CCNA Access List Sim
Question
An administrator is trying to ping and telnet from Switch to Router with the results shown below:
Switch>
Switch> ping 10.4.4.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.4.4.3,timeout is 2 seconds:
.U.U.U
Success rate is 0 percent (0/5)
Switch>
Switch> telnet 10.4.4.3
Trying 10.4.4.3 …
% Destination unreachable; gateway or host down
Switch>
Click the console connected to Router and issue the appropriate commands to answer the questions.
Answer and Explanation
Note: If you are not sure about Access-list, please read my Access-list tutorial. You can also download this sim to practice (open with Packet Tracer) here: http://www.9tut.com/download/9tut.com_CCNA_Access_List_Sim.pkt
For this question we only need to use the show running-config command to answer all the questions below
Router>enable
Router#show running-config
Question 1:
Which will fix the issue and allow ONLY ping to work while keeping telnet disabled?
A – Correctly assign an IP address to interface fa0/1
B – Change the ip access-group command on fa0/0 from “in” to “out”
C – Remove access-group 106 in from interface fa0/0 and add access-group 115 in.
D – Remove access-group 102 out from interface s0/0/0 and add access-group 114 in
E – Remove access-group 106 in from interface fa0/0 and add access-group 104 in
Answer: E
Explanation:
Let’s have a look at the access list 104:
The question does not ask about ftp traffic so we don’t care about the two first lines. The 3rd line denies all telnet traffic and the 4th line allows icmp traffic to be sent (ping). Remember that the access list 104 is applied on the inbound direction so the 5th line “access-list 104 deny icmp any any echo-reply” will not affect our icmp traffic because the “echo-reply” message will be sent over the outbound direction.
Question 2:
What would be the effect of issuing the command ip access-group 114 in to the fa0/0 interface?
A – Attempts to telnet to the router would fail
B – It would allow all traffic from the 10.4.4.0 network
C – IP traffic would be passed through the interface but TCP and UDP traffic would not
D – Routing protocol updates for the 10.4.4.0 network would not be accepted from the fa0/0 interface
Answer: B
Explanation:
From the output of access-list 114: access-list 114 permit ip 10.4.4.0 0.0.0.255 any we can easily understand that this access list allows all traffic (ip) from 10.4.4.0/24 network
Question 3:
What would be the effect of issuing the command access-group 115 in on the s0/0/1 interface?
A – No host could connect to Router through s0/0/1
B – Telnet and ping would work but routing updates would fail.
C – FTP, FTP-DATA, echo, and www would work but telnet would fail
D – Only traffic from the 10.4.4.0 network would pass through the interface
Answer: A
Explanation:
First let’s see what was configured on interface S0/0/1:
Recall that each interface only accepts one access-list, so when using the command “ip access-group 115 in” on the s0/0/1 interface it will overwrite the initial access-list 102. Therefore any telnet connection will be accepted (so we can eliminate answer C).
B is not correct because if telnet and ping can work then routing updates can, too.
D is not correct because access-list 115 does not mention about 10.4.4.0 network. So the most reasonable answer is A.
But here raise a question…
The wildcard mask of access-list 115, which is 255.255.255.0, means that only host with ip addresses in the form of x.x.x.0 will be accepted. But we all know that x.x.x.0 is likely to be a network address so the answer A: “no host could connect to Router through s0/0/1” seems right…
But what will happen if we don’t use a subnet mask of 255.255.255.0? For example we can use an ip address of 10.45.45.0 255.255.0.0, such a host with that ip address exists and we can connect to the router through that host. Now answer A seems incorrect!
Please comment if you have any idea for this sim!
