Q.1
You configure the following access list:
access-list 110 deny tcp 10.1.1.128 0.0.0.63 any eq smtp
access-list 110 deny tcp any eq 23
int ethernet 0
ip access-group 110 out
What will the result of this access list be?
Q.2
You want to create a standard access list that denies the subnet of the following host: 172.16.198.94/19. Which of the following would you start your list with?
Q.3
If you wanted to deny all Telnet connections to only network 192.168.10.0, which command could you use?
Q.4
Which router command allows you to view the entire contents of all access lists?
Q.5
What command will permit SMTP mail to only host 1.1.1.1?
Q.6
Which of the following access lists will allow only HTTP traffic into network 196.15.7.0?
Q.7
You want to create a standard access list that denies the subnet of the following host: 172.16.50.172/20. Which of the following would you start your list with?
Q.8
What router command allows you to determine whether an IP access list is enabled on a particular interface?
Q.9
You have created a named access list called Blocksales. Which of the following is a valid command for applying this to packets trying to enter interface s0 of your router?
Q.10
Which of the following are valid ways to refer only to host 172.16.30.55 in an IP access list? 1. 172.16.30.55 0.0.0.255 2. 172.16.30.55 0.0.0.0 3. any 172.16.30.55 4. host 172.16.30.55 5. 0.0.0.0 172.16.30.55 6. ip any 172.16.30.55
Q.11
If you wanted to deny FTP access from network 200.200.10.0 to network 200.199.11.0 but allow everything else, which of the following command strings is valid?
Q.12
You want to create a standard access list that denies the subnet of the following host: 172.16.144.17/21. Which of the following would you start your list with?
Q.13
Which of the following series of commands will restrict Telnet access to the router?
Q.14
Which of the following commands connect access list 110 inbound to interface ethernet0?
Q.15

Which of the following are valid ways to refer only to host 172.16.30.55 in an IP access list?

  1. 172.16.30.55 0.0.0.255
  2. 172.16.30.55 0.0.0.0
  3. any 172.16.30.55
  4. host 172.16.30.55
  5. 0.0.0.0 172.16.30.55
  6. ip any 172.16.30.55
  • 1, 4 and 6
  • 1 and 4
  • 2 and 4
  • 3 and 5
Q.16

What command will permit SMTP mail to only host 1.1.1.1?

  • access-list 10 permit smtp host 1.1.1.1
  • access-list 110 permit ip smtp host 1.1.1.1
  • access-list 10 permit tcp any host 1.1.1.1 eq smtp
  • access-list 110 permit tcp any host 1.1.1.1 eq smtp
Q.17

You configure the following access list:

access-list 110 deny tcp 10.1.1.128 0.0.0.63 any eq smtp
access-list 110 deny tcp any eq 23
int ethernet 0
ip access-group 110 out
What will the result of this access list be?
  • Email and Telnet will be allowed out E0.
  • Email and Telnet will be allowed in E0.
  • Everything but email and Telnet will be allowed out E0.
  • No IP traffic will be allowed out E0.
Q.18

If you wanted to deny FTP access from network 200.200.10.0 to network 200.199.11.0 but allow everything else, which of the following command strings is valid?

  • access-list 110 deny 200.200.10.0 to network 200.199.11.0 eq ftp
    access-list 111 permit ip any 0.0.0.0 255.255.255.255
  • access-list 1 deny ftp 200.200.10.0 200.199.11.0 any any
  • access-list 100 deny tcp 200.200.10.0 0.0.0.255 200.199.11.0 0.0.0.255 eq ftp
  • access-list 198 deny tcp 200.200.10.0 0.0.0.255 200.199.11.0 0.0.0.255 eq ftp
    access-list 198 permit ip any 0.0.0.0 255.255.255.255
Q.19

Which of the following series of commands will restrict Telnet access to the router?

  • Lab_A(config)#access-list 10 permit 172.16.1.1
    Lab_A(config)#line con 0
    Lab_A(config-line)#ip access-group 10 in
  • Lab_A(config)#access-list 10 permit 172.16.1.1
    Lab_A(config)#line vty 0 4
    Lab_A(config-line)#access-class 10 out
  • Lab_A(config)#access-list 10 permit 172.16.1.1
    Lab_A(config)#line vty 0 4
    Lab_A(config-line)#access-class 10 in
  • Lab_A(config)#access-list 10 permit 172.16.1.1
    Lab_A(config)#line vty 0 4
    Lab_A(config-line)#ip access-group 10 in
Q.20

You want to create a standard access list that denies the subnet of the following host: 172.16.50.172/Which of the following would you start your list with?

  • access-list 10 deny 172.16.48.0 255.255.240.0
  • access-list 10 deny 172.16.0.0 0.0.255.255
  • access-list 10 deny 172.16.64.0 0.0.31.255
  • access-list 10 deny 172.16.48.0 0.0.15.255
0 h : 0 m : 1 s