Security problems

  • 1. If you wanted to deny FTP access from network to network but allow everything else, which of the following command strings is valid?

  • Options
  • A. access-list 110 deny to network eq ftp
    access-list 111 permit ip any
  • B. access-list 1 deny ftp any any
  • C. access-list 100 deny tcp eq ftp
  • D. access-list 198 deny tcp eq ftp
    access-list 198 permit ip any
  • Discuss
  • 2. Which router command allows you to view the entire contents of all access lists?

  • Options
  • A. Router# show interface
  • B. Router> show ip interface
  • C. Router# show access-lists
  • D. Router> show all access-lists
  • Discuss
  • 3. Which of the following is true regarding access lists applied to an interface?

  • Options
  • A. You can place as many access lists as you want on any interface until you run out of memory.
  • B. You can apply only one access list on any interface.
  • C. One access list may be configured, per direction, for each layer 3 protocol configured on an interface.
  • D. You can apply two access lists to any interface.
  • Discuss
  • 4. Which command would you use to apply an access list to a router interface?

  • Options
  • A. ip access-list 101 out
  • B. access-list ip 101 in
  • C. ip access-group 101 in
  • D. access-group ip 101 in
  • Discuss
  • 5. Which of the following is an example of a standard IP access list?

  • Options
  • A. access-list 110 permit host
  • B. access-list 1 deny
  • C. access-list 1 permit
  • D. access-list standard
  • Discuss
  • 6. What command will permit SMTP mail to only host

  • Options
  • A. access-list 10 permit smtp host
  • B. access-list 110 permit ip smtp host
  • C. access-list 10 permit tcp any host eq smtp
  • D. access-list 110 permit tcp any host eq smtp
  • Discuss
  • 7. You configure the following access list:

    access-list 110 deny tcp any eq smtp
    access-list 110 deny tcp any eq 23
    int ethernet 0
    ip access-group 110 out
    What will the result of this access list be?

  • Options
  • A. Email and Telnet will be allowed out E0.
  • B. Email and Telnet will be allowed in E0.
  • C. Everything but email and Telnet will be allowed out E0.
  • D. No IP traffic will be allowed out E0.
  • Discuss
  • 8. If you wanted to deny all Telnet connections to only network, which command could you use?

  • Options
  • A. access-list 100 deny tcp eq telnet
  • B. access-list 100 deny tcp eq telnet
  • C. access-list 100 deny tcp any eq 23
  • D. access-list 100 deny any eq 23
  • Discuss
  • 9. You have created a named access list called Blocksales. Which of the following is a valid command for applying this to packets trying to enter interface s0 of your router?

  • Options
  • A. (config)# ip access-group 110 in
  • B. (config-if)# ip access-group 110 in
  • C. (config-if)# ip access-group Blocksales in
  • D. (config-if)# blocksales ip access-list in
  • Discuss
  • 10. Which of the following access lists will allow only HTTP traffic into network

  • Options
  • A. access-list 100 permit tcp any eq www
  • B. access-list 10 deny tcp any eq www
  • C. access-list 100 permit eq www
  • D. access-list 110 permit ip any
  • E. access-list 110 permit www
  • Discuss

First 2