Discussion
Home ‣ Certification ‣ CISCO Certification Comments
- Question
What is the most common attack on a network today?
Options- A. Lock picking
- B. Naggle
- C. DoS
- D. auto secure
- Correct Answer
- DoS
ExplanationThe most common attack on a network today is a denial of service (DoS) because they are the easiest attack to achieve.
- 1. Which command would you use to apply an access list to a router interface?
Options- A. ip access - list 101 out
- B. acces - list ip 101 in
- C. ip access - group 101 in
- D. access - group ip 101 in Discuss
- 2. If you wanted to deny all Telnet connections to only network 192.168.10.0, which command could you use?
Options- A. access-list 100 deny tcp 192.168.10.0 255.255.255.0 eq telnet
- B. access-list 100 deny tcp 192.168.10.0 0.255.255.255 eq telnet
- C. access - list 100 deny tcp any 192.168.10.0 0.0.0.255 eq 23
- D. access - list 100 deny 192.168.10.0 0.0.0.255 any eq 23 Discuss
- 3. What router command allows you to determine whether an IP access list is enabled on a particular interface?
Options- A. show ip port
- B. show access - lists
- C. show ip interface
- D. show access - lists interface Discuss
- 4. You need to create an access list that will prevent hosts in the network range of 192.168.160.0 to 192.168.191.0 . Which of the following lists will you use?
Options- A. access - list 10 deny 192.168.160.0 255.255.224.0
- B. access - list 10 deny 192.168.160.0 0.0.191.255
- C. access - list 10 deny 192.168.160.0 0.0.31.255
- D. access - list 10 deny 192.168.0.0 0.0.31.255 Discuss
- 5. Which of the following is an example of a standard IP access list?
Options- A. access - list 110 permit host 1.1.1.1
- B. access - list 1 deny 172 . 16 . 10 . 1 0 . 0 . 0 . 0
- C. access - list 1 permit 172 . 16 . 10 . 1 255 . 255 . 0 . 0
- D. access - list standard 1 . 1 . 1 . 1 Discuss
- 6. What command would you use to create an extended access list that stops host 172.16.10.1 fro telnetting to host 172.16.30.5? Discuss
- 7. What command would you use to set an access list on a VTY line? Discuss
- 8. Which command will allow you to see real - time translations on your router?
Options- A. show ip nat translations
- B. show ip nat statistics
- C. debug ip nat
- D. clear ip nat translations Discuss
- 9. Which command will create a dynamic pool named Todd that will provide you with 30 global addresses?
Options- A. ip nat pool Todd 171.16.10.65 171.16.10.94 net 255.255.255.240
- B. ip nat pool Todd 171.16.10.65 171.16.10.94 net 255.255.255.224
- C. ip nat pool todd 171.16.10.65 171.16.10.94 net 255.255.255.224
- D. ip nat pool Todd 171.16.10.1 171.16.10.254 net 255.255.255.0 Discuss
- 10. When creating a pool of global address, which of the following can be used instead of the netmask command?
Options- A. / (slash notation)
- B. prefix - length
- C. no mask
- D. block - size Discuss
CISCO Certification problems
Search Results
Correct Answer: ip access - group 101 in
Explanation:
To apply an access list , the proper command is ip access - group 101 in.
Correct Answer: access - list 100 deny tcp any 192.168.10.0 0.0.0.255 eq 23
Explanation:
The extended access list ranges are 100 - 199 and 2000 - 2699, so the access-list number of 100 is valid. Telnet uses TCP, so the protocol TCP is valid. Now you just need to look for the source and destination address. only the third option has the correct sequence of parameters. Option B may work, but the question specifically states "only" to network 192.168.10.0, and the wildcard in option B is too broad.
Correct Answer: show ip interface
Explanation:
Of the available choices only the show ip interface command will tell you which interfaces have access lists applied. show access - lists will not show you which interfaces have an access list applied.
Correct Answer: access - list 10 deny 192.168.160.0 0.0.31.255
Explanation:
The range of 192.168.160.0 to 192.168.191.0 is a block size of 32. The network address is 192.168.160.0 and the mask would be 255.255.224.0, which for an access list must be a wildcard format of 0.0.31.255 . The 31 is used for a block size of 32. The wildcard is always one less than the block size.
Correct Answer: access - list 1 deny 172 . 16 . 10 . 1 0 . 0 . 0 . 0
Explanation:
Standard IP access lists use the numbers 1 - 99 and 1300 - 1999 and filter based on source IP address only. Option C is incorrect because the mask must be in wildcard format.
Correct Answer: access - list 110 deny tcp host 17216101 host 17216305 eq 23 access - list 110 permit ip any any
Correct Answer: line vty 0 4 access - class 110 in
Correct Answer: debug ip nat
Explanation:
The command debug ip nat will show you in real time the translations occurring on your router.
Correct Answer: ip nat pool Todd 171.16.10.65 171.16.10.94 net 255.255.255.224
Explanation:
The command ip nat pool name creates the pool that hosts can use to get onto the global internet. What makes option B correct is that the range 171.16.10.65 through 171.16.10.94 includes 30 hosts, but the mask has to match 30 hosts as well, and that mask is 255.255.255.224 . Option C is wrong because there is a lowercase t in the pool name. Pool name are case sensitive.
Correct Answer: prefix - length
Explanation:
Instead of the netmask command, you can use the prefix-length length statement.
Comments
There are no comments.Programming
Copyright ©CuriousTab. All rights reserved.