You are on page 1of 12

c

Accessing the WAN - Chapter - 5

1 By default, how is IP traffic filtered in a Cisco router? c
c
cc c
c c c  cc
cc c  
c  c
c  cc c
 
c  c c   
cc c
c c c  cc
cc c
 
c  c
c  cc c  
c  c c
c
c 
  c  c c  
cc 
c  c c cc c  c cc
c
c
2 Which three parameters can ACLs use to filter traffic? (Choose three.) c
c 
 ccc   
c  
cc  

c  cc  
c  cc  

c  
c  cc  
c  
c  cc
c
c 
  c  c c  
cc 
c  c c c cc cc c cc c  c
c
c
3 How do Cisco standard ACLs filter traffic? c
c
c  c c cc
c  c cc
c 
c! c  cc
c 
c c cc
c  c! c  cc
c
c 
  c  c c  
cc 
c  c c cc c  c cc
c
c
_ Which two statements are correct about extended ACLs? (Choose two)c
c
" c#$%c 
c c 
 c &c c'((cc
" c#$%cc) *c c c  c  cc
" c#$%c 
c *c 
c c  c  cc
 c 
 c c c 
c c c&   c  c c c#$%c c   

c#$%c c c cc *c c  c c&c c *c cc *c c   
cc
c
c 
  c  c c  
cc 
c  c c c cc c cc c  c
c
c
5 Where should a standard access control list be placed? c
c 
c c *c 
cc 
c c *c  cc 
c c" *  c cc 
c c  c cc
c
c 
  c  c c  
cc 
c  c c cc c  c cc
+c c  c c * c cc c
c
c
6 Which three statements describe ACL processing of packets? (Choose
three.)c
c
#c cc c , c c  c * cc c *c c#$%c  cc
#c  c c * c c , c c  ) c c  c c *c  c * cc 
*cc
#c  c * c* c cc cc  c c c  c c c
- 
c 
 cc
#c  c * cc c *c *c c c c#$%c  c)c c  ) c
c  
cc
" *c  cc*cc  
c c *cc  c c  
c *cc c *c#$%c 
 c cc
" *c  cc c c *c c c  c  cc *c#$%c   c c 
) &ccc cc
c
c 
  c  c c  
cc 
c  c c c cc cc c c.c c  c
c

c
ß Which two statements are true regarding the significance of the access
control list wildcard mask 0.0.0.ß? (Choose two.) c
/*c   c(c  c c c&c! c  c)c c& c c
/*c  cc  c c c&c! c  c)c c& cc
/*c   cc  c c c&c! c  c)c c*cc
/*c   c(c  c c c&c! c  c)c c*cc
/*c  cc  c c c&c! c  c)c c*cc
c
c 
  c  c c  
cc 
c  c c c cc c cc c  c
c
c
8 Which two statements are true regarding the following extended ACL?
(Choose two.)c
' c+cc c01+c+++..c c-c+c c
' c+cc c01+c+++..c c-cc c
' c+c  cc c cc
c
2/ c c & &c c ) c01+3ccc c
#c cc ccc
2/ c c c  c *c01+3c ) cccc
/ c c & &cc ) c01+3cccc
4 c c & &c c01+cc  cc
c
c 
  c  c c  
cc 
c  c c c cc c c.c c  c
c
c
V Interface s0/0/0 already has an IP ACL applied inbound. What happens
when the network administrator attempts to apply a second inbound IP
ACL?c
c
/*cc#$%cc c c *c  c  &c *c   cc
5 *c#$%c c c c *c  cc
/*c ) c   c c c  cc 
c *c   c#$%c  c c c *c  cc
c
c 
  c  c c  
cc 
c  c c cc c  c cc
c
10Refer to the exhibit. When creating an extended ACL to deny traffic
from the 1V2.168.30.0 network destined for the Web server
20V.165.201.30, where is the best location for applying the ACL? c

c
!6 c2 +3+c
 
cc
:c6+3+3c  
cc
:c2 +3+c  
cc
:c6+3+3c
 
cc
c
c 
  c  c c  
cc 
c  c c cc c  c cc
c
11 Which two statements are true regarding named ACLs? (Choose two.) c
c 
c c#$%c )c cc
7 c c c 
c c*c  c *c  
c c *c#$%c c
7 c#$%c  c c c   &c c * c 
 c#$%cc
$ cc#$%c 
*c c  c#$%c 
c c c) *c c#$%cc  
c * cc c! c#$%c c c & 
cc *c  cc c  
c  
cc
c
c 
  c  c c  
cc 
c  c c c cc c cc c  c
c
c
12 Which three items must be configured before a dynamic ACL can
become active on a router? (Choose three.)
c  
c#$%cc  
c#$%cc 
c&&&cc

*  cc
/ c  cc 

c  
c) *c c &cc c.cc
c
c 
  c  c c  
cc 
c  c c c cc cc c c.c c  c
c
c

13 Refer to the exhibit. How does this access list process a packet with the
source address 10.1.1.1 and a destination of 1V2.168.10.13? c

c
c
! cc )c  
c c *c cc cc
! cc c  
c cc c *c c c *c cc *c#$%c c
! cc )c  
cc+c c *c#$%c )c  c c(18++31cc
! cc )c  
cc+c c *c#$%c )c  c c *c* c(18+c c
c
c 
  c  c c  
cc 
c  c c cc c  c cc
c
c
1_ A network administrator needs to allow traffic through the firew all
router for sessions that originate from within the company network, but
the administrator must block traffic for sessions that originate outside
the network of the company. What type of ACL is most appropriate? c
c 
c 
' cc  
cc 
' cc
c
c 
  c  c c  
cc 
c  c c cc c  c cc
c
15 Refer to the exhibit. How will Router1 treat traffic matching the time-
range requirement of EVERYOTHERDAY?c

