Chapter 8 Quiz 1. An administrator has been asked to explain ACLs to a trainee. What are some of the suggested uses for ACLs that the trainee should learn? (Choose three.) A. Limit network traffic and increase performance B. Notify downstream devices in the event of increased traffic or congestion C. Determine whether interfaces are active or shutdown during peak usage D. Provide traffic flow control E. Provide a basic level of security for network access F. Open additional links when paths become saturated 2. What statements are true regarding the meaning of the access control list wildcard mask 0.0.0.15? (Choose two.) A. The first 28 bits of a supplied IP address will be ignored. B. The last four bits of a supplied IP address will be ignored C. The first 32 bits of a supplied IP address will be matched D. The first 28 bits of a supplied IP address will be matched E. The last five bits of a supplied IP address will be ignored F. The last four bits of a supplied IP address will be matched 3. What IP address and wildcard mask pairs will test for only addresses of a subnet containing a host configured with 192.168.12.6 255.255.255.248? A. 192.168.12.0 0.0.0.7 B. 192.168.12.0 0.0.0.8 C. 192.168.12.6 0.0.0.15 D. 192.168.12.6 0.0.0.255 4. Once an ACL has been created, it must be applied in the proper location to have the desired effect. What rules should be observed when applying ACLs? (Choose Two.) A. Standard ACLs should be applied as close to the source as possible. B. Outbound filters do not effect traffic that originates within the local router. C. The inbound and outbound interface should be referenced as if looking from the outside of a router. D. Extended ACLs should be applied closest to the source. E. All ACL statements are processed for each packet through the interface. 5. A network administrator is writing a standard ACL that will deny any traffic from the 172.16.0.0/16 network, but permit all other traffic. A. Router(config)# access-list 95 deny any B. Router(config)# access-list 95 deny 172.16.0.0 0.0.255.255 C. Router(config)# access-list 95 deny 172.16.0.0 255.255.0.0 D. Router(config)# access-list 95 permit any E. Router(config)# access list 95 host 172.16.0.0 F. Router(config)# access-list 95 172.16.0.0 255.255.255.255 6. What can be concluded from the output shown in the exhibit? (Choose two.) Exhibit Router# show running-config Building configuration? Current configuration 1084 bytes ! version 12.1 interface Serial0/1 ip address 192.168.1.1 255.255.255.0 ip access-group 99 in no fair-queue clockrate 56000 ! ip classless no ip http server ! access-list 99 deny 10.213.177.76 access-list 99 permit any ! A. This is an extended IP access list. B. The keyword host is implied in the command line access-list 99 deny 10.213.177.76. C. The wildcard mask must be configured for this access list to function properly. D. Host 10.213.177.100 will be allowed access to the Serial0/1 interface. E. This access control list will not limit any traffic through the router. 7. Refer to the exhibit. The new security policy for the company allows all IP traffic from the Engineering LAN to the Internet while only web traffic from the Marketing LAN is allowed to the Internet. Which ACL can be applied in the outbound direction of Serial 0/0/1 on the Marketing router to implement the new security policy? Exhibit Two Routers(Marketing, Engineering) Two Switches(S1, S2) Marketing is connected to Engineering via Serial link(Marketing IP: 198.18.106.1/24 S0/0/0, Engineering 198.18.106.2/24 S0/0/0) S1 is attached to interface fa0/0 on the Engineering Router and runs Engineering LAN (192.0.2.0/24) S2 is attached to interface fa0/0 on the Marketing Router and runs Marketing LAN (198.18.112.0/24) The S0/0/1 interface on the Marketing Router is attached to the Internet, and has the IP address 198.18.114.1/24 A: Access-list 197 permit ip 192.0.2.0 0.0.0.255 any Access-list 197 permit ip 198.18.112.0 0.0.0.255 any eq www B: Access-list 165 permit ip 192.0.2.0 0.0.0.255 any Access list 165 permit tcp 198.18.112.0 0.0.0.255 any eq www Access-list 165 permit ip any any C: Access-list 137 permit ip 192.0.2.0 0.0.0.255 any Access-list 137 permit tcp 298.18.112.0 0.0.0.255 any eq www D: Access-list 89 permit TCP 192.0.2.0 0.0.0.255 any Access-list 89 permit ip 198.18.112.0 0.0.0.255 any eq www 8. Refer to the exhibit. Which two statements are correct based on the set of commands shown in the exhibit? (Choose two.) Exhibit Router(config)#ip access-list extended server1Access Router(config-ext-nacl)#deny ip 10.128.114.0 0.0.0.255 any Router(config-ext-nacl)#deny tcp 192.168.85.0 0.0.0.255 host 172.25.0.26 eq 23 Router(config-ext-nacl)#permit ip any any Router(config-ext-nacl)#exit Router(config)#interface fa0/0 Router(config-if)# ip access-group Server1Access out A. Host 10.128.114.76 will be able to establish a Telnet session with host 172.25.0.26. B. Host 10.128.114.76 will not be able to establish an FTP session with available hosts on the 172.25.0.0/16 network. C. Host 192.168.85.76 will be able to establish a Telnet session with host 172.25.0.26. D. Host 192.168.85.76 will be able to establish an FTP session with available hosts on the 172.25.0.0 network. E. Host 172.25.0.26 will not be able to establish a Telnet session with available hosts on the 192.168.85.0/24 network. 9. A network engineer wants to ensure that only users of the network management host can access the vty lines of R1. Place the commands in the order, which they would be entered into the router. (Not all commands will be used) A. line vty 0 4 B. access-class 1 in C. ip access-group 1 in D. access-list 1 deny any E. access-list 1 deny ip any any F. access-list 1 permit host 10.0.0.1 First command is R1(config)# prompt Second command is R1(config)# prompt Third command is R1(config-line)# prompt 10. What are two purposes of IP access control lists? (Choose two.) A. ACLs control host access to a network or to another host B. Standard ACLs can restrict access to specific applications and ports. C. ACLs provide a basic level of security for network access. D. ACLs can permit or deny traffic based upon the MAC address originating on the router. E. ACLs can be applied to only one interface. 11. Refer to the exhibit. Access list 101 is applied as an inbound ACL on the interface Serial 0 of Router RTA and should permit telnet access to the 172.16.28.3 host. However, telnet access fails when host 10.10.10.3 attempts to connect to host 172.16.28.3. What could be the cause? Exhibit Two Routers(RTA, RTB) RTA is connected to the internet via the s0 interface RTB is connected to the internet via the s0 interface RTA has a host connected via the Fa0 interface (Host1: 172.16.28.3/24) RTB has a host connected via the FA0 interface (Host2: 10.10.10.3) There is a screen capture of RTA?s command line, which is as follows: Hostname RTA ! access-list 101 permit tcp 10.10.10.0 0.0.0.255 any host eq 23 access-list 101 deny ip any any A. The line access-list 101 permit tcp any any established should be added before the permit statement. B. The line access-list 101 permit tcp any any established should be added after the permit statement. C. The port number is incorrect for the access list. D. The access list should be on the outbound interface of FastEthernet 0. 12. A network administrator is interested in tracing all packets that do not match any statement in a standard ACL. What must the network administrator do to allow tracking? A. Enter the command debug ACL deny from global configuration mode. B. Add permit ip any log to the end of the ACL statements. C. Enter the syslog command in global configuration mode. D. Nothing, logging of denied packets happens automatically.