IndiaBIX

Networking - Security

Exercise : Security - Security
  • Security - Security
16.
Which of the following are valid ways to refer only to host 172.16.30.55 in an IP access list?
  1. 172.16.30.55 0.0.0.255
  2. 172.16.30.55 0.0.0.0
  3. any 172.16.30.55
  4. host 172.16.30.55
  5. 0.0.0.0 172.16.30.55
  6. ip any 172.16.30.55
1 and 4
2 and 4
1, 4 and 6
3 and 5
Answer: Option
Explanation:
The wildcard 0.0.0.0 tells the router to match all four octets. This wildcard format alone can be replaced with the host command.
17.
If you wanted to deny FTP access from network 200.200.10.0 to network 200.199.11.0 but allow everything else, which of the following command strings is valid?
access-list 110 deny 200.200.10.0 to network 200.199.11.0 eq ftp
access-list 111 permit ip any 0.0.0.0 255.255.255.255
access-list 1 deny ftp 200.200.10.0 200.199.11.0 any any
access-list 100 deny tcp 200.200.10.0 0.0.0.255 200.199.11.0 0.0.0.255 eq ftp
access-list 198 deny tcp 200.200.10.0 0.0.0.255 200.199.11.0 0.0.0.255 eq ftp
access-list 198 permit ip any 0.0.0.0 255.255.255.255
Answer: Option
Explanation:
Extended IP access lists use numbers 100-199 and 2000-2699 and filter based on source and destination IP address, protocol number, and port number. The last option is correct because of the second line that specifies permit ip any any. (I used 0.0.0.0 255.255.255.255, which is the same as the any option.) The third option does not have this, so it would deny access but not allow everything else.
18.
Which of the following series of commands will restrict Telnet access to the router?
Lab_A(config)#access-list 10 permit 172.16.1.1
Lab_A(config)#line con 0
Lab_A(config-line)#ip access-group 10 in
Lab_A(config)#access-list 10 permit 172.16.1.1
Lab_A(config)#line vty 0 4
Lab_A(config-line)#access-class 10 out
Lab_A(config)#access-list 10 permit 172.16.1.1
Lab_A(config)#line vty 0 4
Lab_A(config-line)#access-class 10 in
Lab_A(config)#access-list 10 permit 172.16.1.1
Lab_A(config)#line vty 0 4
Lab_A(config-line)#ip access-group 10 in
Answer: Option
Explanation:
Telnet access to the router is restricted by using either a standard or extended IP access list inbound on the VTY lines of the router. The command access-class is used to apply the access list to the VTY lines.
19.
Which of the following commands connect access list 110 inbound to interface ethernet0?
Router(config)# ip access-group 110 in
Router(config)# ip access-list 110 in
Router(config-if)# ip access-group 110 in
Router(config-if)# ip access-list 110 in
Answer: Option
Explanation:
To place an access list on an interface, use the ip access-group command in interface configuration mode.
Quick links
Quantitative Aptitude
Verbal (English)
Reasoning
Programming
Interview
Placement Papers