SlideShare a Scribd company logo

Ccna 3-discovery-4-0-module-8-100-

J
junkut3

The document contains questions about network access control lists (ACLs). Some key points: - ACLs can be used to filter traffic by source/destination IP addresses, protocols, ports and more. Standard ACLs filter based on source IP, extended ACLs add destination IP and other criteria. - The position and direction an ACL is applied impacts what traffic it filters. Inbound ACLs filter traffic as it enters an interface while outbound ACLs filter traffic exiting an interface. - ACL rules are processed sequentially, with the first match determining if a packet is permitted or denied. Administrators must carefully craft rule orders and contents to implement desired security policies.

1 of 11
Download to read offline
1. Which wildcard mask would match the host range for the subnet 192.16.5.32 /27? 0.0.0.32 0.0.0.63 0.0.63.255 0.0.0.31 Scoring Rule For: correctness of response 2 points for Option 4 0 points for any other option 2. Refer to the exhibit. The new security policy for the company allows all IP traffic from the Engineering LAN the Internet while only web traffic from the Marketing LAN is allowed to the Internet. Which ACL can be applied in the outbound direction of Serial 0/1 on the Marketing router to implement the new security policy access-list 197 permit ip 192.0.2.0 0.0.0.255 any access-list 197 permit ip 198.18.112.0 0.0.0.255 any eq www access-list 165 permit ip 192.0.2.0 0.0.0.255 any access-list 165 permit tcp 198.18.112.0 0.0.0.255 any eq www access-list 165 permit ip any any access-list 137 permit ip 192.0.2.0 0.0.0.255 any access-list 137 permit tcp 198.18.112.0 0.0.0.255 any eq www access-list 89 permit 192.0.2.0 0.0.0.255 any access-list 89 permit tcp 198.18.112.0 0.0.0.255 any eq www Scoring Rule For: correctness of response 2 points for Option 3 0 points for any other option Reset View Reset View
3. Refer to the exhibit. Hosts from 172.19.123.0 are not allowed access to 192.0.2.0 but should be able to acces the Internet. Which set of commands will create a standard ACL that will apply to traffic outbound on the Shannon router interface Fa0/0 implementing this security? access-list 142 deny ip 172.19.123.0 0.0.0.255 192.0.2.0 0.0.0.255 access-list 142 permit ip any any access-list 56 deny 172.19.123.0 0.0.0.255 access-list 56 permit any access-list 61 deny 172.19.123.0 0.0.0.0 access-list 61 permit any access-list 87 deny 192.0.2.0 0.0.0.255 access-list 87 permit any Scoring Rule For: correctness of response 2 points for Option 2 0 points for any other option 4. Refer to the exhibit. An administrator notes a significant increase in the amount of traffic that is entering the network from the ISP. The administrator clears the counters. After a few minutes, the administrator again che the access-list table. What can be concluded from the output that is shown? A small amount of HTTP traffic is an indication that the web server was not configured correctly. Reset View
A larger amount of POP3 traffic, compared with SMTP traffic, indicates that there are more POP3 e-mail clients than SMTP clients in the enterprise. A large amount of ICMP traffic is being denied at the interface, which can be an indication of a DoS attac A larger amount of e-mail traffic, compared with web traffic, is an indication that attackers mainly targete the e-mail server. Scoring Rule For: correctness of response 2 points for Option 3 0 points for any other option 5. Refer to the exhibit. A network administrator needs to add the command deny ip 10.0.0.0 0.255.255.255 any to R3. After adding the command, the administrator verifies the change using the show access-list command What sequence number does the new entry have? 0 10, and all other items are shifted down to the next sequence number 50 60 Scoring Rule For: correctness of response 2 points for Option 4 0 points for any other option 6. A security administrator wants to secure password exchanges on the vty lines on all routers in the enterprise. What option should be implemented to ensure that passwords are not sent in clear text across the public network? Use Telnet with an authentication server to ensure effective authentication. Apply an access list on the router interfaces to allow only authorized computers. Apply an access list on the vty line to allow only authorized computers. Use only Secure Shell (SSH) on the vty lines. Reset View Reset View Reset View
Scoring Rule For: correctness of response 2 points for Option 4 0 points for any other option 7. What is the best option an administrator can choose to ensure that ICMP DoS attacks from the outside are contained as much as possible, without restricting connectivity tests initiated from the inside out? Create an access list that permits only echo reply and destination unreachable packets from the outside. Create an access list that denies all TCP traffic coming from the outside. Permit TCP traffic from only known external sources. Create an access list with the established keyword at the end of the line. Scoring Rule For: correctness of response 2 points for Option 1 0 points for any other option 8. Traffic from the 64.104.48.0 to 64.104.63.255 range must be denied access to the network. What wildcard m would the network administrator configure in the access list to cover this range? 0.0.15.255 0.0.47.255 0.0.63.255 255.255.240.0 Scoring Rule For: correctness of response 2 points for Option 1 0 points for any other option 9. A network administrator enters the following commands on router RTB. RTB(config)# access-list 4 deny 192.168.20.16 0.0.0.15 RTB(config)# access-list 4 permit any RTB(config)# interface serial 0/0/0 RTB(config-if)# ip access-group 4 in Which addresses are blocked from entering RTB? 192.168.20.17 to 192.168.20.31 192.168.20.16 to 192.168.20.31 192.168.20.16 to 192.168.20.32 Reset View Reset View
192.168.20.17 to 192.168.20.32 Scoring Rule For: correctness of response 2 points for Option 2 0 points for any other option 10. Why are inbound ACLs more efficient for the router than outbound ACLs? Inbound ACLs deny packets before routing lookups are required. Inbound ACL operation requires less network bandwidth than outbound. Inbound ACLs permit or deny packets to LANs, which are typically more efficient than WANs. Inbound ACLs are applied to Ethernet interfaces, while outbound ACLs are applied to slower serial interfa Scoring Rule For: correctness of response 2 points for Option 1 0 points for any other option 11. Refer to the exhibit. The network administrator of a company needs to configure the router RTA to allow its business partner (Partner A) to access the web server located in the internal network. The web server is assig a private IP address, and a static NAT is configured on the router for its public IP address. Finally, the administrator adds the ACL. However, Partner A is denied access to the web server. What is the cause of the problem? Port 80 should be specified in the ACL. The public IP address of the server, 209.165.201.5, should be specified as the destination. The ACL should be applied on the s0/0 outbound interface. Reset View Reset View
