Answers to Exam Questions Final Exam 2008/2009
1. A, B, C. Access lists can be used with QoS in implementing many forms of queuing and congestion
avoidance techniques. Access lists can filter routing protocol updates. Access lists can also
specify interesting traffic to trigger dial-on-demand routing. Answer D is incorrect because access
lists aren’t used for console port security.
2. B, E. Extended access lists can use source and destination information, including the source port,
and named access lists can be either extended or standard, so they have the capability to filter
based on the source port. Answer A is incorrect because standard access lists can filter on source
address information, but not source port. Answer C is incorrect because there are no user-based
access lists. Answer D is incorrect because there are no static access lists. Answer F is incorrect
because there are no unnamed access lists.
3. A. FTP uses TCP and ports 20 and 21. Answer B is incorrect because FTP uses TCP. Answer C is
incorrect because port 20 is required as well. Answer D is incorrect because UDP is not necessary.
4. C. A packet that does not meet any filters is dropped. Answer A is incorrect because the packet is
discarded rather than routed. Answer B is incorrect because there is no mechanism to flag the
packet. Answer D is incorrect because although it is conceivable that an administrator could be
notified by default, the packet is simply dropped.
5. B, C. The significant bits are the last 16, indicated by the wildcard mask of 255.255.0.0.
192.168.20.5 and 172.30.20.5 match the last two octets, or 16 bits, of the 10.0.20.5 IP address.
Answers A and D are incorrect because although the first portions of the IP address match, it is
the last two octets that are significant.
6. B. 0.0.15.255 affects the 172.16.16.0 255.255.240.0 network. In the third octet, the first four bits
are checked in binary, resulting in 00000000.00000000.00001111.11111111. Answer A is incorrect
because this does not match the given problem, checking too many bits (five) in the last octet.
Answer C is incorrect because this mask checks only three bits in the third octet. Answer D is
incorrect because this mask checks only two bits in the third octet.
7. A. You may create only one access list per protocol, per direction, per interface. Answer B is incorrect
because you can have multiple access lists for a single port number, and only one per direction.
Answer C is incorrect because you may have only one access list per protocol, not per port
number. Answer D is incorrect because you may not have more than one access list per interface.
8. B. The correct syntax is no ip access-group 101. This removes the access list from the
interface. Answer A is incorrect because this line deletes the access list entirely. Answers C and D
use invalid syntax.
9. A. This answer has the correct syntax of the access-list command followed by the list number,
permit/deny, IP address, and a wildcard mask. Answers B and D are incorrect because they
indicate an extended access list. Answer C is incorrect because the wildcard mask has been
reversed.
10. D. Use the any keyword to specify all destinations. Answer A is incorrect because no destination
is specified. Answer B is incorrect; this specifies a standard access list. Answer C is incorrect
because all is not the proper keyword.
|