CCNA Access List Sim
Question
An administrator is trying to ping and telnet from Switch to Router with the results shown below:
Switch>
Switch> ping 10.4.4.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.4.4.3,timeout is 2 seconds:
.U.U.U
Success rate is 0 percent (0/5)
Switch>
Switch> telnet 10.4.4.3
Trying 10.4.4.3 …
% Destination unreachable; gateway or host down
Switch>
Click the console connected to Router and issue the appropriate commands to answer the questions.
Answer and Explanation
Note: If you are not sure about Access-list, please read my Access-list tutorial. You can also download this sim to practice (open with Packet Tracer) here: http://www.9tut.com/download/9tut.com_CCNA_Access_List_Sim.pkt
For this question we only need to use the show running-config command to answer all the questions below
Router>enable
Router#show running-config
Question 1:
Which will fix the issue and allow ONLY ping to work while keeping telnet disabled?
A – Correctly assign an IP address to interface fa0/1
B – Change the ip access-group command on fa0/0 from “in” to “out”
C – Remove access-group 106 in from interface fa0/0 and add access-group 115 in.
D – Remove access-group 102 out from interface s0/0/0 and add access-group 114 in
E – Remove access-group 106 in from interface fa0/0 and add access-group 104 in
Answer: E
Explanation:
Let’s have a look at the access list 104:
The question does not ask about ftp traffic so we don’t care about the two first lines. The 3rd line denies all telnet traffic and the 4th line allows icmp traffic to be sent (ping). Remember that the access list 104 is applied on the inbound direction so the 5th line “access-list 104 deny icmp any any echo-reply” will not affect our icmp traffic because the “echo-reply” message will be sent over the outbound direction.
Question 2:
What would be the effect of issuing the command ip access-group 114 in to the fa0/0 interface?
A – Attempts to telnet to the router would fail
B – It would allow all traffic from the 10.4.4.0 network
C – IP traffic would be passed through the interface but TCP and UDP traffic would not
D – Routing protocol updates for the 10.4.4.0 network would not be accepted from the fa0/0 interface
Answer: B
Explanation:
From the output of access-list 114: access-list 114 permit ip 10.4.4.0 0.0.0.255 any we can easily understand that this access list allows all traffic (ip) from 10.4.4.0/24 network
Question 3:
What would be the effect of issuing the command access-group 115 in on the s0/0/1 interface?
A – No host could connect to Router through s0/0/1
B – Telnet and ping would work but routing updates would fail.
C – FTP, FTP-DATA, echo, and www would work but telnet would fail
D – Only traffic from the 10.4.4.0 network would pass through the interface
Answer: A
Explanation:
First let’s see what was configured on interface S0/0/1:
Recall that each interface only accepts one access-list, so when using the command “ip access-group 115 in” on the s0/0/1 interface it will overwrite the initial access-list 102. Therefore any telnet connection will be accepted (so we can eliminate answer C).
B is not correct because if telnet and ping can work then routing updates can, too.
D is not correct because access-list 115 does not mention about 10.4.4.0 network. So the most reasonable answer is A.
But here raise a question…
The wildcard mask of access-list 115, which is 255.255.255.0, means that only host with ip addresses in the form of x.x.x.0 will be accepted. But we all know that x.x.x.0 is likely to be a network address so the answer A: “no host could connect to Router through s0/0/1” seems right…
But what will happen if we don’t use a subnet mask of 255.255.255.0? For example we can use an ip address of 10.45.45.0 255.255.0.0, such a host with that ip address exists and we can connect to the router through that host. Now answer A seems incorrect!
Please comment if you have any idea for this sim!
Other lab-sims on this site:
Please someone send me Watson dumps i have exam on next weak…
zakirullahshah@gmail.com
hi any one sen me the dumps tarajanabi@hotmail.com
thanks
i need watson dumps… zain or anyone pls mail me at ateetshah07@gmail.com
ALHAMDULILLAH, today i passed CCNA 200-120 exam, i got EIGRP , ACL sim & ACL2 sim labs. The DNS Server was removed and Public Server was given an IP. All IP’s were changed.In The EIGRP Lab, The routers were named as HUB router and SERVERS router, AS No. on Servers router was misconfigured and Network between HUB and SERVER router was not advertised on HUB router. I tested the functionality by Pinging the ISP router and saved all the labs before clicking NEXT. There were 51 Qs. my score is 972/1000. The Dumps of 316 Qs. were really helpful.
AZkhan
can you please tell me the name of dump which had 316 Qs??
passed composite 200-120 on 10-feb-2015 as well!
Thanks 9tut!
The terminal i am working at does not allow 1 to write mem nor save configurations. Once you are done, simply click next.
3 lab qns (eigrp, acl mod1, acl – multiple choice, same as 9tut ans)
Eigrp changed router name to mgp, egp and etc. From router eigrp 22 to 12 And add network statement on main mgp router
Acl mod1 – allow host b to access finance web, all other hosts blocked to finance but allowed on private web server
@Farhan
” TestInsides ” was the name of the Dumps,
Hi please any person send me the dumps mohskeak@hotmail.com
Hi guys, i am writing my ccna on friday. may you kindly help with 316 questions
Passed today.. 200-120 1000/1000!
Dumps: ACL 1 & 2 (Mod 3), EIGRP with AS 12.
