M4-5 (ACL Concepts and IPv4 Configuration) Flashcards
review
What are the permit or deny statements in an ACL called?
Access control entries
What packet filtering statement is true?
Standard ACLs filter at Layer 3 only
Which statement about the operation of a standard ACL is incorrect?
The router extracts the source IPv4 address from the packet header.
The router starts at the top of the ACL and compares the address to each ACE in sequential order.
When a match is made, the ACE either permits or denies the packet, and any remaining ACEs are not analyzed.
If there are no matching ACEs in the ACL, the packet is forwarded because there is an implicit permit ACE automatically applied to all ACLs.
When a match is made, the ACE either permit or denies the packet, and any remaining ACEs are not analyzed
What wildcard mask would permit only host 10.10.10.1?
0.0.0.0
0.0.0.31
0.0.0.255
0.0.255.255
255.255.255.255
0.0.0.0
What wildcard mask would permit only hosts from the 10.10.10.0/16 network?
0.0.0.0
0.0.0.31
0.0.0.255
0.0.255.255
255.255.255.255
0.0.255.255
What wildcard mask would permit all hosts?
0.0.0.0
0.0.0.31
0.0.0.255
0.0.255.255
255.255.255.255
255.255.255.255
What wildcard mask would permit all hosts from the 192.168.10.0/24 network?
0.0.0.0
0.0.0.31
0.0.0.255
0.0.255.255
255.255.255.255
0.0.0.255
How many total ACLs (both IPv4 and IPv6) can be configured on an interface?
4
What is the best practice of ACL?
Always test ACLs on a production network.
Create your ACLs on a production router.
Document the ACLs using the description ACL command
Write the ACL before configuring it on a router.
Write the ACL before configuring it on a router.
What ACL is capable of filtering based on TCP port number?
Extended ACL
What statement about ACLs is true?
Extended ACLs are numbered 1300 - 2699.
Named ACLs can be standard or extended.
Numbered ACLs is the preferred method to use when configuring ACLs.
Standard ACLs are numbered 1 - 199.
Named ACLs can be standard or extended.
What should be the standard ACL be placed?
Standard ACL location is not important.
Standard ACLs should be placed as close to the destination as possible.
Standard ACLs should be placed as close to the source as possible.
Standard ACLs should be placed on serial interfaces.
Standard ACLs should be placed as close to the destination as possible.
When is an extended ACL be placed?
Extended ACL location is not important.
Extended ACLs should be located as close to the destination as possible.
Extended ACLs should be located as close to the source as possible.
Extended ACLs should be located on serial interfaces.
Extended ACLs should be located as close to the source as possible.
Which two conditions would cause a router to drop a packet? (Choose two.)
No inbound ACL exists on the interface where the packet enters the router.
The ACL that is affecting the packet does not contain at least one deny ACE.
The packet source address does not match the source as permitted in a standard inbound ACE.
No outbound ACL exists on the interface where the packet exits the router.
No routing table entry exists for the packet destination, but the packet matches a permitted address in an outbound ACL.
The packet source address does not match the source as permitted in a standard inbound ACE and No routing table entry exists for the packet destination, but the packet matches a permitted address in an outbound ACL
A network administrator configures an ACL with the command R1(config)# access-list 1 permit 172.16.0.0 0.0.15.255. Which two IP addresses will match this ACL statement? (Choose two.)
172.16.0.255
172.16.15.36
172.16.16.12
172.16.31.24
172.16.65.21
172.16.0.255 and 172.16.156.36
What two statement describe appropriate general guidelines for configuring and applying ACLs? (Choose two.)
Multiple ACLs per protocol and per direction can be applied to an interface.
If an ACL contains no permit statements, all traffic is denied by default.
The most specific ACL statements should be entered first because of the top-down sequential nature of ACLs.
Standard ACLs are placed closest to the source, whereas extended ACLs are placed closest to the destination.
If a single ACL is to be applied to multiple interfaces, it must be configured with a unique number for each interface.
If an ACL contains no permit statements, all traffic is denied by default and The most specific ACL statement should be entered first because of the top-down sequential nature of ACLs.
What single access list statement matches all of the following networks?
192.168.16.0
192.168.17.0
192.168.18.0
192.168.19.0
access-list 10 permit 192.168.16.0 0.0.3.255
access-list 10 permit 192.168.16.0 0.0.0.255
access-list 10 permit 192.168.16.0 0.0.15.255
access-list 10 permit 192.168.0.0 0.0.15.255
access-list 10 permit 192.168.16.0 0.0.3.255
Which three statements describe ACL processing of packets? (Choose three.)
An implicit deny any rejects any packet that does not match any ACE.
A packet can either be rejected or forwarded as directed by the ACE that is matched.
A packet that has been denied by one ACE can be permitted by a subsequent ACE.
A packet that does not match the conditions of any ACE will be forwarded by default.
Each statement is checked only until a match is detected or until the end of the ACE list.
Each packet is compared to the conditions of every ACE in the ACL before a forwarding decision is made.
An implicit deny any rejects any packet that does not match any ACE, A packet can either be rejected or forwarded as directed by the ACE that is matched and Each statement is checked only until a match is detected or until the end of the ACE list.
A network administrator is configuring an ACL to restrict access to certain servers in the data center. The intent is to apply the ACL to the interface connected to the data center LAN. What happens if the ACL is incorrectly applied to an interface in the inbound direction instead of the outbound direction?
All traffic is denied.
All traffic is permitted.
The ACL does not perform as designed.
The ACL will analyze traffic after it is routed to the outbound interface.
The ACL does not perform as designed.
What scenario would cause an ACL misconfiguration and deny all traffic?
Apply a standard ACL in the inbound direction.
Apply a named ACL to a VTY line.
Apply an ACL that has all deny ACE statements.
Apply a standard ACL using the ip access-group outcommand.
Apply an ACL that has all deny ACE statements.
In applying an ACL to a router interface, which traffic is designated as outbound?
Traffic that is coming from the source IP address into the router
Traffic that is leaving the router and going toward the destination host
Traffic that is going from the destination IP address into the router
Traffic for which the router can find no routing table entry
Traffic that is leaving the router and going toward the destination host
When creating an ACL, which keyword should be used to document and interpret the purpose of the ACL statement on a Cisco device?
eq
established
remark
description
remark
What location is recommended for extended numbered or extended named ACLs?
A location as close to the destination of traffic as possible.
A location as close to the source of traffic as possible.
A location centered between traffic destinations and sources to filter as much traffic as possible.
If using the established keyboard, a location close to the destination to ensure that return traffic is allowed.
A location as close to the source of traffic as possible
What range represents all the IP addresses that are affected when network 10.120.160.0 with a wildcard mask of 0.0.7.255 is used in an ACE?
10.120.160.0 to 10.127.255.255
10.120.160.0 to 10.120.167.255
10.120.160.0 to 10.120.168.0
10.120.160.0 to 10.120.191.255
10.120.160.0 to 10.120.167.255
