Module G5: ACL (PE)

Question 1

Egress traffic is also known as what?

Answer 1

outbound

Question 2

What command would you use if you were configuring an ACL for any source IP?

Answer 2

any

Question 3

At what OSI layer(s) do(es) Standard ACL filtering occur?

Answer 3

3

Question 4

Which type of mask is used in ACE’s of Access Control Lists?

Answer 4

wildcard

Question 5

What option will look for any inbound traffic that is trying to initiate a connection?

Answer 5

established

Question 6

What is a rule based list that filters inbound and outbound traffic?

Answer 6

access control list

Question 7

Inbound traffic is also known as?

Answer 7

ingress

Question 8

What is the default wildcard mask for Access-list?

Answer 8

0.0.0.0

Question 9

What looks like an inverted subnet mask?

Answer 9

wildcard mask

Question 10

What are the two Extended ACL ranges? (use format xxx-xxx, xxx-xxx)

Answer 10

100-199, 2000-2699

Question 11

What is at the end of each Access List?

Answer 11

Implicit Deny

Question 12

Outbound traffic is also known as?

Answer 12

egress

Question 13

Which of these wildcard masks can be replaced by the single word host in a standard or extended ACL?

255. 255.255.255
256. 0.0.0
257. 255.255.0
258. 0.0.255

Answer 13

0.0.0.0

Question 14

What are the two Standard ACL ranges? (use format xxx-xxx, xxx-xxx)

Answer 14

1-99, 1300-1999

Question 15

Ingress traffic is also known as what?

Answer 15

inbound

Question 16

True or False ACLs be applied in two directions? (type in answer)

Answer 16

True

Question 17

What would the wildcard mask be of the subnet mask: 255.255.0.0

Answer 17

00000000.00000000.11111111.11111111

Question 18

Which type of ACL should be placed closest to the source of traffic?

Answer 18

extended

Question 19

Which type of traffic do you need to be more cautious of on a network?

Answer 19

ingress

Question 20

Which type of ACL should be placed closest to the destination of traffic?

Answer 20

standard

Question 21

The wildcard mask that is associated with 192.168.12.96/27 is ________________.
(Note: The wildcard mask can be found by subtracting the subnet mask from 255.255.255.255.)

Answer 21

0.0.0.31

Question 22

Which type of access list limits the description of traffic by source address?

Answer 22

standard

Question 23

You want to apply an access list of 198 to an interface to filter traffic into the interface. Which command will achieve this?

Router(config)#ip access-list 198 in fast 0/1
Router(config-if)#ip access-list 198 in
Router(config-if)#ip access-class 198 in
Router(config-if)#ip access-group 198 in

Question 24

Which statement will block traffic for a server of 192.168.1.5 for SSH?

Router(config)#access-list 90 deny ip host 192.168.1.5 eq 22
Router(config)#access-list 90 deny tcp any host 192.168.1.5 eq 22
Router(config)#access-list 199 deny tcp host 192.168.1.5 any eq 23
Router(config)#access-list 199 deny tcp any host 192.168.1.5 eq 22

Question 25

This rule can be found at the bottom of any ACL.

Answer 25

implicit deny

Question 26

What is a more robust way to block inbound traffic that is trying to initiate a connection?

Answer 26

reflexive acl

Question 27

What acts like a folder and holds a group of ACL’s?

Answer 27

Named ACL

Question 28

Where are Reflexive ACL’s typically placed on a router?

Answer 28

Outside

Question 29

A router does not have ACLs configured by default.

True/False

Answer 29

True

Question 30

A router compares information within a packet against each ACE, in sequential order, to determine if the packet matches one of the ACEs.

True/False

Answer 30

True