...

6 November 22, 2013 by CCNA5.NET in answers ccna

CCNA 2 Chapter 9 v5.0 Exam Answers
CCNA 2 v5.0 Routing and Switching
2013
ccna exam answers

ccna routing and switching

ccna v5.0 cisco exam
routing and switching

Comments

antoniokasares June 5, 2014 Reply

Hi everyone can someone explain to me question 21?

I wonder why 172.16.2.0 to 172.16.3.255 is correct answer?

Steve June 10, 2014 Reply

Well, we can rule out the first two, as the question asks for all ip addresses in
that range (not just usable ones).

The IP referenced is a class B, so the first, second, and fourth octets will
remain unchanged.

The wildcard mask of 0.0.1.255 is the equivalent to the subnet mask of

255.255.254.0. This makes it /23.

Remember in wildcard masks, 0=match 1=ignore. So the ACL is stating to

match all bits in the octet but the 1s spot. If we wrote it out in binary, it
would look like 00000000.00000000.00000001.11111111.

Thus, if we are looking for all range of IPs in that subnet, AND we want to
ignore the last bit of the third octet, 172.16.2.0 to 172.16.3.255 is the only
correct choice.

leroy stanton November 15, 2014 Reply

in question 21, you are looking for the range that is covered under the wild
card mask that it gives,
so with a wild card of 0.0.1.255

if you take the addresses it gives you,

172.16.3.255
172.16.2.0

0.0.1.255
this is the only answer that can have that wild card mask, that is why it is
correct.

Bob Smithyy November 24, 2014 Reply

Basically, we need to find the network incriminate so we need to convert the

wild card to a SM . 0.0.1.255 > 255.255.254.0
Basically, just do (255 (the number)) to find the SM.

Then, we see that the first (2) octets are full however, the last (2) have some
action. So, we just convert it to decimal . it becomes
.1111 1110. 0000 0000

This tells us that the network is increasing by 128,64,32,16,8,4,2,1

BY 2.

SO,
just
172.16.2.0 172.16.3.255
172.16.4.0
172.16.8.0

ccna student July 29, 2015 Reply

Q11 Match each statement with the example subnet and wilcard that it
describes. (Not all options are used.)

192.168.15.65 255.255.255.240 ==> the first valid host address in a subnet

192.168.15.144 0.0.0.15 ==> subnetwork address of a subnet with 14 valid
host addreses
host 192.168.15.2 ==> all IP address bits must match exactly
192.168.5.0 0.0.3.255 ==> hosts in a subnet with SM 255.255.252.0
192.168.3.64 0.0.0.7 ==> address with a subnet 255.255.255.248

ALEXANDER June 28, 2016 Reply

Place standard ACLs close to the source IP address of the traffic.

Place extended ACLs close to the destination IP address of the traffic.

QUESTION 8
Place extended ACLs close to the source IP address of the traffic. CORRECT
ONE

Filter unwanted traffic before it travels onto a low-bandwidth link. CORRECT

ONE

Place standard ACLs close to the destination IP address of the traffic.

CORRECT ONE

For every inbound ACL placed on an interface, there should be a matching

outbound ACL.
 Comment

Name

Email

+ 3 = twelve

Add Comment

CCNA5.NET => HOME CCNA v6.0 CCNA Security V2 IT-Essentials