CCNA Access List Sim
Question
An administrator is trying to ping and telnet from Switch to Router with the results shown below:
Switch>
Switch> ping 10.4.4.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.4.4.3,timeout is 2 seconds:
.U.U.U
Success rate is 0 percent (0/5)
Switch>
Switch> telnet 10.4.4.3
Trying 10.4.4.3 …
% Destination unreachable; gateway or host down
Switch>
Click the console connected to Router and issue the appropriate commands to answer the questions.
Answer and Explanation
Note: If you are not sure about Access-list, please read my Access-list tutorial. You can also download this sim to practice (open with Packet Tracer) here: http://www.9tut.com/download/9tut.com_CCNA_Access_List_Sim.pkt
For this question we only need to use the show running-config command to answer all the questions below
Router>enable
Router#show running-config
Question 1:
Which will fix the issue and allow ONLY ping to work while keeping telnet disabled?
A – Correctly assign an IP address to interface fa0/1
B – Change the ip access-group command on fa0/0 from “in” to “out”
C – Remove access-group 106 in from interface fa0/0 and add access-group 115 in.
D – Remove access-group 102 out from interface s0/0/0 and add access-group 114 in
E – Remove access-group 106 in from interface fa0/0 and add access-group 104 in
Answer: E
Explanation:
Let’s have a look at the access list 104:
The question does not ask about ftp traffic so we don’t care about the two first lines. The 3rd line denies all telnet traffic and the 4th line allows icmp traffic to be sent (ping). Remember that the access list 104 is applied on the inbound direction so the 5th line “access-list 104 deny icmp any any echo-reply” will not affect our icmp traffic because the “echo-reply” message will be sent over the outbound direction.
Question 2:
What would be the effect of issuing the command ip access-group 114 in to the fa0/0 interface?
A – Attempts to telnet to the router would fail
B – It would allow all traffic from the 10.4.4.0 network
C – IP traffic would be passed through the interface but TCP and UDP traffic would not
D – Routing protocol updates for the 10.4.4.0 network would not be accepted from the fa0/0 interface
Answer: B
Explanation:
From the output of access-list 114: access-list 114 permit ip 10.4.4.0 0.0.0.255 any we can easily understand that this access list allows all traffic (ip) from 10.4.4.0/24 network
Question 3:
What would be the effect of issuing the command access-group 115 in on the s0/0/1 interface?
A – No host could connect to Router through s0/0/1
B – Telnet and ping would work but routing updates would fail.
C – FTP, FTP-DATA, echo, and www would work but telnet would fail
D – Only traffic from the 10.4.4.0 network would pass through the interface
Answer: A
Explanation:
First let’s see what was configured on interface S0/0/1:
Recall that each interface only accepts one access-list, so when using the command “ip access-group 115 in” on the s0/0/1 interface it will overwrite the initial access-list 102. Therefore any telnet connection will be accepted (so we can eliminate answer C).
B is not correct because if telnet and ping can work then routing updates can, too.
D is not correct because access-list 115 does not mention about 10.4.4.0 network. So the most reasonable answer is A.
But here raise a question…
The wildcard mask of access-list 115, which is 255.255.255.0, means that only host with ip addresses in the form of x.x.x.0 will be accepted. But we all know that x.x.x.0 is likely to be a network address so the answer A: “no host could connect to Router through s0/0/1” seems right…
But what will happen if we don’t use a subnet mask of 255.255.255.0? For example we can use an ip address of 10.45.45.0 255.255.0.0, such a host with that ip address exists and we can connect to the router through that host. Now answer A seems incorrect!
Please comment if you have any idea for this sim!
Other lab-sims on this site:
friends plzzz read Drag and Drop Question…..b’case in the exam 5 ya 6 Drag and Drop Question in paper…
@RAJEN’
Which command will show the MAC addresses of stations connected to switch ports?
B. show arp
Refer to the exhibit. After a RIP route is marked invalid on Router_1, how much time will elapse before that route is removed from the routing table?
B. 60 seconds
Rajen
Which command will show the MAC addresses of stations connected to switch ports?
A. show mac-address
B. show arp
C. show table
D. show switchport
Answer : B
Refer to the exhibit. After a RIP route is marked invalid on Router_1, how much time will elapse before that route is removed from the routing table?
