acls
TRANSCRIPT
![Page 1: Acls](https://reader033.vdocuments.mx/reader033/viewer/2022042516/55cf9b8b550346d033a6791c/html5/thumbnails/1.jpg)
Access List Questions
A network administrator wants to add a line to an access list that will block only Telnet access by
the hosts on subnet 192.168.1.128/28 to the server at 192.168.1.5.
What command should be issued to accomplish this task?
access-list 101 deny tcp 192.168.1.128 0.0.0.15 192.168.1.5 0.0.0.0 eq 23
access-list 101 permit ip any any
access-list 101 deny tcp 192.168.1.128 0.0.0.240 192.168.1.5 0.0.0.0 eq 23
access-list 101 permit ip any any
access-list 1 deny tcp 192.168.1.128 0.0.0.255 192.168.1.5 0.0.0.0 eq 21
access-list 1 permit ip any any
access-list 1 deny tcp 192.168.1.128 0.0.0.15 host 192.168.1.5 eq 23
access-list 1 permit ip any any
--------------------------------------------------------------------------------------------------------------------
The following access list below was applied outbound on the E0 interface connected to the
192.169.1.8/29 LAN:
access-list 135 deny tcp 192.169.1.8 0.0.0.7 eq 20 any
access-list 135 deny tcp 192.169.1.8 0.0.0.7 eq 21 any
How will the above access lists affect traffic?
FTP traffic from 192.169.1.22 will be denied
No traffic, except for FTP traffic will be allowed to exit E0
FTP traffic from 192.169.1.9 to any host will be denied
All traffic exiting E0 will be denied
All FTP traffic to network 192.169.1.9/29 will be denied
--------------------------------------------------------------------------------------------------------------------
The following configuration line was added to router R1
Access-list 101 permit ip 10.25.30.0 0.0.0.255 any
What is the effect of this access list configuration?
permit all packets matching the first three octets of the source address to all destinations
permit all packet matching the last octet of the destination address and accept all source
addresses
permit all packet matching the host bits in the source address to all destinations
permit all packet from the third subnet of the network address to all destinations
--------------------------------------------------------------------------------------------------------------------
Which two statements apply to dynamic access lists?
they offer simpler management in large internetworks.
you can control logging messages.
they allow packets to be filtered based on upper-layer session information.
you can set a time-based security policy.
they provide a level of security against spoofing.
they are used to authenticate individual users.
--------------------------------------------------------------------------------------------------------------------
![Page 2: Acls](https://reader033.vdocuments.mx/reader033/viewer/2022042516/55cf9b8b550346d033a6791c/html5/thumbnails/2.jpg)
Refer to the exhibit.
Your boss is learning a CCNA training course,
interface of router RTB in the outbound direction. Which two packets, if routed to the interface,
will be denied?
access-list 101 deny tcp 192.168.15.32 0.0.0.15 any eq telnet
access-list 101 permit ip any any
source ip address: 192.168.15.5; destination port: 21
source ip address: 192.168.15.37 destination port: 21
source ip address: 192.168.15.41 destination port: 21
source ip address: 192.168.15.36 destination port: 23
source ip address: 192.168.15.46; des
source ip address: 192.168.15.49 destination port: 23
--------------------------------------------------------------------------------------------------------------------
A standard IP access list is applied to an
What does this standard access list filter on?
The source and destination addresses
The destination port number
The destination address
The source IP address
Source MAC address
All of the above
--------------------------------------------------------------------------------------------------------------------
Which command shows if an access list is assigned to an interface?
show ip interface [interface] access
show ip access-lists interface [interface]
show ip interface [interface]
show ip access-lists [interface]
--------------------------------------------------------------------------------------------------------------------
Which item represents the standard IP ACL?
Your boss is learning a CCNA training course, The access list has been configured on the S0/0
interface of router RTB in the outbound direction. Which two packets, if routed to the interface,
list 101 deny tcp 192.168.15.32 0.0.0.15 any eq telnet
y
source ip address: 192.168.15.5; destination port: 21
source ip address: 192.168.15.37 destination port: 21
source ip address: 192.168.15.41 destination port: 21
source ip address: 192.168.15.36 destination port: 23
source ip address: 192.168.15.46; destination port: 23
source ip address: 192.168.15.49 destination port: 23
--------------------------------------------------------------------------------------------------------------------
A standard IP access list is applied to an Ethernet interface of a router.
What does this standard access list filter on?
The source and destination addresses
--------------------------------------------------------------------------------------------------------------------
Which command shows if an access list is assigned to an interface?
show ip interface [interface] access-lists
ce [interface]
--------------------------------------------------------------------------------------------------------------------
Which item represents the standard IP ACL?
access list has been configured on the S0/0
interface of router RTB in the outbound direction. Which two packets, if routed to the interface,
--------------------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------------------
![Page 3: Acls](https://reader033.vdocuments.mx/reader033/viewer/2022042516/55cf9b8b550346d033a6791c/html5/thumbnails/3.jpg)
access-list 50 deny 192.168.1.1 0.0.0.255
access-list 110 permit ip any any
access-list 2500 deny tcp any host 192.168.1.1 eq 22
access-list 101 deny tcp any host 192.168.1.1
------------------------------------------------------------------------------------------------
Which statement about access lists that are applied to an interface is true?
you can apply only one access list on any interface
you can configure one access list, per direction, per layer 3 protocol
you can place as many access lists
you can configure one access list, per direction, per layer 2 protocol
--------------------------------------------------------------------------------------------------------------------
A network engineer wants to allow a te
and password so that the user can access the entire network over the internet. Which ACL can be
used?
reflexive
extended
standard
dynamic
------------------------------------------------------------
In which solution is a router ACL used?
protecting a server from unauthorized access
controlling path selection, based on the route metric
reducing router CPU utilization
filtering packets that are passing through a router
--------------------------------------------------------------------------------------------------------------------
Refer to the exhibit.
Why would the network administrator configure RA in this manner?
deny 192.168.1.1 0.0.0.255
list 110 permit ip any any
list 2500 deny tcp any host 192.168.1.1 eq 22
list 101 deny tcp any host 192.168.1.1
--------------------------------------------------------------------------------------------------------------------
Which statement about access lists that are applied to an interface is true?
you can apply only one access list on any interface
you can configure one access list, per direction, per layer 3 protocol
you can place as many access lists as you want on any interface
you can configure one access list, per direction, per layer 2 protocol
--------------------------------------------------------------------------------------------------------------------
A network engineer wants to allow a temporary entry for a remote user with a specific username
and password so that the user can access the entire network over the internet. Which ACL can be
--------------------------------------------------------------------------------------------------------------------
In which solution is a router ACL used?
protecting a server from unauthorized access
controlling path selection, based on the route metric
passing through a router
--------------------------------------------------------------------------------------------------------------------
Why would the network administrator configure RA in this manner?
