CCNA FAQ: Advanced IP Access Control Lists
Q1. Which of the following fields cannot be compared based on an extended IP ACL? (Choose two answers.)
e. Protocol
f. Source IP address
g. Destination IP address
h. TOS byte
i. URL
j. Filename for FTP transfers
Q2. Which of the following access-list commands permits packets going from host 10.1.1.1 to all web servers whose IP addresses begin with 172.16.5? (Choose two answers.)
a. access-list 101 permit tcp host 10.1.1.1 172.16.5.0 0.0.0.255 eq www
b. access-list 1951 permit ip host 10.1.1.1 172.16.5.0 0.0.0.255 eq www
c. access-list 2523 permit ip host 10.1.1.1 eq www 172.16.5.0 0.0.0.255
d. access-list 2523 permit tcp host 10.1.1.1 eq www 172.16.5.0 0.0.0.255
e. access-list 2523 permit tcp host 10.1.1.1 172.16.5.0 0.0.0.255 eq www
Q3. Which of the following access-list commands permits packets going to any web client from all web servers whose IP addresses begin with 172.16.5?
a. access-list 101 permit tcp host 10.1.1.1 172.16.5.0 0.0.0.255 eq www
b. access-list 1951 permit ip host 10.1.1.1 172.16.5.0 0.0.0.255 eq www
c. access-list 2523 permit tcp any eq www 172.16.5.0 0.0.0.255
d. access-list 2523 permit tcp 172.16.5.0 0.0.0.255 eq www 172.16.5.0 0.0.0.255
e. access-list 2523 permit tcp 172.16.5.0 0.0.0.255 eq www any
Q4. Which of the following fields can be compared using a named extended IP ACL but not a numbered extended IP ACL?
a. Protocol
b. Source IP address
c. Destination IP address
d. TOS byte
e. None of the other answers are correct.
Q5. In a router running IOS 12.3, an engineer needs to delete the second line in ACL 101, which currently has four commands configured. Which of the following options could be used? (Choose two answers.)
a. Delete the entire ACL and reconfigure the three ACL statements that should remain in the ACL.
b. Delete one line from the ACL using the no access-list… global command.
c. Delete one line from the ACL by entering ACL configuration mode for the ACL and then deleting only the second line based on its sequence number.
d. Delete the last three lines from the ACL from ACL configuration mode, and then add the last two statements back into the ACL.
Q6. What general guideline should you follow when placing extended IP ACLs?
a. Perform all filtering on output if at all possible.
b. Put more general statements early in the ACL.
c. Filter packets as close to the source as possible.
d. Order the ACL commands based on the source IP addresses, lowest to highest, to improve performance.
Q7. Which of the following tools requires the end user to telnet to a router to gain access to hosts on the other side of the router?
a. Named ACLs
b. Reflexive ACLs
c. Dynamic ACLs
d. Time-based ACLs