A. 30 seconds
B. 60 seconds
C. 90 seconds
D. 180 seconds
E. 240 seconds
Answer : E
Q1
I think the best explanation is that for using ping , you must use icmp echo…all ACLs here like 102 , 106 have permit for icmp echo-reply not echo itself, so the only ACL which has permit to echo is 104, and it must be defined as inbound to interface fa0/0 of router for accepting echo first then reply to that. So the best answer is E.
Which command will show the MAC addresses of stations connected to switch ports?
A. show mac-address
B. show arp
C. show table
D. show switchport
Answer : B
Refer to the exhibit. After a RIP route is marked invalid on Router_1, how much time will elapse before that route is removed from the routing table?
A. 30 seconds
B. 60 seconds
C. 90 seconds
D. 180 seconds
E. 240 seconds
ANS is 60 Seconds
@Rajen
Answer : B
The reason for selecting show arp instead of show mac-address is it is a router. Router don’t build mac address table it will show addresses in arp only.
====================================
ANS is 60 Seconds
180 is invalid timer by default and 240 is flush timer.. after 180 second router will wait for 60 sec than flush the route completely..
Since he’s trying to get an aneswr to his homework questions, you should give him the formula for figuring it out and not the aneswr only.The formula is (2^n)-2 where n = the number of bits you have available for hosts. So, the aneswr is (2^9)-2 or 512-2. That leaves you with 510 hosts.WG
passed ccna exam today with 960 mark
thanks 9tut and examcollection for the assist, you guys rock \m/
labs are vtp acl and eigrp
Goodluck to all ccna candidates!
Nice meeting you JEPOY and Congratulation, please can you help me with your dumps?
Looking forward to hearing from you.
iykethebest@yahoo.com
@ Jepoy wgich ACL problem? 1 or 2 ?
I am writng CCNA exam .I hav doubts .CCNA exam same quetions are coming or not ?
In simulations Plz Update any one
Hey Guys How are you all. i live in south Africa and will be writing my ccna 640-802 exam soon. if anybody has written it and has some advise for me can you email me at neeresh.ganesh@webmail.co.za i will appreciate your help and guidance in preparing me for this exam.
Kind Regards
Neeresh
any one want :
1-CCNP ROUTE Actual Test version 5.1,quick reference book ,portable command guide (FOR FREE)
2-CCNP SWITCH Actual Test version 5.1,quick reference book ,portable command guide(FOR FREE)
3-CCNP T.SHOOT Actual Test version 5.1,quick reference book ,portable command guide(FOR FREE)
4-A-CCNP ROUTE CBT NUGGETS(642-902)
B-CCNP SWITCH CBT NUGGETS(642-813)
C-CCNP T.SHOOOT CBT NUGGETS (642-832) ALL OF CBT Nuggerts series (FOR 50$)
email me at “hassanzuhair58@yahoo.com” and good luck for all of you
and ,just to explain my point of view ,when i took my ccnp course ,i bought the cbt nuggets and they cost me alot ,so this offer mainly for these series but if any one want the actuall test for free i will send it to him just e-mail me on the same email and of course thank to this website because of him i will not make a great score so thank you 9tut
Passed CCNA in US today using 9tut. Thanks for all the advice! For people wanting to take the exam, just go through all the modules here on 9tut. Dont bother with dumps, just go through all these questions and explanations. Here you will learn the thing you need to learn to answer the questions!
Dear Friends :
Tell me the Latest Dumps.I am going to write CCNA Exam in this MOnth
@ all
I’m going to take exam Wednesday, Pls tell me about latest Question in exam…
i have revised and solved all mcq s and labs in this site 9tut and i have exam 2morrow 22 may will be that enough to pass , i’m very worried and afraid :’(
basically what is the passing score in ccna and how we have to do simulation question in exam………
@ajit singh: Your questions have been asked and answered at http://www.9tut.com/ccna-faqs-a-tips
Hi evry1,
m appearing for exams tomorrow.
I want to know the answers for this SIM.
I mean whether we have to apply commands for each question or jst d answers which are defined here with explanation.
Pls help. If we have to apply the commands, pls post it with explanation. tht will be really helpful & appreciated.
Q3
Maybe it will work, if incoming traffic is DHCP request. In that case, source address in IP header is 0.0.0.0.
(But maybe I’m wrong. Won’t be the first time. :D)
can any 1 upload recent dumps
Q3, there is no perfect answer. anyone who use less than 24 subnet mask, can access the network
but last octet should be 0
Which command will show the MAC addresses of stations connected to switch ports?
A. show mac-address
B. show arp
C. show table
D. show switchport
Answer is A.
