Which
wildcard mask would match the host range for the subnet 192.16.5.32 /27?
|
|
0.0.0.32
|
|
0.0.0.63
|
|
0.0.63.255
|
|
0.0.0.31
|
|
 Refer to the exhibit. The new security policy for the company allows all IP traffic from the Engineering LAN to the Internet while only web traffic from the Marketing LAN is allowed to the Internet. Which ACL can be applied in the outbound direction of Serial 0/1 on the Marketing router to implement the new security policy? |
|
access-list
197 permit ip 192.0.2.0 0.0.0.255 any
access-list 197 permit ip 198.18.112.0 0.0.0.255 any eq www |
|
access-list
165 permit ip 192.0.2.0 0.0.0.255 any
access-list 165 permit tcp 198.18.112.0 0.0.0.255 any eq www access-list 165 permit ip any any |
|
access-list 137 permit ip 192.0.2.0 0.0.0.255 any
access-list 137 permit tcp 198.18.112.0 0.0.0.255 any eq www |
|
access-list
89 permit 192.0.2.0 0.0.0.255 any
access-list 89 permit tcp 198.18.112.0 0.0.0.255 any eq www |
|
 Refer to the exhibit. Hosts from 172.19.123.0 are not allowed access to 192.0.2.0 but should be able to access the Internet. Which set of commands will create a standard ACL that will apply to traffic outbound on the Shannon router interface Fa0/0 implementing this security? |
|
access-list
142 deny ip 172.19.123.0 0.0.0.255 192.0.2.0 0.0.0.255
access-list 142 permit ip any any |
|
access-list 56 deny 172.19.123.0 0.0.0.255
access-list 56 permit any |
|
access-list
61 deny 172.19.123.0 0.0.0.0
access-list 61 permit any |
|
access-list
87 deny 192.0.2.0 0.0.0.255
access-list 87 permit any |
|
 Refer to the exhibit. An administrator notes a significant increase in the amount of traffic that is entering the network from the ISP. The administrator clears the counters. After a few minutes, the administrator again checks the access-list table. What can be concluded from the output that is shown? |
|
A small
amount of HTTP traffic is an indication that the web server was not
configured correctly.
|
|
A larger
amount of POP3 traffic, compared with SMTP traffic, indicates that there are
more POP3 e-mail clients than SMTP clients in the enterprise.
|
|
A large amount of ICMP traffic is being denied at the interface, which
can be an indication of a DoS attack.
|
|
A larger
amount of e-mail traffic, compared with web traffic, is an indication that attackers
mainly targeted the e-mail server.
|
|
 Refer to the exhibit. A network administrator needs to add the commanddeny ip 10.0.0.0 0.255.255.255 any log to R3. After adding the command, the administrator verifies the change using the show access-listcommand. What sequence number does the new entry have? |
|
0
|
|
10, and
all other items are shifted down to the next sequence number
|
|
50
|
|
60
|
|
A security
administrator wants to secure password exchanges on the vty lines on all
routers in the enterprise. What option should be implemented to ensure that
passwords are not sent in clear text across the public network?
|
|
Use Telnet
with an authentication server to ensure effective authentication.
|
|
Apply an
access list on the router interfaces to allow only authorized computers.
|
|
Apply an
access list on the vty line to allow only authorized computers.
|
|
Use only Secure Shell (SSH) on the vty lines.
|
|
What is
the best option an administrator can choose to ensure that ICMP DoS attacks
from the outside are contained as much as possible, without restricting
connectivity tests initiated from the inside out?
|
|
Create an access list that permits only echo reply and destination
unreachable packets from the outside.
|
|
Create an
access list that denies all TCP traffic coming from the outside.
|
|
Permit TCP
traffic from only known external sources.
|
|
Create an
access list with the established keyword at the end of the
line.
|
|
Traffic
from the 64.104.48.0 to 64.104.63.255 range must be denied access to the
network. What wildcard mask would the network administrator configure in the
access list to cover this range?
|
|
0.0.15.255
|
|
0.0.47.255
|
|
0.0.63.255
|
|
255.255.240.0
|
|
A network
administrator enters the following commands on router RTB.
