logo

CuriousTab

CuriousTab

Discussion


Home Networking Security Comments

  • Question
  • If you wanted to deny all Telnet connections to only network 192.168.10.0, which command could you use?


  • Options
  • A. access-list 100 deny tcp 192.168.10.0 255.255.255.0 eq telnet
  • B. access-list 100 deny tcp 192.168.10.0 0.255.255.255 eq telnet
  • C. access-list 100 deny tcp any 192.168.10.0 0.0.0.255 eq 23
  • D. access-list 100 deny 192.168.10.0 0.0.0.255 any eq 23

  • Correct Answer
  • access-list 100 deny tcp any 192.168.10.0 0.0.0.255 eq 23 

    Explanation
    The extended access list ranges are 100-199 and 2000-2699, so the access-list number of 100 is valid. Telnet uses TCP, so the protocol TCP is valid. Now you just need to look for the source and destination address. Only the third option has the correct sequence of parameters. Answer B may work, but the question specifically states "only" to network 192.168.10.0, and the wildcard in answer B is too broad.

  • Security problems


    Search Results


    • 1. You configure the following access list:

      access-list 110 deny tcp 10.1.1.128 0.0.0.63 any eq smtp
      access-list 110 deny tcp any eq 23
      int ethernet 0
      ip access-group 110 out
      What will the result of this access list be?

    • Options
    • A. Email and Telnet will be allowed out E0.
    • B. Email and Telnet will be allowed in E0.
    • C. Everything but email and Telnet will be allowed out E0.
    • D. No IP traffic will be allowed out E0.
    • Discuss
    • 2. What command will permit SMTP mail to only host 1.1.1.1?

    • Options
    • A. access-list 10 permit smtp host 1.1.1.1
    • B. access-list 110 permit ip smtp host 1.1.1.1
    • C. access-list 10 permit tcp any host 1.1.1.1 eq smtp
    • D. access-list 110 permit tcp any host 1.1.1.1 eq smtp
    • Discuss
    • 3. Which of the following is an example of a standard IP access list?

    • Options
    • A. access-list 110 permit host 1.1.1.1
    • B. access-list 1 deny 172.16.10.1 0.0.0.0
    • C. access-list 1 permit 172.16.10.1 255.255.0.0
    • D. access-list standard 1.1.1.1
    • Discuss
    • 4. Which command would you use to apply an access list to a router interface?

    • Options
    • A. ip access-list 101 out
    • B. access-list ip 101 in
    • C. ip access-group 101 in
    • D. access-group ip 101 in
    • Discuss
    • 5. Which of the following is true regarding access lists applied to an interface?

    • Options
    • A. You can place as many access lists as you want on any interface until you run out of memory.
    • B. You can apply only one access list on any interface.
    • C. One access list may be configured, per direction, for each layer 3 protocol configured on an interface.
    • D. You can apply two access lists to any interface.
    • Discuss
    • 6. You have created a named access list called Blocksales. Which of the following is a valid command for applying this to packets trying to enter interface s0 of your router?

    • Options
    • A. (config)# ip access-group 110 in
    • B. (config-if)# ip access-group 110 in
    • C. (config-if)# ip access-group Blocksales in
    • D. (config-if)# blocksales ip access-list in
    • Discuss
    • 7. Which of the following access lists will allow only HTTP traffic into network 196.15.7.0?

    • Options
    • A. access-list 100 permit tcp any 196.15.7.0 0.0.0.255 eq www
    • B. access-list 10 deny tcp any 196.15.7.0 eq www
    • C. access-list 100 permit 196.15.7.0 0.0.0.255 eq www
    • D. access-list 110 permit ip any 196.15.7.0 0.0.0.255
    • E. access-list 110 permit www 196.15.7.0 0.0.0.255
    • Discuss
    • 8. You want to create a standard access list that denies the subnet of the following host: 172.16.144.17/21. Which of the following would you start your list with?

    • Options
    • A. access-list 10 deny 172.16.48.0 255.255.240.0
    • B. access-list 10 deny 172.16.144.0 0.0.7.255
    • C. access-list 10 deny 172.16.64.0 0.0.31.255
    • D. access-list 10 deny 172.16.136.0 0.0.15.255
    • Discuss
    • 9. What router command allows you to determine whether an IP access list is enabled on a particular interface?

    • Options
    • A. show ip port
    • B. show access-lists
    • C. show ip interface
    • D. show access-lists interface
    • Discuss
    • 10. Which of the following commands connect access list 110 inbound to interface ethernet0?

    • Options
    • A. Router(config)# ip access-group 110 in
    • B. Router(config)# ip access-list 110 in
    • C. Router(config-if)# ip access-group 110 in
    • D. Router(config-if)# ip access-list 110 in
    • Discuss


    Comments

    There are no comments.

Enter a new Comment