New CCNA – Access list Questions
Note: If you are not sure about Access list, please read our Access List Tutorial.
Question 1
Which item represents the standard IP ACL?
A. access-list 50 deny 192.168.1.1 0.0.0.255
B. access-list 110 permit ip any any
C. access-list 2500 deny tcp any host 192.168.1.1 eq 22
D. access-list 101 deny tcp any host 192.168.1.1
Answer: A
Explanation
The standard access lists are ranged from 1 to 99 and from 1300 to 1999 so only access list 50 is a standard access list.
Question 2
A network administrator is configuring ACLs on a Cisco router, to allow traffic from hosts on networks 192.168.146.0, 192.168.147.0, 192.168.148.0, and 192.168.149.0 only. Which two ACL statements, when combined, would you use to accomplish this task? (Choose two)
A. access-list 10 permit ip 192.168.146.0 0.0.1.255
B. access-list 10 permit ip 192.168.147.0 0.0.255.255
C. access-list 10 permit ip 192.168.148.0 0.0.1.255
D. access-list 10 permit ip 192.168.149.0 0.0.255.255
E. access-list 10 permit ip 192.168.146.0 0.0.0.255
F. access-list 10 permit ip 192.168.146.0 255.255.255.0
Answer: A C
Question 3
Refer to the exhibit.
| ACL 102 access-list 102 deny tcp 172.21.1.1 0.0.0.255 any eq 80 access-list 102 deny ip any any RouterA#show ip int |
An attempt to deny web access to a subnet blocks all traffic from the subnet. Which interface command immediately removes the effect of ACL 102?
A. no ip access-class 102 in
B. no ip access-class 102 out
C. no ip access-group 102 in
D. no ip access-group 102 out
E. no ip access-list 102 in
Answer: D
Question 4
On which options are standard access lists based?
A. destination address and wildcard mask
B. destination address and subnet mask
C. source address and subnet mask
D. source address and wildcard mask
Answer: D
Question 5
Refer to the exhibit.
| ACL 10 Statements are written in this order: A. permit any B. deny 172.21.1.128 0.0.0.15 C. permit 172.21.1.129 0.0.0.0 D. permit 172.21.1.142 0.0.0.0 |
Statements A, B, C, and D of ACL 10 have been entered in the shown order and applied to interface E0 inbound, to prevent all hosts (except those whose addresses are the first and last IP of subnet 172.21.1.128/28) from accessing the network. But as is, the ACL does not restrict anyone from the network. How can the ACL statements be re-arranged so that the system works as intended?
A. ACDB
B. BADC
C. DBAC
D. CDBA
Answer: D
Question 6
Which statement about access lists that are applied to an interface is true?
A. you can apply only one access list on any interface
B. you can configure one access list, per direction, per layer 3 protocol
C. you can place as many access lists as you want on any interface
D. you can configure one access list, per direction, per layer 2 protocol
Answer: B
Explanation
We can have only 1 access list per protocol, per direction and per interface. It means:
+ We can not have 2 inbound access lists on an interface
+ We can have 1 inbound and 1 outbound access list on an interface
Question 7
A network engineer wants to allow a temporary entry for a remote user with a specific username and password so that the user can access the entire network over the internet. Which ACL can be used?
A. reflexive
B. extended
C. standard
D. dynamic
Answer: D
Explanation
We can use a dynamic access list to authenticate a remote user with a specific username and password. The authentication process is done by the router or a central access server such as a TACACS+ or RADIUS server. The configuration of dynamic ACL can be read here: http://www.cisco.com/en/US/tech/tk583/tk822/technologies_tech_note09186a0080094524.shtml
Hello Guys I hope you will be fine there.Now New CCNA (200-120) and CCNA security (640-554) Vouchers on special discount of 58% for World wide, with six months expiry date till you purchase. Each voucher cost 70USD.
Details Required For CCNA Voucher For Discount Processing:
1-Full Name. 1st Name & Last Name (as you want to appear on certificate & documents)
2-Country.
3-City.
4-State.
5-Pin Code (or Area Code)
6-Residential Address (or where you can collect your Certificate or further correspondence
can be received)
7-Date of birth
Add me on Skype through this information which is written below:
Skype Name: rockon660
you can also email me at this email address which is written below:
madeelqaiser@gmail.com
If you have any Questions feel free to contact me.
Thanks,
Best regards,
Adeel
Acl.practice is more important. I have forgot the syntax of the command and hade a great trouble. Also thanks to 9 tut for matterial.
Guys please help me out here, in a wildcard mask what in a difference between 1and 255
@9tut,
tutorial links r not there in new ccna topics for that we need go back to old ccna links. it would look much better to have these links in new topics tooo. thank u
download latest dumps from
9
t
u
t
.
c
o
m
x
a
.
c
o
m
Q2. It is standard access-list ,so command is
Router(config)#access-list 10 permit 192.168.146.0 0.0.1.255
but answer A. access-list 10 permit (ip) 192.168.146.0 0.0.1.255
can anyone explain why have(ip)
@kgotso i think the difference is when you choose 1 that means the range of permit or deny is only one more NW or Host.
but when you choose 255 that means you select all the range.
(please look again in Q5)
@Bundit,
You r right!
