Professional Documents
Culture Documents
ACLs Examples
1.- A network administrator is configuring ACLs on a Cisco router, to allow traffic from hosts on
networks 192.168.146.0, 192.168.147.0, 192.168.148.0, and 192.168.149.0 only. Which two ACL
statements, when combined, would you use to accomplish this task? (Choose two)
A. access-list 10 permit ip 192.168.146.0 0.0.1.255
B. access-list 10 permit ip 192.168.147.0 0.0.255.255
C. access-list 10 permit ip 192.168.148.0 0.0.1.255
D. access-list 10 permit ip 192.168.149.0 0.0.255.255
E. access-list 10 permit ip 192.168.146.0 0.0.0.255
F. access-list 10 permit ip 192.168.146.0 255.255.255.0
5- When you are troubleshooting an ACL issue on a router, which command would you use to
verify which interfaces are affected by the ACL? (Choose one)
Show ip interface
Show access-lists
Show interface
Show ip access-lists
List ip interface
6.- Which of the following access lists use the proper syntax to allow all telnet traffic to host
192.168.1.3, from network 192.168.10.0, and apply the list inbound on s0? (Choose one)
router(config):access-list 110 permit ip 192.168.10.0 0.0.0.255 host 192.168.1.3 eq 23
router(config):int e0
router(config-if):ip access-group 110 in
7. Which of the following commands uses the proper syntax to block all traffic into network
192.168.3.0 except for SSH traffic? (Choose one)
ip access-list 89 permit any tcp 192.168.3.0 0.0.0.255 eq 23
ip access-list 99 permit tcp any 192.168.3.0 0.0.0.255 eq 23
ip access-list 100 permit tcp any 192.168.3.0 0.0.0.255 eq 23 any
ip access-list 101 permit tcp any 192.168.3.0 0.0.0.255 eq 22
8.- To represent all hosts from network 172.16.3.0 /22, which wildcard mask would be most
appropriate? (Choose one)
0.0.3.255.
0.0.15.255
0.0.16.255
0.0.4.255
9.- Which of the following would correctly configure an access list, numbered 10, outbound on a
VTY line? (Choose one)
access group 10 out
ip access-group 10 out
ip access-class 10 out
access-list 10 out
10.- To filter any IP traffic between the network range 10.0.0.0 and 10.32.0.0, what wildcard mask
would best meet your needs? (Choose one)
255.255.31.0
0.0.64.255
0.64.255.255
0.31.255.255
11.- A router interface with the IP address of 192.168.1.0 has the following access list, applied
inbound:
ip access-list 100 permit tcp any any eq 23
What would happen if a host from the network 172.16.0.0, attempted to SSH to the interface?
(Choose one)
SSH traffic would be permitted
SSH traffic would be denied
12.- Which of the following sample commands uses the proper syntax to deny telnet access from
IP address 10.1.1.54 into 10.1.1.50? (Choose one)
access-list 90 deny tcp 10.1.1.54 0.0.0.0 10.1.1.50 0.0.0.0 eq 21
access-list 99 deny telnet 10.1.1.54 0.0.0.0 10.1.1.50 0.0.0.0
access-list 101 deny ip 10.1.1.54 0.0.0.0 10.1.1.50 0.0.0.0 telnet
access-list 101 deny tcp 10.1.1.54 0.0.0.0 10.1.1.50 0.0.0.0 eq 23
13.- Which of the following could take the place of the wildcard mask 0.0.0.0 in an access list?
(Choose one)
any
deny
host
all
14.- At a client location, you issue a show ip interface command and find an access list numbered
910. What type of access list is this? (Choose one)
IP Standard
IP Extended
IPX Standard
IPX Extended
(Please see the file corp1_running.txt, which is attached in the mail that I sent you)