Thank’s to 9tut.. Love you boys <3
Passed yesterday. ACL 1 & 2 ans EIGRP with 12
Plz share VCE player and dumps of Matthew and Watson on rehan.nedian@gmail.com
Highly appreciated .
for the last question, the willcard should be 0.0.0.255 right ?
I plan on taking the exam next week. Can anyone help with the latest dumps? Thanks! naldars@hotmail.com
I’ll seat for the test this Thursday 11:30am. I have some question about question taking system. Please reply on this comment anyone who already attended with CCNA 200-120 test.
Question 1 . Is there any way i can skip a which is complicated question and go for the next and later answer it ?
Question 2. Simulation question are at the beginning, middle or last part of the exam ?
Liton
You can skip a question BUT YOU CAN’T COME BACK TO IT LATER
simulations comes random, not in any particular order
Hi everyone can any one please send me watson dumps at raniagarwal31@yahoo.com. I will really appreciate if it is pdf version. Thanks
You do not need vce, this site is what I study off. It gives good explanation. Study this lab and know it.
guys….can anybody send me the 316 Q & A at funnyrain@hotmail.com? Thanks
This question was on my exam yesterday (23rd feb)
it came as it is with the same numbers
Good luck for everyone :)
Please can someone mail me Watson Dumps Fadareak@icloud.com insa allah we will all pass this exam!
Hi! In questions that you have to answer with multiple answers, if I got 2 out of 3 all the answer will be wrong?
Could any one please tell me how should i study the labs? as am a bit confused where should i start from? Thank youu
Can anyone send me latest dumps plz. im going to take the exam this week.
arrow1085@outlook.com
Got the same lab in exam today
Regarding question 3 – wildcard mask of 255.255.255.0 is simmilar to a subnet mask of 0.0.0.255 – which DOESN’T exist. Therefore the only existing rule of this acl is the hidden rule of “deny ip any any” which meens -> A is correct
Hi guys! i just want to ask about Q2
i just typed this following commands on the router:
enable
configure terminal
interface fastethernet0/0
ip access-group 114 in <— this command should allow the switch to telnet the router since access-list 114 overwrites the command in the interface.. right?
why i cannot telnet the router?
when I typed the show running-config.. there is no password in vty and no ip default-gateway.. can you please help me? thanks!
For telnet you need to setup a user
conf t
username test secret 0 test
line vty 0 15
login local
this should do the trick to login with telnet
Pass 972 eigrp acl1 acl2. All in 9tut. no new question in exam. 05/03/15
Al hamdullah I have passed exam on 5 mar very easy lab : ACL1, ACL2 (mod3) and EIGRP 2
i got 972 score just study last dump 316 Q , with laps ACL1, ACL2 (mod3) and EIGRP 2
u will pass with easy way.
writing ccna on 20th of march, can someone pls send me dumps 316questns.?vivianval@ymail.com. thanks guys.
9tut.net/category/icnd2 website is DOWN.
Can anyone send me the latest dumps, just for ICND2. My email is: lisa.robertsonn@hotmail.com
Please!
Thank you in advance!
I am going to take ccna exam on 10th march plz anyone send me the latest dump to my mail (siv333@gmail.com) thanks in advance
Do we get that device interface summary by hovering the cursor over any device in exam?
Finding device from given ip will be easier in that case.
Hi Guys Greeting from South Africa, kindly send me the PDF dumps you have, Watson and the 316q to busiaya@yahoo.com
Thanking you all in Advance
got 1000 :) (51 questions) labs were ACL1/ACL2{mod3}/EIGRP. There were 2 drag & drop questions. Thank u 9tut (10th march 2015)
Took 200-120 this morning, ACL1, ACL2 and EIGRP, a thousand marks, thanks 9tut
For LATEST Dumps, along with all latest material
copy below link to your address bar
examfriend.wix.com/examfriend#!blog/czwt
Alhamdulillah
today i successfully clear ccna exam
this simulation was in exam
I passed exam with 958. all from 9tut.
Thnx 9tut
http://www.mediafire.com/download/8iw9zvloqzsnwl0/CCNA+200-120+exam.rar
simulation for exam
it’s very very very very very useful
@abdel-hameed Thank you so much
By Grace of Almighty Allah, i have successfully cleared CCNA exam today.Thanks to 9tut who provides a platform that makes labs so much easy to understand and t.shoot it.Labs were ACL1, ACL 2 with modification 3 as mentioned in acl lab page. and eigrp 212.
the exam looks like that tutorial…. http://www.cisco.com/web/learning/wwtraining/certprog/training/cert_exam_tutorial.html
total questions are 51 ..
Dont forget to save lab (copy running-config startup-config)
best way is ask for rough work board as it will be provoded .. before solving any lab write down configs that are required on rough work before typing on PC
thanks
Hi,,
I am pass 13 march…….. 958……………all questions in 9tut………….thanks team.
I passed CCNA with 972 marks on 17/3/2015. You can download my dums from bellow link
http://www.4shared.com/office/bUPx9Kn_ce/200-120-New.html
Best of Luck
Passed my CCNA exam today (18th Mar)… this Q is in exam
Got 920.thank you so much 9tut
Hi Sir/Ma’am Can some send me CCNA 200-120 latest dump. Please sir/ma’am :( Here’s my email account
mogiemalik@yahoo.com.ph