CCNA Access List Sim
Question
An administrator is trying to ping and telnet from Switch to Router with the results shown below:
Switch>
Switch> ping 10.4.4.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.4.4.3,timeout is 2 seconds:
.U.U.U
Success rate is 0 percent (0/5)
Switch>
Switch> telnet 10.4.4.3
Trying 10.4.4.3 …
% Destination unreachable; gateway or host down
Switch>
Click the console connected to Router and issue the appropriate commands to answer the questions.
Answer and Explanation
Note: If you are not sure about Access-list, please read my Access-list tutorial. You can also download this sim to practice (open with Packet Tracer) here: http://www.9tut.com/download/9tut.com_CCNA_Access_List_Sim.pkt
For this question we only need to use the show running-config command to answer all the questions below
Router>enable
Router#show running-config
Question 1:
Which will fix the issue and allow ONLY ping to work while keeping telnet disabled?
A – Correctly assign an IP address to interface fa0/1
B – Change the ip access-group command on fa0/0 from “in” to “out”
C – Remove access-group 106 in from interface fa0/0 and add access-group 115 in.
D – Remove access-group 102 out from interface s0/0/0 and add access-group 114 in
E – Remove access-group 106 in from interface fa0/0 and add access-group 104 in
Answer: E
Explanation:
Let’s have a look at the access list 104:
The question does not ask about ftp traffic so we don’t care about the two first lines. The 3rd line denies all telnet traffic and the 4th line allows icmp traffic to be sent (ping). Remember that the access list 104 is applied on the inbound direction so the 5th line “access-list 104 deny icmp any any echo-reply” will not affect our icmp traffic because the “echo-reply” message will be sent over the outbound direction.
Question 2:
What would be the effect of issuing the command ip access-group 114 in to the fa0/0 interface?
A – Attempts to telnet to the router would fail
B – It would allow all traffic from the 10.4.4.0 network
C – IP traffic would be passed through the interface but TCP and UDP traffic would not
D – Routing protocol updates for the 10.4.4.0 network would not be accepted from the fa0/0 interface
Answer: B
Explanation:
From the output of access-list 114: access-list 114 permit ip 10.4.4.0 0.0.0.255 any we can easily understand that this access list allows all traffic (ip) from 10.4.4.0/24 network
Question 3:
What would be the effect of issuing the command access-group 115 in on the s0/0/1 interface?
A – No host could connect to Router through s0/0/1
B – Telnet and ping would work but routing updates would fail.
C – FTP, FTP-DATA, echo, and www would work but telnet would fail
D – Only traffic from the 10.4.4.0 network would pass through the interface
Answer: A
Explanation:
First let’s see what was configured on interface S0/0/1:
Recall that each interface only accepts one access-list, so when using the command “ip access-group 115 in” on the s0/0/1 interface it will overwrite the initial access-list 102. Therefore any telnet connection will be accepted (so we can eliminate answer C).
B is not correct because if telnet and ping can work then routing updates can, too.
D is not correct because access-list 115 does not mention about 10.4.4.0 network. So the most reasonable answer is A.
But here raise a question…
The wildcard mask of access-list 115, which is 255.255.255.0, means that only host with ip addresses in the form of x.x.x.0 will be accepted. But we all know that x.x.x.0 is likely to be a network address so the answer A: “no host could connect to Router through s0/0/1” seems right…
But what will happen if we don’t use a subnet mask of 255.255.255.0? For example we can use an ip address of 10.45.45.0 255.255.0.0, such a host with that ip address exists and we can connect to the router through that host. Now answer A seems incorrect!
Please comment if you have any idea for this sim!
Other lab-sims on this site:
@MAK2307 and everyone wonder it would be look like this in the exam
called ” TEST List ” which you have to use the command line to do show command and figure out the multiple choice list questions ! Hope this help .
pictures( source from how2pass.com )
http://i49.tinypic.com/2wp55ix.png
I meant “TESTLET)
CCNA ACL SIM
—————
Correct answer is “E – Remove access-group 106 in from interface fa0/0 and add access-group 104 in”
Sims like there is enough to remove access group 106 in and ping to 10.4.4.3 will be available, while telnet will be restricted. Is it right ?
listing
RouterC(config)#in
RouterC(config)#interface f
RouterC(config)#interface fastEthernet 0/0
RouterC(config-if)#no ip acc
RouterC(config-if)#no ip access-group 106 in
RouterC(config-if)#
SwitchC>ping 10.4.4.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.4.4.3, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 31/31/32 ms
SwitchC>telnet 10.4.4.3
Trying 10.4.4.3 …Open
[Connection to 10.4.4.3 closed by foreign host]
Correct me if i am wrong. As far as i understand, there are 3 questions which need to be answered. We will be given a sim, with a main router which we need to use to ascertain the answers.