The source address should be specified as 198.133.219.0 255.255.255.0 in the ACL. Scoring Rule For: correctness of response 2 points for Option 2 0 points for any other option 12. ACL logging generates what type of syslog message? unstable network warning informational critical situation Scoring Rule For: correctness of response 2 points for Option 3 0 points for any other option 13. Refer to the exhibit. Company policy for the network that is shown indicates the following guidelines: 1) All hosts on the 192.168.3.0/24 network, except host 192.168.3.77, should be able to reach the 192.168.2. network. 2) All hosts on the 192.168.3.0/24 network should be able to reach the 192.168.1.0/24 network. 3) All other traffic originating from the 192.168.3.0 network should be denied. Which set of ACL statements meets the stated requirements when they are applied to the Fa0/0 interface of router R2 in the inbound direction? Reset View Reset View
access-list 101 deny ip any any access-list 101 deny ip 192.168.3.77 0.0.0.0 192.168.2.0 0.0.0.255 access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255 access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255 access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255 access-list 101 deny ip 192.168.3.77 0.0.0.0 192.168.2.0 0.0.0.255 access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255 access-list 101 deny ip 192.168.3.77 0.0.0.0 192.168.2.0 0.0.0.255 access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255 access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255 access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255 access-list 101 deny ip 192.168.3.77 0.0.0.0 192.168.2.0 0.0.0.255 access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255 access-list 101 permit ip any any access-list 101 deny ip 192.168.3.77 0.0.0.0 192.168.2.0 0.0.0.255 access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.0.0 0.0.255.255 Scoring Rule For: correctness of response 2 points for Option 3 0 points for any other option 14. Which ACL permits host 10.220.158.10 access to the web server 192.168.3.244? access-list 101 permit tcp host 10.220.158.10 eq 80 host 192.168.3.224 access-list 101 permit tcp 10.220.158.10 0.0.0.0 host 192.168.3.224 0.0.0.0 eq 80 access-list 101 permit host 10.220.158.10 0.0.0.0 host 192.168.3.224 0.0.0.0 eq 80 access-list 101 permit tcp 10.220.158.10 0.0.0.0 host 192.168.3.224 eq 80 Scoring Rule For: correctness of response 2 points for Option 4 0 points for any other option 15. Which two statements are true about standard and extended ACLs? (Choose two.) Extended ACLs filter only on source addresses and must be placed near the destination address. Standard ACLs are usually placed so that all packets go through the network and are filtered at the destina Standard ACLs are used when filtering complex requirements, such as specific protocols. Extended ACLs filter with many possible factors, and are placed near the source address to reduce traffic across the network. Properly designed ACLs have a negative impact on network availability and performance. Reset View Reset View Reset View
Scoring Rule For: correctness of response Option 2 and Option 4 are correct. 1 point for each correct option. 0 points if more options are selected than required. 16. Refer to the exhibit. What happens if the network administrator issues the exhibited commands when an ACL named Managers already exists on the router? The new commands overwrite the current Managers ACL. The new commands are added to the end of the current Managers ACL. The new commands are added to the beginning of the current Managers ACL. An error appears stating that the ACL already exists. Scoring Rule For: correctness of response 2 points for Option 2 0 points for any other option 17. What effect does the command reload in 30 have when entered into a router? If a router process freezes, the router reloads automatically. If a packet from a denied source attempts to enter an interface where an ACL is applied, the router reloads 30 minutes. If a remote connection lasts for longer than 30 minutes, the router forces the remote user off. A router automatically reloads in 30 minutes. Scoring Rule For: correctness of response 2 points for Option 4 0 points for any other option 18. Reset View Reset View
Refer to the exhibit. Which two host addresses from the 172.16.31.64/27 subnet are able to telnet into the rou to make configuration changes? (Choose two.) 172.16.31.33 172.16.31.64 172.16.31.77 172.16.31.92 172.16.31.95 172.16.31.96 Scoring Rule For: correctness of response Option 3 and Option 4 are correct. 1 point for each correct option. 0 points if more options are selected than required. 19. ACLs are used primarily to filter traffic. What are two additional uses of ACLs? (Choose two.) specifying source addresses for authentication specifying internal hosts for NAT identifying traffic for QoS reorganizing traffic into VLANs filtering VTP packets Scoring Rule For: correctness of response Option 2 and Option 3 are correct. 1 point for each correct option. 0 points if more options are selected than required. 20. Reset View Reset View
Refer to the exhibit. A network administrator needs to configure an access list that will allow the managemen host with an IP address of 192.168.10.25/24 to be the only host to remotely access and configure router RTA vty and enable passwords are configured on the router. Which group of commands will accomplish this task? Router(config)# access-list 101 permit tcp any 192.168.10.25 0.0.0.0 eq telnet Router(config)# access-list 101 deny ip any any Router(config)# int s0/0 Router(config-if)# ip access-group 101 in Router(config-if)# int fa0/0 Router(config-if)#ip access-group 101 in Router(config)# access-list 10 permit 192.168.10.25 eq telnet Router(config)# access-list 10 deny any Router(config)# line vty 0 4 Router(config-line)#access-group 10 in Router(config)# access-list 86 permit host 192.168.10.25 Router(config)# line vty 0 4 Router(config-line)# access-class 86 in Router(config)# access-list 125 permit tcp 192.168.10.25 any eq telnet Router(config)# access-list 125 deny ip any any Router(config)# int s0/0 Router(config-if)# ip access-group 125 in Scoring Rule For: correctness of response 2 points for Option 3 0 points for any other option 21. What are two possible uses of access control lists in an enterprise network? (Choose two.) limiting debug outputs reducing the processing load on routers allowing Layer 2 traffic to be filtered by a router controlling virtual terminal access to routers controlling the physical status of router interfaces Scoring Rule For: correctness of response Option 1 and Option 4 are correct. 1 point for each correct option. 0 points if more options are selected than required. 22. Reset View Reset View
Scoring Rule For: correctness of response Option 2 and Option 4 are correct. 1 point for each correct option. 0 points if more options are selected than required. 23. If the established keyword is appended to a line in an extended ACL, what will determine if packets are sen between the source and destination specified by the line? if authentication is enabled via CHAP if MD5 encryption algorithm is in effect if a TCP three-way handshake was successfully completed if HTML packets are specifically allowed within the ACL Scoring Rule For: correctness of response 2 points for Option 3 0 points for any other option Reset View Reset View

Recommended

Cisco discovery drs ent module 8 - v.4 in english.
Cisco discovery drs ent module 8 - v.4 in english.Cisco discovery drs ent module 8 - v.4 in english.
Cisco discovery drs ent module 8 - v.4 in english.igede tirtanata
 
Ccna 3 Final V4.0 Answers
Ccna 3 Final V4.0 AnswersCcna 3 Final V4.0 Answers
Ccna 3 Final V4.0 Answers
ccna4discovery
 
