• blocked in and out of all interfaces
• blocked on all inbound interfaces, but permitted on all outbound interfaces
• permitted in and out of all interfaces
• blocked on all outbound interfaces, but permitted on all inbound interfaces
2. Which three parameters can ACLs use to filter traffic? (Choose three.)
• packet size
• protocol suite
• source address
• destination address
• source router interface
• destination router interface
3. How do Cisco standard ACLs filter traffic?
• by destination UDP port
• by protocol type
• by source IP address
• by source UDP port
• by destination IP address
4. Which two statements are correct about extended ACLs? (Choose two)
• Extended ACLs use a number range from 1-99.
• Extended ACLs end with an implicit permit statement.
• Extended ACLs evaluate the source and destination addresses.
• Port numbers can be used to add greater definition to an ACL.
• Multiple ACLs can be placed on the same interface as long as they are in the same direction.
5. Where should a standard access control list be placed?
• close to the source
• close to the destination
• on an Ethernet port
• on a serial port
6. Which three statements describe ACL processing of packets? (Choose three.)
• An implicit deny any rejects any packet that does not match any ACL statement.
• A packet can either be rejected or forwarded as directed by the statement that is matched.
• A packet that has been denied by one statement can be permitted by a subsequent statement.
• A packet that does not match the conditions of any ACL statements will be forwarded by default.
• Each statement is checked only until a match is detected or until the end of the ACL statement list.
• Each packet is compared to the conditions of every statement in the ACL before a forwarding decision is made.
7. Which two statements are true regarding the significance of the access control list wildcard mask 0.0.0.7? (Choose two.)
• The first 29 bits of a given IP address will be ignored.
• The last 3 bits of a given IP address will be ignored.
• The first 32 bits of a given IP address will be checked.
• The first 29 bits of a given IP address will be checked.
• The last 3 bits of a given IP address will be checked.
8. Which two statements are true regarding the following extended ACL? (Choose two.)
access-list 101 deny tcp 172.16.3.0 0.0.0.255 any eq 20
access-list 101 deny tcp 172.16.3.0 0.0.0.255 any eq 21
access-list 101 permit ip any any
• FTP traffic originating from network 172.16.3.0/24 is denied.
• All traffic is implicitly denied.
• FTP traffic destined for the 172.16.3.0/24 network is denied.
• Telnet traffic originating on network 172.16.3.0/24 is denied.
• Web traffic originating from 172.16.3.0 is permitted.
9. Interface s0/0/0 already has an IP ACL applied inbound. What happens when the network administrator attempts to apply a second inbound IP ACL?
• The second ACL is applied to the interface, replacing the first.
• Both ACLs are applied to the interface.
• The network administrator receives an error.
• Only the first ACL remains applied to the interface.
10.
0 comments:
Post a Comment