Access list Flashcards
Question 1 Which identification number is valid for an extended ACL? A. 1 B. 64 C. 99 D. 100 E. 299 F. 1099
Answer: D
Question 2
Which statement about named ACLs is true?
A. They support standard and extended ACLs.
B. They are used to filter usernames and passwords for Telnet and SSH.
C. They are used to filter Layer 7 traffic.
D. They support standard ACLs only.
E. They are used to rate limit traffic destined to targeted networks.
Answer: A
Question 3 Which range represents the standard access list? A. 99 B. 150 C. 299 D. 2000
Answer: A
Question 4 A network engineer wants to allow a temporary entry for a remote user with a specific username and password so that the user can access the entire network over the internet. Which ACL can be used? A. reflexive B. extended C. standard D. dynamic
Answer: D
Question 5
Which statement about ACLs is true?
A. An ACL have must at least one permit action, else it just blocks all traffic.
B. ACLs go bottom-up through the entries looking for a match
C. An ACL has a an implicit permit at the end of ACL.
D. ACLs will check the packet against all entries looking for a match.
Answer: A
Question 6
Which action can change the order of entries in a named access-list?
A. removing an entry
B. opening the access-list in notepad C. adding an entry
D. resequencing
Answer: D
Question 7 Which of the following are the valid numbers of standard ACL? (Choose two) A. 50 B. 1550 C. 150 D. 1250 E. 2050
Answer: A B
Question 8 Host is able to ping a web server but it is not able to do HTTP request. What is the most likely cause the problem? A. ACL blocking port 23 B. ACL blocking all ports C. ACL blocking port 80 D. ACL blocking port 443 E. None of the above
Answer: C
Question 9
Which item represents the standard IP ACL?
A. Access-list 110 permit any any
B. Access-list 50 deny 192.168.1.1 0.0.0.255
C. Access list 101 deny tvp any host 192.168.1.1
D. Access-list 2500 deny tcp any host 192.168.1.1 eq 22
Answer: B
Question 10 While troubleshooting a connection problem on a computer, you determined that the computer can ping a specific web server but it cannot connect to TCP port 80 on that server. Which reason for the problem is most likely true? A. A VLAN number is incorrect B. An ARP table entry is missing C. A route is missing D. An ACL is blocking the TCP port
Answer: D
Question 11
Which command can you enter to block HTTPS traffic from the whole class A private network range to a host?
A. R1(config)#access-list 105 deny tcp 10.1.0.0 0.0.255.255 40.0.0.2 0.0.0.0 eq 443
B. R1(config)#access-list 105 deny tcp 10.1.0.0 0.0.255.255 40.0.0.2 0.0.0.0 eq 53
C. R1(config)#access-list 105 deny tcp 10.0.0.0 0.255.255.255 40.0.0.2 0.0.0.0 eq 53
D. R1(config)#access-list 105 deny tcp 10.0.0.0 0.255.255.255 40.0.0.2 0.0.0.0 eq 443
Answer: D
QUESTION 92
An organization is concerned that too many employees are wasting company time accessing the Internet. Which access list statement would stop World Wide Web access for employees on the range of subnets from 172.16.8.0/24 to 172.16.11.0/24?
A. access-list 103 deny tcp 172.16.8.0 0.0.0.3 any eq 80
B. access-list 103 deny tcp 172.16.8.0 0.0.3.255 any eq 80
C. access-list 103 deny http 172.16.8.0 0.0.7.255 any
D. access-list 103 deny tcp any 172.16.8.0 0.0.3.255 eq 80
E. access-list 103 deny tcp 172.16.8.0 0.0.11.255 any eq 80
Hide Answer
Correct Answer: B
A network engineer wants to allow a temporary entry for a remote user with a specific username and password so that the user can access the entire network over the Internet. Which ACL can be used?
A. standard
B. extended
C. dynamic
D. reflexive
Hide Answer
Correct Answer: C