c
/$ c c  &c +3+c c01.3c c c *c++3c ) c 
c  cc
/$ c c  &c +3+c c+.3c c c *c01+3c ) c 
c  cc
/ c c  &c +3+c c01.3c c c *c++3c 
) cc  cc
/ c c  &c +3+c c+.3c c c *c01+3c 
) cc  cc
c
c 
  c  c c  
cc 
c  c c cc c  c cc
c
c
16 The following commands were entered on a router: c
c
: 
9 &:;c ' ccc01.cc
: 
9 &:;c ' cc  c cc
c
The ACL is correctly applied to an interface. What can be concluded
about this set of commands?c
c
/*c) c c++++cc  
cc
/*c c c  c c & 
cc
#ccc *c01++c ) c)c cc c c * c ) cc
7c c)c c )c c c cc c cc *c01++c ) cc
c
c 
  c  c c  
cc 
c  c c cc c  c cc
c
1ß Refer to the exhibit. The administrator wishes to block web traffic
from 1V2.168.1.50 from reaching the default port of the web service on
1V2.168.3.30. To do this, the access control list name is applied inbound
on the router R1 LAN interface. After testing the list, the administrator
has noted that the web traffic remains successful. Why is web traffic
reaching the destination?c

c
c
4 c cc c 
c c8+c c  
cc
/*c c cc cc *c) &c  cc
/*c c cc c c c c c *c  cc:cc
/*c &c c 
c  c ccc+cc c 
c* c(18.+cc
c
c 
  c  c c  
cc 
c  c c cc c  c cc
c
c
18 Refer to the exhibit. What will be the effect of the configuration that is
shown? c
c  
c  &c c c* cc *c(18++3c ) c)c c -  
c c 
c c:cc
< c &c c  
cc *c(18++3c ) c* c cc 
c c 
.c 
cc
#c  &c c  c c:c)c* c c  
c c c c c 
c c
/ c c c:c)cc c  cc6  c+3+3cc
c
c 
  c  c c  
cc 
c  c c cc c  c cc
c
c
1V Which statement about standard ACLs is true?c
c
6  c#$%6c 
c c 
 c c  c c c c
/*c* 
c c c cc c *c  c c cc
/*c c   c cc 
c c  c  c c)c cc 
c c  
c cc
4*c c c c
 
c  c&c  c c c   c *c
c  
c c *c
 
c  cc
c
c 
  c  c c  
cc 
c  c c cc c  c cc
c
c
20 Which benefit does an extended ACL offer over a standard ACL? c
c
" c#$%c c c c
c  c#$%c  cc 
c  c#$%c c#$%6c c c cc *c  
c c
 
c   
cc
5 cc  c  c c c#$%c c   c  c 
*c c   cc
c' c c  c &cc
!c  c c *c 
c  c c c#$%c c c   cc  c
 c  c c c 
c cc
c
c 
  c  c c  
cc 
c  c c cc c  c cc
c
c
21 Which feature will require the use of a named ACL rather than a
numbered ACL?
c
*c  c c   c c cc c c  cc
*c  c c   c c cc c  c  c  
c c  cc
*c  c c c 
c c  c  c c 
c)*c  &c cc
*c  c c c *c#$%c c c   c  cc *cc c *c c
) *
c &c c '  &c *c cc
c
c 
  c  c c  
cc 
c  c c cc c  c cc
c
22 A technician is creating an ACL and needs a way to indicate only the
subnet 1ß2.16.16.0/21. Which combination of network address and
wildcard mask will accomplish the desired task? c
c 
01++c++....cc 
011+c+++..cc 
011+c++0..cc 
011+c++...cc 
011+c++....c c
c
c 
  c  c c  
cc 
c  c c cc c  c cc
c 
cc
c
Refer to the exhibit. Which statement is true about ACL 110 if ACL 110 is
applied in the inbound direction on S0/0/0 of R1?c

c
c
! c)cc/$ c c c *c!   c c *c cc 
c c *c0++3c 
) cc
! c)c c )c/$ c c&c c *c!   c c  c *c ) c 
0++3cc
! c)c )c c/$ c c c *c!   c c  c *c ) c0++3cc
! c)c  c c/$ c c * c & c c ) c0++3c c  
c 
 
cc *c6+3+3+c  cc
c
c 
  c  c c  
cc 
c  c c cc c  c cc
c
c
2_ Refer to the exhibit. ACL 120 is configured inbound on the serial0/0/0
interface on router R1, but the hosts on network 1ß2.11.10.0/2_ are able
to telnet to network 10.10.0.0/16. On the basis of the provided
configuration, what should be done to remedy the problem? c
c
#c *c#$%c
 
cc *c  +3+3+c  cc  
c:cc
#c *c#$%c
 
cc *c2  " *  +3+c  cc  
c:c c
! 
c *c *c) c c *cc c *c   ccc *c#$%cc
! 
c c  cc *c#$%c cc *c c c * c & c c 
0++3c ) cc
c
c 
  c  c c  
cc 
c  c c cc c  c cc
c

c
25 Refer to the exhibit. An administrator has configured two access lists
on R1. The list inbound on the serial interface is named Serial and the list
inbound on the LAN interface is named LAN. What affect will be
produced by the access control lists? c

c
c
$c)c c c c c  c c:c c $c c
:c)c c c c c 
c) *c $c c $c c
$c  c  c c:c c  c 
 c) *c $cc
$c)c c c c c  c c:c c $c)c c c c c 
c) *c $c c
c
c 
  c  c c  
cc 
c  c c cc c  c cc
c