ICND P2 V2 M6
ICND Part 2 Vol 2 Module 6
- 1.
What does a Cisco router do with a packet when it matches an ACL permit statement?(Source: Introducing ACL Operation)
- A.
Discards the packet
- B.
Returns the packet to its originator
- C.
Sends the packet to the output buffer
- D.
Holds the packet for further processing
Correct Answer
C. Sends the packet to the output bufferExplanation
When a Cisco router matches an ACL permit statement, it sends the packet to the output buffer. This means that the packet is not discarded, returned to its originator, or held for further processing. Instead, it is stored in the output buffer, which is a temporary storage area before the packet is transmitted out of the router. This allows the router to process other packets while waiting for the appropriate time to send the packet to its destination.Rate this question:
-
- 2.
What does a Cisco router do with a packet when it matches an ACL deny statement?(Source: Introducing ACL Operation)
- A.
Discards the packet
- B.
Returns the packet to its originator
- C.
Sends the packet to the output buffer
- D.
Holds the packet for further processing
Correct Answer
A. Discards the packetExplanation
When a Cisco router matches an ACL (Access Control List) deny statement, it discards the packet. This means that the router will not forward the packet to its intended destination and will simply drop it. The router does not return the packet to its originator, send it to the output buffer, or hold it for further processing.Rate this question:
-
- 3.
What is the term for the final default statement at the end of every ACL? (Source:Introducing ACL Operation)
- A.
Implicit deny any
- B.
Implicit deny host
- C.
Implicit permit any
- D.
Implicit permit host
Correct Answer
A. Implicit deny anyExplanation
The term for the final default statement at the end of every ACL is "implicit deny any". This means that if a packet does not match any of the preceding ACL rules, it will be denied by default. "implicit deny host" would refer to denying a specific host, while "implicit permit any" would allow any packet that does not match a specific rule. "implicit permit host" is not a valid term in this context.Rate this question:
-
- 4.
Which statement best describes the difference between standard and extended IPv4.(Source: Introducing ACL Operation)
- A.
Standard ACLs use the range 100 through 149, whereas extended ACLs use the range 150 through 199.
- B.
Standard ACLs filter based on the source and destination addresses, whereas extended ACLs filters based on the source address.
- C.
Standard ACLs permit or deny access to a specified well-known port, whereas extended ACLs filter based on the source address and mask.
- D.
Standard ACLs permit or deny the entire TCP/IP protocol suite, whereas extended ACLs can choose a specific IP protocol and port number,
Correct Answer
D. Standard ACLs permit or deny the entire TCP/IP protocol suite, whereas extended ACLs can choose a specific IP protocol and port number,Explanation
Standard ACLs permit or deny the entire TCP/IP protocol suite, whereas extended ACLs can choose a specific IP protocol and port number. This means that standard ACLs can only filter traffic based on the source and destination IP addresses, while extended ACLs have the additional capability to filter based on the specific IP protocol and port number. This allows for more granular control over network traffic and the ability to define more specific access rules.Rate this question:
-
- 5.
Which two ranges of numbers can you use to identify IPv4 extended ACLs on a Cisco router? (Choose two.) (Source: Introducing ACL Operation)
- A.
1 to 99
- B.
1300 to 1999
- C.
100 to 199
- D.
200 to 299
- E.
2000 to 2699
Correct Answer(s)
C. 100 to 199
E. 2000 to 2699 -
- 6.
ACLs are processed from the top down. Which of the following is a benefit of placing more specific statements and statements that are expected to frequently match at the beginning of an ACL? (Source: Introducing ACL Operation)
- A.
Processing overhead is reduced.
- B.
ACLs can be used for other routers.
- C.
The ACLs are easier to edit.
- D.
The less specific tests can be inserted more easily.
Correct Answer
A. Processing overhead is reduced.Explanation
Placing more specific statements and statements that are expected to frequently match at the beginning of an ACL reduces processing overhead. This is because ACLs are processed from the top down, so if a match is found early on, further processing can be skipped. By placing more specific and frequently matched statements at the beginning, the ACL can quickly determine if a packet matches those conditions and avoid unnecessary processing of the remaining statements. This improves efficiency and reduces the processing time required for each packet.Rate this question:
-
- 7.
A system administrator wants to configure an IPv4 standard ACL on a Cisco router to allow packets only from the hosts on subnet 1 0. 1. 1 .0/24 to enter an interface on a router. Which ACL configuration accomplishes this goal? (Source: Configuring and Troubleshooting ACLs)
- A.
Access-list 1 permit 10.1.1.0
- B.
Access-list 1 permit 10.1.1.0 host
- C.
Access-list 99 permit 10.1.1.0 0.0.0.255
- D.
