- Home
- Networking
- CCNA
96.
Which of the following is an example of a standard IP access list?
- A.access-list 110 permit host 1.1.1.1
- B.access-list 1 deny 172.16.10.1 0.0.0.0
- C.access-list 1 permit 172.16.10.1 255.255.0.0
- D.access-list standard 1.1.1.1
- Answer & Explanation
- Report
Answer : [B]
Explanation :
Explanation :
| Standard IP access lists use the numbers 1–99 and 1300–1999 and filter based on source IP address only. Option C is incorrect because the mask must be in wildcard format. |
87.
You need to create an access list that will prevent hosts in the network range of 192.168.160.0
to 192.168.191.0. Which of the following lists will you use?
- A.access-list 10 deny 192.168.160.0 255.255.224.0
- B.access-list 10 deny 192.168.160.0 0.0.191.255
- C.access-list 10 deny 192.168.160.0 0.0.31.255
- D.access-list 10 deny 192.168.0.0 0.0.31.255
- Answer & Explanation
- Report
Answer : [C]
Explanation :
Explanation :
| The range of 192.168.160.0 to 192.168.191.0 is a block size of 32. The network address is 192.168.160.0 and the mask would be 255.255.224.0, which for an access list must be a wildcard format of 0.0.31.255. The 31 is used for a block size of 32. The wildcard is always one less than the block size. |
88.
You have created a named access list called Blocksales. Which of the following is a valid
command for applying this to packets trying to enter interface s0 of your router?
- A.(config)#ip access-group 110 in
- B.(config-if)#ip access-group 110 in
- C.(config-if)#ip access-group Blocksales in
- D.(config-if)#blocksales ip access-list in
- Answer & Explanation
- Report
Answer : [C]
Explanation :
Explanation :
| Using a named access list just replaces the number used when applying the list to the router's interface. ip access-group Blocksales in is correct. |
89.
Which of the following are valid ways to refer only to host 172.16.30.55 in an IP access list?
(Choose two.)
- A.172.16.30.55 0.0.0.255
- B.172.16.30.55 0.0.0.0
- C.any 172.16.30.55
- D.host 172.16.30.55
- E.0.0.0.0 172.16.30.55
- F.ip any 172.16.30.55
- Answer & Explanation
- Report
Answer : [B, D]
Explanation :
Explanation :
| The wildcard 0.0.0.0 tells the router to match all four octets. This wildcard format alone can be replaced with the host command. |
100.
Which of the following access lists will allow only HTTP traffic into network 196.15.7.0?
- A.access-list 100 permit tcp any 196.15.7.0 0.0.0.255 eq www
- B.access-list 10 deny tcp any 196.15.7.0 eq www
- C.access-list 100 permit 196.15.7.0 0.0.0.255 eq www
- D.access-list 110 permit ip any 196.15.7.0 0.0.0.255
- E.access-list 110 permit www 196.15.7.0 0.0.0.255
- Answer & Explanation
- Report
Answer : [A]
Explanation :
Explanation :
| The first thing to check in a question like this is the access-list number. Right away, you can see that the second option is wrong because it is using a standard IP access-list number. The second thing to check is the protocol. If you are filtering by upper-layer protocol, then you must be using either UDP or TCP; this eliminates the fourth option. The third and last answers have the wrong syntax. |
|
|
||||||||||||||||||||||||||||
