Scribd Logo
Upload

Welcome to Scribd!

  • Chapter 8 With Answers

    Uploaded by

    Janette Forrest
    58 views8 pages

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    58 views8 pages

    Chapter 8 With Answers

    Uploaded by

    Janette Forrest

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 8

    1

    8efer Lo Lhe exhlblL A neLwork admlnlsLraLor needs Lo add Lhe command deny lp 10000
    0233233233 any log Lo 83 AfLer addlng Lhe command Lhe admlnlsLraLor verlfles Lhe change uslng
    Lhe show accessllsL command WhaL sequence number does Lhe new enLry have?
    - 0
    - 10 and all oLher lLems are shlfLed down Lo Lhe nexL sequence number
    - 30
    - 60


    2

    8efer Lo Lhe exhlblL WhaL happens lf Lhe neLwork admlnlsLraLor lssues Lhe commands shown when
    an ACL called Managers already exlsLs on Lhe rouLer?
    - 1he new commands overwrlLe Lhe currenL Managers ACL
    - 1he new commands are added to the end of the current Managers ACL
    - 1he new commands are added Lo Lhe beglnnlng of Lhe currenL Managers ACL
    - An error appears sLaLlng LhaL Lhe ACL already exlsLs


    3 Why are lnbound ACLs more efflclenL for Lhe rouLer Lhan ouLbound ACLs?
    - Inbound ACLs deny packets before rout|ng |ookups are requ|red
    - lnbound ACL operaLlon requlres less neLwork bandwldLh Lhan ouLbound
    - lnbound ACLs permlL or deny packeLs Lo LAns whlch are Lyplcally more efflclenL Lhan WAns
    - lnbound ACLs are applled Lo LLherneL lnLerfaces whlle ouLbound ACLs are applled Lo slower serlal
    lnLerfaces


    4

    8efer Lo Lhe exhlblL 1he neLwork admlnlsLraLor of a company needs Lo conflgure Lhe rouLer 81A Lo
    allow lLs buslness parLner (arLner A) Lo access Lhe web server locaLed ln Lhe lnLernal neLwork 1he
    web server ls asslgned a prlvaLe l address and a sLaLlc nA1 ls conflgured on Lhe rouLer for lLs publlc
    l address llnally Lhe admlnlsLraLor adds Lhe ACL Powever arLner A ls denled access Lo Lhe web
    server WhaL ls Lhe cause of Lhe problem?
    - ort 80 shou|d be spec|f|ed |n the ACL
    - 1he publlc l address of Lhe server 2091632013 should be speclfled as Lhe desLlnaLlon
    - 1he ACL should be applled on Lhe s0/0 ouLbound lnLerface
    - 1he source address should be speclfled as 1981332190 2332332330 ln Lhe ACL


    3 ACL logglng generaLes whaL Lype of syslog message?
    - unsLable neLwork
    - warnlng
    - |nformat|ona|
    - crlLlcal slLuaLlon


    6 Whlch Lwo hosL addresses are lncluded ln Lhe range speclfled by 172163164 00031? (Choose
    Lwo)
    - 172163164
    - 172163177
    - 172163178
    - 172163193
    - 172163196


    7 1rafflc from Lhe 64104480 Lo 6410463233 range musL be denled access Lo Lhe neLwork WhaL
    wlldcard mask would Lhe neLwork admlnlsLraLor conflgure ln Lhe access llsL Lo cover Lhls range?
    - 001S2SS
    - 0047233
    - 0063233
    - 2332332400


    8 ACLs are used prlmarlly Lo fllLer Lrafflc WhaL are Lwo addlLlonal uses of ACLs? (Choose Lwo)
    - speclfylng source addresses for auLhenLlcaLlon
    - spec|fy|ng |nterna| hosts for NA1
    - |dent|fy|ng traff|c for oS
    - reorganlzlng Lrafflc lnLo vLAns
    - fllLerlng v1 packeLs


    9 WhaL can an admlnlsLraLor do Lo ensure LhaL lCM uoS aLLacks from Lhe ouLslde are mlLlgaLed as
    much as posslble wlLhouL hamperlng connecLlvlLy LesLs lnlLlaLed from Lhe lnslde ouL?
    - Create an access ||st perm|tt|ng on|y echo rep|y and dest|nat|on unreachab|e packets from the
    outs|de
    - CreaLe an access llsL denylng all lCM Lrafflc comlng from Lhe ouLslde
    - ermlL lCM Lrafflc from only known exLernal sources
    - CreaLe an access llsL wlLh Lhe esLabllshed keyword aL Lhe end of Lhe llne


