Cnca cisco

Solo disponible en BuenasTareas
  • Páginas : 9 (2014 palabras )
  • Descarga(s) : 0
  • Publicado : 30 de noviembre de 2010
Leer documento completo
Vista previa del texto
CCNA4 v 4.0 Exam chapter 5 ACLs
1. By default, how is IP traffic filtered in a Cisco router? blocked in and out of all interfaces blocked on all inbound interfaces, but permitted on all outbound interfaces permitted in and out of all interfaces blocked on all outbound interfaces, but permitted on all inbound interfaces 2. Which three parameters can ACLs use to filter traffic? (Choose three.)packet size protocol suite source address destination address source router interface destination router interface 3. How do Cisco standard ACLs filter traffic? by destination UDP port by protocol type by source IP address by source UDP port by destination IP address 4. Which two statements are correct about extended ACLs? (Choose two) Extended ACLs use a number range from 1-99. Extended ACLs endwith an implicit permit statement. Extended ACLs evaluate the source and destination addresses. Port numbers can be used to add greater definition to an ACL. Multiple ACLs can be placed on the same interface as long as they are in the same direction. 5. Where should a standard access control list be placed? close to the source close to the destination on an Ethernet port on a serial port 6. Whichthree statements describe ACL processing of packets? (Choose three.) An implicit deny any rejects any packet that does not match any ACL statement. A packet can either be rejected or forwarded as directed by the statement that is matched. A packet that has been denied by one statement can be permitted by a subsequent statement. A packet that does not match the conditions of any ACL statements will beforwarded by default. Each statement is checked only until a match is detected or until the end of the ACL statement list. Each packet is compared to the conditions of every statement in the ACL before a forwarding decision is made. 7. Which two statements are true regarding the significance of the access control list wildcard mask 0.0.0.7? (Choose two.) The first 29 bits of a given IP addresswill be ignored. The last 3 bits of a given IP address will be ignored. The first 32 bits of a given IP address will be checked. The first 29 bits of a given IP address will be checked. The last 3 bits of a given IP address will be checked. 8. Which two statements are true regarding the following extended ACL? (Choose two.) access-list 101 deny tcp 172.16.3.0 0.0.0.255 any eq 20 access-list 101 denytcp 172.16.3.0 0.0.0.255 any eq 21 access-list 101 permit ip any any FTP traffic originating from network 172.16.3.0/24 is denied. All traffic is implicitly denied. FTP traffic destined for the 172.16.3.0/24 network is denied. Telnet traffic originating on network 172.16.3.0/24 is denied. Web traffic originating from 172.16.3.0 is permitted. 9. Interface s0/0/0 already has an IP ACL appliedinbound. What happens when the network administrator attempts to apply a second inbound IP ACL? The second ACL is applied to the interface, replacing the first. Both ACLs are applied to the interface. The network administrator receives an error. Only the first ACL remains applied to the interface. 10. Refer to the exhibit. When creating an extended ACL to deny traffic from the 192.168.30.0 networkdestined for the Web server 209.165.201.30, where is the best location for applying the ACL?

ISP Fa0/0 outbound R2 S0/0/1 inbound R3 Fa0/0 inbound R3 S0/0/1 outbound 11. Which two statements are true regarding named ACLs? (Choose two.) Only named ACLs allow comments. Names can be used to help identify the function of the ACL. Named ACLs offer more specific filtering options than numbered ACLs.Certain complex ACLs, such as reflexive ACLs, must be defined with named ACLs. More than one named IP ACL can be configured in each direction on a router interface. 12. Which three items must be configured before a dynamic ACL can become active on a router? (Choose three.) extended ACL reflexive ACL console logging authentication Telnet connectivity user account with a privilege level of 15 13....
tracking img