--------------------
--------------------------------------------------------------------------------------------------------------------
mporary entry for a remote user with a specific username
and password so that the user can access the entire network over the internet. Which ACL can be
--------------------------------------------------------
--------------------------------------------------------------------------------------------------------------------
![Page 4: Acls](https://reader033.vdocuments.mx/reader033/viewer/2022042516/55cf9b8b550346d033a6791c/html5/thumbnails/4.jpg)
to give students access to the Internet
to prevent students from accessing the command
to prevent administrators from accessing the console of RA
to give administrators access to the Internet
to prevent students from accessing the Internet
to prevent students from accessing the Admin network
--------------------------------------------------------------------------------------------------------------------
An access list was written with the four statements shown in the graphi
Which single access list statement will
statement that will have exactly the same effect?
access-list 10 permit 172.29.16.0 0.0.0.255
access-list 10 permit 172.29.16.0 0.0.1.255
access-list 10 permit 172.29.16.0 0.0.3.255
access-list 10 permit 172.29.16.0 0.0.15.255
access-list 10 permit 172.29.0.0 0.0.255.255
--------------------------------------------------------------------------------------------------------------------
As a network administrator, you have been instructed to prevent
LAN from entering the R2 router. Which the following command would implement the access
list on the interface of the R2 router?
access-list 101 in
access-list 101 out
ip access-group 101 in
ip access-group 101 out
--------------------------------------------------------------------------------------------------------------------
The access control list shown in the graphic has been applied to the Ethernet interface of router
R1 using the ip access-group 101 in
blocked by this ACL? (Choose two)
to the Internet
to prevent students from accessing the command line of RA
to prevent administrators from accessing the console of RA
to give administrators access to the Internet
to prevent students from accessing the Internet
essing the Admin network
--------------------------------------------------------------------------------------------------------------------
An access list was written with the four statements shown in the graphic.
Which single access list statement will combine all four of these statements into a single
statement that will have exactly the same effect?
list 10 permit 172.29.16.0 0.0.0.255
list 10 permit 172.29.16.0 0.0.1.255
list 10 permit 172.29.16.0 0.0.3.255
permit 172.29.16.0 0.0.15.255
list 10 permit 172.29.0.0 0.0.255.255
--------------------------------------------------------------------------------------------------------------------
As a network administrator, you have been instructed to prevent all traffic originating on the
LAN from entering the R2 router. Which the following command would implement the access
list on the interface of the R2 router?
------------------------------------------------------------------------------------------------------------
The access control list shown in the graphic has been applied to the Ethernet interface of router
group 101 in command. Which of the following Telnet sessions will be
blocked by this ACL? (Choose two)
--------------------------------------------------------------------------------------------------------------------
combine all four of these statements into a single
--------------------------------------------------------------------------------------------------------------------
all traffic originating on the
LAN from entering the R2 router. Which the following command would implement the access
------------------------------------------------------------------------------------------------------------
The access control list shown in the graphic has been applied to the Ethernet interface of router
Which of the following Telnet sessions will be
![Page 5: Acls](https://reader033.vdocuments.mx/reader033/viewer/2022042516/55cf9b8b550346d033a6791c/html5/thumbnails/5.jpg)
from host PC1 to host 5.1.1.10
from host PC1 to host 5.1.3.10
from host PC2 to host 5.1.2.10
from host PC2 to host 5.1.3.8
------------------------------------------------
Refer to the exhibit.
What will happen to HTTP traffic coming from the Internet that is destined for 172.16.12.10 if
the traffic is processed by this ACL?
router#show access-lists
Extended IP access list 110
10 deny tcp 172.16.0.0 0.0.255.255 any eq telnet
20 deny tcp 172.16.0.0 0.0.255.255 any eq smtp
30 deny tcp 172.16.0.0 0.0.255.255 any eq http
40 permit tcp 172.16.0.0 0.0.255.255 any
Traffic will be dropped per line 30 of
Traffic will be accepted per line 40 of the ACL.
Traffic will be dropped, because of the implicit deny all at the end of the ACL.
Traffic will be accepted, because the source address is not covered by the ACL.
--------------------------------------------------------------------------------------------------------------------
Refer to the exhibit.
Which statement describes the effect that the Router1 configuration has on devices in the
172.16.16.0 subnet when they try to connect to SVR
--------------------------------------------------------------------------------------------------------------------
What will happen to HTTP traffic coming from the Internet that is destined for 172.16.12.10 if
the traffic is processed by this ACL?
10 deny tcp 172.16.0.0 0.0.255.255 any eq telnet
20 deny tcp 172.16.0.0 0.0.255.255 any eq smtp
30 deny tcp 172.16.0.0 0.0.255.255 any eq http
40 permit tcp 172.16.0.0 0.0.255.255 any
Traffic will be dropped per line 30 of the ACL.
Traffic will be accepted per line 40 of the ACL.
Traffic will be dropped, because of the implicit deny all at the end of the ACL.
Traffic will be accepted, because the source address is not covered by the ACL.
-------------------------------------------------------------------------------
Which statement describes the effect that the Router1 configuration has on devices in the
172.16.16.0 subnet when they try to connect to SVR-A using Telnet or SSH?
--------------------------------------------------------------------
What will happen to HTTP traffic coming from the Internet that is destined for 172.16.12.10 if
-------------------------------------------------------------------------------
Which statement describes the effect that the Router1 configuration has on devices in the
![Page 6: Acls](https://reader033.vdocuments.mx/reader033/viewer/2022042516/55cf9b8b550346d033a6791c/html5/thumbnails/6.jpg)
Devices will not be able to use Telnet or SSH.
Devices will be able to use SSH, but not Telnet.
Devices will be able to use Telnet, but not SSH.
Devices will be able to use Telnet and SSH.
--------------------------------------------------------------------------------------------------------------------
Refer to the exhibit.
Which three variables (router, protocol port, and router ACL direction) apply to an extended
ACL that will prevent student 01 from securely browsing the internet?
OUT
Router 3
HTTPS
IN
Router 1
--------------------------------------------------------------------------------------------------------------------
What are two reasons that a network administrator would us
Devices will not be able to use Telnet or SSH.
Devices will be able to use SSH, but not Telnet.
Devices will be able to use Telnet, but not SSH.
Devices will be able to use Telnet and SSH.
--------------------------------------------------------------------------------------------------------------------
Which three variables (router, protocol port, and router ACL direction) apply to an extended
udent 01 from securely browsing the internet?
