1. Barney is a host with IP address 10.1.1.1 in subnet 10.1.1.0/24. Which of the following are things that a standard IP ACL could be configured to do? (Choose two answers.)
a. Match the exact source IP address. b. Match IP addresses 10.1.1.1 through 10.1.1.4 with one access-list command without matching other IP addresses. c. Match all IP addresses in Barney’s subnet with one access-list command without matching other IP addresses. d. Match only the packet’s destination IP address.
2. Which of the following answers list a valid number that can be used with standard numbered IP ACLs? (Choose two answers.)
a. 1987 b. 2187 c. 187 d. 87
3. Which of the following wildcard masks is most useful for matching all IP packets in subnet 10.1.128.0, mask 255.255.255.0?
a. 0.0.0.0 b. 0.0.0.31 c. 0.0.0.240 d. 0.0.0.255 e. 0.0.15.0 f. 0.0.248.255
4. Which of the following wildcard masks is most useful for matching all IP packets in subnet 10.1.128.0, mask 255.255.240.0?
a. 0.0.0.0 b. 0.0.0.31 c. 0.0.0.240 d. 0.0.0.255 e. 0.0.15.255 f. 0.0.248.255
5. ACL 1 has three statements, in the following order, with address and wildcard mask values as follows: 1.0.0.0 0.255.255.255, 1.1.0.0 0.0.255.255, and 1.1.1.0 0.0.0.255. If a router tried to match a packet sourced from IP address 1.1.1.1 using this ACL, which ACL statement does a router consider the packet to have matched?
a. First b. Second c. Third d. Implied deny at the end of the ACL
6. Which of the following access-list commands matches all packets sent from hosts in subnet 172.16.4.0/23?
a. access-list 1 permit 172.16.0.5 0.0.255.0 b. access-list 1 permit 172.16.4.0 0.0.1.255 c. access-list 1 permit 172.16.5.0 d. access-list 1 permit 172.16.5.0 0.0.0.127
1. Which of the following fields cannot be compared based on an extended IP ACL? (Choose two answers.)
a. Protocol b. Source IP address c. Destination IP address d. TOS byte e. URL f. Filename for FTP transfers
2. Which of the following access-list commands permit packets going from host 10.1.1.1 to all web servers whose IP addresses begin with 172.16.5? (Choose two answers.)
a. access-list 101 permit tcp host 10.1.1.1 172.16.5.0 0.0.0.255 eq www b. access-list 1951 permit ip host 10.1.1.1 172.16.5.0 0.0.0.255 eq www c. access-list 2523 permit ip host 10.1.1.1 eq www 172.16.5.0 0.0.0.255 d. access-list 2523 permit tcp host 10.1.1.1 eq www 172.16.5.0 0.0.0.255 e. access-list 2523 permit tcp host 10.1.1.1 172.16.5.0 0.0.0.255 eq www
3. Which of the following access-list commands permits packets going to any web client from all web servers whose IP addresses begin with 172.16.5?
a. access-list 101 permit tcp host 10.1.1.1 172.16.5.0 0.0.0.255 eq www b. access-list 1951 permit ip host 10.1.1.1 172.16.5.0 0.0.0.255 eq www c. access-list 2523 permit tcp any eq www 172.16.5.0 0.0.0.255 d. access-list 2523 permit tcp 172.16.5.0 0.0.0.255 eq www 172.16.5.0 0.0.0.255 e. access-list 2523 permit tcp 172.16.5.0 0.0.0.255 eq www any
4. In a router running a recent IOS version (at least version 15.0), an engineer needs to delete the second line in ACL 101, which currently has four commands configured. Which of the following options could be used? (Choose two answers.)
a. Delete the entire ACL and reconfigure the three ACL statements that should remain in the ACL. b. Delete one line from the ACL using the no access-list... global command. c. Delete one line from the ACL by entering ACL configuration mode for the ACL and then deleting only the second line based on its sequence number. d. Delete the last three lines from the ACL from global configuration mode, and then add the last two statements back into the ACL.
