RSE CCNA 2 Chapter 7 Quiz Answers 2018 2019

RSE CCNA 2 Chapter 7 Quiz Answers 2018 2019

  1. What are two uses of an access control list? (Choose two.)

    • ACLs assist the router in determining the best path to a destination.
    • Standard ACLs can restrict access to specific applications and ports.
    • ACLs provide a basic level of security for network access.
    • ACLs can permit or deny traffic based upon the MAC address originating on the router.
    • ACLs can control which areas a host can access on a network.
      Explanation:

      ACLs can be used for the following:

      • Limit network traffic in order to provide adequate network performance
      • Restrict the delivery of routing updates
      • Provide a basic level of security
      • Filter traffic based on the type of traffic being sent
      • Filter traffic based on IP addressing
  2. Which two commands will configure a standard ACL? (Choose two.)

    • Router(config)# access-list 20 permit host 192.168.5.5 any any
    • Router(config)# access-list 90 permit 192.168.10.5 0.0.0.0
    • Router(config)# access-list 45 permit 192.168.200.4 host
    • Router(config)# access-list 10 permit 10.20.5.0 0.255.255.255 any
    • Router(config)# access-list 35 permit host 172.31.22.7
      Explanation:

      Standard access lists have the syntax of access-list and a number between 1 and 99 followed by the permit or deny keyword and the source IP address (that includes a wildcard mask).

  3. Which scenario would cause an ACL misconfiguration and deny all traffic?

    • Apply a standard ACL in the inbound direction.
    • Apply a named ACL to a VTY line.
    • Apply an ACL that has all deny ACE statements.
    • Apply a standard ACL using the ip access-group out command.
      Explanation:

      Having all ACEs with deny statements denies all traffic because there is an implicit deny any command at the end of every standard ACL.

  4. Refer to the exhibit. A network administrator wants to create a standard ACL to prevent network 1 traffic from being transmitted to the Research and Development network. On which router interface and in which direction should the standard ACL be applied?

    RSE CCNA 2 Chapter 7 Quiz Answers 2018 2019 01

    RSE CCNA 2 Chapter 7 Quiz Answers 2018 2019 01

    • R1 Gi0/0 inbound
    • R1 Gi0/0 outbound
    • R1 S0/0/0 outbound
    • R2 S0/0/0 inbound
    • R2 Gi0/0 outbound
    • R2 Gi0/0 inbound
      Explanation:

      Standard ACLs can only specify source addresses, so the standard ACL would contain the network 1 address and appropriate wildcard mask. Also, because standard ACLs can only contain source addresses, the ACL should be placed as close to the destination as possible. The destination is the Research and Development LAN. The R2 Gi0/0 interface is that destination. By tracing the path that the packets will take starting with network 1 and traveling to the Research and Development network, a student can determine that the packets would be coming out of the R2 Gi0/0 interface.

  5. True or False?
    The name of a named standard ACL is case sensitive.

    • true
    • false
  6. A network administrator is writing a standard ACL that will deny any traffic from the 172.16.0.0/16 network, but permit all other traffic. Which two commands should be used? (Choose two.)

    • Router(config)# access-list 95 deny any
    • Router(config)# access-list 95 deny 172.16.0.0 0.0.255.255
    • Router(config)# access-list 95 deny 172.16.0.0 255.255.0.0
    • Router(config)# access-list 95 permit any
    • Router(config)# access-list 95 host 172.16.0.0
    • Router(config)# access-list 95 172.16.0.0 255.255.255.255
      Explanation:

      To deny traffic from the 172.16.0.0/16 network, the access-list 95 deny 172.16.0.0 0.0.255.255 command is used. To permit all other traffic, the access-list 95 permit any statement is added.

  7. True or False?
    A standard ACL filters network traffic based on the destination MAC address.

    • true
    • false
  8. Fill in the blank.
    An        ACL         permits or denies traffic through a router based on specific defined criteria.

    • Noted: In netacad system you can fill in one of the following:
      • access list
      • access-list
      • ACL
      • standard ACL
      • standard IP access-list
      • standard IP ACL
      • packet filter
      • standard access list
      • standard access-list
      • IP ACL
      • IP access list
      • IP access-list
      • standard IP access list
    • But in our system, you can fill in only “ACL“.
      Explanation:

      An ACL is used to filter traffic attempting to travel through a router.

  9. Refer to the exhibit. A network administrator is configuring a standard IPv4 ACL. What is the effect after the command no access-list 10 is entered?

    RSE CCNA 2 Chapter 7 Quiz Answers 2018 2019 02

    RSE CCNA 2 Chapter 7 Quiz Answers 2018 2019 02

    • ACL 10 is disabled on Fa0/1.
    • ACL 10 is removed from the running configuration.
    • ACL 10 will be disabled and removed after R1 restarts.
    • ACL 10 is removed from both the running configuration and the interface Fa0/1.
      Explanation:

      The R1(config)# no access-list access-list number> command removes the ACL from the running-config immediately. However, to disable an ACL on an interface, the command R1(config-if)# no ip access-group should be entered.

  10. In applying an ACL to a router interface, which traffic is designated as outbound?

    • traffic that is coming from the source IP address into the router
    • traffic that is leaving the router and going toward the destination host
    • traffic that is going from the destination IP address into the router
    • traffic for which the router can find no routing table entry
      Explanation:

      Inbound and outbound are interpreted from the point of view of the router. Traffic that is designated in an inbound ACL will be denied or permitted when coming into that router interface from a source. Traffic that is designated in an outbound ACL will be denied or permitted when going out the interface to the destination.

  11. Which range represents all the IP addresses that are affected when network 10.120.160.0 with a wildcard mask of 0.0.7.255 is used in an ACE?

    • 10.120.160.0 to 10.127.255.255
    • 10.120.160.0 to 10.120.167.255
    • 10.120.160.0 to 10.120.168.0
    • 10.120.160.0 to 10.120.191.255
      Explanation:

      A wildcard mask of 0.0.7.255 means that the first 5 bits of the 3rd octet must remain the same but the last 3 bits can have values from 000 to 111. The last octet has a value of 255, which means the last octet can have values from all zeros to all 1s.

  12. Which command produced the following output?

    R1#
    10 permit 192.168.1.56 0.0.0.7
    20 permit 192.168.1.64 0.0.0.63 (4 match(es))
    30 deny any (8 match(es))

    • no access-list 1
    • show access-lists
    • show running-config | section access-list
    • clear access-list counters
      Explanation:

      The show access-lists command is used to list every access list configured on a router. It also shows how many packets have matched each ACE.

  13. Which type of standard ACL is easiest to modify on a production router?

    • a numbered ACL that is applied inbound
    • a numbered ACL that has not been applied yet
    • a named ACL that has been applied with the access-class command
    • a named ACL that has not been applied yet
      Explanation:

      Two common reasons for having a named ACL are that its function is easier to identify and the ACL is easier to modify.

Comments

comments