--------------------------------------------------------------------------------------------------------------------
What are two reasons that a network administrator would use access lists?
--------------------------------------------------------------------------------------------------------------------
Which three variables (router, protocol port, and router ACL direction) apply to an extended
--------------------------------------------------------------------------------------------------------------------
![Page 7: Acls](https://reader033.vdocuments.mx/reader033/viewer/2022042516/55cf9b8b550346d033a6791c/html5/thumbnails/7.jpg)
to control vty access into a router
to control broadcast traffic through a router
to filter traffic as it passes through a router
to filter traffic that originates from the router
to replace passwords as a line of defense against security
--------------------------------------------------------------------------------------------------------------------
The company internetwork is subnetted using 29 bits. Which wildcard mask should be used to
configure an extended access list to
255.255.255.224
255.255.255.248
0.0.0.224
0.0.0.8
0.0.0.7
0.0.0.3
--------------------------------------------------------------------------------------------------------------------
Which wild card mask will enable a network
only hosts that are assigned an address in the range of 192.168.8.0 through 192.168.15.255?
0.0.0.0
0.0.0.255
0.0.255.255
0.0.7.255
0.0.3.255
--------------------------------------------------------------------------------------------------------------------
The access list shown in the graphic should deny hosts located on network 172.16.1.0, except
host 172.16.1.5, from accessing the 172.16.4.0 network. All other
Which command sequence will correctly apply this access list?
routerA(config)# interface fa0/0
routerA(config-if)# ip access-group 10 in
routerA(config)# interface s0/0
routerA(config-if)# ip access-group 10 out
routerB(config)# interface fa0/1
routerB(config-if)# ip access-group 10 out
routerB(config)# interface fa0/0
routerB(config-if)# ip access-group 10 out
routerB(config)# interface s0/1
routerB(config-if)# ip access-group 10 out
--------------------------------------------------------------------------------------------------------------------
Refer to the exhibit.
to control vty access into a router
to control broadcast traffic through a router
to filter traffic as it passes through a router
to filter traffic that originates from the router
to replace passwords as a line of defense against security incursions
--------------------------------------------------------------------------------------------------------------------
The company internetwork is subnetted using 29 bits. Which wildcard mask should be used to
configure an extended access list to permit or deny access to an entire subnetwork?
--------------------------------------------------------------------------------------------------------------------
Which wild card mask will enable a network administrator to permit access to the internet for
only hosts that are assigned an address in the range of 192.168.8.0 through 192.168.15.255?
-------------------------------------------------------------------------------------------------
The access list shown in the graphic should deny hosts located on network 172.16.1.0, except
host 172.16.1.5, from accessing the 172.16.4.0 network. All other networks should be accessible.
Which command sequence will correctly apply this access list?
group 10 in
group 10 out
group 10 out
group 10 out
group 10 out
---------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------------------
The company internetwork is subnetted using 29 bits. Which wildcard mask should be used to
permit or deny access to an entire subnetwork?
--------------------------------------------------------------------------------------------------------------------
to permit access to the internet for
only hosts that are assigned an address in the range of 192.168.8.0 through 192.168.15.255?
-------------------------------------------------------------------------------------------------
The access list shown in the graphic should deny hosts located on network 172.16.1.0, except
networks should be accessible.
---------------------------------------------------------------------------------
![Page 8: Acls](https://reader033.vdocuments.mx/reader033/viewer/2022042516/55cf9b8b550346d033a6791c/html5/thumbnails/8.jpg)
A technician is testing connection problems in the internetwork. What is the problem indicated
by the output from HostA?
The routing on Router2 is not functioning properly.
The Fa0/24 interface of Switch1 is dowm.
An access list is applied to an interface of router3.
The gateway address of HostA is incorrect or not configured.
--------------------------------------------------------------------------
---
Refer to the exhibit.
A technician is testing internetwork connetion problems. What is the troublem indicated be the
output from Host A?
An access list is applied to an interface of Router 3.
The routing on Router 2 is not functioning properly.
The Fa0/24 interface of Switch1 is down.
The gateway address of Host A is incorrect or not configured.
Refer to the exhibit.
A technician is testing connection problems in the internetwork. What is the problem indicated
not functioning properly.
The Fa0/24 interface of Switch1 is dowm.
An access list is applied to an interface of router3.
The gateway address of HostA is incorrect or not configured.
--------------------------------------------------------------------------------------------------------------------
A technician is testing internetwork connetion problems. What is the troublem indicated be the
An access list is applied to an interface of Router 3.
Router 2 is not functioning properly.
The Fa0/24 interface of Switch1 is down.
The gateway address of Host A is incorrect or not configured.
A technician is testing connection problems in the internetwork. What is the problem indicated
-------------------------------------------
A technician is testing internetwork connetion problems. What is the troublem indicated be the
![Page 9: Acls](https://reader033.vdocuments.mx/reader033/viewer/2022042516/55cf9b8b550346d033a6791c/html5/thumbnails/9.jpg)
A network technician enters the following line into the router Tidmore1.
Tidmore1(config)#interface FastEthernet 0/0
Tidmore1(config-if)#no ip access
Tidmore1(config)#interface Serial 0/0
Tidmore1(config-if)#ip access-group 106 in
Wath is the effect of this configuration?
The change has no effect on the packets being filtered.
All traffic from the 192.168.254.0 LAN to the internet is permitted.
Web pages from the internet cannot be accessed by hosts in the 192.168.254.0 LAN.
No hosts in the 192.168.254.0 LAN except 192.168.254.7 can access web pages from the
Internet.
--------------------------------------------------------------------------------------------------------------------
-----
Refer to the exhibit. A network technician enters the following line the router.
Tidmore1(config)#access-list 106 deny tcp 192.168.
What is the effect of this configuration?
The change has no effect on the packets being filtered.
All traffic from the 192.168.254.0 LAN to the internet is permitted.
Web pages from the internet cannot be accessed by hosts in t
No hosts in the 192.168.254.0 LAN except 192.168.254.7 can access web pages from the
Internet.
--------------------------------------------------------------------------------------------------------------------
-----
A network technician enters the following line into the router Tidmore1.
)#interface FastEthernet 0/0
if)#no ip access-group 106 in
Tidmore1(config)#interface Serial 0/0
group 106 in
Wath is the effect of this configuration?
The change has no effect on the packets being filtered.
All traffic from the 192.168.254.0 LAN to the internet is permitted.
Web pages from the internet cannot be accessed by hosts in the 192.168.254.0 LAN.