    10 WhaL effecL does Lhe command reload ln 30 have when enLered lnLo a rouLer?
    - lf a rouLer process freezes Lhe rouLer reloads auLomaLlcally
    - lf a packeL from a denled source aLLempLs Lo enLer an lnLerface where an ACL ls applled Lhe rouLer
    reloads ln 30 mlnuLes
    - lf a remoLe connecLlon lasLs for longer Lhan 30 mlnuLes Lhe rouLer forces Lhe remoLe user off
    - A router automat|ca||y re|oads |n 30 m|nutes


    11

    8efer Lo Lhe exhlblL 1he followlng commands were enLered on 818
    818(conflg)# accessllsL 4 deny 1921682016 00013
    818(conflg)# accessllsL 4 permlL any
    818(conflg)# lnLerface serlal 0/0/0
    818(conflglf)# lp accessgroup 4 ln
    Whlch addresses do Lhese commands block access Lo 818?
    - 1921682017 Lo 1921682031
    - 1921682016 to 1921682031*
    - 1921682016 Lo 1921682032
    - 1921682016 Lo 1921682033


    12

    8efer Lo Lhe exhlblL 1he new securlLy pollcy for Lhe company allows all l Lrafflc from Lhe
    Lnglneerlng LAn Lo Lhe lnLerneL whlle only web Lrafflc from Lhe MarkeLlng LAn ls allowed Lo Lhe
    lnLerneL Whlch ACL can be applled ln Lhe ouLbound dlrecLlon of Serlal 0/1 on Lhe MarkeLlng rouLer
    Lo lmplemenL Lhe new securlLy pollcy?
    - accessllsL 197 permlL lp 192020 000233 any
    accessllsL 197 permlL lp 198181120 000233 any eq www
    - accessllsL 163 permlL lp 192020 000233 any
    accessllsL 163 permlL Lcp 198181120 000233 any eq www
    accessllsL 163 permlL lp any any
    - access||st 137 perm|t |p 192020 0002SS any
    access||st 137 perm|t tcp 198181120 0002SS any eq www
    - accessllsL 89 permlL 192020 000233 any
    accessllsL 89 permlL Lcp 198181120 000233 any eq www


    13 Whlch Lhree sLaLemenLs are Lrue concernlng sLandard and exLended ACLs? (Choose Lhree)
    - LxLended ACLs are usually placed so LhaL all packeLs go Lhrough Lhe neLwork and are fllLered aL Lhe
    desLlnaLlon
    - Standard ACLs are usua||y p|aced so that a|| packets go through the network and are f||tered at
    the dest|nat|on
    - LxLended ACLs fllLer based on source address only and musL be placed near Lhe desLlnaLlon lf
    oLher Lrafflc ls Lo flow
    - Standard ACLs f||ter based on source address on|y and must be p|aced near the dest|nat|on |f
    other traff|c |s to f|ow
    - Lxtended ACLs f||ter w|th many poss|b|e factors and they a||ow on|y des|red packets to pass
    through the network |f p|aced near the source
    - SLandard ACLs fllLer wlLh many posslble facLors and Lhey allow only deslred packeLs Lo pass
    Lhrough Lhe neLwork lf placed near Lhe source


    14

    8efer Lo Lhe exhlblL Company pollcy for Lhe neLwork LhaL ls shown lndlcaLes Lhe followlng
    guldellnes
    1) All hosLs on Lhe 19216830/24 neLwork excepL hosL 192168377 should be able Lo reach Lhe
    19216820/24 neLwork
    2) All hosLs on Lhe 19216830/24 neLwork should be able Lo reach Lhe 19216810/24 neLwork
    3) All oLher Lrafflc orlglnaLlng from Lhe 19216830 neLwork should be denled
    Whlch seL of ACL sLaLemenLs meeLs Lhe sLaLed requlremenLs when Lhey are applled Lo Lhe la0/0
    lnLerface of rouLer 82 ln Lhe lnbound dlrecLlon?
    - accessllsL 101 deny lp any any
    accessllsL 101 deny lp 192168377 0000 19216820 000233
    accessllsL 101 permlL lp 19216830 000233 19216820 000233
    accessllsL 101 permlL lp 19216830 000233 19216810 000233
    - accessllsL 101 permlL lp 19216830 000233 19216820 000233
    accessllsL 101 deny lp 192168377 0000 19216820 000233
    accessllsL 101 permlL lp 19216830 000233 19216810 000233
    - access||st 101 deny |p 192168377 0000 19216820 0002SS
    access||st 101 perm|t |p 19216830 0002SS 19216820 0002SS
    access||st 101 perm|t |p 19216830 0002SS 19216810 0002SS
    - accessllsL 101 permlL lp 19216830 000233 19216820 000233
    accessllsL 101 deny lp 192168377 0000 19216820 000233
    accessllsL 101 permlL lp 19216830 000233 19216810 000233
    accessllsL 101 permlL lp any any
    - accessllsL 101 deny lp 192168377 0000 19216820 000233
    accessllsL 101 permlL lp 19216830 000233 19216800 00233233


