Senior Acquisitions Editor: Kenyon Brown Development Editor: Kim Wimpsett

Download 11,7 Mb.

Pdf ko'rish

bet	772/792
Sana	31.03.2022
Hajmi	11,7 Mb.
	#521163

1 ... 768 769 770 771 772 773 774 775 ... 792

Bog'liq
CCNA Routing and Switching Complete Study Guide Exam 100-105, Exam 200-105, Exam 200-125 ( PDFDrive )

Chapter 12: Security
1. D. It’s compared with lines of the access list only until a match is made. Once the packet matches the
condition on a line of the access list, the packet is acted upon and no further comparisons take place.
2. C. The range of 192.168.160.0 to 192.168.191.0 is a block size of 32. The network address is
192.168.160.0 and the mask would be 255.255.224.0, which for an access list must be a wildcard format of
0.0.31.255. The 31 is used for a block size of 32. The wildcard is always one less than the block size.
3. C. Using a named access list just replaces the number used when applying the list to the router’s interface.
ip access-group Blocksales in
is correct.
4. B. The list must specify TCP as the Transport layer protocol and use a correct wildcard mask (in this case
0.0.0.255), and it must specify the destination port (80). It also should specify
any
as the set of computers
allowed to have this access.
5. A. The first thing to check in a question like this is the access-list number. Right away, you can see that the
second option is wrong because it is using a standard IP access-list number. The second thing to check is
the protocol. If you are filtering by upper-layer protocol, then you must be using either UDP or TCP; this
eliminates the fourth option. The third and last answers have the wrong syntax.
6. C. Of the available choices, only the
show ip interface
command will tell you which interfaces have
access lists applied.
show access-lists
will not show you which interfaces have an access list applied.
7.
The command
show access-list
displays all access lists and their parameters configured on the
router; it does not show you which interface the list is set on.
show access-list 110
shows only the
parameters for the access list 110 and, again, does not tell you which interface the list is set on.
show
ip access-list
reveals only the IP access lists configured on the router. Finally,
show ip
interface
shows which interfaces have access lists set.
The functions of each command are as shown in the solution graphic.
8. C. The extended access list ranges are 100–199 and 2000–2699, so the access-list number of 100 is valid.
Telnet uses TCP, so the protocol TCP is valid. Now you just need to look for the source and destination
address. Only the third option has the correct sequence of parameters. Option B may work, but the
question specifically states “only” to network 192.168.10.0, and the wildcard in option B is too broad.
9. D. Extended IP access lists use numbers 100–199 and 2000–2699 and filter based on source and
destination IP address, protocol number, and port number. The last option is correct because of the second
line that specifies
permit ip any any
. (I used
0.0.0.0 255.255.255.255
, which is the same as the
any
option.) The third option does not have this, so it would deny access but not allow everything else.
705

10. D. First, you must know that a /20 is 255.255.240.0, which is a block size of 16 in the third octet. Counting
by 16s, this makes our subnet 48 in the third octet, and the wildcard for the third octet would be 15 since
the wildcard is always one less than the block size.
11. B. To find the wildcard (inverse) version of this mask, the zero and one bits are simply reversed as follows:
111111111111111.11111111.11100000 (27 one bits, or /27)
00000000.00000000.00000000.00011111 (wildcard/inverse mask)
12. A. First, you must know that a /19 is 255.255.224.0, which is a block size of 32 in the third octet. Counting
by 32s, this makes our subnet 192 in the third octet, and the wildcard for the third octet would be 31 since
the wildcard is always one less than the block size.
13. B, D. The scope of an access list is determined by the wildcard mask and the network address to which it is
applied. For example, in this case the starting point of the list of addresses affected by the mask is the
network ID 192.111.16.32. The wildcard mask is 0.0.0.31. Adding the value of the last octet in the mask to
the network address (32 + 31 = 63) tells you where the effects of the access list ends, which is
199.111.16.63. Therefore, all addresses in the range 199.111.16.32–199.111.16.63 will be denied by this
list.
14. C. To place an access list on an interface, use the
ip access-group
command in interface configuration
mode.
15. B. With no permit statement, the ACL will deny all traffic.
16. D. If you add an access list to an interface and you do not have at least one permit statement, then you will
effectively shut down the interface because of the implicit
deny any
at the end of every list.
17. C. Telnet access to the router is restricted by using either a standard or extended IP access list inbound on
the VTY lines of the router. The command
access-class
is used to apply the access list to the VTY lines.
18. C. A Cisco router has rules regarding the placement of access lists on a router interface. You can place one
access list per direction for each layer 3 protocol configured on an interface.
19. C. The most common attack on a network today is a denial of service (DoS) because it is the easiest attack
to achieve.
20. C. Implementing intrusion detection services and intrusion prevention services will help notify you and stop
attacks in real time.

Download 11,7 Mb.

Do'stlaringiz bilan baham:

1 ... 768 769 770 771 772 773 774 775 ... 792