No hosts in the 192.168.254.0 LAN except 192.168.254.7 can access web pages from the
--------------------------------------------------------------------------------------------------------------------
Refer to the exhibit. A network technician enters the following line the router.
list 106 deny tcp 192.168.254.0 0.0.0.255 any eq www.
What is the effect of this configuration?
The change has no effect on the packets being filtered.
All traffic from the 192.168.254.0 LAN to the internet is permitted.
Web pages from the internet cannot be accessed by hosts in the 192.168.254.0 LAN.
No hosts in the 192.168.254.0 LAN except 192.168.254.7 can access web pages from the
--------------------------------------------------------------------------------------------------------------------
Web pages from the internet cannot be accessed by hosts in the 192.168.254.0 LAN.
No hosts in the 192.168.254.0 LAN except 192.168.254.7 can access web pages from the
---------------------------------------------------------------------------------------------------------------------
254.0 0.0.0.255 any eq www.
he 192.168.254.0 LAN.
No hosts in the 192.168.254.0 LAN except 192.168.254.7 can access web pages from the
---------------------------------------------------------------------------------------------------------------------
![Page 10: Acls](https://reader033.vdocuments.mx/reader033/viewer/2022042516/55cf9b8b550346d033a6791c/html5/thumbnails/10.jpg)
This graphic shows the results of an attempt to open a telnet connection to router ACCESS1
from router Remote 27. Which of the following command sequences will correct this problem?
ACCESS1(config)#line console 0
ACCESS1(config-line)#password cisco
Remote27(config)#line console 0
Remote27(config-line)#login
Remote27(config-line)#password cisco
ACCESS1(config)#line vty 0 4
ACCESS1(config-line)#login
ACCESS1(config-line)#password cisco
Remote27 (config)#line vty 0 4
Remote27 (config-line)#login
Remote27 (config-line)#password cisco
ACCESS1(config)#enable password cisco
Remote27 (config)#enable password cisco
--------------------------------------------------------------------------------------------------------------------
-----
What three pieces of information can b
three)
Protocol
VLAN number
TCP or UDP port numbers
Source switch port numbers
Source IP address and destination IP address
Source MAC address and destination MAC address
--------------------------------------------------------------------------------------------------------------------
What can be done to secure the virtual terminal interfaces on a router? (Choose two)
Administratively shut down the interface.
Physically secure the interface.
Create an access list and apply it to the virtual terminal interfaces with the access
hows the results of an attempt to open a telnet connection to router ACCESS1
from router Remote 27. Which of the following command sequences will correct this problem?
ACCESS1(config)#line console 0
line)#password cisco
ine console 0
line)#password cisco
line)#password cisco
password cisco
ACCESS1(config)#enable password cisco
Remote27 (config)#enable password cisco
--------------------------------------------------------------------------------------------------------------------
What three pieces of information can be used in an extended access list to filter traffic? (Choose
Source IP address and destination IP address
Source MAC address and destination MAC address
--------------------------------------------------------------------------------------------------------------------
What can be done to secure the virtual terminal interfaces on a router? (Choose two)
Administratively shut down the interface.
Create an access list and apply it to the virtual terminal interfaces with the access
hows the results of an attempt to open a telnet connection to router ACCESS1
from router Remote 27. Which of the following command sequences will correct this problem?
---------------------------------------------------------------------------------------------------------------------
to filter traffic? (Choose
--------------------------------------------------------------------------------------------------------------------
What can be done to secure the virtual terminal interfaces on a router? (Choose two)
Create an access list and apply it to the virtual terminal interfaces with the access-group
![Page 11: Acls](https://reader033.vdocuments.mx/reader033/viewer/2022042516/55cf9b8b550346d033a6791c/html5/thumbnails/11.jpg)
command.
Configure a virtual terminal password and login process.
Enter an access list and apply it to the virtual terminal interfaces using t
command.
--------------------------------------------------------------------------------------------------------------------
An inbound access list has been configured on a serial interface to deny packet entry for TCP
and UDP ports 21, 23 and 25. What types of packets will be permitted by this ACL? (Choose
three)
FTP
Telnet
SMTP
DNS
HTTP
POP3
--------------------------------------------------------------------------------------------------------------------
Refer to the exhibit. The FMJ manufacturing company is concerned about unauthorized access to
the Payroll Server. The Accounting1, CEO, Mgr1, and Mgr2 workstations should be the only
computers with access to the Payroll Server. What two technologies should
help prevent unauthorized access to the server? (Choose two)
access lists
encrypted router passwords
STP
VLANs
VTP
wireless LANs
--------------------------------------------------------------------------------------------------------------------
Refer to the exhibit. What statement is true of the configuration for this network?
Configure a virtual terminal password and login process.
Enter an access list and apply it to the virtual terminal interfaces using the access
--------------------------------------------------------------------------------------------------------------------
An inbound access list has been configured on a serial interface to deny packet entry for TCP
and 25. What types of packets will be permitted by this ACL? (Choose
--------------------------------------------------------------------------------------------------------------------
manufacturing company is concerned about unauthorized access to
the Payroll Server. The Accounting1, CEO, Mgr1, and Mgr2 workstations should be the only
computers with access to the Payroll Server. What two technologies should be implemented to
unauthorized access to the server? (Choose two)
--------------------------------------------------------------------------------------------------------------------
What statement is true of the configuration for this network?
he access-class
--------------------------------------------------------------------------------------------------------------------
An inbound access list has been configured on a serial interface to deny packet entry for TCP
and 25. What types of packets will be permitted by this ACL? (Choose
--------------------------------------------------------------------------------------------------------------------
manufacturing company is concerned about unauthorized access to
the Payroll Server. The Accounting1, CEO, Mgr1, and Mgr2 workstations should be the only
be implemented to
--------------------------------------------------------------------------------------------------------------------
What statement is true of the configuration for this network?
![Page 12: Acls](https://reader033.vdocuments.mx/reader033/viewer/2022042516/55cf9b8b550346d033a6791c/html5/thumbnails/12.jpg)
The configuration that is shown provides inadequate outside addre
number of inside addresses that are supported.
Because of the addressing on interface FastE
support the NAT configuration as shown.
The number 1 referred to in the ip nat inside source command references access
ExternalRouter must be configured with static routers to network 172.
--------------------------------------------------------------------------------------------------------------------
Which of the following are keywords that can be used in an access control list to replace a dotted
decimal wildcard mask? (Choose
all
some
any
sum
host
most
--------------------------------------------------------------------------------------------------------------------
Where should extended access control lists be placed?
They should be placed as close as possible to the
They should be placed as close as possible to the destination of the traffic to be denied.
They should be placed on the fastest interface available.
They should be placed on the destination WAN link.
