Exercise: Security
Questions for: Security
What router command allows you to determine whether an IP access list is enabled on a particular interface?
A:
show ip port
B:
show access-lists
C:
show ip interface
D:
show access-lists interface
Answer: C
Only the show ip interface command will tell you which interfaces have access lists applied. show access-lists will not show you which interfaces have an access list applied.
You want to create a standard access list that denies the subnet of the following host: 172.16.50.172/20. Which of the following would you start your list with?
A:
access-list 10 deny 172.16.48.0 255.255.240.0
B:
access-list 10 deny 172.16.0.0 0.0.255.255
C:
access-list 10 deny 172.16.64.0 0.0.31.255
D:
access-list 10 deny 172.16.48.0 0.0.15.255
Answer: D
First, you must know that a /20 is 255.255.240.0, which is a block size of 16 in the third octet. Counting by 16s, this makes our subnet 48 in the third octet, and the wildcard for the third octet would be 15 since the wildcard is always one less than the block size.
Discuss About this Question.
What command will permit SMTP mail to only host 1.1.1.1?
A:
access-list 10 permit smtp host 1.1.1.1
B:
access-list 110 permit ip smtp host 1.1.1.1
C:
access-list 10 permit tcp any host 1.1.1.1 eq smtp
D:
access-list 110 permit tcp any host 1.1.1.1 eq smtp
Answer: D
When trying to find the best answer to an access-list question, always check the access-list number and then the protocol. When filtering to an upper-layer protocol, you must use an extended list, numbers 100-199 and 2000-2699. Also, when you filter to an upper-layer protocol, you must use either tcp or udp in the protocol field. If it says ip in the protocol field, you cannot filter to an upper-layer protocol. SMTP uses TCP.
Discuss About this Question.
You are working on a router that has established privilege levels that restrict access to certain functions. You discover that you are not able to execute the command show running-configuration. How can you view and confirm the access lists that have been applied to the Ethernet 0 interface on your router?
A:
show access-lists
B:
show interface Ethernet 0
C:
show ip access-lists
D:
show ip interface Ethernet 0
Answer: D
The only command that shows which access lists have been applied to an interface is show ip interface Ethernet 0. The command show access-lists displays all configured access lists, and show ip access-lists displays all configured IP access lists, but neither command indicates whether the displayed access lists have been applied to an interface.
Discuss About this Question.
You need to create an access list that will prevent hosts in the network range of 192.168.160.0 to 192.168.191.0. Which of the following lists will you use?
A:
access-list 10 deny 192.168.160.0 255.255.224.0
B:
access-list 10 deny 192.168.160.0 0.0.191.255
C:
access-list 10 deny 192.168.160.0 0.0.31.255
D:
access-list 10 deny 192.168.0.0 0.0.31.255
Answer: C
The range of 192.168.160.0 to 192.168.191.0 is a block size of 32. The network address is 192.168.160.0 and the mask would be 255.255.224.0, which for an access list must be a wildcard format of 0.0.31.255. The 31 is used for a block size of 32. The wildcard is always one less than the block size.
Discuss About this Question.
Ad Slot (Above Pagination)
Discuss About this Question.