Embed Doc
Copy Link
Readcast
Collections

1
CommentGo Back

Download

DRSEnt Chapter 8 - CCNA Discovery: Introducing Routing and Switching in the Enterprise (Version 4.0)

Which ACL statement permits host 10.220.158.10 access to the web server 192.168.3.224?access-list 101 permit tcp host 10.220.158.10 eq 80 host 192.168.3.224access-list 101 permit tcp 10.220.158.10 0.0.0.0 host 192.168.3.224 0.0.0.0 eq 80access-list 101 permit host 10.220.158.10 0.0.0.0 host 192.168.3.224 0.0.0.0 eq 80access-list 101 permit tcp 10.220.158.10 0.0.0.0 host 192.168.3.224 eq 80

ACL logging generates what type of syslog message?unstable networkwarninginformationalcritical situation

What effect does the command

reload in 30

have when entered into a router?If a router process freezes, the router reloads automatically.If a packet from a denied source attempts to enter an interface where an ACL is applied, the router reloads in 30 minutes.If a remote connection lasts for longer than 30 minutes, the router forces the remote user off.A router automatically reloads in 30 minutes.

Refer to the exhibit. The access list has been applied inbound to interface S0/0/0 on R2. Which two traffic types will reach theserver?(Choose two.)IP traffic from host 10.1.1.20web traffic from HostAIP traffic from host 192.168.1.1UDP traffic from network 10.1.2.0HTTP traffic from network 10.1.1.0

Which two statements are true about standard and extended ACLs? (Choose two.)Extended ACLs filter only on source addresses and must be placed near the destination address.Standard ACLs are usually placed so that all packets go through the network and are filtered at the destination.Standard ACLs are used when filtering complex requirements, such as specific protocols.Extended ACLs filter with many possible factors, and are placed near the source address to reduce traffic across the network.Properly designed ACLs have a negative impact on network availability and performance.

Refer to the exhibit. Which two host addresses from the 172.16.31.64/27 subnet are able to telnet into the router to make configurationchanges? (Choose two.)172.16.31.33172.16.31.64172.16.31.77172.16.31.92172.16.31.95172.16.31.96

Traffic from the 64.104.48.0 to 64.104.63.255 range must be denied access to the network. What wildcard mask would the networkadministrator configure in the access list to cover this range?0.0.15.2550.0.47.2550.0.63.255255.255.240.0

Why are inbound ACLs more efficient for the router than outbound ACLs?Inbound ACLs deny packets before routing lookups are required.Inbound ACL operation requires less network bandwidth than outbound.Inbound ACLs permit or deny packets to LANs, which are typically more efficient than WANs.Inbound ACLs are applied to Ethernet interfaces, while outbound ACLs are applied to slower serial interfaces.

Refer to the exhibit. A network administrator needs to add the command

deny ip 10.0.0.0 0.255.255.255 any log

to R3. After addingthe command, the administrator verifies the change using the

show access-list

command. What sequence number does the newentry have?010, and all other items are shifted down to the next sequence number 5060

A security administrator wants to secure password exchanges on the vty lines on all routers in the enterprise. What option should beimplemented to ensure that passwords are not sent in clear text across the public network?Use Telnet with an authentication server to ensure effective authentication.Apply an access list on the router interfaces to allow only authorized computers.Apply an access list on the vty line to allow only authorized computers.Use only Secure Shell (SSH) on the vty lines.

Refer to the exhibit. The network administrator of a company needs to configure the router RTA to allow its business partner (Partner A)to access the web server located in the internal network. The web server is assigned a private IP address, and a static NAT isconfigured on the router for its public IP address. Finally, the administrator adds the ACL. However, Partner A is denied access to theweb server. What is the cause of the problem?Port 80 should be specified in the ACL.The public IP address of the server, 209.165.201.5, should be specified as the destination.The ACL should be applied on the s0/0 outbound interface.The source address should be specified as 198.133.219.0 255.255.255.0 in the ACL.

What are two possible uses of access control lists in an enterprise network? (Choose two.)limiting debug outputsreducing the processing load on routersallowing Layer 2 traffic to be filtered by a router controlling virtual terminal access to routerscontrolling the physical status of router interfaces

1 3

Refer to the exhibit. The new security policy for the company allows all IP traffic from the Engineering LAN to the Internet while onlyweb traffic from the Marketing LAN is allowed to the Internet. Which ACL can be applied in the outbound direction of Serial 0/1 on theMarketing router to implement the new security policy?

access-list 197 permit ip 192.0.2.0 0.0.0.255 anyaccess-list 197 permit ip 198.18.112.0 0.0.0.255 any eq wwwaccess-list 165 permit ip 192.0.2.0 0.0.0.255 anyaccess-list 165 permit tcp 198.18.112.0 0.0.0.255 any eq wwwaccess-list 165 permit ip any anyaccess-list 137 permit ip 192.0.2.0 0.0.0.255 anyaccess-list 137 permit tcp 198.18.112.0 0.0.0.255 any eq wwwaccess-list 89 permit 192.0.2.0 0.0.0.255 anyaccess-list 89 permit tcp 198.18.112.0 0.0.0.255 any eq www1 4

Refer to the exhibit. Company policy for the network that is shown indicates the following guidelines:1) All hosts on the 192.168.3.0/24 network, except host 192.168.3.77, should be able to reach the 192.168.2.0/24 network.2) All hosts on the 192.168.3.0/24 network should be able to reach the 192.168.1.0/24 network.3) All other traffic originating from the 192.168.3.0 network should be denied.Which set of ACL statements meets the stated requirements when they are applied to the Fa0/0 interface of router R2 in the inbound direction?access-list 101 deny ip any anyaccess-list 101 deny ip 192.168.3.77 0.0.0.0 192.168.2.0 0.0.0.255access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255access-list 101 deny ip 192.168.3.77 0.0.0.0 192.168.2.0 0.0.0.255access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255access-list 101 deny ip 192.168.3.77 0.0.0.0 192.168.2.0 0.0.0.255access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255access-list 101 deny ip 192.168.3.77 0.0.0.0 192.168.2.0 0.0.0.255access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255access-list 101 permit ip any anyaccess-list 101 deny ip 192.168.3.77 0.0.0.0 192.168.2.0 0.0.0.255access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.0.0 0.0.255.255

Category:	Uncategorized.
Rating:
Upload Date:	05/18/2009
Copyright:	Attribution Non-commercial
Tags:	This document has no tags.

Documents

People