8/10/2019 Access Lists QUESTION

1/7

1. Exhibit:

You work as a network administrator at TestKing.com. A named access list called

research_block has been written to prevent users on the research network and public

Internet orm access to the TestKing !upport server. All other users within the

TestKing compan" should have access to this server. The list contains the ollowing

statements.

den" 1#$.1%.1&$.& &.&.&.$'' 1#$.1%.1&(.$'' &.&.&.&

permit 1#$.1%.&.& &.&.$''.$'' 1#$.1%.1&(.$'$ &.&.&.&

)hich o the ollowing commands se*uences will place this list to meet these

re*uirements+

A. TestKing1(config)# interace e&

TestKing1(config-if)# ip access,group research-block inB. TestKing1(config)# interace s&TestKing1(config-if)# ip access,group research-block outC. TestKing2(config)# interace s&TestKing2(config-if)# ip access,group research-block outD. TestKing2(config)# interace s1TestKing2(config-if)# ip access,group research-block inE. TestKing3(config)# interace s1TestKing3(config-if)# ip access,group research-block inF. TestKing3(config)# interace e&

TestKing3(config-if)# ip access,group research-block out

$. You work as a network technician at TestKing. You are coniguring a E& interace

connected to the 1$.1%/.1./0$ A2 on a 3isco router.

You appl" the ollowing access list to the interace.

access-list 123 deny tcp 192.168.1.8 0.0.0.7 eq 20 anyaccess-list 123 deny tcp 192.168.1.8 0.0.0.7 eq 21 any)hat conse*uence will this access list have+

A. All traffic will be allowe to e!it E" e!cet FT$ traffic.

8/10/2019 Access Lists QUESTION

2/7

B. FT$ traffic fro% 1&2.1'.1.22 to an *ost will be enie.

C. FT$ traffic fro% 1&2.1'.1.& to an *ost will be enie.

D. All traffic e!iting E" will be enie.E. All FT$ traffic to networ+ 1&2.1'.1.,2& fro% an *ost will be enie.

4. As a network technician at TestKing "ou are coniguring access lists on an

interace o a 3isco router. You use multiple access lists.

)hich o the ollowing statements are valid+ 5!elect one6

A. T*ere is no li%it to t*e n%ber of access lists t*at can be alie to an interface as

long as t*e are alie in orer fro% %ost secific to %ost general.

B. Cisco /0 allows onl one access list to be alie to an interface.

C. 0ne access list %a be configre er irection for eac* aer 3 rotocol configreon an interface.

D. to t*ree access lists er rotocol can be alie to a single interface.

E. 4o %ore t*an two access lists can be alie to a single interface.

F. T*e %a!i%% n%ber allowe 5aries eening on t*e a%ont of 6A7 installe int*e roter.

8. Your TestKing trainee 7ose are interested in A3s 5access control lists6.

8e asks "ou want the" can be used or.

)hat should "ou tell him+ 53hoose three6

A. $rotect *osts fro% 5irses.

B. Classif networ+ traffic.

C. $ro5ie *ig* networ+ a5ailabilit.

D. /entif interesting traffic for DD6.E. /$ rote filtering.

F. 7onitor t*e n%ber of btes an ac+ets.

9. Three sites9 TestKing19 TestKing$9 and TestKing4 are connected via a )A2. At

each site a router provides serial connectivit" to the )an and an Ethernet

connection to a A2. All three routers are conigured9 and the network is

unctional. 3onigure and appl" an access list will prevent telnet access to the

TestKing1 router while allowing all other traic to pass. The access list should not

contain more than three 546 statements and should be applied to the TestKing1

router. The routers have been previousl"

conigured with the ollowing speciications:

The routers are named TestKing19 TestKing$9 and TestKing4. I; is the routing protocol. The clocking signal is provided on the serial & interaces. All passwords on all routers are

8/10/2019 Access Lists QUESTION

3/7

!ecret password: testking

TestKing$

E& 1$.1%/.1''.1

!& 1$.1%/.11.1

!1 1$.1%/.1.$

!ecret password: testkingTestKing4

E& 1$.1%/.1%'.1

!1 1$.1%/.11.$

To conigure the router click on the host icon that is connected to a router b" a serial

console cable.

'. The ollowing access list was applied outbound on the E& interace connected tothe 1$.1%/.1./0$ A2:

access,list 1$4 den" tcp 1$.1%/.1./ &.&.&.# e* $& an"

access,list 1$4 den" tcp 1$.1%/.1./ &.&.&.# e* $1 an"

)hat eect will this access list have+

A. All traffic will be allowe to e!it E" e!cet FT$ traffic.B. FT$ traffic fro% 1&2.1'.1.22 to an *ost will be enie.

C. FT$ traffic fro% 1&2.1'.1.& to an *ost will be enie.

D. All traffic e!iting E" will be enie.E. All FT$ traffic to networ+ 1&2.1'.1.&,2& fro% an *ost will be enie.

:. )hich command is used to displa" the placement and direction o an I; access

control list on a router+

A. show access,listB. show ip route

C. show ip interaceD. show interaceE. show interace list

8/10/2019 Access Lists QUESTION

4/7

F. show ip interace brie

/. )hich o the ollowing access list statements will den" all telnet connections to

subnet 1&.&.1.&0$(+

A. access-list 19 en tc 1".".1." 299.299.299." e; telnet

B. access-list 119 en tc an 1".".1." e; telnetC. access-list 119 en an 1".".1" e; 23

D. access-list 119 en tc an 1".".1." ".".".299 e; 23

E. access-list 19 en telnet an 1".".1." ".".".299 e; 23

&. An access list has been designed to prevent Telnet traic rom the =raphics>epartment rom reaching the 8 server attached to the Eastield router. )hich o

the ollowing access lists will accomplish this task when grouped with the e&

interace in the inbound direction on the )estield router+

A. den" tcp 1$.1%/.1%.& &.&.&.$'' 1$.1%/.1#.$'$ &.&.&.& e* $4permit ip an" an"

B. den" tcp 1$.1%/.1/.$%$ &.&.&.& 1$.1%/.1%.& &.&.&.$'' e* $4

permit ip an" an"