Ccna1 v6.0 pretest exam answers 2018
Ccna1 v6.0 pretest exam answers 2018Ccna1 v6.0 pretest exam answers 2018
Ccna1 v6.0 pretest exam answers 2018
Download Mipdfcom
 
Ccna 2 Final V4 1
Ccna 2 Final V4 1Ccna 2 Final V4 1
Ccna 2 Final V4 1stigerj
 
CCNA 1 v6.0 Final Exam Answers Option B 2018
CCNA 1 v6.0 Final Exam Answers Option B 2018CCNA 1 v6.0 Final Exam Answers Option B 2018
CCNA 1 v6.0 Final Exam Answers Option B 2018
Download Mipdfcom
 
Network security lab certification 350 018
Network security lab certification 350 018Network security lab certification 350 018
Network security lab certification 350 018
VISUAL MART - HERBERT PATZAN CARRILLO
 
Access control list 2
Access control list 2Access control list 2
Access control list 2Kishore Kumar
 
Ccna 4 pretest exam answer v5
Ccna 4 pretest exam answer v5Ccna 4 pretest exam answer v5
Ccna 4 pretest exam answer v5friv4schoolgames
 

Recommended

Cisco discovery drs ent module 8 - v.4 in english.
Cisco discovery drs ent module 8 - v.4 in english.Cisco discovery drs ent module 8 - v.4 in english.
Cisco discovery drs ent module 8 - v.4 in english.igede tirtanata
 
Ccna 3 Final V4.0 Answers
Ccna 3 Final V4.0 AnswersCcna 3 Final V4.0 Answers
Ccna 3 Final V4.0 Answers
ccna4discovery
 
Ccna1 v6.0 pretest exam answers 2018
Ccna1 v6.0 pretest exam answers 2018Ccna1 v6.0 pretest exam answers 2018
Ccna1 v6.0 pretest exam answers 2018
Download Mipdfcom
 
Ccna 2 Final V4 1
Ccna 2 Final V4 1Ccna 2 Final V4 1
Ccna 2 Final V4 1stigerj
 
CCNA 1 v6.0 Final Exam Answers Option B 2018
CCNA 1 v6.0 Final Exam Answers Option B 2018CCNA 1 v6.0 Final Exam Answers Option B 2018
CCNA 1 v6.0 Final Exam Answers Option B 2018
Download Mipdfcom
 
Network security lab certification 350 018
Network security lab certification 350 018Network security lab certification 350 018
Network security lab certification 350 018
VISUAL MART - HERBERT PATZAN CARRILLO
 
Access control list 2
Access control list 2Access control list 2
Access control list 2Kishore Kumar
 
Ccna 4 pretest exam answer v5
Ccna 4 pretest exam answer v5Ccna 4 pretest exam answer v5
Ccna 4 pretest exam answer v5friv4schoolgames
 
Chapter10ccna
Chapter10ccnaChapter10ccna
Chapter10ccnarobertoxe
 
Access Control List 1
Access Control List 1Access Control List 1
Access Control List 1
Kishore Kumar
 
Ccna 4 Final 2 Version 4.0 Answers
Ccna 4 Final 2 Version 4.0 AnswersCcna 4 Final 2 Version 4.0 Answers
Ccna 4 Final 2 Version 4.0 Answers
CCNA4Answers
 
Ccnav5.org ccna 2-v5_final_exam_2014
Ccnav5.org ccna 2-v5_final_exam_2014Ccnav5.org ccna 2-v5_final_exam_2014
Ccnav5.org ccna 2-v5_final_exam_2014Đồng Quốc Vương
 
Access control list [1]
Access control list [1]Access control list [1]
Access control list [1]
Summit Bisht
 
Ccnav5.org ccna 3-v50_practice_final_exam_2014
Ccnav5.org ccna 3-v50_practice_final_exam_2014Ccnav5.org ccna 3-v50_practice_final_exam_2014
Ccnav5.org ccna 3-v50_practice_final_exam_2014Đồng Quốc Vương
 
Multicast IP addresses Part 1
Multicast IP addresses Part 1Multicast IP addresses Part 1
Multicast IP addresses Part 1
Mohmed Abou Elenein Attia
 
Basic ip traffic management with access control lists
Basic ip traffic management with access control listsBasic ip traffic management with access control lists
Basic ip traffic management with access control lists
Sourabh Badve
 
4.1.1.10 packet tracer configuring extended ac ls scenario 1
4.1.1.10 packet tracer configuring extended ac ls scenario 14.1.1.10 packet tracer configuring extended ac ls scenario 1
4.1.1.10 packet tracer configuring extended ac ls scenario 1
mps125
 
Types of ACLs
Types of ACLsTypes of ACLs
Types of ACLs
NetProtocol Xpert
 
CCNP Security SIMOS 300-209=vpn 642-648
CCNP Security SIMOS 300-209=vpn 642-648CCNP Security SIMOS 300-209=vpn 642-648
CCNP Security SIMOS 300-209=vpn 642-648
Mohmed Abou Elenein Attia
 
BACIK CISCO SKILLS
BACIK CISCO SKILLSBACIK CISCO SKILLS
BACIK CISCO SKILLSPeťko Z Chochoľova
 
Acl
AclAcl
Acl
Raghu Kiran
 
Modul 5 access control list
Modul 5 access control listModul 5 access control list
Modul 5 access control list
diah risqiwati
 
Ccna 2 v 4.0 final-exam-19-06-2010
Ccna 2 v 4.0 final-exam-19-06-2010Ccna 2 v 4.0 final-exam-19-06-2010
Ccna 2 v 4.0 final-exam-19-06-2010irbas
 
Ccna 4 Chapter 8 V4.0 Answers
Ccna 4 Chapter 8 V4.0 AnswersCcna 4 Chapter 8 V4.0 Answers
Ccna 4 Chapter 8 V4.0 Answers
ccna4discovery
 
Internal & External of Routers
Internal & External of RoutersInternal & External of Routers
Internal & External of Routers
Kishore Kumar
 
Ccna 4 chapter 2 2011 v4
Ccna 4 chapter 2 2011 v4Ccna 4 chapter 2 2011 v4
Ccna 4 chapter 2 2011 v4Gabriela Martínez
 
Ccnav5.org ccna 3-chapter_8_v50_2014_exam_answers
Ccnav5.org ccna 3-chapter_8_v50_2014_exam_answersCcnav5.org ccna 3-chapter_8_v50_2014_exam_answers
Ccnav5.org ccna 3-chapter_8_v50_2014_exam_answersĐồng Quốc Vương
 
