Kamis, 09 Desember 2010

CCNA Discovery 3 Module 8

| |

CCNA Discovery 3 Module 8 Exam Answers Version 4.0

1.      


1

Refer to the exhibit. A network administrator needs to add the command deny ip 10.0.0.0 0.255.255.255 any log to R3. After adding the command, the administrator verifies the change using the show access-list command. What sequence number does the new entry have? 
• 60

2.      


2

Refer to the exhibit. What happens if the network administrator issues the commands shown when an ACL called Managers already exists on the router? 
• The new commands are added to the end of the current Managers ACL. 

3.      Why are inbound ACLs more efficient for the router than outbound ACLs? 
• Inbound ACLs deny packets before routing lookups are required. 


4.      


3

Refer to the exhibit. The network administrator of a company needs to configure the router RTA to allow its business partner (Partner A) to access the web server located in the internal network. The web server is assigned a private IP address, and a static NAT is configured on the router for its public IP address. Finally, the administrator adds the ACL. However, Partner A is denied access to the web server. What is the cause of the problem? 
• Port 80 should be specified in the ACL. 

5.      ACL logging generates what type of syslog message? 
• informational 

6.      Which two host addresses are included in the range specified by 172.16.31.64 0.0.0.31? (Choose two.) 
• 172.16.31.77 
• 172.16.31.78 

7.      Traffic from the 64.104.48.0 to 64.104.63.255 range must be denied access to the network. What wildcard mask would the network administrator configure in the access list to cover this range? 
• 0.0.15.255 

8.      ACLs are used primarily to filter traffic. What are two additional uses of ACLs? (Choose two.) 
• specifying internal hosts for NAT 
• identifying traffic for QoS 

9.      What can an administrator do to ensure that ICMP DoS attacks from the outside are mitigated as much as possible, without hampering connectivity tests initiated from the inside out? 
• Create an access list permitting only echo reply and destination unreachable packets from the outside. 

10.  What effect does the command reload in 30 have when entered into a router? 
• A router automatically reloads in 30 minutes.

11.  


4

Refer to the exhibit. The following commands were entered on RTB. 
RTB(config)# access-list 4 deny 192.168.20.16 0.0.0.15 
RTB(config)# access-list 4 permit any 
RTB(config)# interface serial 0/0/0 
RTB(config-if)# ip access-group 4 in 
Which addresses do these commands block access to RTB? 
• 192.168.20.16 to 192.168.20.31* 

12.  


5

Refer to the exhibit. The new security policy for the company allows all IP traffic from the Engineering LAN to the Internet while only web traffic from the Marketing LAN is allowed to the Internet. Which ACL can be applied in the outbound direction of Serial 0/1 on the Marketing router to implement the new security policy? 
• access-list 137 permit ip 192.0.2.0 0.0.0.255 any 
access-list 137 permit tcp 198.18.112.0 0.0.0.255 any eq www 

13.  Which three statements are true concerning standard and extended ACLs? (Choose three.) 
• Extended ACLs are usually placed so that all packets go through the network and are filtered at the destination. 
• Standard ACLs are usually placed so that all packets go through the network and are filtered at the destination. 
• Standard ACLs filter based on source address only, and must be placed near the destination if other traffic is to flow. 
• Extended ACLs filter with many possible factors, and they allow only desired packets to pass through the network if placed near the source. 

14.  


6

Refer to the exhibit. Company policy for the network that is shown indicates the following guidelines: 
1) All hosts on the 192.168.3.0/24 network, except host 192.168.3.77, should be able to reach the 192.168.2.0/24 network. 
2) All hosts on the 192.168.3.0/24 network should be able to reach the 192.168.1.0/24 network. 
3) All other traffic originating from the 192.168.3.0 network should be denied.
Which set of ACL statements meets the stated requirements when they are applied to the Fa0/0 interface of router R2 in the inbound direction? 
• access-list 101 deny ip 192.168.3.77 0.0.0.0 192.168.2.0 0.0.0.255 
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255 
access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255 

15.  


7

Hosts from the Limerick LAN are not allowed access to the Shannon LAN but should be able to access the Internet. Which set of commands will create a standard ACL that will apply to traffic on the Shannon router interface Fa0/0 implementing this security? 
• access-list 56 deny 172.19.123.0 0.0.0.255 
access-list 56 permit any 

16.  


8

Refer to the exhibit. A network administrator needs to configure an access list that will allow the management host with an IP address of 192.168.10.25/24 to be the only host to remotely access and configure router RTA. All vty and enable passwords are configured on the router. Which group of commands will accomplish this task? 
• Router(config)# access-list 101 permit tcp any 192.168.10.25 0.0.0.0 eq telnet 
Router(config)# access-list 101 deny ip any any 
Router(config)# int s0/0 
Router(config-if)# ip access-group 101 in 
Router(config-if)# int fa0/0 
Router(config-if)#ip access-group 101 in 

17.  Which ACL permits host 10.220.158.10 access to the web server 192.168.3.244? 
• access-list 101 permit tcp 10.220.158.10 0.0.0.0 host 192.168.3.224 eq 80

18.  Which wildcard mask would match the host range for the subnet 192.16.5.32 /27? 
• 0.0.0.31

19.  A security administrator wants to secure password exchanges on the vty lines on all routers in the enterprise. What option should be implemented to ensure that passwords are not sent in clear text across the public network? 
• Use only Secure Shell (SSH) on the vty lines.

20.  



9

Refer to the exhibit. An administrator notes a significant increase in the amount of traffic entering the network from the ISP. The administrator clears the access-list counters. After a few minutes, the administrator again checks the access-list table. What can be concluded from the most recent output shown? 
• A large amount of ICMP traffic is being denied at the interface, which can be an indication of a DoS attack. 

0 komentar:

go-top

Posting Komentar

My Playlist

Blog ArchiveArchive

Pages

Followers

Diberdayakan oleh Blogger.
 
 
 
top