CCNA 640-802 certification questions and and answers,ccna 640-802 exam dumps, ccna 640-802 certification exam questions and answers, ccna practice questions and answers for freshers and experienced, ccna dumps questions and answers pdf, ccna interview questions and answers Page 22 -- Infibee
Home
106.
What router command allows you to determine whether an IP access list is enabled on a particular interface?
  • A.
    show ip port
  • B.
    show access-lists
  • C.
    show ip interface
  • D.
    show access-lists interface
  • Answer & Explanation
  • Report
Answer : [C]
Explanation :
Only the show ip interface command will tell you which interfaces have access lists applied. show access-lists will not show you which interfaces have an access list applied.
Report
Name Email  
107.
Which router command allows you to view the entire contents of all access lists?
  • A.
    Router#show interface
  • B.
    Router>show ip interface
  • C.
    Router#show access-lists
  • D.
    Router>show all access-lists
  • Answer & Explanation
  • Report
Answer : [C]
Explanation :
The show access-lists command will allow you to view the entire contents of all access lists, but it will not show you the interfaces to which the access lists are applied.
Report
Name Email  
108.
If you wanted to deny all Telnet connections to only network 192.168.10.0, which command could you use?
  • A.
    access-list 100 deny tcp 192.168.10.0 255.255.255.0 eq telnet
  • B.
    access-list 100 deny tcp 192.168.10.0 0.255.255.255 eq telnet
  • C.
    access-list 100 deny tcp any 192.168.10.0 0.0.0.255 eq 23
  • D.
    access-list 100 deny 192.168.10.0 0.0.0.255 any eq 23
  • Answer & Explanation
  • Report
Answer : [C]
Explanation :
The extended access list ranges are 100–199 and 2000–2699, so the access-list number of 100 is valid. Telnet uses TCP, so the protocol TCP is valid. Now you just need to look for the source and destination address. Only the third option has the correct sequence of parameters. Answer B may work, but the question specifically states "only" to network 192.168.10.0, and the wildcard in answer B is too broad.
Report
Name Email  
109.
If you wanted to deny FTP access from network 200.200.10.0 to network 200.199.11.0 but allow everything else, which of the following command strings is valid?
  • A.
    access-list 110 deny 200.200.10.0 to network 200.199.11.0 eq ftp
    access-list 111 permit ip any 0.0.0.0 255.255.255.255
  • B.
    access-list 1 deny ftp 200.200.10.0 200.199.11.0 any any
  • C.
    access-list 100 deny tcp 200.200.10.0 0.0.0.255 200.199.11.0 0.0.0.255 eq ftp
  • D.
    access-list 198 deny tcp 200.200.10.0 0.0.0.255 200.199.11.0 0.0.0.255 eq ftp
    access-list 198 permit ip any 0.0.0.0 255.255.255.255
  • Answer & Explanation
  • Report
Answer : [D]
Explanation :
Extended IP access lists use numbers 100–199 and 2000–2699 and filter based on source and destination IP address, protocol number, and port number. The last option is correct because of the second line that specifies permit ip any any. (I used 0.0.0.0 255.255.255.255, which is the same as the any option.) The third option does not have this, so it would deny access but not allow everything else.
Report
Name Email  
110.
You want to create a standard access list that denies the subnet of the following host:
172.16.50.172/20. Which of the following would you start your list with?
  • A.
    access-list 10 deny 172.16.48.0 255.255.240.0
  • B.
    access-list 10 deny 172.16.0.0 0.0.255.255
  • C.
    access-list 10 deny 172.16.64.0 0.0.31.255
  • D.
    access-list 10 deny 172.16.48.0 0.0.15.255
  • Answer & Explanation
  • Report
Answer : [D]
Explanation :
First, you must know that a /20 is 255.255.240.0, which is a block size of 16 in the third octet. Counting by 16s, this makes our subnet 48 in the third octet, and the wildcard for the third octet would be 15 since the wildcard is always one less than the block size.
Report
Name Email