Answers to Exam Questions Final Exam 2008/2009

1. A, B, C. Access lists can be used with QoS in implementing many forms of queuing and congestion avoidance techniques. Access lists can filter routing protocol updates. Access lists can also specify interesting traffic to trigger dial-on-demand routing. Answer D is incorrect because access lists aren’t used for console port security.

2. B, E. Extended access lists can use source and destination information, including the source port, and named access lists can be either extended or standard, so they have the capability to filter based on the source port. Answer A is incorrect because standard access lists can filter on source address information, but not source port. Answer C is incorrect because there are no user-based access lists. Answer D is incorrect because there are no static access lists. Answer F is incorrect because there are no unnamed access lists.

3. A. FTP uses TCP and ports 20 and 21. Answer B is incorrect because FTP uses TCP. Answer C is incorrect because port 20 is required as well. Answer D is incorrect because UDP is not necessary.

4. C. A packet that does not meet any filters is dropped. Answer A is incorrect because the packet is discarded rather than routed. Answer B is incorrect because there is no mechanism to flag the packet. Answer D is incorrect because although it is conceivable that an administrator could be notified by default, the packet is simply dropped.

5. B, C. The significant bits are the last 16, indicated by the wildcard mask of 255.255.0.0. 192.168.20.5 and 172.30.20.5 match the last two octets, or 16 bits, of the 10.0.20.5 IP address. Answers A and D are incorrect because although the first portions of the IP address match, it is the last two octets that are significant.

6. B. 0.0.15.255 affects the 172.16.16.0 255.255.240.0 network. In the third octet, the first four bits are checked in binary, resulting in 00000000.00000000.00001111.11111111. Answer A is incorrect because this does not match the given problem, checking too many bits (five) in the last octet. Answer C is incorrect because this mask checks only three bits in the third octet. Answer D is incorrect because this mask checks only two bits in the third octet.

7. A. You may create only one access list per protocol, per direction, per interface. Answer B is incorrect because you can have multiple access lists for a single port number, and only one per direction. Answer C is incorrect because you may have only one access list per protocol, not per port number. Answer D is incorrect because you may not have more than one access list per interface.

8. B. The correct syntax is no ip access-group 101. This removes the access list from the interface. Answer A is incorrect because this line deletes the access list entirely. Answers C and D use invalid syntax.

9. A. This answer has the correct syntax of the access-list command followed by the list number, permit/deny, IP address, and a wildcard mask. Answers B and D are incorrect because they indicate an extended access list. Answer C is incorrect because the wildcard mask has been reversed.

10. D. Use the any keyword to specify all destinations. Answer A is incorrect because no destination is specified. Answer B is incorrect; this specifies a standard access list. Answer C is incorrect because all is not the proper keyword.