(TCO 6) What function describes the use of an access control list?

ACLs control which user can access what services on the Internet.

It is always preferred to use Extended ACLs since they are more flexible.

ACLs should always be placed close to the source to avoid waste of computing resources.

ACLs can be used to filter private IP addresses.

ACLs help protect an organization’s physical infrastructure.

(TCO 6) What is a possible use of an access control list in an enterprise network?

Controlling the physical status of router interfaces

Providing access only to management hosts that are in the management segment

Limiting amount of resources used on the device when runs in optimal format

Extending resource limitation via protocol extension You Answered

Guaranteeing access to file services only to authorized users

Which statement describes a characteristic of standard IPv4 ACLs?

They are configured in the interface configuration mode.

They can only filter traffic in the egress interface.

Correct!

They filter traffic based on source IP addresses only.

They can only be applied with the ip access-class command.

They are limited to filter only destination addresses

(TCO 6) Which statement describes a characteristic of Extended IPv4 ACLs? They are best at filtering based on source addresses only.

They can filter source and protocol.

They can be applied in the global configuration mode before they can take effect.

They are less flexible than standard ACLs.

They can impact routing protocols due to their implicit deny all option.

(TCO 6) If a router has three interfaces and is routing both IPv4 and IPv6 traffic; what is the maximum number of ACLs could be created and applied to it?

9

3

You Answered

6

15

(TCO 6) Extended ACLs can filter traffic based on _____.

Protocol type

Source IPv4 address

Source TCP or UDP ports Correct!

All of the above

Answers A and C are incorrect

(TCO 6) The last statement of an ACL is always a(n) _____.

deny

permit

Correct!

implicit deny

conditional drop

None of the above

(TCO 6) Placement of Extended ACLs should be closest to the _____.

Correct!

Source

Destination

Internet connection

Border gateway

None of the above

(TCO 6) The option to the access-group command when assigning an ACL to an interface that indicates traffic leaving the interface is _____.

in

out

You Answered

egress

ingress

exit

(TCO 6) The port number for DNS is _____.

21

80

443

53

68

(TCO 6) Unlike IPv4 ACLs, IPv6 ACLs do not use _____.

destination IPv6 addresses

operators

Correct!

wildcard masks

port numbers

None of the above

TCO 6) Which statement is correct about ACLs configured in Cisco routers?

Extended outbound ACLs must exit the ingress interface.

Standard and Extended inbound ACLs can filter based on source ports.

Extended inbound ACLs can filter based on encryption key length.

Correct!

Standard and Extended outbound ACLs can filter based on source IP addresses.

Answers B and C are correct.

Powered by TCPDF (www.tcpdf.org)