Appendix  ■   Answers to Practice Test Questions  78

Appendix 

  Answers to Practice Test Questions

overhead from the ASIC or CPU (depending on the platform). Since they only inspect 

layer 3 headers, no further decapsulation is required for layer 4. The level of security 

is not increased or decreased when using standard access control lists. If a higher level 

of specificity for the condition is required, then extended access lists should be used. 

Blocking of specific applications can only be achieved with extended access lists because 

the source and destination ports can be specified.

 79.  C.  The expanded range of a standard access list is 1300 to 1999. The range for an 

expanded extended access list is 2000 to 2699. All of the other options are incorrect.

wildcard mask is to figure out what the subnet is and deduct 1 for the octet. For example, 

if the network address is 172.16.0.0/12 Classless Inter-Domain Routing (CIDR) or 

255.240.0.0 (dotted decimal notation), and each network number is a multiple of 16, 

the wildcard mask should be 0.15.255.255. 255.240.0.0 is the network mask for the 

172.16.0.0/12 network. All of the other options are incorrect.

ip access-list 20 192.168.1.0 0.0.0.255 will configure an 

access list of 20, which is a standard access list. The source address of 192.168.1.0 is 

wildcard masked with 0.0.0.255. The command 

ip access-list 100 192.168.1.0 

0.0.0.255 is incorrect. The command ip access-list 1 192.168.1.0/24 is incorrect. 

The command 

ip access-list 2 192.168.1.0 255.255.255.0 is incorrect.

addresses. Effectively, it is another way to specify the “any” source or destination. All of 

the other options are incorrect.

 83.  Access lists can be applied per a port, per a protocol, or per a direction. For example,  

you could apply only one ACL per the interface of Fa 0/1, per the protocol of IP in the 

inbound direction.

 84.  B.  An extended access list allows you to filter traffic by port, which defines an application 

being used, since web traffic is communicated on 80 or 443. A standard access list can 

only filter by the source IP address. A dynamic ACL is an ACL that is controlled by some 

dynamic factor such as traffic patterns or time of day. An expanded ACL is not really a 

type of ACL; it specifies the expanded numbering for standard and extended ACLs.

 85.  D.  The expanded range of a standard access list is 2000 to 2699. The expanded range of a 

standard access list is 1300 to 1999. The other options are incorrect.

wildcard mask is to figure out what the subnet is and deduct 1 for the octet. For example, 

if the network address is 192.168.1.0/25 Classless Inter-Domain Routing (CIDR), or 

255.255.255.128 (dotted decimal notation), and each network number is a multiple of 

128, the wildcard mask should be 0.0.0.127. The network mask 255.255.255.128 is the 

network mask used with the 192.168.1.0/25 network. The other options are incorrect.

Chapter 5: Security Fundamentals (Domain 5) 

Download 8,04 Mb.

Do'stlaringiz bilan baham: