ICND2 - Part 4 Quiz Flashcards
Access Control Lists (ACLs) can be applied inbound and/or outbound per interface.
a. True
b. False
a. True
What is the range of standard numbered ACLs?(Choose 2)
a. 1-99
b. 100-199
c. 1300-1999
d. 2000-2699
a. 1-99
c. 1300-1999
ACLs are matched using a first-match logic starting from the top down.
a. True
b. False
a. True
Given the following line on an ACL, what is matched?
Access-list 1 deny 10.1.1.0 0.0.0.255
a. 10.1.1.0
b. 10.1.1.255
c. 10.1.1.0 – 10.1.1.255
d. 10.0.0.0 – 10.255.255.255
c. 10.1.1.0 – 10.1.1.255
What is at the end of an ACL even if not specified?
a. A permit all statement
b. A deny all statement
c. Nothing
d. A permit for the rest of the subnets not specified
b. A deny all statement
How do I apply an access-list to an interface?
a. Ip access-class 1 in/out
b. Ip access-list 1 in/out
c. Ip access-group 1 in/out
d. Ip access 1 in/out
c. Ip access-group 1 in/out
Extended ACLs permit the device to do what?
a. Filter based on source, destination, and protocol
b. Filter based on source and destination
c. Filter based on destination
d. Filter based on source and port
a. Filter based on source, destination, and protocol
What is the following extended access-list denying?
Access-list 101 deny ip host 1.1.1.1 host 2.2.2.2
a. All packets from host 2.2.2.2 to host 1.1.1.1
b. All packets from host 1.1.1.1 to host 2.2.2.2
c. Only UDP packets from host 2.2.2.2 to 1.1.1.1
d. Only TCP packets from host 1.1.1.1 to host 2.2.2.2
b. All packets from host 1.1.1.1 to host 2.2.2.2
What is the following extended access-list permitting?
Access-list 105 permit tcp 10.0.0.0 0.0.0.255 20.0.0.0 0.0.0.255 eq 22
a. Host 10.0.0.0 is being permitted SSH to 20.0.0.0
b. Host 20.0.0.0 is being permitted telnet to 10.0.0.0
c. Hosts on network 10.0.0.0/24 are being permitted SSH to hosts on 20.0.0.0/24
d. Hosts on network 10.0.0.0/24 are being permitted telnet to hosts on 20.0.0.0/24
c. Hosts on network 10.0.0.0/24 are being permitted SSH to hosts on 20.0.0.0/24
Placing an extended ACL as close to the source as possible will filter sooner and thus save bandwidth.
a. True
b. False
a. True
Only one field in an access-list command needs to match in order to match a packet.
a. True
b. False
b. False
Standard ACLs should be placed as close to the destination as possible.
a. True
b. False
a. True
More specific statement should be placed first in the ACL.
a. True
b. False
a. True
What command can we use to see the access-lists configured and how many matches have been made?
a. Show ip access-group
b. Show standard access-lists
c. Show extended access-lists
d. Show ip access-lists
d. Show ip access-lists
How can I see what access-list is applied to an interface? (Choose 2)
a. Show run
b. Show ip interface f0/0
c. Show ip access-lists
d. Show interface status
a. Show run
b. Show ip interface f0/0