- Home
- Networking
- CCNA
101.
You are working on a router that has established privilege levels that restrict access to certain
functions. You discover that you are not able to execute the command show runningconfiguration.
How can you view and confirm the access lists that have been applied to
the Ethernet 0 interface on your router?
- A.show access-lists
- B.show interface Ethernet 0
- C.show ip access-lists
- D.show ip interface Ethernet 0
- Answer & Explanation
- Report
Answer : [D]
Explanation :
Explanation :
| The only command that shows which access lists have been applied to an interface is show ip interface Ethernet 0. The command show access-lists displays all configured access lists, and show ip access-lists displays all configured IP access lists, but neither command indicates whether the displayed access lists have been applied to an interface. |
102.
Which of the following is true regarding access lists applied to an interface?
- A.You can place as many access lists as you want on any interface until you run out of memory.
- B.You can apply only one access list on any interface.
- C.One access list may be configured, per direction, for each layer 3 protocol configured on an interface.
- D.You can apply two access lists to any interface.
- Answer & Explanation
- Report
Answer : [C]
Explanation :
Explanation :
| A Cisco router has rules regarding the placement of access lists on a router interface. You can place one access list per direction for each layer 3 protocol configured on an interface. |
103.
You configure the following access list:
access-list 110 deny tcp 10.1.1.128 0.0.0.63 any eq smtp
access-list 110 deny tcp any eq 23
int ethernet 0
ip access-group 110 out
What will the result of this access list be?
access-list 110 deny tcp any eq 23
int ethernet 0
ip access-group 110 out
- A.Email and Telnet will be allowed out E0.
- B.Email and Telnet will be allowed in E0.
- C.Everything but email and Telnet will be allowed out E0.
- D.No IP traffic will be allowed out E0.
- Answer & Explanation
- Report
Answer : [D]
Explanation :
Explanation :
| If you add an access list to an interface and you do not have at least one permit statement, then you will effectively shut down the interface because of the implicit deny any at the end of every list. |
104.
What command will permit SMTP mail to only host 1.1.1.1?
- A.access-list 10 permit smtp host 1.1.1.1
- B.access-list 110 permit ip smtp host 1.1.1.1
- C.access-list 10 permit tcp any host 1.1.1.1 eq smtp
- D.access-list 110 permit tcp any host 1.1.1.1 eq smtp
- Answer & Explanation
- Report
Answer : [D]
Explanation :
Explanation :
| When trying to find the best answer to an access-list question, always check the access-list number and then the protocol. When filtering to an upper-layer protocol, you must use an extended list, numbers 100–199 and 2000–2699. Also, when you filter to an upper-layer protocol, you must use either tcp or udp in the protocol field. If it says ip in the protocol field, you cannot filter to an upper-layer protocol. SMTP uses TCP. |
105.
Which of the following commands connect access list 110 inbound to interface ethernet0?
- A.Router(config)#ip access-group 110 in
- B.Router(config)#ip access-list 110 in
- C.Router(config-if)#ip access-group 110 in
- D.Router(config-if)#ip access-list 110 in
- Answer & Explanation
- Report
Answer : [C]
Explanation :
Explanation :
| To place an access list on an interface, use the ip access-group command in interface configuration mode. |
|
|
||||||||||||||||||||||||||||
