Exercise: Security
Questions for: Security
If you wanted to deny all Telnet connections to only network 192.168.10.0, which command could you use?
A:
access-list 100 deny tcp 192.168.10.0 255.255.255.0 eq telnet
B:
access-list 100 deny tcp 192.168.10.0 0.255.255.255 eq telnet
C:
access-list 100 deny tcp any 192.168.10.0 0.0.0.255 eq 23
D:
access-list 100 deny 192.168.10.0 0.0.0.255 any eq 23
Answer: C
The extended access list ranges are 100-199 and 2000-2699, so the access-list number of 100 is valid. Telnet uses TCP, so the protocol TCP is valid. Now you just need to look for the source and destination address. Only the third option has the correct sequence of parameters. Answer B may work, but the question specifically states "only" to network 192.168.10.0, and the wildcard in answer B is too broad.
You want to create a standard access list that denies the subnet of the following host: 172.16.198.94/19. Which of the following would you start your list with?
A:
access-list 10 deny 172.16.192.0 0.0.31.255
B:
access-list 10 deny 172.16.0.0 0.0.255.255
C:
access-list 10 deny 172.16.172.0 0.0.31.255
D:
access-list 10 deny 172.16.188.0 0.0.15.255
Answer: A
First, you must know that a /19 is 255.255.224.0, which is a block size of 32 in the third octet. Counting by 32, this makes our subnet 192 in the third octet, and the wildcard for the third octet would be 31 since the wildcard is always one less than the block size.
Discuss About this Question.
You configure the following access list:
access-list 110 deny tcp 10.1.1.128 0.0.0.63 any eq smtp
access-list 110 deny tcp any eq 23
int ethernet 0
ip access-group 110 outA:
Email and Telnet will be allowed out E0.
B:
Email and Telnet will be allowed in E0.
C:
Everything but email and Telnet will be allowed out E0.
D:
No IP traffic will be allowed out E0.
Answer: D
If you add an access list to an interface and you do not have at least one permit statement, then you will effectively shut down the interface because of the implicit deny any at the end of every list.
Discuss About this Question.
You want to create a standard access list that denies the subnet of the following host: 172.16.144.17/21. Which of the following would you start your list with?
A:
access-list 10 deny 172.16.48.0 255.255.240.0
B:
access-list 10 deny 172.16.144.0 0.0.7.255
C:
access-list 10 deny 172.16.64.0 0.0.31.255
D:
access-list 10 deny 172.16.136.0 0.0.15.255
Answer: B
First, you must know that a /21 is 255.255.248.0, which is a block size of 8 in the third octet. Counting by eight, this makes our subnet 144 in the third octet, and the wildcard for the third octet would be 7 since the wildcard is always one less than the block size.
Discuss About this Question.
You have created a named access list called Blocksales. Which of the following is a valid command for applying this to packets trying to enter interface s0 of your router?
A:
(config)# ip access-group 110 in
B:
(config-if)# ip access-group 110 in
C:
(config-if)# ip access-group Blocksales in
D:
(config-if)# blocksales ip access-list in
Answer: C
Using a named access list just replaces the number used when applying the list to the router's interface. ip access-group Blocksales in is correct.
Discuss About this Question.
Ad Slot (Above Pagination)
Discuss About this Question.