- Home
- Networking
- CCNA Routing and Switching 200-105
86.
Which of the following wildcard masks is most useful for matching all IP packets in
subnet 10.1.128.0, mask 255.255.240.0?
- A.0.0.0.0
- B.0.0.0.31
- C.0.0.0.240
- D.0.0.0.255
- E.0.0.15.255
- F.0.0.248.255
- Answer & Explanation
- Report
Answer : [E]
Explanation :
Explanation :
| 0.0.15.255 matches all packets with the same first 20 bits. This is useful when you want to match a subnet in which the subnet part comprises the first 20 bits, as in this case. |
87.
ACL 1 has three statements, in the following order, with address and wildcard mask
values as follows: 1.0.0.0 0.255.255.255, 1.1.0.0 0.0.255.255, and 1.1.1.0 0.0.0.255.
If a router tried to match a packet sourced from IP address 1.1.1.1 using this ACL,
which ACL statement does a router consider the packet to have matched?
- A.First
- B.Second
- C.Third
- D.Implied deny at the end of the ACL
- Answer & Explanation
- Report
Answer : [A]
Explanation :
Explanation :
| The router always searches the ACL statements in order, and stops trying to match ACL statements after a statement is matched. In other words, it uses first-match logic. A packet with source IP address 1.1.1.1 would match any of the three explicitly configured commands described in the question. As a result, the first statement will be used. |
88.
Which of the following access-list commands matches all packets sent from hosts in
subnet 172.16.4.0/23?
- A.access-list 1 permit 172.16.0.5 0.0.255.0
- B.access-list 1 permit 172.16.4.0 0.0.1.255
- C.access-list 1 permit 172.16.5.0
- D.access-list 1 permit 172.16.5.0 0.0.0.127
- Answer & Explanation
- Report
Answer : [B]
Explanation :
Explanation :
| One wrong answer, with wildcard mask 0.0.255.0, matches all packets that begin with 172.16, with a 5 in the last octet. One wrong answer matches only specific IP address 172.16.5.0. One wrong answer uses a wildcard mask of 0.0.0.128, which has only one wildcard bit (in binary), and happens to only match addresses 172.16.5.0 and 172.16.5.128. The correct answer matches the range of addresses 172.16.4.0– 172.16.5.255. |
89.
Which of the following fields cannot be compared based on an extended IP ACL?
(Choose two answers.)
- A.Protocol
- B.Source IP address
- C.Destination IP address
- D.TOS byte
- E.URL
- F.Filename for FTP transfers
- Answer & Explanation
- Report
Answer : [E and F]
Explanation :
Explanation :
| Extended ACLs can look at the Layer 3 (IP) and Layer 4 (TCP, UDP) headers and a few others, but not any application layer information. Named extended ACLs can look for the same fields as numbered extended ACLs. |
90.
Which of the following access-list commands permit packets going from host
10.1.1.1 to all web servers whose IP addresses begin with 172.16.5? (Choose two
answers.)
- A.access-list 101 permit tcp host 10.1.1.1 172.16.5.0 0.0.0.255 eq www
- B.access-list 1951 permit ip host 10.1.1.1 172.16.5.0 0.0.0.255 eq www
- C.access-list 2523 permit ip host 10.1.1.1 eq www 172.16.5.0 0.0.0.255
- D.access-list 2523 permit tcp host 10.1.1.1 eq www 172.16.5.0 0.0.0.255
- E.access-list 2523 permit tcp host 10.1.1.1 172.16.5.0 0.0.0.255 eq www
- Answer & Explanation
- Report
Answer : [A and E]
Explanation :
Explanation :
| The correct range of ACL numbers for extended IP access lists is 100 to 199 and 2000 to 2699. The answers that list the eq www parameter after 10.1.1.1 match the source port number, and the packets are going toward the web server, not away from it. |
|
|
||||||||||||||||||||||||||||