--------------------------------------------------------------------------------------------------------------------
Which of the following must be in an extended access control list? (Choose three.)
destination address and wildcard mask
access list number between 1 and 99
The configuration that is shown provides inadequate outside address space for translation of the
number of inside addresses that are supported.
Because of the addressing on interface FastEthernet0/1, the Serial0/0 interface address will not
the NAT configuration as shown.
The number 1 referred to in the ip nat inside source command references access-
ExternalRouter must be configured with static routers to network 172.16.2.0/24
--------------------------------------------------------------------------------------------------------------------
Which of the following are keywords that can be used in an access control list to replace a dotted
decimal wildcard mask? (Choose two.)
--------------------------------------------------------------------------------------------------------------------
Where should extended access control lists be placed?
They should be placed as close as possible to the source of the traffic to be denied.
They should be placed as close as possible to the destination of the traffic to be denied.
They should be placed on the fastest interface available.
They should be placed on the destination WAN link.
-------------------------------------------------------------------------------------------------
Which of the following must be in an extended access control list? (Choose three.)
destination address and wildcard mask
access list number between 1 and 99
ss space for translation of the
erface address will not
-list number 1.
--------------------------------------------------------------------------------------------------------------------
Which of the following are keywords that can be used in an access control list to replace a dotted
--------------------------------------------------------------------------------------------------------------------
source of the traffic to be denied.
They should be placed as close as possible to the destination of the traffic to be denied.
-------------------------------------------------------------------------------------------------
Which of the following must be in an extended access control list? (Choose three.)
![Page 13: Acls](https://reader033.vdocuments.mx/reader033/viewer/2022042516/55cf9b8b550346d033a6791c/html5/thumbnails/13.jpg)
subnet mask and wild card mask
source address and wildcard mask
access list number between 100 and 199
default gateway address and wildcard mask
--------------------------------------------------------------------------------------------------------------------
Which of the following are required when creating a standard access control list? (Choose two.)
subnet mask and wildcard mask
access list number between 100 and 199 or 2000 and 2699
source address and wildcard mask
destination address and wildcard mask
access list number between 1 and 99 or 1300 to 1999
--------------------------------------------------------------------------------------------------------------------
Which IP address and wildcard mask would you use in your ACL to block all the hosts in the
subnet 192.168.16.43/28?
192.168.16.32 0.0.0.16
192.168.16.43 0.0.0.212
192.168.16.0 0.0.0.15
192.168.16.32 0.0.0.15
192.168.16.0 0.0.0.31
192.168.16.16 0.0.0.31
--------------------------------------------------------------------------------------------------------------------
How is an access list implemented in a router?
Enter the access list statements globally and apply the list globally.
Enter the access list statements globally and apply the list to a specific interface.
Enter the access list statements on a specific interface and apply the list globally.
Enter the access list statements on a specific interface and apply the list to that same interface.
--------------------------------------------------------------------------------------------------------------------
For security reasons, the network administrator needs to prevent pings into the corporate
networks from hosts outside the network. Which protocol should be blocked with access control
list?
IP
ICMP
TCP
UDP
--------------------------------------------------------------------------------------------------------------------
You wish to limit telnet access into your Cisco router to only a single host. In order to
accomplish this, access list 1 has been written to allow host 172.16.1.224 access to the router vty
lines. What command would assign this access- list to the Virtual Terminal Lines?
router(config-line)# ip access-group 1 in
router(config-line)# access-class 1 in
router(config-line)# ip access-list 1 in
router(config-line)# access-line 1 in
--------------------------------------------------------------------------------------------------------------------
![Page 14: Acls](https://reader033.vdocuments.mx/reader033/viewer/2022042516/55cf9b8b550346d033a6791c/html5/thumbnails/14.jpg)
Which command is required to apply an access list on a virtual terminal line of a router?
Router(config-line)# access-class 10 in
Router(config-if)# ip access-class 23 out
Router(config-line)# access-group 15 out
Router(config-if)# ip access-group 110 in
Router(config-line)# access-list 150 in
Router(config-if)# ip access-list 128 out
--------------------------------------------------------------------------------------------------------------------
Unauthorized users have user Telnet to login access to a company router. The network
administrator wants to configure and apply an access list to allow Telnet access to the router, but
only from the network administrators computer. Which group of commands would be the best
choice to allow only the IP address 172.16.3.3 to have Telnet access to the router?
access-list 3 permit host 172.16.3.3
line vty 0 4
ip access-group 3 in
access-list 3 permit host 172.16.3.3
line vty 0 4
ip access-class 3 in
access-list 101 permit tcp any host 172.16.3.3 eq telnet
interface s0/0
ip access-group 101 in
access-list 101 permit tcp any host 172.16.3.3 eq telnet
access-list 101 permit ip any any
interface s0/0
ip access-group 101 in
--------------------------------------------------------------------------------------------------------------------
Which of the following access list statements will deny all telnet connections to subnet 10.0.1.0
/24?
access-list 15 deny tcp 10.0.1.0 255.255.255.0 eq telnet
access-list 115 deny tcp any 10.0.1.0 eq telnet
access-list 115 deny udp any 10.0.1.0 eq 23
access-list 115 deny tcp any 10.0.1.0 0.0.0.255 eq 23
access-list 15 deny telnet any 10.0.1.0 0.0.0.255 eq 23
--------------------------------------------------------------------------------------------------------------------
Which of the following access list statements would deny traffic from a specific host?
Router(config)# access-list 1 deny 172.31.212.74 any
Router(config)# access-list 1 deny 10.6.111.48 host
Router(config)# access-list 1 deny 172.16.4.13 0.0.0.0
Router(config)# access-list 1 deny 192.168.14.132 255.255.255.0
Router(config)# access-list 1 deny 192.168.166.127 255.255.255.255
--------------------------------------------------------------------------------------------------------------------
![Page 15: Acls](https://reader033.vdocuments.mx/reader033/viewer/2022042516/55cf9b8b550346d033a6791c/html5/thumbnails/15.jpg)
Refer to the graphiIt has been decided that Workstation 1 should be denied access to Server1.
Which of the following commands are required to prevent only Workstation 1 from accessing
Server1 while allowing all other traffic to flow normally? (Choose two)
RouterA(config)#interface fa0/0
RouterA(config-if)#ip access-group 101 out
RouterA(config)#interface fa0/0
RouterA(config-if)#ip access-group 101 in
RouterA(config)#access-list 101 deny ip host 172.16.161.150 host 172.161.162.163
RouterA(config)#access-list 101 permit ip an
RouterA(config)#access-list 101 deny ip 172.16.161.150 0.0.0.255 172.161.162.163 0.0.0.0
RouterA(config)#access-list 101 permit ip any any
--------------------------------------------------------------------------------------------------------------
Which of the following statements are true regarding the meaning of the access control list
wildcard mask 0.0.0.15? (Choose two.)
