logo

CuriousTab

CuriousTab

Discussion


Home Networking Security Comments

  • Question
  • Which of the following access lists will allow only HTTP traffic into network 196.15.7.0?


  • Options
  • A. access-list 100 permit tcp any 196.15.7.0 0.0.0.255 eq www
  • B. access-list 10 deny tcp any 196.15.7.0 eq www
  • C. access-list 100 permit 196.15.7.0 0.0.0.255 eq www
  • D. access-list 110 permit ip any 196.15.7.0 0.0.0.255
  • E. access-list 110 permit www 196.15.7.0 0.0.0.255

  • Correct Answer
  • access-list 100 permit tcp any 196.15.7.0 0.0.0.255 eq www 

    Explanation
    The first thing to check in a question like this is the access-list number. Right away, you can see that the second option is wrong because it is using a standard IP access-list number. The second thing to check is the protocol. If you are filtering by upper-layer protocol, then you must be using either UDP or TCP; this eliminates the fourth option. The third and last answers have the wrong syntax.

  • Security problems


    Search Results


    • 1. You have created a named access list called Blocksales. Which of the following is a valid command for applying this to packets trying to enter interface s0 of your router?

    • Options
    • A. (config)# ip access-group 110 in
    • B. (config-if)# ip access-group 110 in
    • C. (config-if)# ip access-group Blocksales in
    • D. (config-if)# blocksales ip access-list in
    • Discuss
    • 2. If you wanted to deny all Telnet connections to only network 192.168.10.0, which command could you use?

    • Options
    • A. access-list 100 deny tcp 192.168.10.0 255.255.255.0 eq telnet
    • B. access-list 100 deny tcp 192.168.10.0 0.255.255.255 eq telnet
    • C. access-list 100 deny tcp any 192.168.10.0 0.0.0.255 eq 23
    • D. access-list 100 deny 192.168.10.0 0.0.0.255 any eq 23
    • Discuss
    • 3. You configure the following access list:

      access-list 110 deny tcp 10.1.1.128 0.0.0.63 any eq smtp
      access-list 110 deny tcp any eq 23
      int ethernet 0
      ip access-group 110 out
      What will the result of this access list be?

    • Options
    • A. Email and Telnet will be allowed out E0.
    • B. Email and Telnet will be allowed in E0.
    • C. Everything but email and Telnet will be allowed out E0.
    • D. No IP traffic will be allowed out E0.
    • Discuss
    • 4. What command will permit SMTP mail to only host 1.1.1.1?

    • Options
    • A. access-list 10 permit smtp host 1.1.1.1
    • B. access-list 110 permit ip smtp host 1.1.1.1
    • C. access-list 10 permit tcp any host 1.1.1.1 eq smtp
    • D. access-list 110 permit tcp any host 1.1.1.1 eq smtp
    • Discuss
    • 5. Which of the following is an example of a standard IP access list?

    • Options
    • A. access-list 110 permit host 1.1.1.1
    • B. access-list 1 deny 172.16.10.1 0.0.0.0
    • C. access-list 1 permit 172.16.10.1 255.255.0.0
    • D. access-list standard 1.1.1.1
    • Discuss
    • 6. You want to create a standard access list that denies the subnet of the following host: 172.16.144.17/21. Which of the following would you start your list with?

    • Options
    • A. access-list 10 deny 172.16.48.0 255.255.240.0
    • B. access-list 10 deny 172.16.144.0 0.0.7.255
    • C. access-list 10 deny 172.16.64.0 0.0.31.255
    • D. access-list 10 deny 172.16.136.0 0.0.15.255
    • Discuss
    • 7. What router command allows you to determine whether an IP access list is enabled on a particular interface?

    • Options
    • A. show ip port
    • B. show access-lists
    • C. show ip interface
    • D. show access-lists interface
    • Discuss
    • 8. Which of the following commands connect access list 110 inbound to interface ethernet0?

    • Options
    • A. Router(config)# ip access-group 110 in
    • B. Router(config)# ip access-list 110 in
    • C. Router(config-if)# ip access-group 110 in
    • D. Router(config-if)# ip access-list 110 in
    • Discuss
    • 9. You need to create an access list that will prevent hosts in the network range of 192.168.160.0 to 192.168.191.0. Which of the following lists will you use?

    • Options
    • A. access-list 10 deny 192.168.160.0 255.255.224.0
    • B. access-list 10 deny 192.168.160.0 0.0.191.255
    • C. access-list 10 deny 192.168.160.0 0.0.31.255
    • D. access-list 10 deny 192.168.0.0 0.0.31.255
    • Discuss
    • 10. You want to create a standard access list that denies the subnet of the following host: 172.16.198.94/19. Which of the following would you start your list with?

    • Options
    • A. access-list 10 deny 172.16.192.0 0.0.31.255
    • B. access-list 10 deny 172.16.0.0 0.0.255.255
    • C. access-list 10 deny 172.16.172.0 0.0.31.255
    • D. access-list 10 deny 172.16.188.0 0.0.15.255
    • Discuss


    Comments

    There are no comments.

Enter a new Comment