Just took it yesterday, I PASSED with a 920, thanks to 9tut…woooohhhooooo!!!!
why Q3 and is D. isn’t should be C, isn’t 102 represent extended ACL?
why Q3 ans is D. isn’t should be C, isn’t 102 represent extended ACL?
Did you read all the way through the output in question3? Outgoing access list is 102
This is the key.
@kgotso and Bundit
146=10010010
147=10010011
the share common bits up to the 7 bits which is 254 when all the bits are on and occurs at the third octect, hence the summary address is 255.255.254.0 when we subtract from 255.255.255.255 we get the wildcad mask 0.0.1.255. same process for the 148and 149 addresses.
QUESTION 5 :
what CDBA mean and explain please
CDBA is the order in which the ACL should be written. Remember a the end of every ACL is the implicit deny.. Hope that helps
C. permit 172.21.1.129 0.0.0.0
D. permit 172.21.1.142 0.0.0.0
B. deny 172.21.1.128 0.0.0.15
A. permit any
6 is wrong
you can apply only one access list on any interface
Explanning for me Q2 plz. why A and C true?
@sam
read the exhibit in the end:
Outgoing access list is 102
Inbound access list is not set
so answer D. no ip access-group 102 out is right.
Hi, can anyone ps email me info on how to get the latest VCE 3.4.2 crack version or the version that can open recent dumps.
My email address is: mehdi01912330796@gmail.com
Thanks.
@kgotso,
in wildcard mask 1 means ignore 0 means to check
so 1 means 00000001 meaning check the first 7 bits and ignore the last bit
255 is 11111111 means ignore all the bits
Guys the access list sim of 10.4.4.3 ,where the switch cannot ping or telnet the router, what is it that is really asked should one remove the access list for the switch to ping the router n again be able to telnet please explain to me
Q1,5&6 were in today’s exam.
@Kgotso
Which question number are you referring to so we can try to assist?
hi … i am writing my ccna exam on monday please could u sent me the latest dumps that u people got. mohsinfida489@yahoo.com
Passed my ccna yesterday
Rip version 2
Access list
Eigrp
give me more detail about paper
Q2 Study wildcard mark
A. access-list 10 permit ip 192.168.146.0 0.0.1.255
=192.168.146.1 – 192.168.147.255
C. access-list 10 permit ip 192.168.148.0 0.0.1.255
=192.168.148.1- 192.168.149.255
Choice A,C be correct.
kgotso , really RIP i higly doubt it as it go taken out from the CCNA, because it is a legacy protcolol and too old.
Can anyone please send the latest dumps to lovejohn04@hotmail.com please I take the test MArch 1st
please, give me RipV2 lab
you can send it to
a.negm19@yahoo.com
I cleared 200-120
Question 6 in today’s exam
Almost all questions from 9tut
Thanks everyone :)
what is loop back address?
@ sagar, loop back address is 127.0.0.1
RIP is still used in small business networks where a very simple topology is deployed. Also, RIP has a new version out for IPv6, RIPng. So I would not say it is “outdated”.
Also, I took it about a month ago, and there were still questions about RIP in mine as well.
Hey Al7
how come you are commenting on all the pages with the same words!! sometimes you say Question 6 sometimes Question 4 and any other random one. Are you the owner of the website and trying to advertise? to get more click on the website?
just finished ccna 917 thank you 9 tut……
Hello Basher,
Congratulations, could you please send me latest dumps…
vivek-s@outlook.com
This’s really nice, studing CCNA 640-802 With this review questions & ans is helping. pls i need latest dumps nd pdf books to enable me prepare effectively for my exams.thanks in advance. thanks to 9tut too.
dear all
contact for
CCNA
CCNA SECURITY
CCNP
guides online training updated valid dumps & discounted vouchers for exams.
skype:certcry
Amir, perhaps because each page here has a different topic and he is telling us which questions were on his test.
@9tut
we know that standard access list use source address only. then in a Q2 how (ip) is come i dont understand this.
@ajay: The Q.2 says ” to allow traffic from hosts …” so they are source addresses.
please could anyone send me the latest dumps colette.mcgovern@gmail.com
Could anyone tell me if in the real exam they give you the same ip addresses as shown in the dumps. Also for the simulation, do we have to fix “hidden” mistakes in the network or just enter the commands as shown here in 9tut simulations. Please help.
no ip no ip
life is like a protocol ……………………… some time protocol is ups and down !!!!!! by khalid a.m.
thanks to 9tut. i passed my exams today
A Hearty Thanks to 9tut for helping me to score 945 in my exam.. :) :) More than 95% questions were from 9tut. I was familiar with all those question which were in my exam..Sims were ACL1 ACL2 and EIGRP.
I felt little trouble in EIGRP. Though I removed the wrong Eigrp Conf (22) and configured proper AS no (212) and the two adjacent networks, Still i was unable to ping to internet. Guys don’t bother about dumps too much. First go through all question provided here. No where u ll get such nice explanations…
Thanks a lot, i took the test today and i got 936! God bless u guys!!
Thanks 9tut, i passed with 1000 (yesterday 25 juny 2014)
All questions of 9tut and lab sim : acl,acl2 and eigrp