Yes?
@MAK2307 yes on this Sim on 9tut ! But’s I saw one extra question on the on the how2pass.com online test pratice !
@Daf
Yes you are right no need to add access-group 104 in
I’m a little thrown off with this question. The admin is unable ping AND telnet, so we’d have to apply an ACL that allows both, ACL 104 denies telnet access but will resolve the ping issue but what about the telnet access? None of the ACL’s are correct because none resolve both issues?
hi friends i pass ccna exam yesterday
and i scored 960/1000
And i cleared this exam by just
studying 5days only
i have done it with the help of the
following 1.bruse dump
2.colliso dump
3.9tut 10 sim ques enough for crack
ccna exam
if u want any sugestions regarding
exam feel free to contact me at aman.mim80@gmail.com
“The question does not ask about ftp traffic so we don’t care about the two first lines”.
How can you NOT care about the first 2 lines?????
The question definitely states that “ONLY ping should work”. Apparently others including ftp should be denied. Neither access lists are suitable.
@amansufi..Another fine example of someone studying by leeching questions and answers from .vce files while having no understanding at all behind the concept of each one asked. Hopefully when/if you start a networking job you will be exposed for the pathetic cheat that you are. Many of us spend hard hours studying the concept and theory to help us become certified and it makes me sick when I hear of people passing “in 5 days”, etc by purely going by what is posted in dumps.
thats a fluke in 5 days pls!!!!!!!! I ve been studying for 9 months and still caught in the will sometimes. Let leave that and talk about the sim
the sim are tricky considering that access-list 104 does not sho w up in the sh ip access-list command on the router sim
So if this type of question comes in exam, then we are supposed to just tick the correct answer or actually change the commands?
Can anybody provide me colliso dumps?
@yash
http://www.examcollection.com/cisco/Cisco.Acme.640-802.v2012-04-18.by.Collisio.487q.vce.file.html
just a piece of advise. not just enough to rely on the dumps, as what sarcastixx mentioned study the concept and theory to help us become certified. thumbs UP!!!
hope this hepls.
@jagzeer.. thanks mate.
yes dude i have completed studying my books just want to practice on dumps. :) :)
Writing my exam today!
@all..iam getting fear to write ccna…i prepared dumps of shekar and bruce but iam not sure abt simulations..vch i should prepare so that i can pass in ccna
Pradeep
http://thepiratebay.se/torrent/4930766/Visual_CertExam_Suite_1.9.987
here you go mate, intall and after run registry file
i had my exam same sim vtp ques 2,3,4,5,6…… while attending 2 and 3 had no probs.bt in 4,5 and 6 i got a different answer as per rule i answer the ques ……….. atlast nly 30 percent got in this sec.
ques 4:
to find a root bridge used show spanning-tree vlan1 got the same answer and showed root bridge port fa 0/12
then i went for next show cd neighbors i got a different answer for port fa 0/12 it shown sw-ac2 …..
ques 5:
to find default gate way for fa0/4 i used same command show vlan but answer came different fa 0/4 is in vlan 22 so i answer 192.168.22.254
ques 6:
to find recive info of swac-3 followed same same step show vtp status
and diffent ip address came and seen device id for that ip and aswered the quess
i dont wh is wrong pls help me
Plz I need the current dumbs for CCNA……u can send it to olalekan.okewale@yahoo.com thanks peeps!
In q 3 I agree that 115 is going to take over 102 becouse we can apply one access list per direction – protocol-interface but 115 allow any so I can anly say that items in B and C is going to be allowed so B and C are rong but a is not right too becouse by logic if an access list allow all like 115 so no host will be not allowed so I can only think of c as the right answer
thinking of network 10.4.4.0 is connected to the interface somehow
pleeze help me ihave 2 year without take exam becouse iam afraid can some one sent to me last dumps with vce 635 quit my em mezo_azo@hotmail.com
CCNA ACL SI
—————-
1. question
I think something is wrong, because if you try ping with access list 106 it is working. and if you try access list 104 it is not working.