Since switch is layer 2 device. It dos’t do arp, except when some one telneting it or sshing it. in this case show arp will put the telneted client ONLY.
Question 3:
In my understanding 255.255.255.0 means ignore first three octets and match only the last octet. This is the way wildcard masks work – opposite off the subnet masks.
answer A is correct , I think because, serial 0/0/1 is not connected to anything so the interface is down. At least we don’t know if it is connected to anything. To enable the interface it would need the ip unnumbered command to use its other working interface’s IP address. Please comment
@Xallax @ all
I have a hard time for this sentence:
Recall that each interface only accepts one access-list, so when using the command “ip access-group 115 in” on the s0/0/1 interface it will overwrite the initial access-list 102. Therefore any telnet connection will be accepted (so we can eliminate answer C).
plz anyone explain me what does that mean??????????
seren,
acl 102 denies telnet (3rd position in acl), but in acl 115 there isn’t any word about denying telnet… so it is logically that answer “c” is wrong…
Hi,
Lab questions in 9tut is sufficient for CCNA exam? Where can I find most of the simulations if not all? Anybody please send me the links or files to this address: hyperdive@gmail.com
Much appreciate for any help.
Thanks
Passed CCNA exam 986/1000 yesterday!
Labs were same as http://www.9tut.com , EIGRP,VTP and ACL2 with some modification of ip address and hostname in ACL.
and other questions are same as 9tut & collisio dump
Thanks to http://www.9tut.com and collisio dump for giving your support
@
What kind of qn is the qn above in the exam…as in, is it a simulation or lab? am finding it confusing to differentiante simulated vs lab questions!
tomo am gonna tak my exam, jus a bit afraid because this exam is costly…..
Can you please send me the latest dumps? My email address is rati.tandon777@gmail.com
thanks a lot..
Why I cannot open the 9tut.com_Access-list_sim2.pkt? it say invalid packet tracer file. I’m using windows 7 profesional OS. Thanks…
hi,
anyone who did exam earlier can tell me about ACL simulation……
is it just like 9tut simulation or just qustions and options for answers
please tell me about that i shall be thankful .
any one have latest dumps pl. send at nadeem3k@hotmail.com
Q1:
i think the most suitable answer is E , Remove access-group 106 in from interface fa0/0 and add access-group 104 in
Answer B can’t be correct cause removing the access list 106 as an inbound interface isn’t mentioned , so changing the direction by adding access-list 106 as an outbound will add it , and the same list will remain as an inbound list , and since 106 as an inbound list , echo request will be denied …
Q2. why B?
from 9tut explanation
+ We can not have 2 inbound access lists on an interface
+ We can have 1 inbound and 1 outbound access list on an interface
if this sim appear to my exam. is there any configuration here? or i need to answer only the multiple choice questions?
Can someone help me in my ACL direction problem
I know the idea about “in” and “out” to a router
What is the basis.
I know if standard closer to destination, extended closer to the source
What i want is to know how to apply those directions. Please bear with me :D
I watched many videos about standard ACL, basic topology and configuration.
But please check this pic. 1st Pic CBT nuggets says OUT
https://fbcdn-sphotos-a.akamaihd.net/hphotos-ak-prn1/563874_139072489564306_1423445131_n.jpg
2nd Pic from youtube. He says IN
https://fbcdn-sphotos-a.akamaihd.net/hphotos-ak-ash3/552397_139072439564311_1345513444_n.jpg
in 2nd pic…Why not fa0/0 out.?
Thanks for the help
Hi all.
Q3 is simple. The inferface is shutdown. Placing an access list does change anything because the interface will remain shutdown….
Q3: guys, s0/0/1 is administratively down!
so, with or without any access list on this interface answer A is correct: No host STILL could connect to Router through s0/0/1
:D
Subject: VCE full version download link
Folks,
With trial version, Iam unable to practice much as it is allowing only 5 Questions for an exam
Can some one plese share full version download link of VCE designer?
Please send me the link to: pradeep.6174@gmail.com
Many Thanks,
Prad
On this Question there is no any configuration !!!!!???
pls give me clarification regarding the q.no1 of access list sim 1
Yes if someone would be so kind enough to explain as to what actually is taking place. Thanks in advance.
@Rami this is a ” TEST List ” which you have to use the command line to do show command and figure out the multiple choice list questions !
[IMG]http://i45.tinypic.com/25jgv8x.png[/IMG]
http://tinypic.com/r/25jgv8x/6