Accesss Control Listss 1 An extended access list needs to be applied to a KANIZSA router. What three pieces of information can be 3 used in an extended access list to filter traffic? (Choose three) A. Source IP Addresss and destination IP address B. Source MAC address and destination MAC address C. Source switch port number D. VLAN number E. Protocol F. TCP or UDP port numbers Router PEN is configured with an inbound ACL. When are packets processed p inn this inbound access list? A. Before they are routed to an outbound interface. B. After they are routed for outbound traffic. C. After they are routed to an outbound interface while queuing. D. Beforee and after they are routed to an outbound interface. E. Depends on the configurationn of the interface F. None of the other alternatives apply 3 Router KANIZSA is configured using a named ACL. Which of the following answer choices are correct 3 characteristics of named access list? (Select all that apply) A. You can delete individual statements in a named access list B. Named access listss require a numbered range from 1000 to 1099. C. Named access listss must be specified as standard or extended. D. You can use the ip access-list command to create named access lists. l E. You cannot delete individual statements s inn a named access list. F. You can use the ip name-group commandd to apply named access lists. 4 A standard IP access list is applied to an Ethernet interface of router KANIZSA.. What does this standard access list filter on? A. The source and destination addresses B. The destination port number C. The destination address D. The source address E. All of the above
5 What are two reasons that the KANIZSA network administrator would use access lists on a router? (Choose two) A. To filter traffic as it passes through a router B. To filter traffic that originates from the router C. To replace passwords as a line of defense against security incursions D. To control vty access into a router E. To control broadcast traffic through a router F. To prevent a virus from entering the network 6 What are the general recommendations regarding the placement of access control lists? (Choose two) A. Standard ACLs should be placed as close as possible to the source of traffic to be denied. B. Extended ACLs should be placed as closee as possible to the source of traffic c to be denied. C. Standard ACLs should be placed as close as possible to the destination of traffic to be denied. D. Extended ACLs should be placed as closee as possible to the destination of traffic to be denied. 7 In this network, an access list has been designed to prevent HTTP traffic from the accounting department from reaching the PEN Server attached to thee PEN router. Which of o the following access lists l will accomplish this task when grouped with the e00 interface on the PEN1 router? A. permit ip any any deny tcp 17.17.17.5 0.0.0. 0 17.16.16..0 0.0.0.55 eq 80 B. deny tcp 17.17.17.5 0.0.0. 0 17.16.16..0 0.0.0.55 eq 80 permit ip any any C. deny tcp 17.16.16.0 0.0.0.55 17.17.17..5 0.0.0.0 eq 80 permit ip any any D. permit ip any nay deny tcp 17.16.16.0 0.0.0.55 17.17.17..5 0.0.0.0 eq 80 E. None of the other alternatives apply
8 On the Hong Kong router an access list is needed that will accomplish the following: 1. Allow a Telnet connection to the HR Server throughh the Internet. Allow internet HTTP traffic to t access thee webserverr 3. Block any other traffic from the t internet to everything else 9 10 Which of the following access list statements s are capable of accomplishing these three goals?? (Select all that apply) A. access-list 101 permit tcp any 17.17.18.5 0.0.0.0 eq 80 B. access-list 1 permit tcp any 17.17.17.5 0.0.0.0 eq 3 C. access-list 101 permit tcp 17. 17.17.5 0..0.0.0 any eq 3 D. access-list 101 deny tcp any 17.17.17.5 0.0.0.0 eq 3 E. access-list 101 deny tcp any 17.17.18.5 0.0.0.0 eq 80 F. access-list 101 permit tcp any 17.17.17.5 5 0.0.0.0 eq 3 Which of the following access list statements s would deny traffic fromm a specific host? A. Router(config)# access-list 1 deny 17.31.1.74 any B. Router(config)# access-list 1 deny 10.6.111.48 host C. Router(config)# access-list 1 deny 17.16..4.13 0.0.0.00 D. Router(config)# access-list 1 deny 19.168.14.13 55.55.55.0 E. Router(config)# access-list 1 deny 19.168.166.17 55.55.55.55 Which IP address and wildcard mask would you use in your ACL to block b all thee hosts in the subnet 19.168.16. 43/8? A. 19.168.16.3 0.0.0.16 B. 19.168.16.43 0.0.0.1 C. 19.168.16.0 0.0.0..15 D. 19.168.16.3 0.0.0.15 E. 19.168.16.0 0.0.0.311 F. 19.168.16.16 0.0.0.31
11 A network administrator in Miami has been instructed to prevent all traffic t originating on the Chicago LAN from entering the Miami router. Which statement would accomplish this t filtering? A. access-list 101 deny ip 19.168.45.0 0.0.0.55 any B. access-list 101 deny ip 19.168.45.0 0.0.0.00 any C. access-list 101 deny ip 19.168.46.0 0.0.0.55 19.168.45.0 0.0.0.55 D. access-list 101 deny ip 19.168.46.0 0.0.0. 55 any 1 The access list shown should deny all hosts located on network 17.16.1.0, except host 17.16.1.5, from accessing the 17.16.4.0 network. All other networks should be accessible. Whichh command sequence will correctly apply this access list? 13 A. Chicago(config)#interface fa0/0 Chicago(config-if)#ip access-group 100 in B. Chicago(config)#interface s0/0 Chicago(config-if)#ip access-group 100 out C. Miami(config)# #interface fa0/1 D. Miami(config)# #interface fa0/0 E. Miami(config)# #interface s0/1 You are the network administratorr at NAGYKANIZSA. You apply the t followingg access list on the E0 outbound interface connected to the 19.168.1.8/9 LAN: access-list 1 deny tcp 19.168.1 1.8 0.0.0.7 eq 00 any access-list 1 deny tcp 19.168.1 1.8 0.0.0.7 eq 11 any What will the effect of this access list l be? A. All traffic will be allowed to out of E0 except FTP traffic. B. FTP traffic from 19.168.1. to any hostt will be blocked. C. FTP traffic from 19.168.1.9 to t any host will be blocked. D. All traffic will be prevented from leaving E0. E. All FTP traffic to network 19.168.1.9/99 from any host will be blocked.