ICND1 - Part 7 Quiz Flashcards
Access Control Lists (ACLs) can be applied inbound and/or outbound per interface.
a. True
b. False
a. True
Network Address Translation (NAT) uses standard ACLs to match packets.
a. True
b. False
a. True
What is the range of standard numbered ACLs?(Choose 2)
a. 1-99
b. 100-199
c. 1300-1999
d. 2000-2699
a. 1-99
c. 1300-1999
ACLs are matched using a first-match logic starting from the top down.
a. True
b. False
a. True
Given the following line on an ACL, what is matched?
Access-list 1 deny 10.1.1.0 0.0.0.255
a. 10.1.1.0
b. 10.1.1.255
c. 10.1.1.0 – 10.1.1.255
d. 10.0.0.0 – 10.255.255.255
c. 10.1.1.0 – 10.1.1.255
What is at the end of an ACL even if not specified?
a. A permit all statement
b. A deny all statement
c. Nothing
d. A permit for the rest of the subnets not specified
b. A deny all statement
How do I apply an access-list to an interface?
a. Ip access-class 1 in/out
b. Ip access-list 1 in/out
c. Ip access-group 1 in/out
d. Ip access 1 in/out
c. Ip access-group 1 in/out
Extended ACLs permit the device to do what?
a. Filter based on source, destination, and protocol
b. Filter based on source and destination
c. Filter based on destination
d. Filter based on source and port
a. Filter based on source, destination, and protocol
What is the following extended access-list denying?
Access-list 101 deny ip host 1.1.1.1 host 2.2.2.2
a. All packets from host 2.2.2.2 to host 1.1.1.1
b. All packets from host 1.1.1.1 to host 2.2.2.2
c. Only UDP packets from host 2.2.2.2 to 1.1.1.1
d. Only TCP packets from host 1.1.1.1 to host 2.2.2.2
b. All packets from host 1.1.1.1 to host 2.2.2.2
What is the following extended access-list permitting?
Access-list 105 permit tcp 10.0.0.0 0.0.0.255 20.0.0.0 0.0.0.255 eq 22
a. Host 10.0.0.0 is being permitted SSH to 20.0.0.0
b. Host 20.0.0.0 is being permitted telnet to 10.0.0.0
c. Hosts on network 10.0.0.0/24 are being permitted SSH to hosts on 20.0.0.0/24
d. Hosts on network 10.0.0.0/24 are being permitted telnet to hosts on 20.0.0.0/24
c. Hosts on network 10.0.0.0/24 are being permitted SSH to hosts on 20.0.0.0/24
What port is associated to DNS?
a. 53
b. 35
c. 80
d. 443
e. 20
f. 23
a. 53
Is port 80(WWW) UDP or TCP?
a. UDP
b. TCP
b. TCP
Placing an extended ACL as close to the source as possible will filter sooner and thus save bandwidth.
a. True
b. False
a. True
Only one field in an access-list command needs to match in order to match a packet.
a. True
b. False
b. False
In order to insert a new line in a numbered ACL we must:
a. Select a sequence number as appropriate within the ACL.
b. Delete a sequence number before adding a new line to the ACL.
c. We do not need to add a sequence number as the ACL will automatically set the numbering as appropriate.
d. None of the above.
a. Select a sequence number as appropriate within the ACL.
Standard ACLs should be placed as close to the destination as possible.
a. True
b. False
a. True
More specific statement should be placed first in the ACL.
a. True
b. False
a. True
What command can we use to see the access-lists configured and how many matches have been made?
a. Show ip access-group
b. Show standard access-lists
c. Show extended access-lists
d. Show ip access-lists
d. Show ip access-lists
How can I see what access-list is applied to an interface? (Choose 2)
a. Show run
b. Show ip interface f0/0
c. Show ip access-lists
d. Show interface status
a. Show run
b. Show ip interface f0/0
In NAT, what is an inside local address?
a. The address on the router the represents the host.
b. The address on a host that is private and non-routable on the internet.
c. A host address outside the network that an internal host connects to.
d. None of the above.
b. The address on a host that is private and non-routable on the internet.
What are three types of NAT? (Choose 3)
a. Static
b. Auto
c. NAT with PAT
d. Dynamic
e. Manual
f. Pooled
a. Static
c. NAT with PAT
d. Dynamic
What must be done to configure static NAT? (Choose 3)
a. Define an outside interface
b. Define an outside global address
c. Define an inside interface
d. Define the inside source static inside local address to an inside global address
e. Define a port for the inside address
a. Define an outside interface
c. Define an inside interface
d. Define the inside source static inside local address to an inside global address
How can I view the current NAT translations?
a. Show IP NAT translations
b. Show IP NAT conversions
c. Show translations
d. Show run
a. Show IP NAT translations
What command enables PAT?
a. The “overcover” command
b. The “port” command
c. The “PAT” command
d. The “overload” command
d. The “overload” command