5. An engineer is considering configuring an ACL on Router R1. The engineer could use ACL A which would be enabled with the ip access-group A out command on interface G0/1, or ACL B, which would be enabled with the ip access-group B in command on that same interface. R1’s G0/1 interface uses IPv4 address 1.1.1.1. Which of the answers is true when comparing these options? (Choose two answers.)
a. ACL A creates more risk of filtering important overhead traffic than ACL B. b. ACL B creates more risk of filtering important overhead traffic than ACL A. c. A ping 1.1.1.1 command on R1 would bypass ACL A even if enabled. d. A ping 1.1.1.1 command on R1 would bypass ACL B even if enabled.
6. An engineer configures an ACL but forgets to save the configuration. At that point, which of the following commands displays the configuration of an IPv4 ACL, including line numbers? (Choose two answers.)
a. show running-config b. show startup-config c. show ip access-lists d. show access-lists
1. Which of the following summarized subnets represent routes that could have been created for CIDR’s goal to reduce the size of Internet routing tables?
a. 10.0.0.0 255.255.255.0 b. 10.1.0.0 255.255.0.0 c. 200.1.1.0 255.255.255.0 d. 200.1.0.0 255.255.0.0
2. Which of the following are not private addresses according to RFC 1918? (Choose two answers.)
a. 172.31.1.1 b. 172.33.1.1 c. 10.255.1.1 d. 10.1.255.1 e. 191.168.1.1
3. With static NAT, performing translation for inside addresses only, what causes NAT table entries to be created?
a. The first packet from the inside network to the outside network b. The first packet from the outside network to the inside network c. Configuration using the ip nat inside source command d. Configuration using the ip nat outside source command
4. With dynamic NAT, performing translation for inside addresses only, what causes NAT table entries to be created?
a. The first packet from the inside network to the outside network b. The first packet from the outside network to the inside network c. Configuration using the ip nat inside source command d. Configuration using the ip nat outside source command
5. NAT has been configured to translate source addresses of packets for the inside part of the network, but only for some hosts as identified by an access control list. Which of the following commands indirectly identifies the hosts?
a. ip nat inside source list 1 pool barney b. ip nat pool barney 200.1.1.1 200.1.1.254 netmask 255.255.255.0 c. ip nat inside d. ip nat inside 200.1.1.1 200.1.1.2
6. Examine the following configuration commands:
interface Ethernet0/0 ip address 10.1.1.1 255.255.255.0 ip nat insideinterface Serial0/0 ip address 200.1.1.249 255.255.255.252ip nat inside source list 1 interface Serial0/0access-list 1 permit 10.1.1.0 0.0.0.255--If the configuration is intended to enable source NAT overload, which of the following commands could be useful to complete the configuration? (Choose two answers.)--
a. The ip nat outside command b. The ip nat pat command c. The overload keyword d. The ip nat pool command
7. Examine the following show command output on a router configured for dynamic NAT:
-- Inside Sourceaccess-list 1 pool fred refcount 2288 pool fred: netmask 255.255.255.240 start 200.1.1.1 end 200.1.1.7 type generic, total addresses 7, allocated 7 (100%), misses 965--Users are complaining about not being able to reach the Internet. Which of the following is the most likely cause?--
a. The problem is not related to NAT, based on the information in the command output. b. The NAT pool does not have enough entries to satisfy all requests. c. Standard ACL 1 cannot be used; an extended ACL must be used. d. The command output does not supply enough information to identify the problem.
Part 3 Questions Continued:
Basic IPv4 Access Control Lists1. A, C 2. A, D 3. D 4. E 5. A 6. BAdvanced IPv4 Access Control Lists1. E, F 2. A, E 3. E 4. A, C 5. B, C 6. C, DNetwork Address Translation1. D 2. B, E 3. C 4. A 5. A 6. A, C 7. B