CCNA Access List Sim
Question
An administrator is trying to ping and telnet from Switch to Router with the results shown below:
Switch>
Switch> ping 10.4.4.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.4.4.3,timeout is 2 seconds:
.U.U.U
Success rate is 0 percent (0/5)
Switch>
Switch> telnet 10.4.4.3
Trying 10.4.4.3 …
% Destination unreachable; gateway or host down
Switch>
Click the console connected to Router and issue the appropriate commands to answer the questions.
Answer and Explanation
Note: If you are not sure about Access-list, please read my Access-list tutorial. You can also download this sim to practice (open with Packet Tracer) here: http://www.9tut.com/download/9tut.com_CCNA_Access_List_Sim.pkt
For this question we only need to use the show running-config command to answer all the questions below
Router>enable
Router#show running-config
Question 1:
Which will fix the issue and allow ONLY ping to work while keeping telnet disabled?
A – Correctly assign an IP address to interface fa0/1
B – Change the ip access-group command on fa0/0 from “in” to “out”
C – Remove access-group 106 in from interface fa0/0 and add access-group 115 in.
D – Remove access-group 102 out from interface s0/0/0 and add access-group 114 in
E – Remove access-group 106 in from interface fa0/0 and add access-group 104 in
Answer: E
Explanation:
Let’s have a look at the access list 104:
The question does not ask about ftp traffic so we don’t care about the two first lines. The 3rd line denies all telnet traffic and the 4th line allows icmp traffic to be sent (ping). Remember that the access list 104 is applied on the inbound direction so the 5th line “access-list 104 deny icmp any any echo-reply” will not affect our icmp traffic because the “echo-reply” message will be sent over the outbound direction.
Question 2:
What would be the effect of issuing the command ip access-group 114 in to the fa0/0 interface?
A – Attempts to telnet to the router would fail
B – It would allow all traffic from the 10.4.4.0 network
C – IP traffic would be passed through the interface but TCP and UDP traffic would not
D – Routing protocol updates for the 10.4.4.0 network would not be accepted from the fa0/0 interface
Answer: B
Explanation:
From the output of access-list 114: access-list 114 permit ip 10.4.4.0 0.0.0.255 any we can easily understand that this access list allows all traffic (ip) from 10.4.4.0/24 network
Question 3:
What would be the effect of issuing the command access-group 115 in on the s0/0/1 interface?
A – No host could connect to Router through s0/0/1
B – Telnet and ping would work but routing updates would fail.
C – FTP, FTP-DATA, echo, and www would work but telnet would fail
D – Only traffic from the 10.4.4.0 network would pass through the interface
Answer: A
Explanation:
First let’s see what was configured on interface S0/0/1:
Recall that each interface only accepts one access-list, so when using the command “ip access-group 115 in” on the s0/0/1 interface it will overwrite the initial access-list 102. Therefore any telnet connection will be accepted (so we can eliminate answer C).
B is not correct because if telnet and ping can work then routing updates can, too.
D is not correct because access-list 115 does not mention about 10.4.4.0 network. So the most reasonable answer is A.
But here raise a question…
The wildcard mask of access-list 115, which is 255.255.255.0, means that only host with ip addresses in the form of x.x.x.0 will be accepted. But we all know that x.x.x.0 is likely to be a network address so the answer A: “no host could connect to Router through s0/0/1” seems right…
But what will happen if we don’t use a subnet mask of 255.255.255.0? For example we can use an ip address of 10.45.45.0 255.255.0.0, such a host with that ip address exists and we can connect to the router through that host. Now answer A seems incorrect!
Please comment if you have any idea for this sim!
Other lab-sims on this site:
Passed my exam yesterday. I got ACL1, ACL2 and EIGRP LAB.
Also the 2 drag and drops – administrative distances, cable types.
Good luck to all…..
tik.kira@yahoo.com
passed my exam today, 1000/1000, ACL, ACL2(modification 4), EIGRP LAB – Different AS, and there is an additional network address on R1 that you should remove
sources : watson, premium, 9tut
God Bless everyone!!
Hi guys. Just want to know how do we answer this ACL sim in real exam. Is it by clicking the bullets or changing the sim configuration?
Greg, I have my ICND2 test tomorrow morning. I will let you know if I get this one. Wish me luck!!
Good luck Agustin!
Hi All CCNA, CCNA WANNA BE,
Do you have to correct this sim on actual exam or you just need to answer the multiple choice please respond thank in advance.
Only the EIGRP lab on the ICND2 test I took today. No ACL questions in the whole test.
Guys I’m taking my exam tomorrow please let me know for this ACL lab we just have to answer some questions like this or we have to do the commands in to the router. Please let me know. Also which EIGRP is coming ?
Can Anyone send me watson dumps on syed.fahad27@yahoo.com
plzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
Can Any send waston dumps .pdf file on atif4707@yahoo.com
plz
Just took the test yesterday, this was word for word on the cnna-200-120
Hello Cory,
Which lab do you have on your exame ?
plz tell me which simulation is “acl 1″ (everybody is talking about). Plzzzzzzzzzzzzzzzzzzzzzz tell me i’ve exam after 2 days
Is the above simulation “acl-1″????????
plzzzz tell
Yes summit
Sorry, this was word for word on the ccna 200-120
This question also had three different sub questions with it.