Ccna 2 chapter 5 v4.0 answers 2011
Ccna 2 chapter 5 v4.0 answers 2011Ccna 2 chapter 5 v4.0 answers 2011
Ccna 2 chapter 5 v4.0 answers 2011Dân Chơi
 
Presentacion tres menu
Presentacion tres menuPresentacion tres menu
Presentacion tres menusaulmunoz
 
Samolisov
SamolisovSamolisov
Samolisovsamolisov
 

More Related Content

What's hot

Chapter10ccna
Chapter10ccnaChapter10ccna
Chapter10ccnarobertoxe
 
Access Control List 1
Access Control List 1Access Control List 1
Access Control List 1
Kishore Kumar
 
Ccna 4 Final 2 Version 4.0 Answers
Ccna 4 Final 2 Version 4.0 AnswersCcna 4 Final 2 Version 4.0 Answers
Ccna 4 Final 2 Version 4.0 Answers
CCNA4Answers
 
Access control list [1]
Access control list [1]Access control list [1]
Access control list [1]
Summit Bisht
 
Ccnav5.org ccna 3-v50_practice_final_exam_2014
Ccnav5.org ccna 3-v50_practice_final_exam_2014Ccnav5.org ccna 3-v50_practice_final_exam_2014
Ccnav5.org ccna 3-v50_practice_final_exam_2014Đồng Quốc Vương
 
Multicast IP addresses Part 1
Multicast IP addresses Part 1Multicast IP addresses Part 1
Multicast IP addresses Part 1
Mohmed Abou Elenein Attia
 
Basic ip traffic management with access control lists
Basic ip traffic management with access control listsBasic ip traffic management with access control lists
Basic ip traffic management with access control lists
Sourabh Badve
 
4.1.1.10 packet tracer configuring extended ac ls scenario 1
4.1.1.10 packet tracer configuring extended ac ls scenario 14.1.1.10 packet tracer configuring extended ac ls scenario 1
4.1.1.10 packet tracer configuring extended ac ls scenario 1
mps125
 
Types of ACLs
Types of ACLsTypes of ACLs
Types of ACLs
NetProtocol Xpert
 
CCNP Security SIMOS 300-209=vpn 642-648
CCNP Security SIMOS 300-209=vpn 642-648CCNP Security SIMOS 300-209=vpn 642-648
CCNP Security SIMOS 300-209=vpn 642-648
Mohmed Abou Elenein Attia
 
Modul 5 access control list
Modul 5 access control listModul 5 access control list
Modul 5 access control list
diah risqiwati
 
Ccna 2 v 4.0 final-exam-19-06-2010
Ccna 2 v 4.0 final-exam-19-06-2010Ccna 2 v 4.0 final-exam-19-06-2010
Ccna 2 v 4.0 final-exam-19-06-2010irbas
 
Ccna 4 Chapter 8 V4.0 Answers
Ccna 4 Chapter 8 V4.0 AnswersCcna 4 Chapter 8 V4.0 Answers
Ccna 4 Chapter 8 V4.0 Answers
ccna4discovery
 
Internal & External of Routers
Internal & External of RoutersInternal & External of Routers
Internal & External of Routers
Kishore Kumar
 
Ccnav5.org ccna 3-chapter_8_v50_2014_exam_answers
Ccnav5.org ccna 3-chapter_8_v50_2014_exam_answersCcnav5.org ccna 3-chapter_8_v50_2014_exam_answers
Ccnav5.org ccna 3-chapter_8_v50_2014_exam_answersĐồng Quốc Vương
 
Ccna 2 chapter 5 v4.0 answers 2011
Ccna 2 chapter 5 v4.0 answers 2011Ccna 2 chapter 5 v4.0 answers 2011
Ccna 2 chapter 5 v4.0 answers 2011Dân Chơi
 

What's hot (20)

Chapter10ccna
Chapter10ccnaChapter10ccna
Chapter10ccna
 
Access Control List 1
Access Control List 1Access Control List 1
Access Control List 1
 
Ccna 4 Final 2 Version 4.0 Answers
Ccna 4 Final 2 Version 4.0 AnswersCcna 4 Final 2 Version 4.0 Answers
Ccna 4 Final 2 Version 4.0 Answers
 
Ccnav5.org ccna 2-v5_final_exam_2014
Ccnav5.org ccna 2-v5_final_exam_2014Ccnav5.org ccna 2-v5_final_exam_2014
Ccnav5.org ccna 2-v5_final_exam_2014
 
Access control list [1]
Access control list [1]Access control list [1]
Access control list [1]
 
Ccnav5.org ccna 3-v50_practice_final_exam_2014
Ccnav5.org ccna 3-v50_practice_final_exam_2014Ccnav5.org ccna 3-v50_practice_final_exam_2014
Ccnav5.org ccna 3-v50_practice_final_exam_2014
 
Multicast IP addresses Part 1
Multicast IP addresses Part 1Multicast IP addresses Part 1
Multicast IP addresses Part 1
 
Basic ip traffic management with access control lists
Basic ip traffic management with access control listsBasic ip traffic management with access control lists
Basic ip traffic management with access control lists
 
4.1.1.10 packet tracer configuring extended ac ls scenario 1
4.1.1.10 packet tracer configuring extended ac ls scenario 14.1.1.10 packet tracer configuring extended ac ls scenario 1
4.1.1.10 packet tracer configuring extended ac ls scenario 1
 
Types of ACLs
Types of ACLsTypes of ACLs
Types of ACLs
 
CCNP Security SIMOS 300-209=vpn 642-648
CCNP Security SIMOS 300-209=vpn 642-648CCNP Security SIMOS 300-209=vpn 642-648
CCNP Security SIMOS 300-209=vpn 642-648
 
BACIK CISCO SKILLS
BACIK CISCO SKILLSBACIK CISCO SKILLS
BACIK CISCO SKILLS
 
Acl
AclAcl
Acl
 
Modul 5 access control list
Modul 5 access control listModul 5 access control list
Modul 5 access control list
 
Ccna 2 v 4.0 final-exam-19-06-2010
Ccna 2 v 4.0 final-exam-19-06-2010Ccna 2 v 4.0 final-exam-19-06-2010
Ccna 2 v 4.0 final-exam-19-06-2010
 
Ccna 4 Chapter 8 V4.0 Answers
Ccna 4 Chapter 8 V4.0 AnswersCcna 4 Chapter 8 V4.0 Answers
Ccna 4 Chapter 8 V4.0 Answers
 
Internal & External of Routers
Internal & External of RoutersInternal & External of Routers
Internal & External of Routers
 