Extended IP access list 104
permit tcp any any eq ftp
deny tcp any any eq telnet
permit icmp any any echo
deny icmp any any echo-reply (5 match(es)) !!!!!!!!!!!!!!
permit ip any any
Extended IP access list 106
permit tcp any any eq ftp
deny tcp any any eq telnet
permit icmp any any echo-reply (8 match(es)) !!!!!!!!!!!!!!
Because echo reply is IN direction from the switch. So no answer is right. Probably some mistake in access list or direction on the interface.
hi what sim are the setember exam
the important thing is echo means in and echo-reply means an outbound
please anyone who just wrote the CCNA should help me and give me the no of the done she or she used
hi ,anyone having lasett dumps of CCNA 640 802 exam n TestInside ? i want Pass4sure n Actualtest . if anyone having these two pls do mail me at i have to certify in 2 weeks time . thanks in advance .[]
in Q.2 already a access list is applied on f0/0 !
how can we again assign assign other access list .
as thr should be one acl on one interface per layer 3 protocol ??
i mean onle one INbound and outbound ACL can work but not INbound and Inbound !
i have the dumps
i check procedure for first question (replacing 106 access-group with 104 access-group on interface Fa0/0) and it works fine. i was able to ping routerC but not telnet.
please elvis….. can you send me the dumps on
eng.mohamed71@yahoo.com?
pleze help me to pass exam pleeze send to me last dumbs on mezo_azo@hotmail.com
@9tut
for question 1 i think the answer is b (Change the ip access-group command on fa0/0 from “in” to “out”) as the echo reply will permitted “out”and by default the ping is permitted as no ACL on the inbound . i tried it and the ping succeed any suggestion for the best answer???!!!
thanks in advance
Should you just tick the correct answer as multiple choice? Or should I remove 106 and add 104?
My CCNA exam is on 20th oct ,can someone pls tell me which specific SIMs are being asked in the exam.
Dear elvis,
Please send me CCNA802 dumps.
sanaullah1246@gmail.com
Hi Elvis please send me to on tarichoga@gmail.com thanx
Hi,
can you please send me the latest dumps to comp07974@gmail.com
hi, so sad that i was not able to save the config after. it was downward spiral from there. i failed because of this. LESSON LEARNED: please use “copy run start” after the configuration. I got 707 instead of 907. It is just a lapse which I don’t want to happen to you. I will take my exam — secret!
You can do it next time, dont worry kpobuibo
I’m also going to take my exam this Thursday, hoping and praying to pass it… Good morning ;)
Hi,
Can any one pls send me the latest dump of Oct. month at vishal_official@yahoo.co.in
Here you find the latest version of P4S cracked. If you study this site and you practice with these questions you pass 100%
http://depositfiles.com/files/vmtg6zpri
RE: Question#3
i created a loopback on router connected to int s0/0/1 with ip 10.10.1.0 255.224.0.0
applied acl 115 to s0/0/1 in
all routing broke
extended ping from source loopback went through but had no return route
added static route for 10.0.0.0 255.224.0.0
and tested again
ping went through.
so unless the interface s0/0/1 is part of the 10.0.0.0/11 range 10.0.0.1 to 10.31.255.254
no routing updates can occur
if the 10.0.0.0/11 is off of the next hop router connected to int s0/0/1 the core router would need a route back for this to work.
Cheers
Under this scenario (Question 3), the ip address of interface serial 0/0/1 is configured with a subnet mask of /24; therefore, A is the only right answer because we do have a /24 mask, and that would make any x.x.x.0 a subnet address.
Q3:
We see the wild-card mask 255.255.255.0 -> subnet mask = 0.0.0.255 – it is not exist!
So, ACL is incorrect, but in ACL exist default command “deny ip any any” – that’s why an answer A is correct
@ ROY
I am not able to install the file you provided the link.
I am looking forward to give the paper this wednesday can anyone pass me the link for
latest dumbs
hi everyone!
Which statement is correct regarding the operation of DHCP?
a. If an address conflict is detected, the address is removed from the pool and an administrator must resolve the conflict.
b. If an address conflict is detected, the address is removed from the pool for an amount of time configurable by the administrator.
Which one is true??? At 9tut the answer is a , at Brar the answer is b. I am not sure what is right!!!
@ atr
The answer for the questions in
@Jericho
@sekhar
is B.