logo

CuriousTab

CuriousTab

Discussion


Home Networking Security Comments

  • Question
  • You have created a named access list called Blocksales. Which of the following is a valid command for applying this to packets trying to enter interface s0 of your router?


  • Options
  • A. (config)# ip access-group 110 in
  • B. (config-if)# ip access-group 110 in
  • C. (config-if)# ip access-group Blocksales in
  • D. (config-if)# blocksales ip access-list in

  • Correct Answer
  • (config-if)# ip access-group Blocksales in 

    Explanation
    Using a named access list just replaces the number used when applying the list to the router's interface. ip access-group Blocksales in is correct.

  • Security problems


    Search Results


    • 1. If you wanted to deny all Telnet connections to only network 192.168.10.0, which command could you use?

    • Options
    • A. access-list 100 deny tcp 192.168.10.0 255.255.255.0 eq telnet
    • B. access-list 100 deny tcp 192.168.10.0 0.255.255.255 eq telnet
    • C. access-list 100 deny tcp any 192.168.10.0 0.0.0.255 eq 23
    • D. access-list 100 deny 192.168.10.0 0.0.0.255 any eq 23
    • Discuss
    • 2. You configure the following access list:

      access-list 110 deny tcp 10.1.1.128 0.0.0.63 any eq smtp
      access-list 110 deny tcp any eq 23
      int ethernet 0
      ip access-group 110 out
      What will the result of this access list be?

    • Options
    • A. Email and Telnet will be allowed out E0.
    • B. Email and Telnet will be allowed in E0.
    • C. Everything but email and Telnet will be allowed out E0.
    • D. No IP traffic will be allowed out E0.
    • Discuss
    • 3. What command will permit SMTP mail to only host 1.1.1.1?

    • Options
    • A. access-list 10 permit smtp host 1.1.1.1
    • B. access-list 110 permit ip smtp host 1.1.1.1
    • C. access-list 10 permit tcp any host 1.1.1.1 eq smtp
    • D. access-list 110 permit tcp any host 1.1.1.1 eq smtp
    • Discuss
    • 4. Which of the following is an example of a standard IP access list?

    • Options
    • A. access-list 110 permit host 1.1.1.1
    • B. access-list 1 deny 172.16.10.1 0.0.0.0
    • C. access-list 1 permit 172.16.10.1 255.255.0.0
    • D. access-list standard 1.1.1.1
    • Discuss
    • 5. Which command would you use to apply an access list to a router interface?

    • Options
    • A. ip access-list 101 out
    • B. access-list ip 101 in
    • C. ip access-group 101 in
    • D. access-group ip 101 in
    • Discuss
    • 6. Which of the following access lists will allow only HTTP traffic into network 196.15.7.0?

    • Options
    • A. access-list 100 permit tcp any 196.15.7.0 0.0.0.255 eq www
    • B. access-list 10 deny tcp any 196.15.7.0 eq www
    • C. access-list 100 permit 196.15.7.0 0.0.0.255 eq www
    • D. access-list 110 permit ip any 196.15.7.0 0.0.0.255
    • E. access-list 110 permit www 196.15.7.0 0.0.0.255
    • Discuss
    • 7. You want to create a standard access list that denies the subnet of the following host: 172.16.144.17/21. Which of the following would you start your list with?

    • Options
    • A. access-list 10 deny 172.16.48.0 255.255.240.0
    • B. access-list 10 deny 172.16.144.0 0.0.7.255
    • C. access-list 10 deny 172.16.64.0 0.0.31.255
    • D. access-list 10 deny 172.16.136.0 0.0.15.255
    • Discuss
    • 8. What router command allows you to determine whether an IP access list is enabled on a particular interface?

    • Options
    • A. show ip port
    • B. show access-lists
    • C. show ip interface
    • D. show access-lists interface
    • Discuss
    • 9. Which of the following commands connect access list 110 inbound to interface ethernet0?

    • Options
    • A. Router(config)# ip access-group 110 in
    • B. Router(config)# ip access-list 110 in
    • C. Router(config-if)# ip access-group 110 in
    • D. Router(config-if)# ip access-list 110 in
    • Discuss
    • 10. You need to create an access list that will prevent hosts in the network range of 192.168.160.0 to 192.168.191.0. Which of the following lists will you use?

    • Options
    • A. access-list 10 deny 192.168.160.0 255.255.224.0
    • B. access-list 10 deny 192.168.160.0 0.0.191.255
    • C. access-list 10 deny 192.168.160.0 0.0.31.255
    • D. access-list 10 deny 192.168.0.0 0.0.31.255
    • Discuss


    Comments

    There are no comments.

Enter a new Comment