Chapter 07 Exam Flashcards
What is the effect of configuring an ACL with only ACEs that deny traffic?
The ACL must be applied outbound only.
The ACL will permit any traffic that is not specifically denied.
The ACL will block all traffic.
The ACL must be applied inbound only.
The ACL will block all traffic.
If a router has two interfaces and is routing both IPv4 and IPv6 traffic, how many ACLs could be created and applied to it?
12
8
4
16
6
8
What single access list statement matches all of the following networks?
- 168.16.0
- 168.17.0
- 168.18.0
- 168.19.0
access-list 10 permit 192.168.16.0 0.0.0.255
access-list 10 permit 192.168.16.0 0.0.15.255
access-list 10 permit 192.168.0.0 0.0.15.255
access-list 10 permit 192.168.16.0 0.0.3.255
access-list 10 permit 192.168.16.0 0.0.3.255
An administrator has configured an access list on R1 to allow SSH administrative access from host 172.16.1.100. Which command correctly applies the ACL?
R1(config-line)# access-class 1 out
R1(config-if)# ip access-group 1 out
R1(config-line)# access-class 1 in
R1(config-if)# ip access-group 1 in
R1(config-line)# access-class 1 in
Which address is required in the command syntax of a standard ACL?
source IP address
destination MAC address
destination IP address
source MAC address
source IP address
Consider the following output for an ACL that has been applied to a router via the access-class in command. What can a network administrator determine from the output that is shown?
R1#
Standard IP access list 2
10 permit 192.168.10.0, wildcard bits 0.0.0.255 (2 matches)
20 deny any (1 match)
Traffic from two devices was allowed to enter one router port and be routed outbound to a different router port.
Traffic from one device was not allowed to come into one router port and be routed outbound a different router port.
Two devices were able to use SSH or Telnet to gain access to the router.
Two devices connected to the router have IP addresses of 192.168.10.x.
Two devices were able to use SSH or Telnet to gain access to the router.
Which three statements describe ACL processing of packets? (Choose three.)
A packet can either be rejected or forwarded as directed by the ACE that is matched.
Each packet is compared to the conditions of every ACE in the ACL before a forwarding decision is made.
Each statement is checked only until a match is detected or until the end of the ACE list.
An implicit deny any rejects any packet that does not match any ACE.
A packet that has been denied by one ACE can be permitted by a subsequent ACE.
A packet that does not match the conditions of any ACE will be forwarded by default.
A packet can either be rejected or forwarded as directed by the ACE that is matched.
Each statement is checked only until a match is detected or until the end of the ACE list.
An implicit deny any rejects any packet that does not match any ACE.
Which statement describes a difference between the operation of inbound and outbound ACLs?
In contrast to outbound ALCs, inbound ACLs can be used to filter packets with multiple criteria.
Inbound ACLs are processed before the packets are routed while outbound ACLs are processed after the routing is completed.
Inbound ACLs can be used in both routers and switches but outbound ACLs can be used only on routers.
On a network interface, more than one inbound ACL can be configured but only one outbound ACL can be configured.
Inbound ACLs are processed before the packets are routed while outbound ACLs are processed after the routing is completed.
Which three statements are generally considered to be best practices in the placement of ACLs? (Choose three.)
For every inbound ACL placed on an interface, there should be a matching outbound ACL.
Filter unwanted traffic before it travels onto a low-bandwidth link.
Place standard ACLs close to the destination IP address of the traffic.
Place standard ACLs close to the source IP address of the traffic.
Place extended ACLs close to the destination IP address of the traffic.
Place extended ACLs close to the source IP address of the traffic.
Filter unwanted traffic before it travels onto a low-bandwidth link.
Place standard ACLs close to the destination IP address of the traffic.
Place extended ACLs close to the source IP address of the traffic.
What is the quickest way to remove a single ACE from a named ACL?
Use the no keyword and the sequence number of the ACE to be removed.
Use the no access-list command to remove the entire ACL, then recreate it without the ACE.
Create a new ACL with a different number and apply the new ACL to the router interface.
Copy the ACL into a text editor, remove the ACE, then copy the ACL back into the router.
Use the no keyword and the sequence number of the ACE to be removed.
On which router should the show access-lists command be executed?
on the router that routes the packet referenced in the ACL to the final destination network
on the router that routes the packet referenced in the ACL from the source network
on the router that has the ACL configured
on any router through which the packet referenced in the ACL travels
on the router that has the ACL configured
Which type of router connection can be secured by the access-class command?
Ethernet
vty
serial
console
vty
A network administrator is configuring an ACL to restrict access to certain servers in the data center. The intent is to apply the ACL to the interface connected to the data center LAN. What happens if the ACL is incorrectly applied to an interface in the inbound direction instead of the outbound direction?
All traffic is permitted.
All traffic is denied.
The ACL will analyze traffic after it is routed to the outbound interface.
The ACL does not perform as designed.
The ACL does not perform as designed.
A network administrator needs to configure a standard ACL so that only the workstation of the administrator with the IP address 192.168.15.23 can access the virtual terminal of the main router. Which two configuration commands can achieve the task? (Choose two.)
Router1(config)# access-list 10 permit 192.168.15.23 0.0.0.255
Router1(config)# access-list 10 permit 192.168.15.23 255.255.255.0
Router1(config)# access-list 10 permit host 192.168.15.23
Router1(config)# access-list 10 permit 192.168.15.23 255.255.255.255
Router1(config)# access-list 10 permit 192.168.15.23 0.0.0.0
Router1(config)# access-list 10 permit host 192.168.15.23
Router1(config)# access-list 10 permit 192.168.15.23 0.0.0.0
When would a network administrator use the clear access-list counters command?
when an ACE is deleted from an ACL
when troubleshooting an ACL and needing to know how many packets matched
when buffer memory is low
when obtaining a baseline
when troubleshooting an ACL and needing to know how many packets matched