Volume 2 - Chapter 6: Basic IPv4 Access Control Lists Flashcards

1
Q

What is the range of values for a standard numbered ACL?

A

1 to 99

1300 to 1999 (additional ACL numbers)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the range of values for a extended numbered ACL?

A

100 to 199

2000 to 2699 (additional ACL numbers)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

An access list where additional lines are added through a global command are referred to as?

A

Numbered ACLs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

An access list where additional lines are added under an ACL subcommand are referred to as?

A

Named ACLs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Describe the difference between standard and extended ACLs.

A

Standard ACLs only match the source IP address.

Extended ACLs can match a large variety of criteria such as source IPs, destination IPs, source ports, destination ports, and others.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A network engineer wants to create an ACE entry to permit a single IP address of 10.3.75.4.

What are the 3 ways that this can be configured on a standard numbered access list?

A

access-list 1 permit 10.3.75.4
access-list 1 permit 10.3.75.4 0.0.0.0
access-list 1 permit host 10.3.75.4

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A network engineer enters in the following command:

access-list 1 permit 172.21.240.5 0.0.0.0

What will the engineer see when reviewing the current running configuration using “show run”

A

The configuration that will appear is the following:

access-list 1 permit 172.21.240.5

By default, Cisco devices simplify the access list to remove the wildcard mask.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A network engineer enters in the following command:

access-list 1 permit host 172.21.240.5

What will the engineer see when reviewing the current running configuration using “show run”

A

The configuration that will appear is the following:

access-list 1 permit 172.21.240.5

By default, Cisco devices simplify the access list to remove the “host” portion

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the format for a standard numbered ACL command?

A

access-list number permit/deny source source-wildcard

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A network engineer wants to add an additional ACE entry to block the source subnet of 192.168.48.0 /20.

What is the command required to configure this?

A

access-list 1 deny 192.168.48.0 0.0.15.255

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Access-list 5 has been configured and needs to be enabled inbound on interface Gi0/0/0.

What is the command required to configure this?

A

interface Gi0/0/0
ip access-group 1 in

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the difference of output between the following commands:

show ip access-list
show access-list

A

“show ip access-list” only shows details about IPv4 access lists.

“show access-list” shows details about both IPv4 and IPv6 access-lists.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What command can be used to clear the current counters for all configured ACLs?

A

clear ip access-list counters

How well did you know this?
1
Not at all
2
3
4
5
Perfectly