The first 32 bits of a supplied IP address will be matched.
The first 28 bits of a supplied IP address will be matched
The last five bits of a supplied IP address will be ignored.
The first 28 bits of a supplied IP address will be ignored.
The last four bits of a supplied IP address will be ignored.
The last four bits of a supplied IP address will be matched.
--------------------------------------------------------------------------------------------------------------------
When using access control lists to filter traffic, which of the following is used to track multiple
sessions occurring between hosts?
subnet masks
routed protocols
port numbers
routing protocols
IP addresses
interfaces
--------------------------------------------------------------------------------------------------------------------
Which three of the following are uses of access control lists
protect hosts from viruses
classify network traffic
provide high network availability
identify interesting traffic for DDR
IP route filtering
monitor the number of bytes and packets
-------------------------------------------------
has been decided that Workstation 1 should be denied access to Server1.
Which of the following commands are required to prevent only Workstation 1 from accessing
Server1 while allowing all other traffic to flow normally? (Choose two)
group 101 out
group 101 in
list 101 deny ip host 172.16.161.150 host 172.161.162.163
list 101 permit ip any any
list 101 deny ip 172.16.161.150 0.0.0.255 172.161.162.163 0.0.0.0
list 101 permit ip any any
--------------------------------------------------------------------------------------------------------------
Which of the following statements are true regarding the meaning of the access control list
wildcard mask 0.0.0.15? (Choose two.)
The first 32 bits of a supplied IP address will be matched.
The first 28 bits of a supplied IP address will be matched.
The last five bits of a supplied IP address will be ignored.
The first 28 bits of a supplied IP address will be ignored.
The last four bits of a supplied IP address will be ignored.
The last four bits of a supplied IP address will be matched.
---------------------------------------------------------------------------------------------------------
When using access control lists to filter traffic, which of the following is used to track multiple
sessions occurring between hosts?
--------------------------------------------------------------------------------------------------------------------
Which three of the following are uses of access control lists (ACLs)? (Choose three.)
provide high network availability
identify interesting traffic for DDR
monitor the number of bytes and packets
--------------------------------------------------------------------------------------------------------------------
has been decided that Workstation 1 should be denied access to Server1.
Which of the following commands are required to prevent only Workstation 1 from accessing
list 101 deny ip host 172.16.161.150 host 172.161.162.163
list 101 deny ip 172.16.161.150 0.0.0.255 172.161.162.163 0.0.0.0
--------------------------------------------------------------------------------------------------------------------
Which of the following statements are true regarding the meaning of the access control list
---------------------------------------------------------------------------------------------------------
When using access control lists to filter traffic, which of the following is used to track multiple
--------------------------------------------------------------------------------------------------------------------
(ACLs)? (Choose three.)
-------------------------------------------------------------------
![Page 16: Acls](https://reader033.vdocuments.mx/reader033/viewer/2022042516/55cf9b8b550346d033a6791c/html5/thumbnails/16.jpg)
Which commands are used to verify the content and placement of access control lists? (Choose
three.)
show ip interface
show running-config
show ip route
show cdp neighbor
show processes
show access-lists
--------------------------------------------------------------------------------------------------------------------
Which commands can a network administrator use to monitor and verify access list operations?
(Choose two.)
Router# show ip route
Router# show protocols
Router# show IOS version
Router# show ip interface
Router# show access-lists
Router# show cdp neighbor
--------------------------------------------------------------------------------------------------------------------
Which command is used to display the placement and direction of
router?
show access-list
show ip route
show ip interface
show interface
show interface list
show ip interface brief
------------------------------------------------
Refer to the graphic. It has become necessary to prevent accounting department users on the
Amherst router from accessing the human resources server attached to interface E0 of the
Northampton router. The following access control lost has been created:
access-list 19 deny 192.168.16.128 0.0.0.31
access-list 19 permit any
Which commands are used to verify the content and placement of access control lists? (Choose
--------------------------------------------------------------------------------------------------------------------
Which commands can a network administrator use to monitor and verify access list operations?
--------------------------------------------------------------------------------------------------------------------
h command is used to display the placement and direction of on IP access control list on a
--------------------------------------------------------------------------------------------------------------------
It has become necessary to prevent accounting department users on the
Amherst router from accessing the human resources server attached to interface E0 of the
Northampton router. The following access control lost has been created:
list 19 deny 192.168.16.128 0.0.0.31
Which commands are used to verify the content and placement of access control lists? (Choose
--------------------------------------------------------------------------------------------------------------------
Which commands can a network administrator use to monitor and verify access list operations?
--------------------------------------------------------------------------------------------------------------------
n IP access control list on a
--------------------------------------------------------------------
It has become necessary to prevent accounting department users on the
Amherst router from accessing the human resources server attached to interface E0 of the
![Page 17: Acls](https://reader033.vdocuments.mx/reader033/viewer/2022042516/55cf9b8b550346d033a6791c/html5/thumbnails/17.jpg)
On which interface and in which direction should this access list be prevent accounting uses
from accessing the network attached to the E0 interface of the Northampton router?
other network should be unaffected.
Amherst S0, out
Amherst E1, in
Amherst E0, out
Northampton S1, in
Northampton E0, out
Northampton E1, in
--------------------------------------------------------------------------------------------------------------------
The CATEE Network is displayed in the flowing diagram:
You need to place an access list on the Fa0 interface of the wan connected router;
access to all hosts that lie within the range 192.168.160.0
192.168.195.0 network should be granted full
fulfills your needs?
access-list 1 deny 192.168.163.0 0.
access-list 1 deny 192.168.128.0 0.0.127.255
access-list 1 deny 192.168.160.0 0.0.255.255
access-list 1 deny 192.168.160.0 0.0.31.255
-----------------------------------------------------------------------------------------------------------------
Refer to the graphic. Assuming the following goals:
1-) Allow Telnet from the internet to the HR server
2-) Allow HTTP access from the internet to the web server
3-) Allow other traffic from the internet should be blocked.
Which of the following access list statements are necessary to accomplish three goals? (Choose
two)
access-list 101 permit tcp any 172.17.18.252 0.0.0.0 eq 80
access-list 1 permit tcp any 172.17.17.252 0.0.0.0 eq 23
access-list 101 deny tcp any 172.17.18.252 0.0.0.0 eq 80
access-list 101 permit tcp 172.17.17.252 0.0.0.0 any eq 23
access-list 101 deny tcp any 172.17.17.252 0.0.0.0 eq 23
access-list 101 permit tcp any 172.17.17.252 0.0.0.0 eq 23
--------------------------------------------------------------------------------------------------------------------
The following access control list needs to be applied to one of the routers
Access-list 101 permit tcp 192.168.1.16 0
What can be concluded about this ACL? (Choose two)
On which interface and in which direction should this access list be prevent accounting uses
network attached to the E0 interface of the Northampton router?
other network should be unaffected.
