Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

ag-CCNA > 12 - IP ACLs > Flashcards

12 - IP ACLs Flashcards

1
Q

How many bytes in a UDP header?

A

8

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How many bytes in a TCP header?

A

20

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What port does DNS use?

A

Port 53

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What IP ACLs only match on the Source IP?

A

Standard ACLs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What two points in a device are ACLs applied?

A

Either entering or exiting interface

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the range for Standard numbered ACLs?

A

1 - 99

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the range for Extended numbered ACLs?

A

100 - 199

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the range for both Standard and Extended ‘Additional’ ACLs?

A

Standard: 1300-1999
Extended: 2000-2699

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the difference between Numbered and Named ACLs with respect to configuration commands?

A

Numbered ACLs can be configured with Global commands

Named ACLs are configured with sub-commands

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What statement is implicitly at the end of all ACLs?

A

Deny all

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How would you configure a standard IP access list to allow a given subnet?

A

access-list 99 permit 10.1.1.0 0.0.0.255

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How would you match any and all packets with an ACL command?

A

access-list 1 permit any

access-list 1 deny any

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Why would you want to configure an explicit deny any rule?

A

So that you can see the counter for how many packets are matched by it, which is not possible using the implicit deny any rule

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Where should standard ACLs be placed and why?

A

As close to the destination as possible so that they don’t unintentionally discard packets that shouldn’t be discarded

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What command is used to actually enable the ACL on a chosen interface?

A

Interface subcommand:

ip access-group 99 in | out

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How can you show a list of IPv4 ACLs?

A

show ip access-lists

17
Q

How can you see ACLs active on a given interface?

A

show ip interface g0/0

18
Q

What is the difference between the commands:
show ip access-lists
and
show access-lists

A

The show access-lists command also lists other types of ACLs such as IPv6 etc

19
Q

True/False: Packets created by the router itself are filtered by ACLs

A

False.

A router does not filter packets it created itself with an Outbound ACL. E.g. routing protocol messages, ping packets, etc

20
Q

How do you enable log messages for ACL statistics?

A

Append the log directive to the end of ACL rule commands

access-list 2 permit 10.1.1.1 log

21
Q

What are the 3 ‘matching’ parameters that extended ACL access-list commands require?

A
  • Protocol Type
  • Source IP
  • Destination IP
22
Q

What is a key difference between standard and extended ACLs when matching a specific IP address?

A

Extended ACLs require you to use the ‘host’ keyword

23
Q

How do you use extended ACL access-list command only specifying the minimum required matching parameters?

A

access-list 101 permit tcp any 10.1.1.0 0.0.0.255

access-list 101 permit ip any any

24
Q

What are all the possible port matching modifiers for extended ACLs?

A 
eq
ne
lt
gt
range
25
Q

How would you make an extended ACL entry using ports specified as well?

A

access-list 101 permit ip any eq 443 host 10.1.1.1

26
Q

With respects to network layout and design, where should you place extended ACLs?

A

As close as possible to the source of packets that are to be filtered. This saves bandwidth.

27
Q

What is the difference between standard and extended ACLs with respect to placement location in the network?

A

Standard ACLs should be as close to the destination as possible to avoid discarding packets they’re not intended to.

Extended ACLs should be placed as close to the source as possible, which saves bandwidth

28
Q

How do you add a comment to a ACL?

A

access-list 101 remark Deny traffic from Server A to DNS servers

29
Q

What port range is considered dynamic ports?

A

49152 - 65535

30
Q

How do you make a named ACL?

A

ip access-list {standard | extended} MyACLName

31
Q

How can you remove lines from a named ACL without sequence numbers?

A

no deny ip 10.1.2.0 0.0.0.255 host 10.2.3.1

32
Q

True/False: IOS adds sequence number to commands as you configure them, even if you do not include the sequence numbers

A

True

33
Q

How do you add or remove ACL commands using sequence numbers?

A

ACL Subcommands

no 20
5 deny 10.1.1.1

34
Q

What should you do before making changes to an ACL?

A

Disable an ACL from its interface

35
Q

How do you disable an ACL from it’s interface?

A

Interface sub-command

no ip access-group 10

ag-CCNA (21 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions