Professional Documents
Culture Documents
0.0.0.32
0.0.0.63
0.0.63.255
0.0.0.31
Reset View
Refer to the exhibit. The new security policy for the company allows all IP traffic from the Engineering LAN to
Internet while only web traffic from the Marketing LAN is allowed to the Internet. Which ACL can be applied in
outbound direction of Serial 0/1 on the Marketing router to implement the new security policy?
access-list 197 permit ip 192.0.2.0 0.0.0.255 any
access-list 197 permit ip 198.18.112.0 0.0.0.255 any eq www
access-list 165 permit ip 192.0.2.0 0.0.0.255 any
access-list 165 permit tcp 198.18.112.0 0.0.0.255 any eq www
access-list 165 permit ip any any
access-list 137 permit ip 192.0.2.0 0.0.0.255 any
access-list 137 permit tcp 198.18.112.0 0.0.0.255 any eq www
access-list 89 permit 192.0.2.0 0.0.0.255 any
access-list 89 permit tcp 198.18.112.0 0.0.0.255 any eq www
Reset View
Reset View
Refer to the exhibit. An administrator notes a significant increase in the amount of traffic that is entering the netw
from the ISP. The administrator clears the counters. After a few minutes, the administrator again checks the acce
list table. What can be concluded from the output that is shown?
A small amount of HTTP traffic is an indication that the web server was not configured correctly.
A larger amount of POP3 traffic, compared with SMTP traffic, indicates that there are more POP3 e-mail clie
than SMTP clients in the enterprise.
A large amount of ICMP traffic is being denied at the interface, which can be an indication of a DoS attack.
A larger amount of e-mail traffic, compared with web traffic, is an indication that attackers mainly targeted th
mail server.
Reset View
Reset View
A security administrator wants to secure password exchanges on the vty lines on all routers in the enterprise. Wh
option should be implemented to ensure that passwords are not sent in clear text across the public network?
Use Telnet with an authentication server to ensure effective authentication.
Apply an access list on the router interfaces to allow only authorized computers.
Apply an access list on the vty line to allow only authorized computers.
Use only Secure Shell (SSH) on the vty lines.
Reset View
What is the best option an administrator can choose to ensure that ICMP DoS attacks from the outside are contai
as much as possible, without restricting connectivity tests initiated from the inside out?
Create an access list that permits only echo reply and destination unreachable packets from the outside.
Create an access list that denies all TCP traffic coming from the outside.
Permit TCP traffic from only known external sources.
Create an access list with the established keyword at the end of the line.
Reset View
Reset View
Reset View
Why are inbound ACLs more efficient for the router than outbound ACLs?
Inbound ACLs deny packets before routing lookups are required.
Inbound ACL operation requires less network bandwidth than outbound.
Inbound ACLs permit or deny packets to LANs, which are typically more efficient than WANs.
Inbound ACLs are applied to Ethernet interfaces, while outbound ACLs are applied to slower serial interfaces
Reset View
Reset View
Reset View
1) All hosts on the 192.168.3.0/24 network, except host 192.168.3.77, should be able to reach the 192.168.2.0/24
network.
2) All hosts on the 192.168.3.0/24 network should be able to reach the 192.168.1.0/24 network.
3) All other traffic originating from the 192.168.3.0 network should be denied.
Which set of ACL statements meets the stated requirements when they are applied to the Fa0/0 interface of route
in the inbound direction?
access-list 101 deny ip any any
access-list 101 deny ip 192.168.3.77 0.0.0.0 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 deny ip 192.168.3.77 0.0.0.0 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 deny ip 192.168.3.77 0.0.0.0 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 101 deny ip 192.168.3.77 0.0.0.0 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 permit ip any any
access-list 101 deny ip 192.168.3.77 0.0.0.0 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.0.0 0.0.255.255
Reset View
Which ACL permits host 10.220.158.10 access to the web server 192.168.3.244?
access-list 101 permit tcp host 10.220.158.10 eq 80 host 192.168.3.224
access-list 101 permit tcp 10.220.158.10 0.0.0.0 host 192.168.3.224 0.0.0.0 eq 80
access-list 101 permit host 10.220.158.10 0.0.0.0 host 192.168.3.224 0.0.0.0 eq 80
access-list 101 permit tcp 10.220.158.10 0.0.0.0 host 192.168.3.224 eq 80
Reset View
Reset View
Refer to the exhibit. What happens if the network administrator issues the exhibited commands when an ACL na
Managers already exists on the router?
The new commands overwrite the current Managers ACL.
The new commands are added to the end of the current Managers ACL.
The new commands are added to the beginning of the current Managers ACL.
An error appears stating that the ACL already exists.
Reset View
What effect does the command reload in 30 have when entered into a router?
If a router process freezes, the router reloads automatically.
If a packet from a denied source attempts to enter an interface where an ACL is applied, the router reloads in 3
minutes.
If a remote connection lasts for longer than 30 minutes, the router forces the remote user off.
A router automatically reloads in 30 minutes.
Reset View
Reset View
ACLs are used primarily to filter traffic. What are two additional uses of ACLs? (Choose two.)
specifying source addresses for authentication
specifying internal hosts for NAT
identifying traffic for QoS
reorganizing traffic into VLANs
filtering VTP packets
Reset View
Reset View
What are two possible uses of access control lists in an enterprise network? (Choose two.)
limiting debug outputs
reducing the processing load on routers
allowing Layer 2 traffic to be filtered by a router
controlling virtual terminal access to routers
controlling the physical status of router interfaces
Reset View
Reset View
If the established keyword is appended to a line in an extended ACL, what will determine if packets are sent
between the source and destination specified by the line?
if authentication is enabled via CHAP
if MD5 encryption algorithm is in effect
if a TCP three-way handshake was successfully completed
if HTML packets are specifically allowed within the ACL
Reset View