    13

    PosLs from Lhe Llmerlck LAn are noL allowed access Lo Lhe Shannon LAn buL should be able Lo access
    Lhe lnLerneL Whlch seL of commands wlll creaLe a sLandard ACL LhaL wlll apply Lo Lrafflc on Lhe
    Shannon rouLer lnLerface la0/0 lmplemenLlng Lhls securlLy?
    - accessllsL 42 deny 172191230 000233 192020 000233
    accessllsL 42 permlL any
    - access||st S6 deny 172191230 0002SS
    access||st S6 perm|t any
    - accessllsL 61 deny 172191230 0000
    accessllsL 61 permlL any
    - accessllsL 87 deny lp any 192020 000233
    accessllsL 87 permlL lp any


    16

    8efer Lo Lhe exhlblL A neLwork admlnlsLraLor needs Lo conflgure an access llsL LhaL wlll allow Lhe
    managemenL hosL wlLh an l address of 1921681023/24 Lo be Lhe only hosL Lo remoLely access
    and conflgure rouLer 81A All vLy and enable passwords are conflgured on Lhe rouLer Whlch group
    of commands wlll accompllsh Lhls Lask?
    - kouter(conf|g)# access||st 101 perm|t tcp any 192168102S 0000 eq te|net
    kouter(conf|g)# access||st 101 deny |p any any
    kouter(conf|g)# |nt s0]0
    kouter(conf|g|f)# |p accessgroup 101 |n
    kouter(conf|g|f)# |nt fa0]0
    kouter(conf|g|f)#|p accessgroup 101 |n
    - 8ouLer(conflg)# accessllsL 10 permlL 1921681023 eq LelneL
    8ouLer(conflg)# accessllsL 10 deny any
    8ouLer(conflg)# llne vLy 0 4
    8ouLer(conflgllne)#accessgroup 10 ln
    - 8ouLer(conflg)# accessllsL 86 permlL hosL 1921681023
    8ouLer(conflg)# llne vLy 0 4
    8ouLer(conflgllne)# accessclass 86 ln
    - 8ouLer(conflg)# accessllsL 123 permlL Lcp 1921681023 any eq LelneL
    8ouLer(conflg)# accessllsL 123 deny lp any any
    8ouLer(conflg)# lnL s0/0
    8ouLer(conflglf)# lp accessgroup 123 ln


    17 Whlch ACL permlLs hosL 1022013810 access Lo Lhe web server 1921683244?
    - accessllsL 101 permlL Lcp hosL 1022013810 eq 80 hosL 1921683224
    - accessllsL 101 permlL Lcp 1022013810 0000 hosL 1921683224 0000 eq 80
    - accessllsL 101 permlL hosL 1022013810 0000 hosL 1921683224 0000 eq 80
    - access||st 101 perm|t tcp 102201S810 0000 host 1921683224 eq 80


    18 Whlch wlldcard mask would maLch Lhe hosL range for Lhe subneL 19216332 /27?
    - 00032
    - 00063
    - 0063233
    - 00031


    19 A securlLy admlnlsLraLor wanLs Lo secure password exchanges on Lhe vLy llnes on all rouLers ln
    Lhe enLerprlse WhaL opLlon should be lmplemenLed Lo ensure LhaL passwords are noL senL ln clear
    LexL across Lhe publlc neLwork?
    - use 1elneL wlLh an auLhenLlcaLlon server Lo ensure effecLlve auLhenLlcaLlon
    - Apply an access llsL on Lhe rouLer lnLerfaces Lo allow only auLhorlzed compuLers
    - Apply an access llsL on Lhe vLy llne Lo allow only auLhorlzed compuLers
    - Use on|y Secure She|| (SSn) on the vty ||nes


    20

    8efer Lo Lhe exhlblL An admlnlsLraLor noLes a slgnlflcanL lncrease ln Lhe amounL of Lrafflc enLerlng
    Lhe neLwork from Lhe lS 1he admlnlsLraLor clears Lhe accessllsL counLers AfLer a few mlnuLes Lhe
    admlnlsLraLor agaln checks Lhe accessllsL Lable WhaL can be concluded from Lhe mosL recenL
    ouLpuL shown?
    - A small amounL of P11 Lraflc ls an lndlcaLlon LhaL Lhe web server was noL conflgured correcLly
    - A larger amounL of C3 Lrafflc (compared wlLh SM1 Lrafflc) lndlcaLes LhaL Lhere are more C3
    emall cllenLs Lhan SM1 cllenLs ln Lhe enLerprlse
    - A |arge amount of ICM traff|c |s be|ng den|ed at the |nterface wh|ch can be an |nd|cat|on of a
    DoS attack
    - A larger amounL of emall Lrafflc (compared wlLh web Lrafflc) ls an lndlcaLlon LhaL aLLackers malnly
    LargeLed Lhe emall server

    You might also like