C. permit ip an" an"

den" tcp 1$.1%/.1%.& &.&.&.$'' 1$.1#$.$'$ &.&.&.& e* $4D. permit ip an" an"den" tcp 1$.1%/.1#.$'$ &.&.&.& 1$.1%/.& &.&.&.$'' e* $4

8/10/2019 Access Lists QUESTION

5/7

1".Camden#show running-confgenable passo!d cisco"

use!name Cent!al passo!d 0 cisco"inte!#ace $%&0'0ip add!ess 192.168.0.1 2((.2((.2((.0encapsulation pppdiale! idle-timeout 180diale! map ip 192.168.0.2 name %emote (((2000diale!-)!oup 1isdn sitc*-type basic-nino #ai!-queueppp aut*entication c*ap

"ip !oute 192.168.20.0 2((.2((.2((.0 192.168.0.2"!oute! !ipneto!+ 192.168.0.0"access-list 129 deny tcp 192.168.0.0 0.0.0 2(( *ost 192.168.20.( eqaccess-list 128 pe!mit ip any anydiale!-list 1 p!otocol ip list 128

In an eort to minimi?e traic9 an administrator decided to keep web traic romcausing the I!>2 link to come up b" den"ing ))) traic to the 1$.1%/.$&.'

remote server. Two minutes ater making changes to the coniguration as shown in

the graphic9 the administrator notices that web traic is still passing over the link.

)hat is the most likel" cause o the problem+

A. T*e ialer-gro *as not been alie to otbon traffic.

B. T*e access-list is incorrectl configre.

C. Broacasts are creating

8/10/2019 Access Lists QUESTION

6/7

1. Answer: @Explanation:

To enable t*e AC on an interface an efine t*e irection of ac+ets to w*ic* t*e ACis alie t*e i access-gro co%%an is se.

=*en referring to a roter t*ese ter%s *a5e t*e following %eanings.

ut - Traffic t*at *as alrea been t*rog* t*e roter an is lea5ing t*e interface> t*esorce wol be w*ere it?s been (on t*e ot*er sie of t*e roter) an t*e estination isw*ere it?s going. In - Traffic t*at is arri5ing on t*e interface an w*ic* will go t*rog* t*e roter> t*esorce wol be w*ere it?s been an t*e estination is w*ere it?s going (on t*e ot*er sie

of t*e roter).

2. Answer: >

Explanation:

B efalt access list is *a5ing i%licit en state%ent at t*e en. /n t*is e!a%le t*ere is

no er%it state%ent so it will en all traffic e!iting E" /nterface.

Incorrect answersA: /t will en FT$ an Telnet Traffic

B939E: /t will en all traffic in aition to t*e conition %entione in t*e answer.Becase t*ere is no er%it state%ent at t*e en.

3. Answer: 3

8. Answer: 39 >9 EExplanation:

/$ access control lists (ACs) case a roter to iscar so%e ac+ets base on criteriaefine b t*e networ+ engineer. T*e goal of t*ese filters is to re5ent nwante traffic in

t*e networ+ @ w*et*er to re5ent *ac+ers fro% enetrating t*e networ+ or st to re5ent

e%loees fro% sing sste%s t*e s*ol not be sing./$ access lists can also be se to filter roting ates to %atc* ac+ets for

rioritiation to %atc* ac+ets for rioritiation to %atc* ac+ets for $4 tnneling

an to %atc* ac+ets for i%le%enting ;alit of ser5ice featres.

9. Answer:TestKing1>enablePassword:TestKing1#show access-listsTestKing1#config tEnter configuration commands, one per line. End with END.TestKing1config!#access-list 101 deny tcp any 192.168.149.1 0.0.0.0 eq 23TestKing1config!#access-list 101 deny tcp any 192.168.199.1 0.0.0.0 eq 23TestKing1config!#access-list 101 permit ip any anyTestKing1config!# interface thernet 0TestKing1config"if!#ip access-gro!p 101 inTestKing1config"if!#e"itTestKing1config!# interface serial 0

8/10/2019 Access Lists QUESTION

7/7

TestKing1config"if!#ip access-gro!p 101 inTestKing1config"if!# #$%&'-()TestKing1#copy r!nning-config start!p-configDestination filename startup"config$%&. Answer: >

'. Answer: 3

(. Answer: >

). Answer: AExplanation T*e snta! for an access list is t*e sorce aress first t*en t*e estination

aress. /n t*is case t*e sorce aress is 1&2.1'.1'.",28 an t*e estination aress

1&2.1'.1:.292

1". Answer: B

Explanation:T*e access list is incorrectl configre T*e e!tene list for t*e en is 12& T*e ot*er

is 12 an t*e ialer list is referencing t*e 12 access-list.