Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Cisco CCNA (Exam 200-301) > Volume 2 - Chapter 7: Named and Extended IP ACLs > Flashcards

Volume 2 - Chapter 7: Named and Extended IP ACLs Flashcards

1
Q

What is the command to configure a named access-list?

A

ip access-list standard/extended name

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the 3 rules for naming an access-list?

A

An named ACL can be created with a name that matches the following:
* Name must begin with an alphabetic character
* Name cannot use spaces or quotations
* Names are case sensitive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the 2 ways that an ACE entry can be removed from a named ACL?

A

By entering “no”, followed by the entire ACE entry:
* no deny 10.1.2.0 0.0.0.255

By entering “no”, followed by the ACE (sequence) number:
* no 20

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What commands are required to modify an ACL with the name “Eric” and insert a new ACE into sequence 40 to deny the entire 192.168.192.0 /24 subnet?

A

ip access-list extended Eric

40 deny 192.168.192.0 0.0.0.255

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the steps required to remove an ACE entry from a numbered ACL with a sequence of 25?

A
  1. Run the command “show access-lists number
  2. Find the sequence number that was automatically created by IOS
  3. Enter in the ACL configuration mode “ip access-list standard number
  4. Delete the ACE “no sequencenumber
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the minimum required fields for an extended ACE?

A

permit/deny protocol sourceIP destinationIP

For example:

permit tcp 192.168.1.0 0.0.0.255

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Describe how extended ACLs differ from standard ACLs when matching a single IP address?

A

Extended ACLs must use one of the following:
* permit ip address 0.0.0.0
* permit ip host address

Standard ACLs support the methods above, but also support just listing the single address without the host or wildcard:
* permit address

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the options available for matching an application port in an extended ACL?

A

eq (equals)
ne (not equals)
lt (less than)
gt (greater than)
range (a range of values)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

When creating an extended ACL, what is the command to identify FTP data as the application port to match?

A

eq ftp-data

Port 20/TCP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

When creating an extended ACL, what is the command to identify FTP control as the application port to match?

A

eq ftp

Port 21/TCP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

When creating an extended ACL, what is the command to identify telnet as the application port to match?

A

eq telnet

Port 23/TCP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

When creating an extended ACL, what is the command to identify DNS as the application port to match?

A

eq domain

Port 53/UDP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

When creating an extended ACL, what is the command to identify a DHCP server as the application port to match?

A

eq bootps

Port 67/UDP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

When creating an extended ACL, what is the command to identify a DHCP client as the application port to match?

A

eq bootpc

Port 68/UDP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

When creating an extended ACL, what is the command to identify TFTP as the application port to match?

A

eq tftp

Port 69/UDP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

When creating an extended ACL, what is the command to identify SNMP as the application port to match?

A

eq tftp

Port 161/UDP

17
Q

When creating an extended ACL, what is the command to identify SMTP as the application port to match?

A

eq smtp

Port 25/TCP

18
Q

When creating an extended ACL, what is the command to identify HTTP as the application port to match?

A

eq www

Port 80/TCP

19
Q

When creating an extended ACL, what is the command to identify HTTPS as the application port to match?

A

There is not keyword in IOS currently that supports this. In order to match HTTPs you would have to configure TCP and port 443 manually. For example:

permit tcp any 192.168.0.0 0.0.255.255 eq 443

20
Q

When creating an extended ACL, what is the command to identify POP3 as the application port to match?

A

eq pop3

Port 110/TCP

21
Q

A network engineer enters the following command into the router:

permit tcp any any eq 80

What will be displayed when the engineer prints the current running configuration using “show run”

A

Since port 80/TCP has a keyword, it will be automatically corrected to the following:

permit tcp any any eq www

22
Q

What option can be configured at the end of an extended ACE to add a log entry when it is matched by a packet?

A

log

For example:

access-list 150 deny ip any any log

23
Q

In order to match a source or destination port in an extended ACL, what options must be configured for the transport protocol?

A

Either TCP or UDP, for example:

permit tcp any any eq www
permit udp any any eq domain

permit ip any any eq smtp This will not work

24
Q

In terms of ACL placement within the network. Where are ACLs recommended to be configured?

A

Extended ACLs should be as close to the source as possible to conserve bandwidth

Standard ACLs should be configured towards the edge of the network to avoid matching too many packets which will cause alot of traffic to be dropped or permitted.

Cisco CCNA (Exam 200-301) (41 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions