- Home
- Networking
- CCNA
106.
What router command allows you to determine whether an IP access list is enabled on a particular
interface?
- A.show ip port
- B.show access-lists
- C.show ip interface
- D.show access-lists interface
- Answer & Explanation
- Report
Answer : [C]
Explanation :
Explanation :
| Only the show ip interface command will tell you which interfaces have access lists applied. show access-lists will not show you which interfaces have an access list applied. |
107.
Which router command allows you to view the entire contents of all access lists?
- A.Router#show interface
- B.Router>show ip interface
- C.Router#show access-lists
- D.Router>show all access-lists
- Answer & Explanation
- Report
Answer : [C]
Explanation :
Explanation :
| The show access-lists command will allow you to view the entire contents of all access lists, but it will not show you the interfaces to which the access lists are applied. |
108.
If you wanted to deny all Telnet connections to only network 192.168.10.0, which command
could you use?
- A.access-list 100 deny tcp 192.168.10.0 255.255.255.0 eq telnet
- B.access-list 100 deny tcp 192.168.10.0 0.255.255.255 eq telnet
- C.access-list 100 deny tcp any 192.168.10.0 0.0.0.255 eq 23
- D.access-list 100 deny 192.168.10.0 0.0.0.255 any eq 23
- Answer & Explanation
- Report
Answer : [C]
Explanation :
Explanation :
| The extended access list ranges are 100–199 and 2000–2699, so the access-list number of 100 is valid. Telnet uses TCP, so the protocol TCP is valid. Now you just need to look for the source and destination address. Only the third option has the correct sequence of parameters. Answer B may work, but the question specifically states "only" to network 192.168.10.0, and the wildcard in answer B is too broad. |
109.
If you wanted to deny FTP access from network 200.200.10.0 to network 200.199.11.0 but
allow everything else, which of the following command strings is valid?
- A.access-list 110 deny 200.200.10.0 to network 200.199.11.0 eq ftp
access-list 111 permit ip any 0.0.0.0 255.255.255.255 - B.access-list 1 deny ftp 200.200.10.0 200.199.11.0 any any
- C.access-list 100 deny tcp 200.200.10.0 0.0.0.255 200.199.11.0 0.0.0.255 eq ftp
- D.access-list 198 deny tcp 200.200.10.0 0.0.0.255 200.199.11.0 0.0.0.255 eq ftp
access-list 198 permit ip any 0.0.0.0 255.255.255.255
- Answer & Explanation
- Report
Answer : [D]
Explanation :
Explanation :
| Extended IP access lists use numbers 100–199 and 2000–2699 and filter based on source and destination IP address, protocol number, and port number. The last option is correct because of the second line that specifies permit ip any any. (I used 0.0.0.0 255.255.255.255, which is the same as the any option.) The third option does not have this, so it would deny access but not allow everything else. |
110.
You want to create a standard access list that denies the subnet of the following host:
172.16.50.172/20. Which of the following would you start your list with?
172.16.50.172/20. Which of the following would you start your list with?
- A.access-list 10 deny 172.16.48.0 255.255.240.0
- B.access-list 10 deny 172.16.0.0 0.0.255.255
- C.access-list 10 deny 172.16.64.0 0.0.31.255
- D.access-list 10 deny 172.16.48.0 0.0.15.255
- Answer & Explanation
- Report
Answer : [D]
Explanation :
Explanation :
| First, you must know that a /20 is 255.255.240.0, which is a block size of 16 in the third octet. Counting by 16s, this makes our subnet 48 in the third octet, and the wildcard for the third octet would be 15 since the wildcard is always one less than the block size. |
|
|
||||||||||||||||||||||||||||
