Escuela Superior Politcnica de Chimborazo

Cisco Networking Academy

CCNA 2 v5.1

ACLs Examples
1.- A network administrator is configuring ACLs on a Cisco router, to allow traffic from hosts on
networks 192.168.146.0, 192.168.147.0, 192.168.148.0, and 192.168.149.0 only. Which two ACL
statements, when combined, would you use to accomplish this task? (Choose two)
A. access-list 10 permit ip 192.168.146.0 0.0.1.255
B. access-list 10 permit ip 192.168.147.0 0.0.255.255
C. access-list 10 permit ip 192.168.148.0 0.0.1.255
D. access-list 10 permit ip 192.168.149.0 0.0.255.255
E. access-list 10 permit ip 192.168.146.0 0.0.0.255
F. access-list 10 permit ip 192.168.146.0 255.255.255.0

2.- Refer to the exhibit.

ACL 102
access-list 102 deny tcp 172.21.1.1 0.0.0.255 any eq 80
access-list 102 deny ip any any
RouterA#show ip int
FastEthernet0/0 is up, line protocol is up
Internet address is 192.168.1.144/20
Broadcast address is 255.255.255.255
Address determined by DHCP
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is enabled
Outgoing access list is 102
Inbound access list is not set
Proxy ARP is enabled
An attempt to deny web access to a subnet blocks all traffic from the subnet. Which interface
command immediately removes the effect of ACL 102? (Choose one)
A. no ip access-class 102 in
B. no ip access-class 102 out
C. no ip access-group 102 in
D. no ip access-group 102 out
E. no ip access-list 102 in

Instructor: Ing. Miguel Barriga

Escuela Superior Politcnica de Chimborazo

Cisco Networking Academy
CCNA 2 v5.1

3.- Refer to the exhibit.

ACL 10
Statements are written in this order:
A. permit any
B. deny 172.21.1.128 0.0.0.15
C. permit 172.21.1.129 0.0.0.0
D. permit 172.21.1.142 0.0.0.0
Statements A, B, C, and D of ACL 10 have been entered in the shown order and applied to interface
E0 inbound, to prevent all hosts (except those whose addresses are the first and last IP of subnet
172.21.1.128/28) from accessing the network. But as is, the ACL does not restrict anyone from the
network. How can the ACL statements be re-arranged so that the system works as intended?
(Choose one)
A. ACDB
B. BADC
C. DBAC
D. CDBA
4.- Which item represents the standard IP ACL? (Choose one)
Access-list 2500 deny tcp any host 192.168.1.1 eq 22
Access-list 110 permit ip any any
Access-list 50 deny 192.168.1.1 0.0.255.255
Access-list 101 deny tcp any host 192.168.1.1

5- When you are troubleshooting an ACL issue on a router, which command would you use to
verify which interfaces are affected by the ACL? (Choose one)
Show ip interface
Show access-lists
Show interface
Show ip access-lists
List ip interface
6.- Which of the following access lists use the proper syntax to allow all telnet traffic to host
192.168.1.3, from network 192.168.10.0, and apply the list inbound on s0? (Choose one)
router(config):access-list 110 permit ip 192.168.10.0 0.0.0.255 host 192.168.1.3 eq 23
router(config):int e0
router(config-if):ip access-group 110 in

Instructor: Ing. Miguel Barriga

Escuela Superior Politcnica de Chimborazo

Cisco Networking Academy
CCNA 2 v5.1

router(config)>access-list 105 permit tcp 192.168.10.0 0.0.0.255 host 192.168.1.3 eq 25

router(config)>int s0
router(config-if)>ip access-group 105 in
router(config)#access-list 101 permit 23 192.168.10.0 0.0.0.255 host 192.168.1.3 eq telnet
router(config)#int s0
router(config-if)#ip access-group 100 in

router(config)#access-list 100 permit tcp 192.168.10.0 0.0.0.255 host 192.168.1.3 eq 23

router(config)#int s0
router(config-if)#ip access-group 100 in

7. Which of the following commands uses the proper syntax to block all traffic into network
192.168.3.0 except for SSH traffic? (Choose one)
ip access-list 89 permit any tcp 192.168.3.0 0.0.0.255 eq 23
ip access-list 99 permit tcp any 192.168.3.0 0.0.0.255 eq 23
ip access-list 100 permit tcp any 192.168.3.0 0.0.0.255 eq 23 any
ip access-list 101 permit tcp any 192.168.3.0 0.0.0.255 eq 22
8.- To represent all hosts from network 172.16.3.0 /22, which wildcard mask would be most
appropriate? (Choose one)
0.0.3.255.
0.0.15.255
0.0.16.255
0.0.4.255

9.- Which of the following would correctly configure an access list, numbered 10, outbound on a
VTY line? (Choose one)
access group 10 out
ip access-group 10 out
ip access-class 10 out
access-list 10 out

10.- To filter any IP traffic between the network range 10.0.0.0 and 10.32.0.0, what wildcard mask
would best meet your needs? (Choose one)
255.255.31.0
0.0.64.255
0.64.255.255
0.31.255.255

Instructor: Ing. Miguel Barriga

Escuela Superior Politcnica de Chimborazo

Cisco Networking Academy
CCNA 2 v5.1

11.- A router interface with the IP address of 192.168.1.0 has the following access list, applied
inbound:
ip access-list 100 permit tcp any any eq 23
What would happen if a host from the network 172.16.0.0, attempted to SSH to the interface?
(Choose one)
SSH traffic would be permitted
SSH traffic would be denied
12.- Which of the following sample commands uses the proper syntax to deny telnet access from
IP address 10.1.1.54 into 10.1.1.50? (Choose one)
access-list 90 deny tcp 10.1.1.54 0.0.0.0 10.1.1.50 0.0.0.0 eq 21
access-list 99 deny telnet 10.1.1.54 0.0.0.0 10.1.1.50 0.0.0.0
access-list 101 deny ip 10.1.1.54 0.0.0.0 10.1.1.50 0.0.0.0 telnet
access-list 101 deny tcp 10.1.1.54 0.0.0.0 10.1.1.50 0.0.0.0 eq 23

13.- Which of the following could take the place of the wildcard mask 0.0.0.0 in an access list?
(Choose one)
any
deny
host
all
14.- At a client location, you issue a show ip interface command and find an access list numbered
910. What type of access list is this? (Choose one)
IP Standard
IP Extended
IPX Standard
IPX Extended

Instructor: Ing. Miguel Barriga

Escuela Superior Politcnica de Chimborazo

Cisco Networking Academy
CCNA 2 v5.1

15.- Access list Sim

(Please see the file corp1_running.txt, which is attached in the mail that I sent you)

Instructor: Ing. Miguel Barriga