Discussion
Home ‣ Networking ‣ Security Comments
- Question
If you wanted to deny FTP access from network 200.200.10.0 to network 200.199.11.0 but allow everything else, which of the following command strings is valid?
Options- A. access-list 110 deny 200.200.10.0 to network 200.199.11.0 eq ftp
access-list 111 permit ip any 0.0.0.0 255.255.255.255 - B. access-list 1 deny ftp 200.200.10.0 200.199.11.0 any any
- C. access-list 100 deny tcp 200.200.10.0 0.0.0.255 200.199.11.0 0.0.0.255 eq ftp
- D. access-list 198 deny tcp 200.200.10.0 0.0.0.255 200.199.11.0 0.0.0.255 eq ftp
access-list 198 permit ip any 0.0.0.0 255.255.255.255 - Correct Answer
- access-list 198 deny tcp 200.200.10.0 0.0.0.255 200.199.11.0 0.0.0.255 eq ftp
access-list 198 permit ip any 0.0.0.0 255.255.255.255
ExplanationExtended IP access lists use numbers 100-199 and 2000-2699 and filter based on source and destination IP address, protocol number, and port number. The last option is correct because of the second line that specifies permit ip any any. (I used 0.0.0.0 255.255.255.255, which is the same as the any option.) The third option does not have this, so it would deny access but not allow everything else. - 1. What does a switch do when a frame is received on an interface and the destination hardware address is unknown or not in the filter table?
Options- A. Forwards the switch to the first available link
- B. Drops the frame
- C. Floods the network with the frame looking for the device
- D. Sends back a message to the originating station asking for a name resolution Discuss
- 2. If you want to disable STP on a port connected to a server, which command would you use?
Options- A. disable spanning-tree
- B. spanning-tree off
- C. spanning-tree security
- D. spanning-tree portfast Discuss
- 3. Your switch has a port status LED that is alternating between green and amber. What could this indicate?
Options- A. The port is experiencing errors.
- B. The port is shut down.
- C. The port is in STP blocking mode.
- D. Nothing; this is normal. Discuss
- 4. What is the purpose of Spanning Tree Protocol in a switched LAN?
Options- A. To provide a mechanism for network monitoring in switched environments
- B. To prevent routing loops in networks with redundant paths
- C. To prevent switching loops in networks with redundant switched paths
- D. To manage the VLAN database across multiple switches
- E. To create collision domains Discuss
- 5. Which statement describes a spanning-tree network that has converged?
Options- A. All switch and bridge ports are in the forwarding state.
- B. All switch and bridge ports are assigned as either root or designated ports.
- C. All switch and bridge ports are in either the forwarding or blocking state.
- D. All switch and bridge ports are either blocking or looping. Discuss
- 6. Which router command allows you to view the entire contents of all access lists?
Options- A. Router# show interface
- B. Router> show ip interface
- C. Router# show access-lists
- D. Router> show all access-lists Discuss
- 7. Which of the following is true regarding access lists applied to an interface?
Options- A. You can place as many access lists as you want on any interface until you run out of memory.
- B. You can apply only one access list on any interface.
- C. One access list may be configured, per direction, for each layer 3 protocol configured on an interface.
- D. You can apply two access lists to any interface. Discuss
- 8. Which command would you use to apply an access list to a router interface?
Options- A. ip access-list 101 out
- B. access-list ip 101 in
- C. ip access-group 101 in
- D. access-group ip 101 in Discuss
- 9. Which of the following is an example of a standard IP access list?
Options- A. access-list 110 permit host 1.1.1.1
- B. access-list 1 deny 172.16.10.1 0.0.0.0
- C. access-list 1 permit 172.16.10.1 255.255.0.0
- D. access-list standard 1.1.1.1 Discuss
- 10. What command will permit SMTP mail to only host 1.1.1.1?
Options- A. access-list 10 permit smtp host 1.1.1.1
- B. access-list 110 permit ip smtp host 1.1.1.1
- C. access-list 10 permit tcp any host 1.1.1.1 eq smtp
- D. access-list 110 permit tcp any host 1.1.1.1 eq smtp Discuss
Security problems
Search Results
Correct Answer: Floods the network with the frame looking for the device
Explanation:
Switches flood all frames that have an unknown destination address. If a device answers the frame, the switch will update the MAC address table to reflect the location of the device.
Correct Answer: spanning-tree portfast
Explanation:
If you have a server or other devices connected into your switch that you're totally sure won't create a switching loop if STP is disabled, you can use something called
portfast on these ports. Using it means the port won't spend the usual 50 seconds to come up while STP is converging.
Correct Answer: The port is experiencing errors.
Explanation:
When you connect to a switch port, at first the link lights are orange/amber, and then they turn green, indicating normal operation. If the link light is blinking, you have a problem.
Correct Answer: To prevent switching loops in networks with redundant switched paths
Explanation:
The Spanning Tree Protocol (STP) was designed to stop layer 2 loops. All Cisco switches have the STP on by default.
Correct Answer: All switch and bridge ports are in either the forwarding or blocking state.
Explanation:
Convergence occurs when all ports on bridges and switches have transitioned to either the forwarding or blocking states. No data is forwarded until convergence is complete. Before data can be forwarded again, all devices must be updated.
Correct Answer: Router# show access-lists
Explanation:
The
show access-lists command will allow you to view the entire contents of all access lists, but it will not show you the interfaces to which the access lists are applied.
Correct Answer: One access list may be configured, per direction, for each layer 3 protocol configured on an interface.
Explanation:
A Cisco router has rules regarding the placement of access lists on a router interface. You can place one access list per direction for each layer 3 protocol configured on an interface.
Correct Answer: ip access-group 101 in
Explanation:
To apply an access list, the proper command is
ip access-group 101 in.
Correct Answer: access-list 1 deny 172.16.10.1 0.0.0.0
Explanation:
Standard IP access lists use the numbers 1-99 and 1300-1999 and filter based on source IP address only. Option C is incorrect because the mask must be in wildcard format.
Correct Answer: access-list 110 permit tcp any host 1.1.1.1 eq smtp
Explanation:
When trying to find the best answer to an access-list question, always check the access-list number and then the protocol. When filtering to an upper-layer protocol, you must use an extended list, numbers 100-199 and 2000-2699. Also, when you filter to an upper-layer protocol, you must use either
tcp or
udp in the protocol field. If it says
ip in the protocol field, you cannot filter to an upper-layer protocol. SMTP uses TCP.
Comments
There are no comments.Programming
Copyright ©CuriousTab. All rights reserved.