Other lab-sims on this site:
please has anyone been able to access digitaltut.com lately, i have trying to tide up for my ccnp routing exam, and funny enough the site is not opening. who ever has helpful information kindly help out, thanks.
can someone pls email me the latest dumps and sims, my exam is on 8th of jan 2014.. thanks, i reaaly do appreciate your effort walemenot@gmail.com
All the Best!! Wale.. Pls share ur experiences when u pass
i passed today 1.8.14 with 1000/1000 ,i prepared with spintry,acme ,watsum from examcollection.com,,sims were acls 1,acls 2 and eigrp ,,good luck guys
someone please email me the latest dumps cos i’m going to write mine on the 10th of jan 2014. thanks a lot!!!
dbalo_goon@yahoo.com
My suggestion to first time appearing people would be, read 9tut very keen. dont leave even a single line because single line will cause your result..
HEY CAN SOME 1 PLEASE MAIL ME THE LATEST DUMPS OF CCNA200-120
aj.khedkar1512@gmail.com PLS URGENT
@AJ . dont wait for anyone. go to http://www.examcollections.com and download valid dump and do practice…
Hi Guys, I am preparing for the CCNA exam if you can please email me the lateste dumps &sims on pashy4@hotmail.com Cheers
interface Serial0/0/1
bandwidth 64
ip address 10.45.45.1 255.255.255.0
ip ospf authentication
ip ospf authentication-key san-fran
ip access-group 102 in
Here, it clearly seems prefix is of /24 so answer A as you mentioned is almost correct.
Can anybody share me latest dumps please, i have exam scheduled on 25th
I took my exam yesterday and scored 972, the simulations in the exam were Access-list 1, Access-list 2, and eigrp. There were two new questions in the multi-choice questions. One is from OSPF. The access-list 2 that came out was:
– Host C should be able to use a web browser(HTTP)to access the Finance Web Server – Other types of access from host C to the Finance Web Server should be blocked
– All access from hosts in the Core or local LAN to the Finance Web Server should be blocked – All hosts in the Core and local LAN should be able to access the Public Web Server *
Thank you 9tut for your great support.
passed today with 987 thanks
I also used study guides and http://www.sendmeanything.com for the vids (great site)
CCNP content on there aswell, just email them for the vids you want on the CCNA
good luck people
download free latest dumps from
9
t
u
t
.
w
e
b
s
.
c
o
m
I have passed my CCNA 200-120 today, I got this sim in my exam.
thanks
hi do we have to do any packet tracer activities? or just pick these questions?
Hi
i dnt understand question 3, pls cn anyone xplain me….
Hi,
you can check the entered statement of every access-list by using this command:
show access-list
the question is asking what would be the effect of issuing access-group 115, so the command to view the entered statement on access-list 115 is:
show access-list 115
the output will be:
access-list 115 permit ip 0.0.0.0 255.255.255.0 any
if you gonna enter this access-list to s0/0/1 interface, you have to type this on global config:
interface serial 0/0/1
ip access-group 115 in
now, realize what will happen?
in extended access-list that statement said
0.0.0.0 255.255.255.0
source IP wildcard mask
in wildcard mask, 255 means, any value from 0-255
and the 0 scans as fix value of source field
so it says that source ip can be:
192.125.512.0
10.10.1.0
172.29.4.0
254.255.192.0
and etc.
but we all know these addresses aren’t valid because they’re Network address or subnet address. And network address is not assignable address.
I hope you get what i have explained. I’m just also a student and I’m just trying my best to help. Correct my explanations if i got wrong on some parts. Thanks!
just passed the ccna 200-120. I’ve encountered this sim. no modifications have made.
thanks 9tut!
What is the ip address of int fa0/1 please help
I am studying for my ccna exam. I am trying to understand what i need to do for this question. I have read that you only need to know the show command? How do i answer the questions?
jeff.bearden@outlook.com
download dumps from
9
t
u
t
.
w
e
b
s
.
c
o
m
I passed today. This sim is in it, and acl 2 and eigrp.
is the exam lab is like that ???? exactly
hi friends i have ccna exam on next week so i need dumps if any one have pls send sansanookdee@hotmail.com
In cisco, its not always about what is the correct answer indefinitely, but which answer is the “most” likely. To say that no host would be allowed to connect to the router through the Serial interface is more likely, however any configuration beyond the serial interface is not known. The one thing you can discern from this access list is that it seems its intention is to make you think any ip address with a /24 mask is allowed to go anywhere. It seems that commonality of a /24 mask is intended to screw with your head as usual.
