• Embed Doc
  • Copy Link
  • Readcast
  • Collections
  • CommentGo Back
Download
 
 Cisco-Training.net1.Refer to the exhibit. A network administrator needs to add the command deny ip10.0.0.0 0.255.255.255 any log to R3. After adding the command, theadministrator verifies the change using the show access-list command. Whatsequence number does the new entry have?010, and all other items are shifted down to the next sequence number 5060 *****2Refer to the exhibit. What happens if the network administrator issues thecommands shown when an ACL called Managers already exists on the router?The new commands overwrite the current Managers ACL.The new commands are added to the end of the current Managers ACL. *****The new commands are added to the beginning of the current Managers ACL.An error appears stating that the ACL already exists.3Why are inbound ACLs more efficient for the router than outbound ACLs?Inbound ACLs deny packets before routing lookups are required. *****Inbound ACL operation requires less network bandwidth than outbound.Inbound ACLs permit or deny packets to LANs, which are typically moreefficient than WANs.Inbound ACLs are applied to Ethernet interfaces, while outbound ACLs areapplied to slower serial interfaces.4Refer to the exhibit. The network administrator of a company needs to configurethe router RTA to allow its business partner (Partner A) to access the web server located in the internal network. The web server is assigned a private IP address,and a static NAT is configured on the router for its public IP address. Finally,the administrator adds the ACL. However, Partner A is denied access to the webserver. What is the cause of the problem?Port 80 should be specified in the ACL. *****The public IP address of the server, 209.165.201.5, should be specified as thedestination.The ACL should be applied on the s0/0 outbound interface.The source address should be specified as 198.133.219.0 255.255.255.0 in theACL.
 
 Cisco-Training.net5ACL logging generates what type of syslog message?unstable network warninginformational *****critical situation6Which two host addresses are included in the range specified by 172.16.31.640.0.0.31? (Choose two.)172.16.31.64172.16.31.77 ****172.16.31.78 ****172.16.31.95172.16.31.967Traffic from the 64.104.48.0 to 64.104.63.255 range must be denied access tothe network. What wildcard mask would the network administrator configure inthe access list to cover this range?0.0.15.255 *****0.0.47.2550.0.63.255255.255.240.08ACLs are used primarily to filter traffic. What are two additional uses of ACLs?(Choose two.)specifying source addresses for authenticationspecifying internal hosts for NAT ****identifying traffic for QoS ****reorganizing traffic into VLANsfiltering VTP packets9
 
 Cisco-Training.netWhat can an administrator do to ensure that ICMP DoS attacks from the outsideare mitigated as much as possible, without hampering connectivity tests initiatedfrom the inside out?Create an access list permitting only echo reply and destination unreachable packets from the outside. ****Create an access list denying all ICMP traffic coming from the outside.Permit ICMP traffic from only known external sources.Create an access list with the established keyword at the end of the line.10What effect does the command reload in 30 have when entered into a router?If a router process freezes, the router reloads automatically.If a packet from a denied source attempts to enter an interface where an ACL isapplied, the router reloads in 30 minutes.If a remote connection lasts for longer than 30 minutes, the router forces theremote user off.A router automatically reloads in 30 minutes. *****11Refer to the exhibit. The following commands were entered on RTB.RTB(config)# access-list 4 deny 192.168.20.16 0.0.0.15RTB(config)# access-list 4 permit anyRTB(config)# interface serial 0/0/0RTB(config-if)# ip access-group 4 inWhich addresses do these commands block access to RTB?192.168.20.17 to 192.168.20.31192.168.20.16 to 192.168.20.31 ******192.168.20.16 to 192.168.20.32192.168.20.16 to 192.168.20.3312Refer to the exhibit. The new security policy for the company allows all IPtraffic from the Engineering LAN to the Internet while only web traffic from theMarketing LAN is allowed to the Internet. Which ACL can be applied in theoutbound direction of Serial 0/1 on the Marketing router to implement the newsecurity policy?
of 00

Leave a Comment

You must be to leave a comment.
Submit
Characters: ...
You must be to leave a comment.
Submit
Characters: ...