You have created a named access list called Blocksales. Which of the following is a valid command for applying this to packets trying to enter interface s0 of your router?
Options
A. (config)# ip access-group 110 in
B. (config-if)# ip access-group 110 in
C. (config-if)# ip access-group Blocksales in
D. (config-if)# blocksales ip access-list in
Correct Answer
(config-if)# ip access-group Blocksales in
Explanation
Using a named access list just replaces the number used when applying the list to the router's interface.
ip access-group Blocksales in is correct.
More questions
1. Which of the following is true when describing a unique local address?
Options
A. Packets addressed to a unicast address are delivered to a single interface.
B. These are your typical publicly routable addresses, just like a regular publicly routable address in IPv4.
C. These are like private addresses in IPv4 in that they are not meant to be routed.
D. These addresses are meant for nonrouting purposes, but they are almost globally unique so it is unlikely they will have an address overlap.
Correct Answer: These addresses are meant for nonrouting purposes, but they are almost globally unique so it is unlikely they will have an address overlap.
Explanation:
These addresses are meant for nonrouting purposes like link-local, but they are almost globally unique so it is unlikely they will have an address overlap. Unique local addresses were designed as a replacement for site-local addresses.
2. Which of the following is true when describing a global unicast address?
Options
A. Packets addressed to a unicast address are delivered to a single interface.
B. These are your typical publicly routable addresses, just like a regular publicly routable address in IPv4.
C. These are like private addresses in IPv4 in that they are not meant to be routed.
D. These addresses are meant for nonrouting purposes, but they are almost globally unique so it is unlikely they will have an address overlap.
It's pretty simple to enable RIPng for IPv6. You configure it right on the interface where you want RIP to run with the ipv6 router rip number command.
5. If you wanted to deny FTP access from network 200.200.10.0 to network 200.199.11.0 but allow everything else, which of the following command strings is valid?
Options
A. access-list 110 deny 200.200.10.0 to network 200.199.11.0 eq ftp access-list 111 permit ip any 0.0.0.0 255.255.255.255
B. access-list 1 deny ftp 200.200.10.0 200.199.11.0 any any
Correct Answer: access-list 198 deny tcp 200.200.10.0 0.0.0.255 200.199.11.0 0.0.0.255 eq ftp access-list 198 permit ip any 0.0.0.0 255.255.255.255
Explanation:
Extended IP access lists use numbers 100-199 and 2000-2699 and filter based on source and destination IP address, protocol number, and port number. The last option is correct because of the second line that specifies permit ip any any. (I used 0.0.0.0 255.255.255.255, which is the same as the any option.) The third option does not have this, so it would deny access but not allow everything else.
6. If you wanted to deny all Telnet connections to only network 192.168.10.0, which command could you use?
Options
A. access-list 100 deny tcp 192.168.10.0 255.255.255.0 eq telnet
B. access-list 100 deny tcp 192.168.10.0 0.255.255.255 eq telnet
C. access-list 100 deny tcp any 192.168.10.0 0.0.0.255 eq 23
D. access-list 100 deny 192.168.10.0 0.0.0.255 any eq 23
The extended access list ranges are 100-199 and 2000-2699, so the access-list number of 100 is valid. Telnet uses TCP, so the protocol TCP is valid. Now you just need to look for the source and destination address. Only the third option has the correct sequence of parameters. Answer B may work, but the question specifically states "only" to network 192.168.10.0, and the wildcard in answer B is too broad.
7. To configure the VLAN trunking protocol to communicate VLAN information between two switches, what two requirements must be met?
Each end of the trunk link must be set to the IEEE 802.1e encapsulation.
The VTP management domain name of both switches must be set the same.
All ports on both the switches must be set as access ports.
One of the two switches must be configured as a VTP server.
A rollover cable is required to connect the two switches together.
A router must be used to forward VTP traffic between VLANs.
You must have the same VTP domain name on all switches in order to share VLAN information between the switches. At least one of the switches must be a VTP server; the other switches should be set to VTP client.
8. Which WLAN IEEE specification allows up to 54Mbps at 2.4GHz?