@zenn with VLSM you may have a host that has a x.x.x.0 ip address. It looks weirred but if you have a requirement for a host portion that is, say 300 host per network, then you may end up with a x.x.x.0 ip address at some point. Search the internet for “zero ip address”. You´ll find plenty of info on that.
I got ma CCNA cleared today thanks to 9tut, this is an amazing website with great knowledge. Excellent work!! cheers!
Sammy can you please tell me that this sim was included in your exam or not ?? and what were the other sims were included in your exam
i have my exam in next week , kindly tell me on msharifawan89@gmail.com
i had passed my ccna exam with 972/1000 score on 12 feb.
the labs were acl1,acl2 and eigrp
acl 1 (same as it is)
eigrp (just change od AS and advertising a network (same as it is) with NO issue about passive interfaces and default network )
acl 2 (with bit modification)
“The task is to create and apply a numbered access-list with no more than three statements that
-> will allow ONLY host A web access to the Finance Web Server.
->All other traffic from A to finance server is denied.
->All traffic from lan servers(B,C,D) and core to the Finance Web Server is denied.
-> All other traffic is permitted to public server.
can u ple tell me how to identified IN and OUT on the router.
;
;
/
my friend he is passed in exam CCNA 200-120 routing and switching he got about scour 930 / 1000 the exam very easy there were labs 1- ACL 1 for web. and 2- eigrp the same in 9tut 3- ACL 2. total the questions with lab 51 . good luck for all
Hi can you please tell me Which question is for ACL 1 from 9 tut.
Hi friends;
may I know how many marks are for simulations?
plz reply me any one
I have passed my CCNA 200-120 today, I got this sim in my exam. Thanks to Allah & next to 9tut (it was very helpful)and examtut
master AHMED wthat about you took the laps in exam thenks
It’s just me or is 0.0.0.0 255.255.255.0 is not a correct configuration of an ACL? The 255.255.255.0 is not valid wildcard mask because when subtracting each octet from 255, it should look like: 0.0.0.255.
Right?
Taking the test Monday. Hopefully the labs stay the same
I believe the labs are 100 points each
I finished CCNA successfully.acl,acl2 and eigrp from 9tut are valid. Also see the dump “Cisco.Actualtests.200-120.v2014-02-12.by.GillBeast.299q.vce” and “Cisco.Certkey.200-120.v2014-02-19.by.Lusi.272q.vce”.
That is enought for CCNA 200-120 exam.Trust me
Taking the test today. Finally
how i configure this lab i cant understand it. iam fail from via this lab bad luck my score was 800 passing marks was 825 please help me. im going to retake my exam in this month can anyone help me plesae..??????????????
its just question lab or configure this lab? please help me?
@Eranga
Thanks dear !!
Hi
I just purchased cheapest LAB on the Ebay with all routers 15.1 IOS , as you mentioned above I did research and it looks like c2800nm-advsecurityk9-mz.151-4.M7.bin installed, perfect for NEW ICND1/ICND2
I thought it will be helpful to let others know as well.
Ebay Item: 141220216083
Thanks
Steven
how to remove access group from interface fa0/0 lets see via this command.
router>interface fa0/0
router>no ip access-group 106 in
now configure this list 114 its use for ping & telnet
router> access-list 114 permit ip 10.4.4.3 0.0.0.255 any
router> interface fa0/0
router> ip access-group 114 in
router> coy running-config startup-config
hi I have my CNNA on monday , can you please tell me do you need to actual apply the commands:
such as remove access list 106 and apply 104
and do the commands ip access group 114 and ip access-group 115 ?
Or you just simply answer the questions from what you se in the show run output ?
the command is:
RouterC(config)#int fa0/0
RouterC(config-if)#no ip access-group 106 in
RouterC(config-if)#ip access-group 104 in
that what are you going to apply in CLI
here looks like select the right choice only,,
For this question we only need to use the show running-config command to answer all the questions below
does this need to be inputed in the router?