Security - Security
- Home
- Computer Science & Engineering
- Networking Questions and Answers
- Security - Security
| 1. | Which of the following commands connect access list 110 inbound to interface ethernet0? |
|||||||
Answer: Option C Explanation: To place an access list on an interface, use the ip access-group command in interface configuration mode. |
| 2. | Which of the following series of commands will restrict Telnet access to the router? |
|||||||
Answer: Option C Explanation: Telnet access to the router is restricted by using either a standard or extended IP access list inbound on the VTY lines of the router. The command access-class is used to apply the access list to the VTY lines. |
| 3. | If you wanted to deny FTP access from network 200.200.10.0 to network 200.199.11.0 but allow everything else, which of the following command strings is valid? |
|||||||
Answer: Option D Explanation: Extended IP access lists use numbers 100-199 and 2000-2699 and filter based on source and destination IP address, protocol number, and port number. The last option is correct because of the second line that specifies permit ip any any. (I used 0.0.0.0 255.255.255.255, which is the same as the any option.) The third option does not have this, so it would deny access but not allow everything else. |
| 4. | Which of the following are valid ways to refer only to host 172.16.30.55 in an IP access list?
|
|||||||
Answer: Option B Explanation: The wildcard 0.0.0.0 tells the router to match all four octets. This wildcard format alone can be replaced with the host command. |
| 5. | Which of the following access lists will allow only HTTP traffic into network 196.15.7.0? |
|||||||||
Answer: Option A Explanation: The first thing to check in a question like this is the access-list number. Right away, you can see that the second option is wrong because it is using a standard IP access-list number. The second thing to check is the protocol. If you are filtering by upper-layer protocol, then you must be using either UDP or TCP; this eliminates the fourth option. The third and last answers have the wrong syntax. |
| 6. | Which router command allows you to view the entire contents of all access lists? |
|||||||
Answer: Option C Explanation: The show access-lists command will allow you to view the entire contents of all access lists, but it will not show you the interfaces to which the access lists are applied. |
| 7. | If you wanted to deny all Telnet connections to only network 192.168.10.0, which command could you use? |
|||||||
Answer: Option C Explanation: The extended access list ranges are 100-199 and 2000-2699, so the access-list number of 100 is valid. Telnet uses TCP, so the protocol TCP is valid. Now you just need to look for the source and destination address. Only the third option has the correct sequence of parameters. Answer B may work, but the question specifically states "only" to network 192.168.10.0, and the wildcard in answer B is too broad. |
| 8. | You want to create a standard access list that denies the subnet of the following host: 172.16.198.94/19. Which of the following would you start your list with? |
|||||||
Answer: Option A Explanation: First, you must know that a /19 is 255.255.224.0, which is a block size of 32 in the third octet. Counting by 32, this makes our subnet 192 in the third octet, and the wildcard for the third octet would be 31 since the wildcard is always one less than the block size. |