BYUI CIT241 TestOut > Chapter 12 > Flashcards

Chapter 12 Flashcards

(20 cards)

Study These Flashcards
1
Q

Which of the following statements apply only to extended access lists, not to standard access lists? (Select two.)

  • You can filter traffic by destination IP addresses.
  • You can either permit or deny TCP/IP traffic.
  • You can log traffic that matches access list entries.

You can assign more than one list per direction to each interface.

  • You can filter traffic for a specific protocol.
  • You can filter traffic by source IP addresses.
A
  • You can filter traffic by destination IP addresses.
  • You can filter traffic for a specific protocol.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following statements about ACLs are true? (Select two.)

  • You can apply a maximum of two standard and two extended ACLs to each interface.
  • Standard ACLs can filter by source or destination IP address.
  • An ACL without a permit statement does not allow any traffic.
  • ACLs can only be applied on the inbound interface.
  • Inbound ACLs are applied before the routing process.
A
  • An ACL without a permit statement does not allow any traffic.
  • An ACL without a permit statement does not allow any traffic.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following describes how ACLs can improve network security?

  • An ACL filters traffic by the frame header such as source or destination MAC address.
  • An ACL filters traffic by the IP header information such as source or destination IP address, protocol, or socket numbers.
  • An ACL identifies traffic that must use authentication or encryption.
  • An ACL looks for patterns of traffic between multiple packets and takes action to stop detected attacks.
A

-An ACL filters traffic by the IP header information such as source or destination IP address, protocol, or socket numbers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Your router currently has two ACLs:

One list denies SAP broadcasts and allows all other traffic. This list is applied to outbound traffic on Serial0.
The second list denies Telnet traffic and allows all other traffic. This list is applied to inbound traffic on Serial1.
You also want to restrict all outbound traffic sent through Serial0 from network 192.168.2.0/24. How should you configure ACLs on the router to meet all current and new requirements with as little effort as possible?

  • Add a statement to the first ACL to restrict traffic from network 192.168.2.0/24 (in addition to restricting SAP broadcast traffic).
  • Create a new ACL that denies traffic from network 192.168.2.0/24 and permits all other traffic. Apply the ACL to the Serial0 interface for outbound traffic.
  • Create a new ACL that denies traffic from network 192.168.2.0/24, denies SAP broadcast traffic, and permits all other traffic. Apply the ACL to the Serial0 interface for outbound traffic.
  • Add a statement to the second ACL to restrict traffic from network 192.168.2.0/24 (in addition to restricting Telnet traffic).
A

Create a new ACL that denies traffic from network 192.168.2.0/24 and permits all other traffic. Apply the ACL to the Serial0 interface for outbound traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

You want to control Telnet access to your router and only allow access from within the corporate network. You have subnetted your network so that all IP addresses use subnets of the 172.18.0.0/16 network.

You want to apply the ACL to the VTY lines. Which of the following would be part of your design? (Select two.)

  • access-list 7 permit 172.18.0.0 0.0.255.255
  • ip access-class 7 in
  • ip access-group 7 out
  • access-list 7 permit ip any any
  • ip access-class 7 out
  • ip access-group 7 in
A
  • access-list 7 permit 172.18.0.0 0.0.255.255
  • ip access-class 7 in
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

You have used the following commands at the router console to create an IP access list and switch to interface configuration mode:

Router(config)#access-list 122 permit tcp 10.6.0.0 0.0.255.255 any
Router(config)#int eth 0

Which of the following commands would you use to add the access list to this interface and filter incoming packets?

  • enable access-list 122 in
  • apply access-list 122 in
  • access-list 122 in
  • access-group 122 in
  • ip access-group 122 in
A

ip access-group 122 in

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following commands can you use to see which ACL is applied to the first Ethernet interface?

  • sh access-lists
  • sh ip access-lists
  • sh int eth 0
  • sh ip int
A

sh ip int

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

You have just finished configuring ACL 101 and are ready to apply it to an interface. Before you do this, you would like to view the ACL to ensure there are no mistakes. Which command displays access list 101?

  • debug access-list 101
  • show IP access list 101
  • show access-lists 101
  • show access lists detail
A

show access-lists 101

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

You are configuring ACLs for a router. You need to create a standard IP access list that permits all traffic except traffic from the 192.168.1.0/24 network .

To verify that the ACL is configured correctly and functioning as intended, you want to view extended information about matches for each line in the ACL as packets are processed by the router.

Which two commands would you use to view the information you need? (Select two.)

  • access-list 1 permit any
  • access-list 1 permit 192.168.1.0 0.0.0.255 log
  • access-list 1 deny 192.168.1.0 log
  • access-list 1 permit any log
  • access-list 1 deny 192.168.1.0 0.0.0.255 log
  • access-list 1 deny 192.168.1.0 0.0.0.255
A
  • access-list 1 permit any log
  • access-list 1 deny 192.168.1.0 0.0.0.255 log
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Your company has two subnets, 172.16.1.0 and 172.16.2.0, as shown in the exhibit. You want to prevent public Telnet traffic from entering your company but allow all other traffic.

Which of the following sets of statements will accomplish your goal?