Ccna 4 chapter 2 2011 v4
Ccna 4 chapter 2 2011 v4Ccna 4 chapter 2 2011 v4
Ccna 4 chapter 2 2011 v4
 
Ccnav5.org ccna 3-chapter_8_v50_2014_exam_answers
Ccnav5.org ccna 3-chapter_8_v50_2014_exam_answersCcnav5.org ccna 3-chapter_8_v50_2014_exam_answers
Ccnav5.org ccna 3-chapter_8_v50_2014_exam_answers
 
Ccna 2 chapter 5 v4.0 answers 2011
Ccna 2 chapter 5 v4.0 answers 2011Ccna 2 chapter 5 v4.0 answers 2011
Ccna 2 chapter 5 v4.0 answers 2011
 

Viewers also liked

Presentacion tres menu
Presentacion tres menuPresentacion tres menu
Presentacion tres menusaulmunoz
 
Kuehlewind slide cast
Kuehlewind slide castKuehlewind slide cast
Kuehlewind slide cast
kaylakue
 
งานนำเสนอแหม่ม
งานนำเสนอแหม่มงานนำเสนอแหม่ม
งานนำเสนอแหม่มmam2553
 
Interactief 2.0 Effectief Samenwerken In De Veiligheidshuizen Landelijke ...
Interactief 2.0 Effectief Samenwerken In De Veiligheidshuizen Landelijke ...Interactief 2.0 Effectief Samenwerken In De Veiligheidshuizen Landelijke ...
Interactief 2.0 Effectief Samenwerken In De Veiligheidshuizen Landelijke ...frankvansummeren
 

Viewers also liked (7)

Presentacion tres menu
Presentacion tres menuPresentacion tres menu
Presentacion tres menu
 
Samolisov
SamolisovSamolisov
Samolisov
 
Kuehlewind slide cast
Kuehlewind slide castKuehlewind slide cast
Kuehlewind slide cast
 
Metallica
MetallicaMetallica
Metallica
 
งานนำเสนอแหม่ม
งานนำเสนอแหม่มงานนำเสนอแหม่ม
งานนำเสนอแหม่ม
 
10th weekly news
10th weekly news10th weekly news
10th weekly news
 
Interactief 2.0 Effectief Samenwerken In De Veiligheidshuizen Landelijke ...
Interactief 2.0 Effectief Samenwerken In De Veiligheidshuizen Landelijke ...Interactief 2.0 Effectief Samenwerken In De Veiligheidshuizen Landelijke ...
Interactief 2.0 Effectief Samenwerken In De Veiligheidshuizen Landelijke ...
 

Similar to Ccna 3-discovery-4-0-module-8-100-

Cisco discovery drs ent module 10 - v.4 in english.
Cisco discovery drs ent module 10 - v.4 in english.Cisco discovery drs ent module 10 - v.4 in english.
Cisco discovery drs ent module 10 - v.4 in english.igede tirtanata
 
Practice exam #2
Practice exam #2Practice exam #2
Practice exam #2Kris Mofu
 
Ccna 3-discovery-4-0-module-4-100-
Ccna 3-discovery-4-0-module-4-100-Ccna 3-discovery-4-0-module-4-100-
Ccna 3-discovery-4-0-module-4-100-junkut3
 
26.2.1 Packet Tracer - Configure Extended IPv4 ACLs - Scenario 1 - ITExamAnsw...
26.2.1 Packet Tracer - Configure Extended IPv4 ACLs - Scenario 1 - ITExamAnsw...26.2.1 Packet Tracer - Configure Extended IPv4 ACLs - Scenario 1 - ITExamAnsw...
26.2.1 Packet Tracer - Configure Extended IPv4 ACLs - Scenario 1 - ITExamAnsw...
rediani
 
ccna-discowey-final-100
ccna-discowey-final-100 ccna-discowey-final-100
ccna-discowey-final-100junkut3
 
3606765 ccna4-discovery-exam-8
3606765 ccna4-discovery-exam-83606765 ccna4-discovery-exam-8
3606765 ccna4-discovery-exam-8
carlosedu11
 
4.1.1.10 Packet Tracer - Configuring Extended ACLs Scenario 1 Instructor (1).pdf
4.1.1.10 Packet Tracer - Configuring Extended ACLs Scenario 1 Instructor (1).pdf4.1.1.10 Packet Tracer - Configuring Extended ACLs Scenario 1 Instructor (1).pdf
4.1.1.10 Packet Tracer - Configuring Extended ACLs Scenario 1 Instructor (1).pdf
ZahraElhaddi
 
4.1.1.10 Packet Tracer - Configuring Extended ACLs Scenario 1.pdf
4.1.1.10 Packet Tracer - Configuring Extended ACLs Scenario 1.pdf4.1.1.10 Packet Tracer - Configuring Extended ACLs Scenario 1.pdf
4.1.1.10 Packet Tracer - Configuring Extended ACLs Scenario 1.pdf
ssuserf7cd2b
 
Ccna 4 Final 4 Version 4.0 Answers
Ccna 4 Final 4 Version 4.0 AnswersCcna 4 Final 4 Version 4.0 Answers
Ccna 4 Final 4 Version 4.0 Answers
CCNA4Answers
 
E routing final exam ccna 2 46
E routing final exam ccna 2 46E routing final exam ccna 2 46
E routing final exam ccna 2 46lslsc
 
Ccna 2 chapter 6 v4.0 answers 2011
Ccna 2 chapter 6 v4.0 answers 2011Ccna 2 chapter 6 v4.0 answers 2011
Ccna 2 chapter 6 v4.0 answers 2011Dân Chơi
 
Ccnav5.org ccna 1-v50_itn_practice_final_exam_answers
Ccnav5.org ccna 1-v50_itn_practice_final_exam_answersCcnav5.org ccna 1-v50_itn_practice_final_exam_answers
Ccnav5.org ccna 1-v50_itn_practice_final_exam_answersĐồng Quốc Vương
 
Exam viewer2
Exam viewer2Exam viewer2
Exam viewer2
Jorgito Leal
 
Ccna 2 chapter 7 v4.0 answers 2011
Ccna 2 chapter 7 v4.0 answers 2011Ccna 2 chapter 7 v4.0 answers 2011
Ccna 2 chapter 7 v4.0 answers 2011Dân Chơi
 
Lesson.7: Configuring IP Routing B
Lesson.7: Configuring IP Routing BLesson.7: Configuring IP Routing B
Lesson.7: Configuring IP Routing B
Mahmmoud Mahdi
 
ccna 1 v5.0 itn practice final exam answers
ccna 1 v5.0 itn practice final exam answersccna 1 v5.0 itn practice final exam answers
ccna 1 v5.0 itn practice final exam answers
Đồng Quốc Vương
 
CCNA 1 Chapter 11 v5.0 2014
CCNA 1 Chapter 11 v5.0 2014CCNA 1 Chapter 11 v5.0 2014
CCNA 1 Chapter 11 v5.0 2014
Đồng Quốc Vương
 
M odul1
M odul1M odul1
M odul1
HARRY CHAN PUTRA
 

Similar to Ccna 3-discovery-4-0-module-8-100- (20)

Cisco discovery drs ent module 10 - v.4 in english.
Cisco discovery drs ent module 10 - v.4 in english.Cisco discovery drs ent module 10 - v.4 in english.
Cisco discovery drs ent module 10 - v.4 in english.
 
