Final Exam 2008/2009
1. Which of the following are valid reasons to implement access lists? (Choose all that apply.)
? A. QoS
? B. Route filtering
? C. Dial-on-demand routing
? D. Console port security
2. Which type of access list can filter traffic based on the source port? (Choose all that apply.)
? A. Standard
? B. Extended
? C. User-Based
? D. Static
? E. Named
? F. Unnamed
3. You are filtering traffic to an FTP site and you want only FTP traffic to reach the server. You do not
want additional traffic to reach the server. Which traffic should be allowed?
? A. TCP on ports 20 and 21
? B. UDP on ports 20 and 21
? C. TCP on port 21
? D. TCP and UDP on ports 20 and 21
4. What happens to a packet that does not meet the conditions of any access list filters?
? A. The packet is routed normally.
? B. The packet is flagged and then routed.
? C. The packet is dropped.
? D. The administrator is notified.
5. You have an IP address and wildcard mask of 10.0.20.5 255.255.0.0. Which of the following IP
addresses will be affected by this access list? (Choose all that apply.)
? A. 10.0.0.10
? B. 192.168.20.5
? C. 172.30.20.5
? D. 10.2.1.1
6. You want to create an access list to filter all traffic from the 172.16.16.0 255.255.240.0 network.
What wildcard mask is appropriate?
? A. 0.0.7.255
? B. 0.0.15.255
? C. 0.0.31.255
? D. 0.0.63.255
7. Regarding access lists, which of the following statements is correct?
? A. Only one access list per protocol, per direction, per interface
? B. Only one access list per port number, per protocol, per interface
? C. Only one access list per port number, per direction, per interface
? D. Only one access list per port number, per protocol, per direction
8. You need to temporarily remove access list 101 from one of your interfaces—which command is
? A. no access-list 101
? B. no ip access-group 101
? C. access-list 101 disable
? D. access-group 101 disable
9. Which of the following creates a standard access list that allows traffic from the 172.16 subnet?
? A. access-list 1 permit 172.16.0.0 0.0.255.255
? B. access-list 100 permit 172.16.0.0 255.255.0.0
? C. access-list 1 permit 172.16.0.0 255.255.0.0
? D. access-list 100 permit 172.16.0.0 0.0.255.255
10. You want to create an access list that denies all outbound traffic to port 80 from the 10.10.0.0 network.
Which access list entry meets your requirements?
? A. access-list 101 deny tcp 10.10.0.0 0.0.255.255 eq 80
? B. access-list 91 deny tcp 10.10.0.0 0.0.255.255 any eq 80
? C. access-list 101 deny tcp 10.10.0.0 0.0.255.255 all eq 80
? D. access-list 101 deny tcp 10.10.0.0 0.0.255.255 any eq 80
Answers to Exam Questions Final Exam 2008/2009