-access-list 101 deny tcp 172.16.0.0 0.0.255.255 any eq 23
access-list 101 permit ip 172.16.2.0 0.0.255.255 any
interface serial 0
ip access-group 101 in

-access-list 101 deny tcp 172.16.0.0 0.0.255.255 any eq 23
access-list 101 permit ip 172.16.2.0 0.0.255.255 any
interface serial 0
ip access-group 101 out

-access-list 101 deny tcp any 172.16.0.0 0.0.255.255 eq 23
access-list 101 permit ip any 172.16.2.0 0.0.255.255
interface serial 0
ip access-group 101 in

-access-list 101 deny tcp any 172.16.0.0 0.0.255.255 eq 23
access-list 101 permit ip any 172.16.2.0 0.0.255.255
interface serial 0
ip access-group 101 out

A

-access-list 101 deny tcp any 172.16.0.0 0.0.255.255 eq 23

-access-list 101 permit ip any 172.16.2.0 0.0.255.255
interface serial 0
ip access-group 101 in

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following numbering ranges are used by extended ACLs? (Select two.)

  • 1-99
  • 2000-2699
  • 1000-1999
  • 100-199
  • 200-269
  • 1300-1999
A

200-269

2000-2699

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following is a good general rule regarding the placement of extended ACLs?

  • Extended ACLs should be placed on the default gateway router.
  • Extended ACLs should be placed as close as possible to the source router.
  • Extended ACLs should be placed on Distribution layer routers.
  • Extended ACLs should be placed on Access layer routers.
  • Extended ACLs should be placed as close as possible to the destination router.
A

Extended ACLs should be placed as close as possible to the source router.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following describe the attributes that extended ACLs can use to filter network traffic? (Select two.)

  • Extended ACLs can filter network traffic based on source protocol (i.e., IP, TCP, UDP, etc.).
  • Extended ACLs can only be used to permit network traffic, not to deny it.
  • Extended ACLs can filter network traffic based on destination hostname or host IP address.
  • Extended ACLs can only filter network traffic based on source hostname or host IP address.
  • Extended ACLs can only filter network traffic based on source socket number.
A

Extended ACLs can filter network traffic based on source protocol (i.e., IP, TCP, UDP, etc.).

Extended ACLs can filter network traffic based on destination hostname or host IP address.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following statements are true about IPv6 ACLs? (Select two.)

  • IPv6 ACLs are similar to IPv4 extended named ACLs in functionality.
  • IPv6 ACLs use either named or numbered ACLs.
  • IPv6 ACLs do not use wildcard masks.
  • IPv6 ACLs can cannot exist on the same interface as IPv4 ACLs.
  • Creating IPv6 ACLs is very different from creating IPv4 ACLs.
A

IPv6 ACLs are similar to IPv4 extended named ACLs in functionality.

IPv6 ACLs do not use wildcard masks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which command is used to apply an IPv6 ACL to an interface?

  1. ipv6 traffic-control
  2. ipv6 access-class
  3. ipv6 traffic-filter
  4. ipv6 interface-filter
A

ipv6 traffic-filter

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which command uses the correct syntax and argument to create an IPv6 ACL?

  • ipv6 acl DENY_FTP
  • ipv6 access-list DENY_FTP
  • access-list DENY_FTP
  • ipv6 acl 121
  • ipv6 access-list 121
Study These Flashcards
A

ipv6 access-list DENY_FTP

17
Q

You want to create an ACL statement that allows traffic from any network. Which network address and wildcard mask value should you use?

  • 255.255.255.255 0.0.0.0
  • 0.0.0.0 0.0.0.0
  • 0.0.0.0 255.255.255.255
  • 255.255.255.255 255.255.255.255
Study These Flashcards
A

0.0.0.0 255.255.255.255

18
Q

You are configuring ACLs on a router, and you want to deny traffic being sent to the 10.10.16.0/21 network.

Which wildcard mask should you use with the access-list statement?

  • 255.255.248.0
  • 255.255.255.*
  • 0.0.0.255
  • 0.0.7.255
19
Q

You are configuring ACLs for a router. You need to create an extended IP access list that rejects any packets sent from a host with an IP address of 10.1.1.1 to a host with an IP address of 15.1.1.1. All other traffic should be allowed.

To verify that the ACL is configured correctly and functioning as intended, you want to view extended information about matches for each line in the ACL as packets are processed by the router.

Which two commands are needed to view the information? (Select two.)

  • access-list 101 permit ip 10.1.1.1 0.0.0.0 15.1.1.1 0.0.0.0 log
  • access-list 101 deny ip 10.1.1.1 0.0.0.0 15.1.1.1 0.0.0.0 log
  • access-list 101 deny ip 10.1.1.1 0.0.0.0 15.1.1.1 0.0.0.0
  • access-list 101 deny ip any any log
  • access-list 101 permit ip any any log
  • access-list 101 permit ip any any
Study These Flashcards
A

access-list 101 deny ip 10.1.1.1 0.0.0.0 15.1.1.1 0.0.0.0 log

access-list 101 permit ip any any log

20
Q

Your company has two subnets, 172.16.1.0 and 172.16.2.0, as shown. You want to protect your 172.16.2.0 subnet from all traffic except traffic originating from subnet 172.16.1.0. You don’t want anyone to Telnet into host 172.16.2.13. You currently have no filters applied to your router. You’ve created the following access list:

access-list 101 deny tcp 172.16.1.0 0.0.255.255 host 172.16.2.13 eq 23
access-list 101 permit ip 172.16.1.0 0.0.255.255 172.16.2.0 0.0.0.255

Where should you apply this filter?

  • inbound side of S0
  • outbound side of E0
  • inbound side of E1
  • outbound side of E1
  • outbound side of S0
  • inbound side of E0
BYUI CIT241 TestOut
flashcards
Decks in class (5)
# Cards
Brainscape helps you reach your goals faster, through stronger study habits.
© 2026 Bold Learning Solutions. Terms and Conditions