--------------------------------------------------------------------------------------------------------------------
The CATEE Network is displayed in the flowing diagram:
You need to place an access list on the Fa0 interface of the wan connected router;
that lie within the range 192.168.160.0-192.168.191.0. Hosts in the
192.168.195.0 network should be granted full access. Which one of the following answer choices
list 1 deny 192.168.163.0 0.0.0.255
list 1 deny 192.168.128.0 0.0.127.255
list 1 deny 192.168.160.0 0.0.255.255
list 1 deny 192.168.160.0 0.0.31.255
-----------------------------------------------------------------------------------------------------------------
Assuming the following goals:
) Allow Telnet from the internet to the HR server
) Allow HTTP access from the internet to the web server
) Allow other traffic from the internet should be blocked.
ess list statements are necessary to accomplish three goals? (Choose
list 101 permit tcp any 172.17.18.252 0.0.0.0 eq 80
list 1 permit tcp any 172.17.17.252 0.0.0.0 eq 23
list 101 deny tcp any 172.17.18.252 0.0.0.0 eq 80
st 101 permit tcp 172.17.17.252 0.0.0.0 any eq 23
list 101 deny tcp any 172.17.17.252 0.0.0.0 eq 23
list 101 permit tcp any 172.17.17.252 0.0.0.0 eq 23
--------------------------------------------------------------------------------------------------------------------
The following access control list needs to be applied to one of the routers shown in the graphic.
list 101 permit tcp 192.168.1.16 0.0.0.15 192.168.2.16 0.0.0.15 eq 23.
What can be concluded about this ACL? (Choose two)
On which interface and in which direction should this access list be prevent accounting uses
network attached to the E0 interface of the Northampton router?, Access to
--------------------------------------------------------------------------------------------------------------------
You need to place an access list on the Fa0 interface of the wan connected router; that will deny
192.168.191.0. Hosts in the
access. Which one of the following answer choices
--------------------------------------------------------------------------------------------------------------------
ess list statements are necessary to accomplish three goals? (Choose
--------------------------------------------------------------------------------------------------------------------
shown in the graphic.
![Page 18: Acls](https://reader033.vdocuments.mx/reader033/viewer/2022042516/55cf9b8b550346d033a6791c/html5/thumbnails/18.jpg)
Telnet traffic from 192.168.1.16 0.0.0.15 to 192.168.2.16 0.0.0.15 is allowed.
SMTP traffic from 192.168.2.16 0.0.0.15 to 192.168.1.16 0.0.0.15 is allowed.
The ACL is configured to allow traffic from one specific host to another.
When the ACL is applied, Server A will be able to ping Server
The ACL should be applied inbound to the e0 interface of Router
The ACL should be applied outbound to the e0
--------------------------------------------------------------------------------------------------------------------
A network administrator in Miami has been instructed to prevent all traffic
Chicago LAN from entering the Miami router.
Access-list 101 deny ip 192.168.45.0 0.0.0.255 any.
Access-list 101 deny ip 192.168.45.0 0.0.0.0 any.
Access-list 101 deny ip 192.168.46.0 0.0.0.255 192.168.45.0 0.0.0.255.
Access-list 101 deny ip 192.168.46.0 0.0.0.255 any.
--------------------------------------------------------------------------------------------------------------------
A network associate creates the configuration shown in the exhibit. What will be the r
this configuration?
The configuration creates four access lists.
The fourth line of the configuration creates an access list that allows all traffic
172.16.232.253 except Telnet and ping traffi
Telnet traffic from 192.168.1.16 0.0.0.15 to 192.168.2.16 0.0.0.15 is allowed.
SMTP traffic from 192.168.2.16 0.0.0.15 to 192.168.1.16 0.0.0.15 is allowed.
The ACL is configured to allow traffic from one specific host to another.
When the ACL is applied, Server A will be able to ping Server
The ACL should be applied inbound to the e0 interface of Router A
The ACL should be applied outbound to the e0 interface of Router A.
--------------------------------------------------------------------------------------------------------------------
A network administrator in Miami has been instructed to prevent all traffic originating on the
ering the Miami router. Which statement would accomplish this filtering?
list 101 deny ip 192.168.45.0 0.0.0.255 any.
list 101 deny ip 192.168.45.0 0.0.0.0 any.
list 101 deny ip 192.168.46.0 0.0.0.255 192.168.45.0 0.0.0.255.
list 101 deny ip 192.168.46.0 0.0.0.255 any.
--------------------------------------------------------------------------------------------------------------------
A network associate creates the configuration shown in the exhibit. What will be the r
tion creates four access lists.
The fourth line of the configuration creates an access list that allows all traffic from the host
172.16.232.253 except Telnet and ping traffic
--------------------------------------------------------------------------------------------------------------------
originating on the
Which statement would accomplish this filtering?
--------------------------------------------------------------------------------------------------------------------
A network associate creates the configuration shown in the exhibit. What will be the results of
from the host
![Page 19: Acls](https://reader033.vdocuments.mx/reader033/viewer/2022042516/55cf9b8b550346d033a6791c/html5/thumbnails/19.jpg)
The configuration creates an access lists that allow all traffic from the
Telnet and ping traffic.
The configuration creates an access lists that allows all the hosts in the
use Telnet not to access web pages.
--------------------------------------------------------------------------------------------------------------------
In order to control access on the CATEE network, the following access list is created:
access-list 101 permit tcp 192.168.1.16 0.0.0.15 192.168.2 16 0.0.0.15 eq 23
What would happen if you applied the following ACL to any one of the KTE routers in the
above exhibit?, On what interface and what direction should you apply it?, Once applied, what
will this access list accomplish? (Select all valid answer choices)
Telnet traffic from 192.168.1.16 0.0.0.15 to 168.2.16 0.0.0.15 is allowed
SMTP traffic from 192.168.1.16 0.0.0.15 to 168.2.16 0.0.0.15 is allowed.
The ACL is configured to allow traffic from one specific host to another.
The ACL should be applied inbound to th
The ACL should be applied outbound to the e0 interface of Router KTE1.
--------------------------------------------------------------------------------------------------------------------
---------
Which of the following answer choices are correct characteristics of named access list? (Select
all that apply)
You can delete individual statements in a named access list
Named access lists require a numbered range from 1000 to 1099.
