CCNA Quiz Chapter 8 Discovery 3

1. An administrator has been asked to explain ACLs to a trainee. What are some of the suggested uses for ACLs that the trainee should learn?

>> limit network traffic and increase performance >> provide traffic flow control >> provide a basic level of security for network access

1. What statements are true regarding the meaning of the access control list wildcard mask 0.0.0.15?

>> the last four bits of a supplied IP address will be ignored >> the first 28 bits of a supplied IP address will be matched

1. What IP address and wildcard mask pairs will test for only addresses of a subnet containing a host configured with 192.168.12.6 255.255.255.248

>> 192.168.12.0 0.0.0.7

1. Once an ACL has been created, it must be applied in the proper location to have the desired effect. What rules should be observed when applying ACLs?

>> outbound filters do not affect traffic that originates within the local router >> extended ACLs should be applied closest to the source

1. A network administrator is writing a standard ACL that will deny any traffic from the 172.16.0.0/16 network, but permit all other traffic. Which two commands should be used?

>>           router (config)#access-list 95 deny any 172.16.0.0 0.0.255.255
Router (config)#access-list 95 permit any

1. What can be concluded from the output shown in the exhibit?

>> the keyword host is implied in the command line access-list 99 deny 10.213.177.76 >> host 10.213.177.100 will be allowed access to the Serial0/1 interface

1. Refer to the exhibit. The new security policy for the company allows all IP traffic from the Engineering LAN to the Internet while only web traffic from the Marketing LAN is allowed to the Internet. Which ACL can be applied in the outbound direction of Serial 0/0/1 on the Marketing router to implement the new security policy?

>>           access-list 137 permit ip 192.0.2.0 0.0.0.255 any
Access-list 137 permit tcp 198.18.112.0 0.0.0.any eq www

1. Refer to the exhibit. Which two statements are correct based on the set of commands shown in the exhibit?

>> host 10.128.114.76 will not be able to establish an FTP session with available hosts on the 172.25.0.0/16 network >> host 192.168.85.76 will be able to establish an FTP session with available hosts on the 172.25.0.0 network

1. A network engineer wants to ensure that only users of the network management host can access the vty lines of R1. Drag the command from the left and place them in the order that they would be entered in the router.

>>           R1 (config)#                        access-list 1 permit host 10.0.0.1
R1 (config)#                        line vty 0 4
R1 (config-line)#               access-class 1 in

1. What are two purposes of IP access control lists?

>> ACLs control host access to a network or to another host >> ACLs provide a basic level of security for network access

1. Refer to the exhibit. Access list 101 is applied as an inbound ACL on interface Serial 0 of router RTA and should permit telnet access to the 172.16.28.3 host. However, telnet access fails when host 10.10.10.3 attempts to connect to host 172.16.28.3. what could be the cause?

>> the line access-list 101 permit tcp any any established should be added before the permit statement

1. A network administrator is interested in tracking all packets that do not match any statement in a standard ACL. What must the network administrator do to allow tracking?

>> add permit ip any log to the end of the ACL statements