RTB(config)# access-list 4 deny 192.168.20.16 0.0.0.15 RTB(config)# access-list 4 permit any RTB(config)# interface serial 0/0/0 RTB(config-if)# ip access-group 4 in Which addresses are blocked from entering RTB? |
|
192.168.20.17
to 192.168.20.31
|
|
192.168.20.16 to 192.168.20.31
|
|
192.168.20.16
to 192.168.20.32
|
|
192.168.20.17
to 192.168.20.32
|
|
Why are
inbound ACLs more efficient for the router than outbound ACLs?
|
|
Inbound ACLs deny packets before routing lookups are required.
|
|
Inbound
ACL operation requires less network bandwidth than outbound.
|
|
Inbound
ACLs permit or deny packets to LANs, which are typically more efficient than
WANs.
|
|
Inbound
ACLs are applied to Ethernet interfaces, while outbound ACLs are applied to
slower serial interfaces.
|
|
 Refer to the exhibit. The network administrator of a company needs to configure the router RTA to allow its business partner (Partner A) to access the web server located in the internal network. The web server is assigned a private IP address, and a static NAT is configured on the router for its public IP address. Finally, the administrator adds the ACL. However, Partner A is denied access to the web server. What is the cause of the problem? |
|
Port 80
should be specified in the ACL.
|
|
The public IP address of the server, 209.165.201.5, should be specified
as the destination.
|
|
The ACL
should be applied on the s0/0 outbound interface.
|
|
The source
address should be specified as 198.133.219.0 255.255.255.0 in the ACL.
|
|
ACL
logging generates what type of syslog message?
|
|
unstable
network
|
|
warning
|
|
informational
|
|
critical
situation
|
|
 Refer to the exhibit. Company policy for the network that is shown indicates the following guidelines: 1) All hosts on the 192.168.3.0/24 network, except host 192.168.3.77, should be able to reach the 192.168.2.0/24 network. 2) All hosts on the 192.168.3.0/24 network should be able to reach the 192.168.1.0/24 network. 3) All other traffic originating from the 192.168.3.0 network should be denied. Which set of ACL statements meets the stated requirements when they are applied to the Fa0/0 interface of router R2 in the inbound direction? |
|
access-list
101 deny ip any any
access-list 101 deny ip 192.168.3.77 0.0.0.0 192.168.2.0 0.0.0.255 access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255 access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255 |
|
access-list
101 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 deny ip 192.168.3.77 0.0.0.0 192.168.2.0 0.0.0.255 access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255 |
|
access-list 101 deny ip 192.168.3.77 0.0.0.0 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255 access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255 |
|
access-list
101 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 deny ip 192.168.3.77 0.0.0.0 192.168.2.0 0.0.0.255 access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255 access-list 101 permit ip any any |
|
access-list
101 deny ip 192.168.3.77 0.0.0.0 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.0.0 0.0.255.255 |
|
Which ACL
statement permits host 10.220.158.10 access to the web server 192.168.3.224?
|
|
access-list
101 permit tcp host 10.220.158.10 eq 80 host 192.168.3.224
|
|
access-list
101 permit tcp 10.220.158.10 0.0.0.0 host 192.168.3.224 0.0.0.0 eq 80
|
|
access-list
101 permit host 10.220.158.10 0.0.0.0 host 192.168.3.224 0.0.0.0 eq 80
|
|
access-list 101 permit tcp 10.220.158.10 0.0.0.0 host 192.168.3.224 eq 80
|
|
Which two
statements are true about standard and extended ACLs? (Choose two.)
|
|
Extended
ACLs filter only on source addresses and must be placed near the destination
address.
|
|
Standard ACLs are usually placed so that all packets go through the
network and are filtered at the destination.
