Wednesday, May 18, 2016

CCNAv2 Final Review - ACLs

Greetings, and welcome to Seeseenayy.
Below are two practice quia review "tests" we took to start final review. 
These tests were on ACLs.

There were two parts to the test, the latter coming from the (CCNA 2) Chapter 9 EXAM.
If you came here and you're looking for the Chapter 9 exam, click here to be redirected.

Click here if you'd like to take this test: http://goo.gl/forms/JeN2LVK5jUPVbndg2
The answers to this test are below. Click on the link below to see them.

ANSWER KEY GUIDE:
  1. Answers are bolded and colored blue.
  2. Questions are bolded (only bolded).
  3. Responses that are not chosen are unbolded and uncolored.
  4. Question explanations ("why this answer") is highlighted; the text below it is not.
*Only questions that need explanation will be initially posted. If you have a question or difficulty understanding this question, comment below and we will add it to the page.

Match the protocol to the port number. (5 Points)

  •    FTP = 21*
  •    TELNET = 23*
  •    HTTP = 80*
  •    SMTP = 25*
  •    TFTP = 69*



What type of ACL uses the numbers 100 - 199? (2 points)

  •    Standard Named
  •    Extended Numbered*
  •    Standard Numbered
  •    None of them
  •    Extended Named


A standard ACL is placed as close to the destination as possible. (2 points)
  •    True*
  •    False


What does a standard ACL use for filtering (Choose ALL that apply) (3 points)
  • Port Number
  • MAC Address
  • Protocol
  • Source Address*
  • Destination Address

  1. Why is source the only option when it says "choose all"?
    1. Standard ACLs can ONLY use source addresses as filtering parameters. Our teacher tricked us on this one-- lots got this wrong.


What type of ACL uses the numbers 1 - 99? (2 points)

  • None of them
  • Extended Named
  • Extended Numbered
  • Standard Numbered*
  • Standard Named


What does an extended ACL use for filtering (Choose ALL that apply) (4 points)

  • Source Address*
  • Destination Address*
  • Port Number*
  • Protocol*
  • MAC Address


A wildcard Mask operates by matching each bit that contains a 1. (2 points)

  • True
  • False*

  1. Why is the answer false, rather than true?
    1. A wildcard mask operates by matching each bit with 0, therefor false is the correct option.


What two functions describe uses of an access control list? (Choose two.) (1 point)

  • ACLs assist the router in determining the best path to a destination
  • ACLs provide a basic level of security for network access.*
  • ACLs can control which areas a host can access on a network.*
  • ACLs can permit or deny traffic based upon the MAC address originating on the router.
  • Standard ACLs can restrict access to specific applications and ports.



Place standard ACLs as close to the source IP address of the traffic as possible. (1 point)

  • True
  • False*



An administrator has configured an access list on R1 to allow SSH administrative access from host 172.16.1.100. Which command correctly applies the ACL? (1 point)

  • R1(config-if)# ip access-group 1 in
  • R1(config-if)# ip access-group 1 out
  • R1(config-line)# access-class 1 in*
  • R1(config-line)# access-class 1 out



A network administrator needs to configure a standard ACL so that only the workstation of the administrator with the IP address 192.168.15.23 can access the virtual terminal of the main router at IP Address 10.10.10.1. Which configuration command can achieve the task? (1 point)

  • Router1(config)# access-list 10 permit host 10.10.10.1 host 192.168.15.23
  • Router1(config)# access-list 10 permit 192.168.15.23 0.0.0.255
  • Router1(config)# access-list 10 permit 192.168.15.23 255.255.255.0
  • Router1(config)# access-list 10 permit 192.168.15.23 255.255.255.255
  • Router1(config)# access-list 10 permit 192.168.15.23 0.0.0.0*
  • None of the above

  1. Why is the answer as shown above instead of any other choice?
    1. We want ONLY the workstation of the administrator. If we chose any other identifier than Quad 0s (0.0.0.0 from the answer), we would not have an ACL, as per question, exclusively designed for the administrator.



Which IPv4 address range covers all IP addresses that match the ACL filter specified by 172.16.2.0 with wildcard mask 0.0.1.255? (1 point)

  • 172.16.2.1 to 172.16.3.254
  • 172.16.2.1 to 172.16.255.255
  • 172.16.2.0 to 172.16.2.255
  • 172.16.2.0 to 172.16.3.255*



Which IPv6 ACL command entry will permit traffic from any host to an SMTP server on network 2001:DB8:10:10::/64? (1 point)

  • permit tcp any host 2001:DB8:10:10::100 eq 25*
  • permit tcp host 2001:DB8:10:10::100 any eq 23
  • permit tcp host 2001:DB8:10:10::100 any eq 25
  • permit tcp any host 2001:DB8:10:10::100 eq 23



Which statement describes a difference between the operation of inbound and outbound ACLs? (1 point)

  • In contrast to outbound ALCs, inbound ACLs can be used to filter packets with multiple criteria.
  • Inbound ACLs are processed before the packets are routed while outbound ACLs are processed after the routing is completed.*
  • Inbound ACLs can be used in both routers and switches but outbound ACLs can be used only on routers.
  • On a network interface, more than one inbound ACL can be configured but only one outbound ACL can be configured.



Place extended ACLs close to the source IP address of the traffic as possible. (1 point)

  • True*
  • False



What is the only type of ACL available for IPv6? (1 point)

  • named standard
  • named extended*
  • numbered standard
  • numbered extended



If a router has two interfaces and is routing both IPv4 and IPv6 traffic, how many ACLs could be created and applied to it? (1 point)

  • 4
  • 6
  • 8*
  • 12
  • 16
  1. Why is the answer 8?
    1. Well, we have TWO applications of one ACL: inbound or outbound.
      1. TWO times TWO is FOUR.
    2. Then, we have TWO protocols.
      1. TWO times TWO is FOUR.
    3. Add the possible combinations and your total is 8!


No comments:

Post a Comment

Feel free to comment if you have a question, commendation, or concern. We love to hear your feedback!

Please do not share links to external websites if it not relevant to discussion. We reserve our right to remove any content we deem advertising.