Practice exam #2
Practice exam #2Practice exam #2
Practice exam #2
 
Ccna 3-discovery-4-0-module-4-100-
Ccna 3-discovery-4-0-module-4-100-Ccna 3-discovery-4-0-module-4-100-
Ccna 3-discovery-4-0-module-4-100-
 
26.2.1 Packet Tracer - Configure Extended IPv4 ACLs - Scenario 1 - ITExamAnsw...
26.2.1 Packet Tracer - Configure Extended IPv4 ACLs - Scenario 1 - ITExamAnsw...26.2.1 Packet Tracer - Configure Extended IPv4 ACLs - Scenario 1 - ITExamAnsw...
26.2.1 Packet Tracer - Configure Extended IPv4 ACLs - Scenario 1 - ITExamAnsw...
 
ccna-discowey-final-100
ccna-discowey-final-100 ccna-discowey-final-100
ccna-discowey-final-100
 
3606765 ccna4-discovery-exam-8
3606765 ccna4-discovery-exam-83606765 ccna4-discovery-exam-8
3606765 ccna4-discovery-exam-8
 
ivesgimpaya3
ivesgimpaya3ivesgimpaya3
ivesgimpaya3
 
4.1.1.10 Packet Tracer - Configuring Extended ACLs Scenario 1 Instructor (1).pdf
4.1.1.10 Packet Tracer - Configuring Extended ACLs Scenario 1 Instructor (1).pdf4.1.1.10 Packet Tracer - Configuring Extended ACLs Scenario 1 Instructor (1).pdf
4.1.1.10 Packet Tracer - Configuring Extended ACLs Scenario 1 Instructor (1).pdf
 
ivesgimpaya2
ivesgimpaya2ivesgimpaya2
ivesgimpaya2
 
4.1.1.10 Packet Tracer - Configuring Extended ACLs Scenario 1.pdf
4.1.1.10 Packet Tracer - Configuring Extended ACLs Scenario 1.pdf4.1.1.10 Packet Tracer - Configuring Extended ACLs Scenario 1.pdf
4.1.1.10 Packet Tracer - Configuring Extended ACLs Scenario 1.pdf
 
Ccna 4 Final 4 Version 4.0 Answers
Ccna 4 Final 4 Version 4.0 AnswersCcna 4 Final 4 Version 4.0 Answers
Ccna 4 Final 4 Version 4.0 Answers
 
E routing final exam ccna 2 46
E routing final exam ccna 2 46E routing final exam ccna 2 46
E routing final exam ccna 2 46
 
Ccna 2 chapter 6 v4.0 answers 2011
Ccna 2 chapter 6 v4.0 answers 2011Ccna 2 chapter 6 v4.0 answers 2011
Ccna 2 chapter 6 v4.0 answers 2011
 
Ccnav5.org ccna 1-v50_itn_practice_final_exam_answers
Ccnav5.org ccna 1-v50_itn_practice_final_exam_answersCcnav5.org ccna 1-v50_itn_practice_final_exam_answers
Ccnav5.org ccna 1-v50_itn_practice_final_exam_answers
 
Exam viewer2
Exam viewer2Exam viewer2
Exam viewer2
 
Ccna 2 chapter 7 v4.0 answers 2011
Ccna 2 chapter 7 v4.0 answers 2011Ccna 2 chapter 7 v4.0 answers 2011
Ccna 2 chapter 7 v4.0 answers 2011
 
Lesson.7: Configuring IP Routing B
Lesson.7: Configuring IP Routing BLesson.7: Configuring IP Routing B
Lesson.7: Configuring IP Routing B
 
ccna 1 v5.0 itn practice final exam answers
ccna 1 v5.0 itn practice final exam answersccna 1 v5.0 itn practice final exam answers
ccna 1 v5.0 itn practice final exam answers
 
CCNA 1 Chapter 11 v5.0 2014
CCNA 1 Chapter 11 v5.0 2014CCNA 1 Chapter 11 v5.0 2014
CCNA 1 Chapter 11 v5.0 2014
 
M odul1
M odul1M odul1
M odul1
 

More from junkut3

Ccna 3-discovery-4-0-module-9-100-
Ccna 3-discovery-4-0-module-9-100-Ccna 3-discovery-4-0-module-9-100-
Ccna 3-discovery-4-0-module-9-100-junkut3
 
Ccna 3-discovery-4-0-module-6-100-
Ccna 3-discovery-4-0-module-6-100-Ccna 3-discovery-4-0-module-6-100-
Ccna 3-discovery-4-0-module-6-100-junkut3
 
Ccna 3-discovery-4-0-module-5-100-
Ccna 3-discovery-4-0-module-5-100-Ccna 3-discovery-4-0-module-5-100-
Ccna 3-discovery-4-0-module-5-100-junkut3
 
Ccna 3-discovery-4-0-module-3-100-
Ccna 3-discovery-4-0-module-3-100-Ccna 3-discovery-4-0-module-3-100-
Ccna 3-discovery-4-0-module-3-100-junkut3
 
Ccna 3-discovery-4-0-module-1-100
Ccna 3-discovery-4-0-module-1-100Ccna 3-discovery-4-0-module-1-100
Ccna 3-discovery-4-0-module-1-100junkut3
 
Ccna 3-discovery-4-0-module-7-100-
Ccna 3-discovery-4-0-module-7-100-Ccna 3-discovery-4-0-module-7-100-
Ccna 3-discovery-4-0-module-7-100-junkut3
 

More from junkut3 (6)

Ccna 3-discovery-4-0-module-9-100-
Ccna 3-discovery-4-0-module-9-100-Ccna 3-discovery-4-0-module-9-100-
Ccna 3-discovery-4-0-module-9-100-
 
Ccna 3-discovery-4-0-module-6-100-
Ccna 3-discovery-4-0-module-6-100-Ccna 3-discovery-4-0-module-6-100-
Ccna 3-discovery-4-0-module-6-100-
 