|
|
Standard
ACLs are used when filtering complex requirements, such as specific
protocols.
|
|
Extended ACLs filter with many possible factors, and are placed near the
source address to reduce traffic across the network.
|
|
Properly
designed ACLs have a negative impact on network availability and performance.
|
|
 Refer to the exhibit. What happens if the network administrator issues the exhibited commands when an ACL named Managers already exists on the router? |
|
The new
commands overwrite the current Managers ACL.
|
|
The new commands are added to the end of the current Managers ACL.
|
|
The new
commands are added to the beginning of the current Managers ACL.
|
|
An error
appears stating that the ACL already exists.
|
|
What
effect does the command reload in 30 have when entered into
a router?
|
|
If a
router process freezes, the router reloads automatically.
|
|
If a
packet from a denied source attempts to enter an interface where an ACL is
applied, the router reloads in 30 minutes.
|
|
If a
remote connection lasts for longer than 30 minutes, the router forces the
remote user off.
|
|
A router automatically reloads in 30 minutes.
|
|
 Refer to the exhibit. Which two host addresses from the 172.16.31.64/27 subnet are able to telnet into the router to make configuration changes? (Choose two.) |
|
172.16.31.33
|
|
172.16.31.64
|
|
172.16.31.77
|
|
172.16.31.92
|
|
172.16.31.95
|
|
172.16.31.96
|
|
ACLs are
used primarily to filter traffic. What are two additional uses of ACLs?
(Choose two.)
|
|
specifying
source addresses for authentication
|
|
specifying internal hosts for NAT
|
|
identifying traffic for QoS
|
|
reorganizing
traffic into VLANs
|
|
filtering
VTP packets
|
|
 Refer to the exhibit. A network administrator needs to configure an access list that will allow the management host with an IP address of 192.168.10.25/24 to be the only host to remotely access and configure router RTA. All vty and enable passwords are configured on the router. Which group of commands will accomplish this task? |
|
Router(config)# access-list 101 permit tcp
any 192.168.10.25 0.0.0.0 eq telnet
Router(config)# access-list 101 deny ip any any Router(config)# int s0/0 Router(config-if)# ip access-group 101 in Router(config-if)# int fa0/0 Router(config-if)#ip access-group 101 in |
|
Router(config)# access-list 10 permit
192.168.10.25 eq telnet
Router(config)# access-list 10 deny any Router(config)# line vty 0 4 Router(config-line)#access-group 10 in |
|
Router(config)# access-list 86
permit host 192.168.10.25
Router(config)# line vty 0 4 Router(config-line)# access-class 86 in |
|
Router(config)# access-list
125 permit tcp 192.168.10.25 any eq telnet
Router(config)# access-list 125 deny ip any any Router(config)# int s0/0 Router(config-if)# ip access-group 125 in |
|
What are
two possible uses of access control lists in an enterprise network? (Choose
two.)
|
|
limiting debug outputs
|
|
reducing
the processing load on routers
|
|
allowing
Layer 2 traffic to be filtered by a router
|
|
controlling virtual terminal access to routers
|
|
controlling
the physical status of router interfaces
|
|
 Refer to the exhibit. The access list has been applied inbound to interface S0/0/0 on R2. Which two traffic types will reach the server?(Choose two.) |
|
IP traffic
from host 10.1.1.20
|
|
web traffic from HostA
|
|
IP traffic
from host 192.168.1.1
|
|
UDP traffic from network 10.1.2.0
|
|
HTTP
traffic from network 10.1.1.0
|
|
If
the established keyword is appended to a line in an extended
ACL, what will determine if packets are sent between the source and
destination specified by the line?
|
|
if
authentication is enabled via CHAP
|
|
if MD5
encryption algorithm is in effect
|
|
if a TCP
three-way handshake was successfully completed
|
|
if HTML
packets are specifically allowed within the ACL
|
|
0 comments:
Post a Comment