Named access lists must be specified as standar
You can use the ip access-list command to create named access lists.
You cannot delete individual statements in a named access list.
You can use the ip name-group command to apply named access lists.
-----------------------------------------
The KTE network is shown below:
The network administrator would like to permit only hosts on the 172.30.16.0/24 network
to access the Internet.
Which wild card mask and address
172.30.0.0 0.0.0.0
172.30.16.0 0.0.0.255
172.30.0.0 0.0.15.255
172.30.16.0 0.0.31.255
172.30.16.0 0.0.255.255
--------------------------------------------------------------------------------------------------------------------
access lists that allow all traffic from the 172.16.232.253 except
The configuration creates an access lists that allows all the hosts in the 172.16.232.0/24 subnet to
Telnet not to access web pages.
-----------------------------------------------------------------------------------------
In order to control access on the CATEE network, the following access list is created:
list 101 permit tcp 192.168.1.16 0.0.0.15 192.168.2 16 0.0.0.15 eq 23
What would happen if you applied the following ACL to any one of the KTE routers in the
above exhibit?, On what interface and what direction should you apply it?, Once applied, what
will this access list accomplish? (Select all valid answer choices)
t traffic from 192.168.1.16 0.0.0.15 to 168.2.16 0.0.0.15 is allowed.
SMTP traffic from 192.168.1.16 0.0.0.15 to 168.2.16 0.0.0.15 is allowed.
The ACL is configured to allow traffic from one specific host to another.
The ACL should be applied inbound to the e0 interface of Router KTE1.
The ACL should be applied outbound to the e0 interface of Router KTE1.
--------------------------------------------------------------------------------------------------------------------
er choices are correct characteristics of named access list? (Select
You can delete individual statements in a named access list
Named access lists require a numbered range from 1000 to 1099.
Named access lists must be specified as standard or extended.
list command to create named access lists.
You cannot delete individual statements in a named access list.
group command to apply named access lists.
--------------------------------------------------------------------------------------------------------------------
TE network is shown below:
The network administrator would like to permit only hosts on the 172.30.16.0/24 network
Which wild card mask and address combination will only match addresses on this network?
--------------------------------------------------------------------------------------------------------------------
72.16.232.253 except
172.16.232.0/24 subnet to
-----------------------------------------------------------------------------------------
In order to control access on the CATEE network, the following access list is created:
What would happen if you applied the following ACL to any one of the KTE routers in the
above exhibit?, On what interface and what direction should you apply it?, Once applied, what
---------------------------------------------------------------------------------------------------------------------
er choices are correct characteristics of named access list? (Select
---------------------------------------------------------------------------
The network administrator would like to permit only hosts on the 172.30.16.0/24 network
combination will only match addresses on this network?
--------------------------------------------------------------------------------------------------------------------
![Page 20: Acls](https://reader033.vdocuments.mx/reader033/viewer/2022042516/55cf9b8b550346d033a6791c/html5/thumbnails/20.jpg)
The KTE University network is shown below:
In the above network, an access list was created in order to prevent students and outsiders on the
internet from changing student files in the Records Server, while still allowing other departments
in the enterprise access. The access control list was applied to the e0 interface of the R-3 router
going outbound. Which two of the following conditions below were contained in the access
control list? (Select two answer choices)
permit 172.16.64.254 0.0.0.0 172.16.0.0 0.0.255.255
permit 172.16.0.0 0.0.255.255 172.16.64.254 0.0.0.0
deny 172.16.64.254 0.0.0.0 172.16.62.0 0.0.0.255
deny 172.16.62.0 0.0.0.255 172.16.64.254 0.0.0.0
deny 172.16.64.254 0.0.0.0 any
permit any any
--------------------------------------------------------------------------------------------------------------------
The KTE WAN is shown below:
Your goal is to allow FTP access to the HR server, while blocking out all other traffic.
Which of the access list configurations below will fulfill your goal? (Select two answer choices)
Access-list 101 Permit tcp any 192.168.44.252 0.0.0.0 eq 21
Access-list 101 Permit tcp any 192.168.44.252 0.0.0.0 eq 20
Access-list 101 Permit tcp 192.168.44.252 0.0.0.0 any eq 20
Access-list 101 Permit tcp 192.168.44.252 0.0.0.0 any eq 21
Access-list 101 Deny tcp any 192.168.44.255 0.0.0.0 gt 21
Access-list 101 Permit tcp 192.168.44.255 0.0.0.0 any gt 21
--------------------------------------------------------------------------------------------------------------------
![Page 21: Acls](https://reader033.vdocuments.mx/reader033/viewer/2022042516/55cf9b8b550346d033a6791c/html5/thumbnails/21.jpg)
Part of the KTE network is shown below:
The CATEE network administrator wants to prevent computers on the 192.168.23.64/26 subnet
from accessing the 192.168.23.128/26 subnet via FTP. All other hosts should be allowed to
access. What commands should be entered on the router to accomplish this task?
Router(config)#access-list 101 deny tcp 192.168.23.64 0.0.0.63 192.168.23.128 0.0.0.63 eq ftp
Router(config)#access-list 101 permit ip any any
Router(config)#interface fa0/0
Router(config-if)#ip access-group 101 in
Router(config)#access-list 101 deny tcp 192.168.23.64 0.0.255 192.168.23.128 0.0.0.255 eq ftp
Router(config)#access-list 101 permit ip any any
Router(config)#interface fa0/0
Router(config-if)#ip access-group 101 in
Router(config)#access-list 101 deny tcp 192.168.23.64 0.0.0.63 192.168.23.128 0.0.0.63 eq ftp
Router(config)#access-list 101 permit ip any any
Router(config)#interface fa0/0
Router(config-if)#access-list 101 out
Router(config)#access-list 101 deny tcp 192.168.23.64 0.0.0.255 192.168.23.128 0.0.0.255 eq
ftp
Router(config)#access-list 101 permit ip any any
Router(config)#interface fa0/1
Router(config-if)#ip access-group 101 in
Router(config)#access-list 101 deny tcp 192.168.23.128 0.0.0.63 192.168.23.64 0.0.0.63 eq ftp
Router(config)#access-list 101 permit ip any any
Router(config)#interface fa0/1
Router(config-if)#ip access-group 101 in
Router(config)#access-list 101 deny tcp 192.168.23.128 0.0.0.255 192.168.23.128 0.0.0.255 eq
ftp
Router(config)#access-list 101 permit ip any any
Router(config)#interface fa0/1
Router(config-if)#ip access-group 101 out
--------------------------------------------------------------------------------------------------------------------