Ccna 3-discovery-4-0-module-5-100-
Ccna 3-discovery-4-0-module-5-100-Ccna 3-discovery-4-0-module-5-100-
Ccna 3-discovery-4-0-module-5-100-
 
Ccna 3-discovery-4-0-module-3-100-
Ccna 3-discovery-4-0-module-3-100-Ccna 3-discovery-4-0-module-3-100-
Ccna 3-discovery-4-0-module-3-100-
 
Ccna 3-discovery-4-0-module-1-100
Ccna 3-discovery-4-0-module-1-100Ccna 3-discovery-4-0-module-1-100
Ccna 3-discovery-4-0-module-1-100
 
Ccna 3-discovery-4-0-module-7-100-
Ccna 3-discovery-4-0-module-7-100-Ccna 3-discovery-4-0-module-7-100-
Ccna 3-discovery-4-0-module-7-100-
 

Ccna 3-discovery-4-0-module-8-100-

  • 1. 1. Which wildcard mask would match the host range for the subnet 192.16.5.32 /27? 0.0.0.32 0.0.0.63 0.0.63.255 0.0.0.31 Scoring Rule For: correctness of response 2 points for Option 4 0 points for any other option 2. Refer to the exhibit. The new security policy for the company allows all IP traffic from the Engineering LAN the Internet while only web traffic from the Marketing LAN is allowed to the Internet. Which ACL can be applied in the outbound direction of Serial 0/1 on the Marketing router to implement the new security policy access-list 197 permit ip 192.0.2.0 0.0.0.255 any access-list 197 permit ip 198.18.112.0 0.0.0.255 any eq www access-list 165 permit ip 192.0.2.0 0.0.0.255 any access-list 165 permit tcp 198.18.112.0 0.0.0.255 any eq www access-list 165 permit ip any any access-list 137 permit ip 192.0.2.0 0.0.0.255 any access-list 137 permit tcp 198.18.112.0 0.0.0.255 any eq www access-list 89 permit 192.0.2.0 0.0.0.255 any access-list 89 permit tcp 198.18.112.0 0.0.0.255 any eq www Scoring Rule For: correctness of response 2 points for Option 3 0 points for any other option Reset View Reset View
  • 2. 3. Refer to the exhibit. Hosts from 172.19.123.0 are not allowed access to 192.0.2.0 but should be able to acces the Internet. Which set of commands will create a standard ACL that will apply to traffic outbound on the Shannon router interface Fa0/0 implementing this security? access-list 142 deny ip 172.19.123.0 0.0.0.255 192.0.2.0 0.0.0.255 access-list 142 permit ip any any access-list 56 deny 172.19.123.0 0.0.0.255 access-list 56 permit any access-list 61 deny 172.19.123.0 0.0.0.0 access-list 61 permit any access-list 87 deny 192.0.2.0 0.0.0.255 access-list 87 permit any Scoring Rule For: correctness of response 2 points for Option 2 0 points for any other option 4. Refer to the exhibit. An administrator notes a significant increase in the amount of traffic that is entering the network from the ISP. The administrator clears the counters. After a few minutes, the administrator again che the access-list table. What can be concluded from the output that is shown? A small amount of HTTP traffic is an indication that the web server was not configured correctly. Reset View
  • 3. A larger amount of POP3 traffic, compared with SMTP traffic, indicates that there are more POP3 e-mail clients than SMTP clients in the enterprise. A large amount of ICMP traffic is being denied at the interface, which can be an indication of a DoS attac A larger amount of e-mail traffic, compared with web traffic, is an indication that attackers mainly targete the e-mail server. Scoring Rule For: correctness of response 2 points for Option 3 0 points for any other option 5. Refer to the exhibit. A network administrator needs to add the command deny ip 10.0.0.0 0.255.255.255 any to R3. After adding the command, the administrator verifies the change using the show access-list command What sequence number does the new entry have? 0 10, and all other items are shifted down to the next sequence number 50 60 Scoring Rule For: correctness of response 2 points for Option 4 0 points for any other option 6. A security administrator wants to secure password exchanges on the vty lines on all routers in the enterprise. What option should be implemented to ensure that passwords are not sent in clear text across the public network? Use Telnet with an authentication server to ensure effective authentication. Apply an access list on the router interfaces to allow only authorized computers. Apply an access list on the vty line to allow only authorized computers. Use only Secure Shell (SSH) on the vty lines. Reset View Reset View Reset View
  • 4. Scoring Rule For: correctness of response 2 points for Option 4 0 points for any other option 7. What is the best option an administrator can choose to ensure that ICMP DoS attacks from the outside are contained as much as possible, without restricting connectivity tests initiated from the inside out? Create an access list that permits only echo reply and destination unreachable packets from the outside. Create an access list that denies all TCP traffic coming from the outside. Permit TCP traffic from only known external sources. Create an access list with the established keyword at the end of the line. Scoring Rule For: correctness of response 2 points for Option 1 0 points for any other option 8. Traffic from the 64.104.48.0 to 64.104.63.255 range must be denied access to the network. What wildcard m would the network administrator configure in the access list to cover this range? 0.0.15.255 0.0.47.255 0.0.63.255 255.255.240.0 Scoring Rule For: correctness of response 2 points for Option 1 0 points for any other option 9. A network administrator enters the following commands on router RTB. RTB(config)# access-list 4 deny 192.168.20.16 0.0.0.15 RTB(config)# access-list 4 permit any RTB(config)# interface serial 0/0/0 RTB(config-if)# ip access-group 4 in Which addresses are blocked from entering RTB? 192.168.20.17 to 192.168.20.31 192.168.20.16 to 192.168.20.31 192.168.20.16 to 192.168.20.32 Reset View Reset View
  • 5. 192.168.20.17 to 192.168.20.32 Scoring Rule For: correctness of response 2 points for Option 2 0 points for any other option 10. Why are inbound ACLs more efficient for the router than outbound ACLs? Inbound ACLs deny packets before routing lookups are required. Inbound ACL operation requires less network bandwidth than outbound. Inbound ACLs permit or deny packets to LANs, which are typically more efficient than WANs. Inbound ACLs are applied to Ethernet interfaces, while outbound ACLs are applied to slower serial interfa Scoring Rule For: correctness of response 2 points for Option 1 0 points for any other option 11. Refer to the exhibit. The network administrator of a company needs to configure the router RTA to allow its business partner (Partner A) to access the web server located in the internal network. The web server is assig a private IP address, and a static NAT is configured on the router for its public IP address. Finally, the administrator adds the ACL. However, Partner A is denied access to the web server. What is the cause of the problem? Port 80 should be specified in the ACL. The public IP address of the server, 209.165.201.5, should be specified as the destination. The ACL should be applied on the s0/0 outbound interface. Reset View Reset View
