logo

CuriousTab

CuriousTab

Discussion


Home Networking Security Comments

  • Question
  • What command will permit SMTP mail to only host 1.1.1.1?


  • Options
  • A. access-list 10 permit smtp host 1.1.1.1
  • B. access-list 110 permit ip smtp host 1.1.1.1
  • C. access-list 10 permit tcp any host 1.1.1.1 eq smtp
  • D. access-list 110 permit tcp any host 1.1.1.1 eq smtp

  • Correct Answer
  • access-list 110 permit tcp any host 1.1.1.1 eq smtp 

    Explanation
    When trying to find the best answer to an access-list question, always check the access-list number and then the protocol. When filtering to an upper-layer protocol, you must use an extended list, numbers 100-199 and 2000-2699. Also, when you filter to an upper-layer protocol, you must use either tcp or udp in the protocol field. If it says ip in the protocol field, you cannot filter to an upper-layer protocol. SMTP uses TCP.

  • Security problems


    Search Results


    • 1. Which of the following is an example of a standard IP access list?

    • Options
    • A. access-list 110 permit host 1.1.1.1
    • B. access-list 1 deny 172.16.10.1 0.0.0.0
    • C. access-list 1 permit 172.16.10.1 255.255.0.0
    • D. access-list standard 1.1.1.1
    • Discuss
    • 2. Which command would you use to apply an access list to a router interface?

    • Options
    • A. ip access-list 101 out
    • B. access-list ip 101 in
    • C. ip access-group 101 in
    • D. access-group ip 101 in
    • Discuss
    • 3. Which of the following is true regarding access lists applied to an interface?

    • Options
    • A. You can place as many access lists as you want on any interface until you run out of memory.
    • B. You can apply only one access list on any interface.
    • C. One access list may be configured, per direction, for each layer 3 protocol configured on an interface.
    • D. You can apply two access lists to any interface.
    • Discuss
    • 4. Which router command allows you to view the entire contents of all access lists?

    • Options
    • A. Router# show interface
    • B. Router> show ip interface
    • C. Router# show access-lists
    • D. Router> show all access-lists
    • Discuss
    • 5. If you wanted to deny FTP access from network 200.200.10.0 to network 200.199.11.0 but allow everything else, which of the following command strings is valid?

    • Options
    • A. access-list 110 deny 200.200.10.0 to network 200.199.11.0 eq ftp
      access-list 111 permit ip any 0.0.0.0 255.255.255.255
    • B. access-list 1 deny ftp 200.200.10.0 200.199.11.0 any any
    • C. access-list 100 deny tcp 200.200.10.0 0.0.0.255 200.199.11.0 0.0.0.255 eq ftp
    • D. access-list 198 deny tcp 200.200.10.0 0.0.0.255 200.199.11.0 0.0.0.255 eq ftp
      access-list 198 permit ip any 0.0.0.0 255.255.255.255
    • Discuss
    • 6. You configure the following access list:

      access-list 110 deny tcp 10.1.1.128 0.0.0.63 any eq smtp
      access-list 110 deny tcp any eq 23
      int ethernet 0
      ip access-group 110 out
      What will the result of this access list be?

    • Options
    • A. Email and Telnet will be allowed out E0.
    • B. Email and Telnet will be allowed in E0.
    • C. Everything but email and Telnet will be allowed out E0.
    • D. No IP traffic will be allowed out E0.
    • Discuss
    • 7. If you wanted to deny all Telnet connections to only network 192.168.10.0, which command could you use?

    • Options
    • A. access-list 100 deny tcp 192.168.10.0 255.255.255.0 eq telnet
    • B. access-list 100 deny tcp 192.168.10.0 0.255.255.255 eq telnet
    • C. access-list 100 deny tcp any 192.168.10.0 0.0.0.255 eq 23
    • D. access-list 100 deny 192.168.10.0 0.0.0.255 any eq 23
    • Discuss
    • 8. You have created a named access list called Blocksales. Which of the following is a valid command for applying this to packets trying to enter interface s0 of your router?

    • Options
    • A. (config)# ip access-group 110 in
    • B. (config-if)# ip access-group 110 in
    • C. (config-if)# ip access-group Blocksales in
    • D. (config-if)# blocksales ip access-list in
    • Discuss
    • 9. Which of the following access lists will allow only HTTP traffic into network 196.15.7.0?

    • Options
    • A. access-list 100 permit tcp any 196.15.7.0 0.0.0.255 eq www
    • B. access-list 10 deny tcp any 196.15.7.0 eq www
    • C. access-list 100 permit 196.15.7.0 0.0.0.255 eq www
    • D. access-list 110 permit ip any 196.15.7.0 0.0.0.255
    • E. access-list 110 permit www 196.15.7.0 0.0.0.255
    • Discuss
    • 10. You want to create a standard access list that denies the subnet of the following host: 172.16.144.17/21. Which of the following would you start your list with?

    • Options
    • A. access-list 10 deny 172.16.48.0 255.255.240.0
    • B. access-list 10 deny 172.16.144.0 0.0.7.255
    • C. access-list 10 deny 172.16.64.0 0.0.31.255
    • D. access-list 10 deny 172.16.136.0 0.0.15.255
    • Discuss


    Comments

    There are no comments.

Enter a new Comment