Access-list 100 permit 10.1.1.0 0.0.0.255
Correct Answer
C. Access-list 99 permit 10.1.1.0 0.0.0.255Explanation
The correct answer is "access-list 99 permit 10.1.1.0 0.0.0.255". This ACL configuration allows packets from the hosts on subnet 10.1.1.0/24 to enter the interface on the router. The wildcard mask 0.0.0.255 specifies that all host bits in the source IP address should be matched exactly, while the network bits can be anything. This allows packets from any host within the subnet to be permitted. Access-list 1 permit 10.1.1.0 and access-list 1 permit 10.1.1.0 host are incorrect because they do not specify the wildcard mask, which is necessary for subnet matching. Access-list 100 is not relevant to the given requirement.Rate this question:
-
- 8.
Which Cisco lOS command links an extended IPv4 ACL to an interface? (Source:Configuring and Troubleshooting ACLs)
- A.
Ip access-list 101 e0
- B.
Access-group 101 e0
- C.
Ip access-group 101 in
- D.
Access-list 101 permit tcp access-list 100 permit 10.1.1.0 0.0.0.255 eq 21
Correct Answer
C. Ip access-group 101 inExplanation
The correct answer is "ip access-group 101 in". This command is used to link an extended IPv4 ACL (Access Control List) to an interface. By specifying "in", it means that the ACL will be applied to incoming traffic on the interface.Rate this question:
-
- 9.
What is the complete command to create an ACL entry that has the following parameters? (Source: Configuring and Troubleshooting A CLs) Source IP address is 172.16.0.0 • Source mask is 0.0.255.255 • Permit this entry • ACL number is 1
- A.
Access-list 1 deny 172.16.0.0 0.0.255.255
- B.
Access-list I permit 172.16.0.0 0.0.255.255
- C.
Access-list permit 1 172.16.0.0 255.255.0.0
- D.
Access-list 99 permit 172.16.0.0 0.0.255.255
Correct Answer
B. Access-list I permit 172.16.0.0 0.0.255.255 -
- 10.
The following is an ACL that is entered on a Cisco router. access-list 135 deny top 172.16.16.0 0.0.15.255 172.16.32.0 0.0.15.255 eq telnet access-list 135 permit ip any any If this ACL is used to control incoming packets on Ethernet 0, which three statements are true? (Choose three.) (Source: Configuring and Troubleshooting ACLs)
- A.
Address 172.16.1.1 will be denied Telnet access to address 172.16.37.5.
- B.
Address 172.16.31.1 will be permitted FTP access to address 172.16.45.1.
- C.
Address 172.16.1.1 will be permitted Telnet access to address 172.16.32.1.
- D.
Address 172.16.16.1 will be permitted Telnet access to address 172.16.32.1.
- E.
Address 172.16.16.1 will be permitted Telnet access to address 172.16.50.1.
Correct Answer(s)
B. Address 172.16.31.1 will be permitted FTP access to address 172.16.45.1.
C. Address 172.16.1.1 will be permitted Telnet access to address 172.16.32.1.
D. Address 172.16.16.1 will be permitted Telnet access to address 172.16.32.1. -
- 11.
Which command applies standard IP ACL filtering to vty lines for an outgoing Telnet session that originates from within a router? (Source: Configuring and Troubleshooting ACLs)
- A.
Access-vtv 1 out
- B.
Access-class 1 out
- C.
Ip access-list I out
- D.
Ip access-group I out
Correct Answer
B. Access-class 1 outExplanation
The correct answer is "access-class 1 out." This command is used to apply a standard IP ACL (Access Control List) filtering to vty lines for an outgoing Telnet session that originates from within a router. It specifies that ACL number 1 should be applied to outgoing traffic on the vty lines.Rate this question:
-
- 12.
Which command is used on a Cisco router to determine if IP ACLs are applied to an Ethernet interface? (Source: Configuring and Troubleshooting ACLs)
- A.
Show interfaces
- B.
Show ACL
- C.
Show ip interface
- D.
Show ip access-list
Correct Answer
C. Show ip interfaceExplanation
The "show ip interface" command is used on a Cisco router to determine if IP ACLs are applied to an Ethernet interface. This command will display the configuration and status of all IP interfaces on the router, including information about any applied ACLs. By using this command, network administrators can verify if the desired ACLs are correctly applied to the Ethernet interface and ensure proper network security.Rate this question:
-
- 13.
Which command is used to find out if ACL 100 has been configured on a Cisco router? (Source: Configuring and Troubleshooting ACLs)
- A.
Show interfaces
- B.
Show ip interface
- C.
Show ip access-list
- D.
Show access-groups
Correct Answer
C. Show ip access-listExplanation
The command "show ip access-list" is used to find out if ACL 100 has been configured on a Cisco router. This command displays the configured access control lists (ACLs) on the router, allowing the user to verify if ACL 100 is present. The other commands listed do not provide information specifically related to ACL configuration.Rate this question:
-
Quiz Review Timeline +
Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.
-
Current Version
-
Mar 17, 2023Quiz Edited by
ProProfs Editorial Team -
Feb 16, 2009Quiz Created by
Asmt458
Back to top