Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Cisco CCNA (Exam 200-301) > Volume 2 - Chapter 8: Applied IP ACLs > Flashcards

Volume 2 - Chapter 8: Applied IP ACLs Flashcards

1
Q

A network engineer wants create an ACE entry to match the following:
* Permit Rule
* Traffic from 10.0.0.0 /8 subnets to any other subnet
* Permit only echo request messages
* Line 50

What would be the required command to implement this in a named extended ACL?

A

50 permit icmp 10.0.0.0 0.0.0.255 any echo

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A network engineer wants create an ACE entry to match the following:
* Permit Rule
* Traffic from 10.0.0.0 /8 subnets to subnet 172.23.22.0 /23
* Permit both echo request and reply messages
* Line 50

What would be the required command to implement this in a named extended ACL?

A

50 permit icmp 10.0.0.0 0.0.0.255 172.23.22.0 0.0.1.255 echo

60 permit icmp 10.0.0.0 0.0.0.255 172.23.22.0 0.0.1.255 echo-reply

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

True or False:

OSPF message packets can only be filtered by inbound ACLs

A

True, routers do not forward OSPF packets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A network engineer wants create an ACE entry on Router to match the following:
* Permit OSPF messages from Router 1 (172.19.2.6)
* Deny OSPF messages from all other routers
* Permit both echo request and reply messages from any other router
* Start at line 50

What would be the required command to implement this in a named extended ACL?

A

50 permit ospf host 172.19.2.6 any
60 deny ospf any any
70 permit icmp any any

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

PC1 is connected directly to Router 1 which acts as a DHCP relay server

What are the source and destination ports before and after the relay forwards the request?

A

PC1 will send a segment with a source port of 68 and a destination port of 67

Router 1 will receive the request and forward it to its configured DHCP server with a source and destination port of 67

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

PC1 is connected directly to Router 1 which acts as a DHCP relay server to Server 1

What are the source and destination IPs before and after the relay forwards the request?

A

PC1 will send a segment with a source IP of 0.0.0.0 and a destination IP of 255.255.255.255

Router 1 will receive the request and forward it to its configured DHCP server with the following:
* Source IP: Router 1’s outgoing interface
* Destination IP: Server 1’s IP address

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

True or False:

DHCP request IP being changed by a router due to a configured ip helper bypass any outgoing ACL.

A

True, an outgoing ACL on a router’s interface will not prevent it from forwarding a DHCP request.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Describe how ACLs function with routers that are configured as DHCP relays.

A

A router will process any inbound ACLs before modifying the IP source/destination information DHCP packet before forwarding it off.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A network engineer wants create an ACE entry on Router to match the following:
* Permit any source IP to ports 40 to 50
* Destination of any 192.168.x.x network
* Start at line 450

What would be the required command to implement this in a named extended ACL?

A

450 permit ip any 192.168.0.0. 0.0.255.255 range 40 50

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the commands to apply an access-class to all VTY lines with the following?:
* Match inbound
* Name of access-classs is SSH-PERMIT

A

line vty 0 15
access-class SSH-PERMIT in

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the commands to configure an access-class to all VTY lines with the following?:
* Match outbound
* Name of access-classs is SSH-DENY
* Deny all destination IPs
* Use line 15

A

ip access-list SSH-DENY
15 deny any

line vty 0 15
access-class SSH-DENY out

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the commands to configure an access-class to all VTY lines with the following?:
* Match inbound
* Name of access-classs is SSH-PROTECT
* Permit all class A private networks
* Deny all class B private networks
* Permit all private class C networks
* Start at line 20, incrementing by 10

A

ip access-list SSH-PROTECT
20 permit 10.0.0.0 0.255.255.255
30 deny 172.16.0.0 0.240.255.255
40 deny 192.168.0.0 0.0.255.255

line vty 0 15
access-class SSH-PROTECT in

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A network technician configures an access-list with the following commands:

ip access-list extended my-acl
permit tcp 192.168.144.128 0.0.0.240 any
deny tcp 10.0.0.0 0.255.255.255 any eq telnet

What will be the default sequence numbers assigned to each ACE entry?

A

“show access-list my-acl” provides the following output:

10 permit tcp 192.168.144.128 0.0.0.240
20 deny tcp 10.0.0.0 0.255.255.255 any eq telnet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Describe how ACL persistance differs between IOS and IOS-XE.

A

With IOS, ACEs are automatically resequenced by 10 after every reload

IOS-XE has ACL persistance on by default and needs to be disabled to allow for automatic ACE resequencing on a reload.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the command to disable ACL persistance on an IOS-XE router?

A

no ip access-list persistent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A network technician configures an access-list with the following commands:

ip access-list extended my-acl
10 permit tcp 192.168.0.0 0.0.255.255 any
20 permit udp 192.168.0.0 0.0.255.255 any
50 permit tcp 10.222.50 0.0.0.255 any
60 permit udp 10.222.50 0.0.0.255 any
100 deny tcp 10.0.0.0 0.255.255.255 any eq telnet

What will the sequence numbers be for each ACE after the IOS router is reloaded?

A

ip access-list extended my-acl
10 permit tcp 192.168.0.0 0.0.255.255 any
20 permit udp 192.168.0.0 0.0.255.255 any
30 permit tcp 10.222.50 0.0.0.255 any
40 permit udp 10.222.50 0.0.0.255 any
50 deny tcp 10.0.0.0 0.255.255.255 any eq telnet

17
Q

A network technician configures an access-list with the following commands:

ip access-list extended my-acl
10 permit tcp 192.168.0.0 0.0.255.255 any
20 permit udp 192.168.0.0 0.0.255.255 any
30 permit tcp 10.222.50 0.0.0.255 any

What is the correct command to resequence the ACL by adding an increment of 30 between each ACE?

A

ip access-list resequence my-acl 10 30

18
Q

Describe the function of common and regular ACLs in IOS-XE.

A

IOS-XE allows 2 ACLs to enabled in the same direction on the same interface: the common and regular ACLs.

The common ACL is matched first, and if nothing is found, the regular ACL is matched afterwards

19
Q

What is the command to apply common access-list to interface Gi0/0/1 with the following parameters:
* Match inbound
* Common ACL: my-com-acl
* Regular ACL: my-acl

A

interface Gi0/0/1

ip access-group common my-com-acl my-acl in

20
Q

What is the command to add an ACE entry to an access-list that matches the following:
* Permit any source address and port
* Permit TCP only
* Permit only 192.168.0.0 /16 as the destination
* Match these destination ports: 5, 10, 12, and 20

A

permit tcp any 192.168.0.0 0.0.255.255 eq 5 10 12 20

Cisco CCNA (Exam 200-301) (53 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions