Discussion
Home ‣ Networking ‣ Security Comments
- Question
You want to create a standard access list that denies the subnet of the following host: 172.16.198.94/19. Which of the following would you start your list with?
Options- A. access-list 10 deny 172.16.192.0 0.0.31.255
- B. access-list 10 deny 172.16.0.0 0.0.255.255
- C. access-list 10 deny 172.16.172.0 0.0.31.255
- D. access-list 10 deny 172.16.188.0 0.0.15.255
- Correct Answer
- access-list 10 deny 172.16.192.0 0.0.31.255
ExplanationFirst, you must know that a /19 is 255.255.224.0, which is a block size of 32 in the third octet. Counting by 32, this makes our subnet 192 in the third octet, and the wildcard for the third octet would be 31 since the wildcard is always one less than the block size. - 1. You need to create an access list that will prevent hosts in the network range of 192.168.160.0 to 192.168.191.0. Which of the following lists will you use?
Options- A. access-list 10 deny 192.168.160.0 255.255.224.0
- B. access-list 10 deny 192.168.160.0 0.0.191.255
- C. access-list 10 deny 192.168.160.0 0.0.31.255
- D. access-list 10 deny 192.168.0.0 0.0.31.255 Discuss
- 2. Which of the following commands connect access list 110 inbound to interface ethernet0?
Options- A. Router(config)# ip access-group 110 in
- B. Router(config)# ip access-list 110 in
- C. Router(config-if)# ip access-group 110 in
- D. Router(config-if)# ip access-list 110 in Discuss
- 3. What router command allows you to determine whether an IP access list is enabled on a particular interface?
Options- A. show ip port
- B. show access-lists
- C. show ip interface
- D. show access-lists interface Discuss
- 4. You want to create a standard access list that denies the subnet of the following host: 172.16.144.17/21. Which of the following would you start your list with?
Options- A. access-list 10 deny 172.16.48.0 255.255.240.0
- B. access-list 10 deny 172.16.144.0 0.0.7.255
- C. access-list 10 deny 172.16.64.0 0.0.31.255
- D. access-list 10 deny 172.16.136.0 0.0.15.255 Discuss
- 5. Which of the following access lists will allow only HTTP traffic into network 196.15.7.0?
Options- A. access-list 100 permit tcp any 196.15.7.0 0.0.0.255 eq www
- B. access-list 10 deny tcp any 196.15.7.0 eq www
- C. access-list 100 permit 196.15.7.0 0.0.0.255 eq www
- D. access-list 110 permit ip any 196.15.7.0 0.0.0.255
- E. access-list 110 permit www 196.15.7.0 0.0.0.255 Discuss
- 6. Which of the following series of commands will restrict Telnet access to the router?
Options- A. Lab_A(config)#access-list 10 permit 172.16.1.1
Lab_A(config)#line con 0
Lab_A(config-line)#ip access-group 10 in - B. Lab_A(config)#access-list 10 permit 172.16.1.1
Lab_A(config)#line vty 0 4
Lab_A(config-line)#access-class 10 out - C. Lab_A(config)#access-list 10 permit 172.16.1.1
Lab_A(config)#line vty 0 4
Lab_A(config-line)#access-class 10 in - D. Lab_A(config)#access-list 10 permit 172.16.1.1
Lab_A(config)#line vty 0 4
Lab_A(config-line)#ip access-group 10 in
Discuss
- 7. You are working on a router that has established privilege levels that restrict access to certain functions. You discover that you are not able to execute the command show running-configuration. How can you view and confirm the access lists that have been applied to the Ethernet 0 interface on your router?
Options- A. show access-lists
- B. show interface Ethernet 0
- C. show ip access-lists
- D. show ip interface Ethernet 0 Discuss
- 8. You want to create a standard access list that denies the subnet of the following host: 172.16.50.172/20. Which of the following would you start your list with?
Options- A. access-list 10 deny 172.16.48.0 255.255.240.0
- B. access-list 10 deny 172.16.0.0 0.0.255.255
- C. access-list 10 deny 172.16.64.0 0.0.31.255
- D. access-list 10 deny 172.16.48.0 0.0.15.255 Discuss
- 9. Which of the following are valid ways to refer only to host 172.16.30.55 in an IP access list?
- 172.16.30.55 0.0.0.255
- 172.16.30.55 0.0.0.0
- any 172.16.30.55
- host 172.16.30.55
- 0.0.0.0 172.16.30.55
- ip any 172.16.30.55
Options- A. 1 and 4
- B. 2 and 4
- C. 1, 4 and 6
- D. 3 and 5 Discuss
- 10. How many non-overlapping channels are available with 802.11h?
Options- A. 3
- B. 12
- C. 23
- D. 40 Discuss
Security problems
Search Results
Correct Answer: access-list 10 deny 192.168.160.0 0.0.31.255
Explanation:
The range of 192.168.160.0 to 192.168.191.0 is a block size of 32. The network address is 192.168.160.0 and the mask would be 255.255.224.0, which for an access list must be a wildcard format of 0.0.31.255. The 31 is used for a block size of 32. The wildcard is always one less than the block size.
Correct Answer: Router(config-if)# ip access-group 110 in
Explanation:
To place an access list on an interface, use the
ip access-group command in interface configuration mode.
Correct Answer: show ip interface
Explanation:
Only the
show ip interface command will tell you which interfaces have access lists applied.
show access-lists will not show you which interfaces have an access list applied.
Correct Answer: access-list 10 deny 172.16.144.0 0.0.7.255
Explanation:
First, you must know that a /21 is 255.255.248.0, which is a block size of 8 in the third octet. Counting by eight, this makes our subnet 144 in the third octet, and the wildcard for the third octet would be 7 since the wildcard is always one less than the block size.
Correct Answer: access-list 100 permit tcp any 196.15.7.0 0.0.0.255 eq www
Explanation:
The first thing to check in a question like this is the access-list number. Right away, you can see that the second option is wrong because it is using a standard IP access-list number. The second thing to check is the protocol. If you are filtering by upper-layer protocol, then you must be using either UDP or TCP; this eliminates the fourth option. The third and last answers have the wrong syntax.
Correct Answer: Lab_A(config)#access-list 10 permit 172.16.1.1
Lab_A(config)#line vty 0 4
Lab_A(config-line)#access-class 10 in
Explanation:
Telnet access to the router is restricted by using either a standard or extended IP access list inbound on the VTY lines of the router. The command
access-class is used to apply the access list to the VTY lines.
Correct Answer: show ip interface Ethernet 0
Explanation:
The only command that shows which access lists have been applied to an interface is
show ip interface Ethernet 0. The command
show access-lists displays all configured access lists, and
show ip access-lists displays all configured IP access lists, but neither command indicates whether the displayed access lists have been applied to an interface.
Correct Answer: access-list 10 deny 172.16.48.0 0.0.15.255
Explanation:
First, you must know that a /20 is 255.255.240.0, which is a block size of 16 in the third octet. Counting by 16s, this makes our subnet 48 in the third octet, and the wildcard for the third octet would be 15 since the wildcard is always one less than the block size.
Correct Answer: 2 and 4
Explanation:
The wildcard 0.0.0.0 tells the router to match all four octets. This wildcard format alone can be replaced with the
host command.
Correct Answer: 23
Explanation:
The IEEE 802.11h standard provides an addition 11 channels to the 802.11a standard's 12 non-overlapping channel for a total of 23 non-overlapping channels.
Comments
There are no comments.Programming
Copyright ©CuriousTab. All rights reserved.