logo

CuriousTab

CuriousTab

Discussion


Home Networking Security Comments

  • Question
  • If you wanted to deny FTP access from network 200.200.10.0 to network 200.199.11.0 but allow everything else, which of the following command strings is valid?


  • Options
  • A. access-list 110 deny 200.200.10.0 to network 200.199.11.0 eq ftp
    access-list 111 permit ip any 0.0.0.0 255.255.255.255
  • B. access-list 1 deny ftp 200.200.10.0 200.199.11.0 any any
  • C. access-list 100 deny tcp 200.200.10.0 0.0.0.255 200.199.11.0 0.0.0.255 eq ftp
  • D. access-list 198 deny tcp 200.200.10.0 0.0.0.255 200.199.11.0 0.0.0.255 eq ftp
    access-list 198 permit ip any 0.0.0.0 255.255.255.255

  • Correct Answer
  • access-list 198 deny tcp 200.200.10.0 0.0.0.255 200.199.11.0 0.0.0.255 eq ftp
    access-list 198 permit ip any 0.0.0.0 255.255.255.255
     

    Explanation
    Extended IP access lists use numbers 100-199 and 2000-2699 and filter based on source and destination IP address, protocol number, and port number. The last option is correct because of the second line that specifies permit ip any any. (I used 0.0.0.0 255.255.255.255, which is the same as the any option.) The third option does not have this, so it would deny access but not allow everything else.

  • Security problems


    Search Results


    • 1. What does a switch do when a frame is received on an interface and the destination hardware address is unknown or not in the filter table?

    • Options
    • A. Forwards the switch to the first available link
    • B. Drops the frame
    • C. Floods the network with the frame looking for the device
    • D. Sends back a message to the originating station asking for a name resolution
    • Discuss
    • 2. If you want to disable STP on a port connected to a server, which command would you use?

    • Options
    • A. disable spanning-tree
    • B. spanning-tree off
    • C. spanning-tree security
    • D. spanning-tree portfast
    • Discuss
    • 3. Your switch has a port status LED that is alternating between green and amber. What could this indicate?

    • Options
    • A. The port is experiencing errors.
    • B. The port is shut down.
    • C. The port is in STP blocking mode.
    • D. Nothing; this is normal.
    • Discuss
    • 4. What is the purpose of Spanning Tree Protocol in a switched LAN?

    • Options
    • A. To provide a mechanism for network monitoring in switched environments
    • B. To prevent routing loops in networks with redundant paths
    • C. To prevent switching loops in networks with redundant switched paths
    • D. To manage the VLAN database across multiple switches
    • E. To create collision domains
    • Discuss
    • 5. Which statement describes a spanning-tree network that has converged?

    • Options
    • A. All switch and bridge ports are in the forwarding state.
    • B. All switch and bridge ports are assigned as either root or designated ports.
    • C. All switch and bridge ports are in either the forwarding or blocking state.
    • D. All switch and bridge ports are either blocking or looping.
    • Discuss
    • 6. Which router command allows you to view the entire contents of all access lists?

    • Options
    • A. Router# show interface
    • B. Router> show ip interface
    • C. Router# show access-lists
    • D. Router> show all access-lists
    • Discuss
    • 7. Which of the following is true regarding access lists applied to an interface?

    • Options
    • A. You can place as many access lists as you want on any interface until you run out of memory.
    • B. You can apply only one access list on any interface.
    • C. One access list may be configured, per direction, for each layer 3 protocol configured on an interface.
    • D. You can apply two access lists to any interface.
    • Discuss
    • 8. Which command would you use to apply an access list to a router interface?

    • Options
    • A. ip access-list 101 out
    • B. access-list ip 101 in
    • C. ip access-group 101 in
    • D. access-group ip 101 in
    • Discuss
    • 9. Which of the following is an example of a standard IP access list?

    • Options
    • A. access-list 110 permit host 1.1.1.1
    • B. access-list 1 deny 172.16.10.1 0.0.0.0
    • C. access-list 1 permit 172.16.10.1 255.255.0.0
    • D. access-list standard 1.1.1.1
    • Discuss
    • 10. What command will permit SMTP mail to only host 1.1.1.1?

    • Options
    • A. access-list 10 permit smtp host 1.1.1.1
    • B. access-list 110 permit ip smtp host 1.1.1.1
    • C. access-list 10 permit tcp any host 1.1.1.1 eq smtp
    • D. access-list 110 permit tcp any host 1.1.1.1 eq smtp
    • Discuss


    Comments

    There are no comments.

Enter a new Comment