  • 6. The source address should be specified as 198.133.219.0 255.255.255.0 in the ACL. Scoring Rule For: correctness of response 2 points for Option 2 0 points for any other option 12. ACL logging generates what type of syslog message? unstable network warning informational critical situation Scoring Rule For: correctness of response 2 points for Option 3 0 points for any other option 13. Refer to the exhibit. Company policy for the network that is shown indicates the following guidelines: 1) All hosts on the 192.168.3.0/24 network, except host 192.168.3.77, should be able to reach the 192.168.2. network. 2) All hosts on the 192.168.3.0/24 network should be able to reach the 192.168.1.0/24 network. 3) All other traffic originating from the 192.168.3.0 network should be denied. Which set of ACL statements meets the stated requirements when they are applied to the Fa0/0 interface of router R2 in the inbound direction? Reset View Reset View
  • 7. access-list 101 deny ip any any access-list 101 deny ip 192.168.3.77 0.0.0.0 192.168.2.0 0.0.0.255 access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255 access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255 access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255 access-list 101 deny ip 192.168.3.77 0.0.0.0 192.168.2.0 0.0.0.255 access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255 access-list 101 deny ip 192.168.3.77 0.0.0.0 192.168.2.0 0.0.0.255 access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255 access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255 access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255 access-list 101 deny ip 192.168.3.77 0.0.0.0 192.168.2.0 0.0.0.255 access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255 access-list 101 permit ip any any access-list 101 deny ip 192.168.3.77 0.0.0.0 192.168.2.0 0.0.0.255 access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.0.0 0.0.255.255 Scoring Rule For: correctness of response 2 points for Option 3 0 points for any other option 14. Which ACL permits host 10.220.158.10 access to the web server 192.168.3.244? access-list 101 permit tcp host 10.220.158.10 eq 80 host 192.168.3.224 access-list 101 permit tcp 10.220.158.10 0.0.0.0 host 192.168.3.224 0.0.0.0 eq 80 access-list 101 permit host 10.220.158.10 0.0.0.0 host 192.168.3.224 0.0.0.0 eq 80 access-list 101 permit tcp 10.220.158.10 0.0.0.0 host 192.168.3.224 eq 80 Scoring Rule For: correctness of response 2 points for Option 4 0 points for any other option 15. Which two statements are true about standard and extended ACLs? (Choose two.) Extended ACLs filter only on source addresses and must be placed near the destination address. Standard ACLs are usually placed so that all packets go through the network and are filtered at the destina Standard ACLs are used when filtering complex requirements, such as specific protocols. Extended ACLs filter with many possible factors, and are placed near the source address to reduce traffic across the network. Properly designed ACLs have a negative impact on network availability and performance. Reset View Reset View Reset View
  • 8. Scoring Rule For: correctness of response Option 2 and Option 4 are correct. 1 point for each correct option. 0 points if more options are selected than required. 16. Refer to the exhibit. What happens if the network administrator issues the exhibited commands when an ACL named Managers already exists on the router? The new commands overwrite the current Managers ACL. The new commands are added to the end of the current Managers ACL. The new commands are added to the beginning of the current Managers ACL. An error appears stating that the ACL already exists. Scoring Rule For: correctness of response 2 points for Option 2 0 points for any other option 17. What effect does the command reload in 30 have when entered into a router? If a router process freezes, the router reloads automatically. If a packet from a denied source attempts to enter an interface where an ACL is applied, the router reloads 30 minutes. If a remote connection lasts for longer than 30 minutes, the router forces the remote user off. A router automatically reloads in 30 minutes. Scoring Rule For: correctness of response 2 points for Option 4 0 points for any other option 18. Reset View Reset View
  • 9. Refer to the exhibit. Which two host addresses from the 172.16.31.64/27 subnet are able to telnet into the rou to make configuration changes? (Choose two.) 172.16.31.33 172.16.31.64 172.16.31.77 172.16.31.92 172.16.31.95 172.16.31.96 Scoring Rule For: correctness of response Option 3 and Option 4 are correct. 1 point for each correct option. 0 points if more options are selected than required. 19. ACLs are used primarily to filter traffic. What are two additional uses of ACLs? (Choose two.) specifying source addresses for authentication specifying internal hosts for NAT identifying traffic for QoS reorganizing traffic into VLANs filtering VTP packets Scoring Rule For: correctness of response Option 2 and Option 3 are correct. 1 point for each correct option. 0 points if more options are selected than required. 20. Reset View Reset View
  • 10. Refer to the exhibit. A network administrator needs to configure an access list that will allow the managemen host with an IP address of 192.168.10.25/24 to be the only host to remotely access and configure router RTA vty and enable passwords are configured on the router. Which group of commands will accomplish this task? Router(config)# access-list 101 permit tcp any 192.168.10.25 0.0.0.0 eq telnet Router(config)# access-list 101 deny ip any any Router(config)# int s0/0 Router(config-if)# ip access-group 101 in Router(config-if)# int fa0/0 Router(config-if)#ip access-group 101 in Router(config)# access-list 10 permit 192.168.10.25 eq telnet Router(config)# access-list 10 deny any Router(config)# line vty 0 4 Router(config-line)#access-group 10 in Router(config)# access-list 86 permit host 192.168.10.25 Router(config)# line vty 0 4 Router(config-line)# access-class 86 in Router(config)# access-list 125 permit tcp 192.168.10.25 any eq telnet Router(config)# access-list 125 deny ip any any Router(config)# int s0/0 Router(config-if)# ip access-group 125 in Scoring Rule For: correctness of response 2 points for Option 3 0 points for any other option 21. What are two possible uses of access control lists in an enterprise network? (Choose two.) limiting debug outputs reducing the processing load on routers allowing Layer 2 traffic to be filtered by a router controlling virtual terminal access to routers controlling the physical status of router interfaces Scoring Rule For: correctness of response Option 1 and Option 4 are correct. 1 point for each correct option. 0 points if more options are selected than required. 22. Reset View Reset View
  • 11. Scoring Rule For: correctness of response Option 2 and Option 4 are correct. 1 point for each correct option. 0 points if more options are selected than required. 23. If the established keyword is appended to a line in an extended ACL, what will determine if packets are sen between the source and destination specified by the line? if authentication is enabled via CHAP if MD5 encryption algorithm is in effect if a TCP three-way handshake was successfully completed if HTML packets are specifically allowed within the ACL Scoring Rule For: correctness of response 2 points for Option 3 0 points for any other option Reset View Reset View