Академический Документы
Профессиональный Документы
Культура Документы
2
CCNA 2 Chapter 9 v5 Exam Answers 2016
2
CCNA6
LikePage
Bethefirstofyourfriendstolikethis
CCNA6
Refer to the exhibit. A router has an existing ACL that permits all traffic from the February22
172.16.0.0 network. The administrator attempts to add a new ACE to the ACL that
CCNASecurityv2.0Exam
denies packets from host 172.16.0.1 and receives the error message that is shown in
Answers2017
the exhibit. What action can the administrator take to block packets from host
172.16.0.1 while still permitting all other traffic from the 172.16.0.0 network?
Manually add the new deny ACE with a sequence number of 5.*
Manually add the new deny ACE with a sequence number of 15. A
e
scd
C
h
o
i
Add a deny any any ACE to access-list 1.
ExamAnswers
Create a second access list denying the host and apply it to the same interface.
PracticeExam
3
4
Which statement describes a characteristic of standard IPv4 ACLs?
Refer to the exhibit. The network administrator that has the IP address of
10.0.70.23/25 needs to have access to the corporate FTP server (10.0.54.5/28). The
FTP server is also a web server that is accessible to all internal employees on
networks within the 10.x.x.x address. No other traffic should be allowed to this
server. Which extended ACL would be used to filter this traffic, and how would this
ACL be applied? (Choose two.)
7
An administrator has configured an access list on R1 to allow SSH administrative
access from host 172.16.1.100. Which command correctly applies the ACL?
access from host 172.16.1.100. Which command correctly applies the ACL?
8
Which three statements are generally considered to be best practices in the
placement of ACLs? (Choose three.)
9
Which three implicit access control entries are automatically added to the end of an
IPv6 ACL? (Choose three.)
10
Which two characteristics are shared by both standard and extended ACLs? (Choose
two.)
11
R1(config)# access-list 105 permit udp host 10.0.70.23 host 10.0.54.5 range 1024 5000
R1(config)# access-list 105 permit tcp any host 10.0.54.5 eq 20
R1(config)# access-list 105 permit tcp any host 10.0.54.5 eq 21
R1(config)# access-list 105 deny ip any any
R1(config)# interface gi0/0
R1(config-if)# no ip access-group 105 out
R1(config)# no access-list 105
R1(config)# access-list 105 permit udp host 10.0.70.23 host 10.0.54.5 range 1024
5000
R1(config)# access-list 105 permit tcp any host 10.0.54.5 eq 20
R1(config)# access-list 105 permit tcp any host 10.0.54.5 eq 21
R1(config)# access-list 105 deny ip any any
R1(config)# interface gi0/0
R1(config-if)# ip access-group 105 out ******************
13
What two functions describe uses of an access control list? (Choose two.)
14
Which feature is unique to IPv6 ACLs when compared to those of IPv4 ACLs?
15
Which three statements describe ACL processing of packets? (Choose three.)
Each packet is compared to the conditions of every ACE in the ACL before a forwarding
decision is made.
A packet that has been denied by one ACE can be permitted by a subsequent ACE.
Each statement is checked only until a match is detected or until the end of the ACE
list.*
An implicit deny any rejects any packet that does not match any ACE.*
A packet that does not match the conditions of any ACE will be forwarded by default.
A packet can either be rejected or forwarded as directed by the ACE that is
matched.*
16
Which statement describes a difference between the operation of inbound and
outbound ACLs?
On a network interface, more than one inbound ACL can be configured but only one
outbound ACL can be configured.
In contrast to outbound ALCs, inbound ACLs can be used to filter packets with multiple
criteria.
Inbound ACLs are processed before the packets are routed while outbound ACLs are
processed after the routing is completed.*
Inbound ACLs are processed before the packets are routed while outbound ACLs are
processed after the routing is completed.*
Inbound ACLs can be used in both routers and switches but outbound ACLs can be used
only on routers.
17
What is the only type of ACL available for IPv6?
named standard
numbered extended
named extended*
numbered standard
18
Which IPv6 ACL command entry will permit traffic from any host to an SMTP server
on network 2001:DB8:10:10::/64?
19
Refer to the exhibit. The IPv6 access list LIMITED_ACCESS is applied on the S0/0/0
interface of R1 in the inbound direction. Which IPv6 packets from the ISP will be
dropped by the ACL on R1?
20
If a router has two interfaces and is routing both IPv4 and IPv6 traffic, how many
ACLs could be created and applied to it?
4
8*
6
16
12
21 . Which IPv4 address range covers all IP addresses that match the ACL filter
specified by 172.16.2.0 with wildcard mask 0.0.1.255?
172.16.2.1 to 172.16.255.255
172.16.2.1 to 172.16.3.254
172.16.2.0 to 172.16.2.255
172.16.2.0 to 172.16.3.255*
22. What packets would match the access control list statement that is shown
below?
+++++ access-list 110 permit tcp 172.16.0.0 0.0.0.255 any eq 22 +++++
23. What single access list statement matches all of the following networks?
192.168.16.0
192.168.17.0
192.168.18.0
192.168.19.0
24. What is a limitation when utilizing both IPv4 and IPv6 ACLs on a router?
when the ACL is applied to an outbound interface to filter packets coming from
multiple inbound interfaces before the packets exit the interface*
when a router has more than one ACL
when an outbound ACL is closer to the source of the traffic flow
when an interface is filtered by an outbound ACL and the network attached to the
interface is the source network being filtered within the ACL
27.
Refer to the exhibit. What will happen to the access list 10 ACEs if the router is
rebooted before any other commands are implemented?
The ACEs of access list 10 will be deleted.
The ACEs of access list 10 wildcard masks will be converted to subnet masks.
28.
Refer to the exhibit. What is the result of adding the established argument to the
end of the ACE?
Comments
Well, we can rule out the first two, as the question asks for all ip addresses in
that range (not just usable ones).
The IP referenced is a class B, so the first, second, and fourth octets will
remain unchanged.
Thus, if we are looking for all range of IPs in that subnet, AND we want to
ignore the last bit of the third octet, 172.16.2.0 to 172.16.3.255 is the only
correct choice.
0.0.1.255
this is the only answer that can have that wild card mask, that is why it is
correct.
Then, we see that the first (2) octets are full however, the last (2) have some
action. So, we just convert it to decimal . it becomes
.1111 1110. 0000 0000
SO,
just
172.16.2.0 172.16.3.255
172.16.4.0
172.16.8.0
Q11 Match each statement with the example subnet and wilcard that it
describes. (Not all options are used.)
QUESTION 8
Place extended ACLs close to the source IP address of the traffic. CORRECT
ONE
Name
+ 3 = twelve
Add Comment