I am also using Pass4sure. great study material.
I passed today with 1000/1000, EIGRP( AS 221) ( 1 network missed and AS different), ACL2 (MOD 3) ACL1(9tut)…………… watson and 1 question from mathew……….. I hopped u read all in 9tut…….thanks 9tut…..
sum 1 ple mail me watsons latest dumps. here is my mail.id touchwitsurya@gmail.com. who ever has ple do..
i passed 10/12/2014 with 1000/1000 @ sri lanka.
acl1 (9tut q. without any changes) , acl2 mod 2 (from host d) eigrp lab.other all questions from 9tut .(answ positions changed)
tnks 9tut.
Hey all i just passed my exam with 1000/1000…in
just passed with 1000/1000 in NAIROBI
you dont need dumps..all the questions are in 9tut
Labs were acl1,acl2 an eigrp lab..its an easy exam dont panic just use 9tut practice thge labs and take the exam
my email is elninotito@gmail.com for anyone who needs advise and before i forget dont forget to copy run to save ypur lab configs….success people,
I used this site alone and scored 1000/1000..
Found this Lab in my exam. December 4th!!!
i passed 14/12/2014 with 1000/1000 @ tr.
acl1, acl2 mod 4 (from host d) eigrp lab (as 12)
new etherchannel question (DTP negotiation settings)
All Questions from Dumbs (watson, examtut)
and very special thanks to 9tut
@ 9tut
in your sims whenever i clik on the hosts with the console cable i dont see the cli option, but when i click on the router connected to the host i see the cli option to enter commands.
Please i need your help im using packet tracer.
nice
I passed today.
Lab in Today Exam..
I passed today.
Lab in Today Exam..
Hi every one! i have exam very near can anyone send me watson dumps? at greathasan@gmail.com thanks in advance…
guys a very quick question, has anyone taken the CCNA for the second time? if you did, can you please tell me which lab you did in you exam. Any one has any idea. Thank you.
I passed CCNA exam yesterday >THanks 9 tut ..all question from here. Laps Eigrp AS 22 -ACL1-ACL2 with asmall bit modification …
Exact this Acceslist simlet in my exsam . Passed today.
So how do you answer the Sims in the real test? Do you actually log in to the routers/switches and do commands and fix the issue or are you just checking out what the issue is? I’m confused about how to study.
Hi every one! i have exam very near can anyone send me watson dumps? at ganeshraikar68@gmail.com thanks in advance…
what s th meaning of ACL2(mod3)????
passed ccna today, all credits to 9tut. (Lab sim ACL 1. 2 and EIGRP different IP)
passed today with 972/1000 , thanks to 9tut , 2 ACL and 1 EIGRP in simulation
do you need to practice with Packet tracer? or don’t need it?
Hi guys. Just want to know how do we answer this ACL sim in real exam. Is it by clicking the bullets or changing the sim configuration?
Just want to know People! how do we answer this ACL sim in real exam. Is it by clicking the bullets or changing the sim configuration?
@Brava: In this sim, you need to select answer. no need to configure anything. You don’t have access of configuration mode.
Hi Guys,
Can you please explain that how 255.255.255.0 can be wild mask. Because 255.255.255.255 – 255.255.255.0 =0.0.0.255. for the last question. I am totaly lost for the q3. I kindly request you to explain it. Please, ı will have ccna exam on Sunday. Please
going to appear on friday let me know labs will as it is acl1 2 n eigrp ??
255.255.255.0 means any IP address is included in the first 3 octets but last Octet has to be 0 so any ip like 192.56.76.0 or 10.6.8.0 is in as long as the last octet is 0 notice that such addresses are usually network addresses not HOSTS that’s why the answer is A NO HOST CAN connect…etc
Hope that would help
Happy boxing day guys. Quick question, for the EIGRP do you mean a similar “EIGRP LAB Question” or a similar “EIGRP Troubleshooting Sim”, or both? Also I am really curious if those scores people post in the comments are seriously true ex. 997/1000, 1000/1000. As in like seriously??? lol
Latest CCNA 200-120 dumps 316 Questions & Answers available.
316 question dumps are 100% valid. I already purchased that If you needed, share nominal fee.
Thanks
Azeem Sarwar
azeemsarwar1@hotmail.com
skype: azeem.sarwar1
Thanks Akash!
All the above questions need not to type anything but you can get the answer.
Can anyone tell me that IN THE REAL EXAM, just choose A/B/C/D is enough or need to type something in the SIM?
Q2 and Q3 still need to type something in the SIM ??????
27-12-14 m take the ccna exam 200-120 score 986/1000. all paper frm Watson dumps 314
4 to 5 Q frm outside of dumps. labs r ACL1, ACl 2 , eigrp. acl1 is same but Q is gives the ans with sh cmand. eigrp is same sanireo with different ips and as no and passive intnterface with litle bit changes. acl2 (modification 3) with access host D and different ips. All labs frm 9tut. if any one help mail me.
lots of thanksssssssssssssssssssssssssssssssssssss 9tut and Watson dunps.
samad frm Pakistan.
I have my exam tomorrow :/
Mr. Samad , thanks for your feedback. How can we email you?
Can you provide more details about the passive interfaces question? also, what is the ACL2 (Modification 3)?
thanks
hamad560@gmail.com