ActualTests.Cisco.640-802.Exam.Q.and.A.08.15.08-DDU (1130589), страница 67
Текст из файла (страница 67)
The goal of these filters is to prevent unwanted traffic in thenetwork - whether to prevent hackers from penetrating the network or just to preventemployees from using systems they should not be using.IP access lists can also be used to filter routing updates, to match packets forprioritization, to match packets for prioritization, to match packets for VPN tunneling,and to match packets for implementing quality of service features.
It is also used tospecify the interesting traffic, which is used to trigger ISDN and Dial on DemandRouting (DDR) calls.Reference:CCNA Self-Study CCNA ICND exam certification Guide (Cisco Press, ISBN1-58720-083-X) Page 427Incorrect Answers:A, F: ACLs do not provide for management and traffic analysis functions such as themonitoring and organization of network packets.Actualtests.com - The Power of Knowing640-802B. While ACLs can be used to filter out some unwanted traffic; they can not be used toroutinely provide for virus detection and removal.E. ACLs alone do not provide for any additional level of network availability.QUESTION 593:Router CK1 is configured using a named ACL.
Which of the following answerchoices are correct characteristics of named access list? (Select all that apply)A. You can delete individual statements in a named access listB. Named access lists require a numbered range from 1000 to 1099.C. Named access lists must be specified as standard or extended.D. You can use the ip access-list command to create named access lists.E.
You cannot delete individual statements in a named access list.F. You can use the ip name-group command to apply named access lists.Answer: A, C, DExplanation:Named access lists have two advantages over numbered access lists: the first one beingthat a name is easier to remember and the second being the fact that you can deleteindividual statements in a named access list. That makes A correct.When you create a named access list you use the ip access-list command, and you have tospecify whether it's standard or extended (since there are no numbers). So C and D areboth correct.
An example from the textbook is the command, "ip access-list extendedBarney"Incorrect Answers:B. Named access lists don't require a number range from 1000 to 1099 so B is incorrect.E. Answer choice E is not true.F. This is incorrect because the command ip name-group is absolutely unnecessary.Reference: CCNA Self-Study CCNA ICND exam certification Guide (Cisco Press,ISBN 1-58720-083-X) Pages 443-445QUESTION 594:A standard IP access list is applied to an Ethernet interface of router CK1 . Whatdoes this standard access list filter on?A.
The source and destination addressesB. The destination port numberC. The destination addressD. The source addressE. All of the aboveActualtests.com - The Power of Knowing640-802Answer: DExplanation:The standard IP access-list will only filter on the source address contained in the packet.Extended access lists can filter on the source and destination address and portinformation.QUESTION 595:What are two reasons that the Certkiller network administrator would use accesslists on a router? (Choose two.)A. To filter traffic as it passes through a routerB. To filter traffic that originates from the routerC.
To replace passwords as a line of defense against security incursionsD. To control vty access into a routerE. To control broadcast traffic through a routerAnswer: A, DExplanation:Access lists are used to process data received by a router can be divided into two broadcategories:1. traffic that passes through the router via the forwarding path (choice A)2. traffic destined for the router via the receive path for route processor handling, such asssh/telnet vty access (Choice D)In normal operations, the vast majority of traffic simply flows through a router en routeto its ultimate destination.Incorrect Answers:B: Traffic originated by the router will bypass the access list.C: Access lists can be used to permit or deny access, but it can not be used to replace theneed for passwords for authorizing users into the system.E: Routers do not forward broadcast traffic by default, and this is true regardless if accesslists are configured or are not.QUESTION 596:Which of the following are characteristics of named access lists? (Choose three)A.
Individual statements in a named access list may be deleted.B. They require a numbered range from 1000 to 1099.C. When created, they must be specified as standard or extended.D. They are created with the ip access-list command.E. The entire access list must be deleted before editing.Actualtests.com - The Power of Knowing640-802F. They are applied with the ip name-group command.Answer: A, C, DExplanation:You can identify IP access lists with an alphanumeric string (a name) rather than anumber. Named access lists allow you to configure more IP access lists in a router than ifyou were to use numbered access lists. If you identify your access list with a name ratherthan a number, the mode and command syntax are slightly different.
Currently, onlypacket and route filters can use a named list.Consider the following guidelines before configuring named access lists:Access lists specified by name are not compatible with Cisco IOS Releases prior to 11.2.Not all access lists that accept a number will accept a name. Access lists for packet filtersand route filters on interfaces can use a name.A standard access list and an extended access list cannot have the same name.To configure a named access list (standard and extended):Reference:http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080430e5b.htmlQUESTION 597:What are the general recommendations regarding the placement of access controllists? (Choose two)A.
Standard ACLs should be placed as close as possible to the source of traffic to bedenied.B. Extended ACLs should be placed as close as possible to the source of traffic to bedenied .C. Standard ACLs should be placed as close as possible to the destination of traffic to bedenied .D.
Extended ACLs should be placed as close as possible to the destination of traffic to bedenied .Answer: B, CActualtests.com - The Power of Knowing640-802Explanation:Standard Access Lists:l Access-list list# {permit/deny} source IP [wildcard mask]l interface [router port]l ip access-group [list#] in|out (out is the default)l If a match is made, the action defined in this access list statement is performed.l If no match is made with an entry in the access list, the deny action is performed(implicit deny)l Should be put close to the destination address because you can not specify thedestination address, only the source information is looked at.Extended Access List:l Access-list list# {permit/deny} protocol source [source mask] destination [destinationmask] operator [port]l Should be put close to the sourcel Since extended ACLs have destination information, you want to place it as close to thesource as possible.l Place an extended ACL on the first router interface the packet enters and specifyinbound in the access-group command.QUESTION 598:Part of the Certkiller network is shown in the following topology exhibit:In this network, an access list has been designed to prevent HTTP traffic from theaccounting department from reaching the Certkiller I server attached to theCertkiller 2 router.
Which of the following access lists will accomplish this task whengrouped with the e0 interface on the Certkiller router?A. permit ip any anydeny tcp 172.17.17.252 0.0.0.0 172.16.16.0 0.0.0.255 eq 80Actualtests.com - The Power of Knowing640-802B. deny tcp 172.17.17.252 0.0.0.0 172.16.16.0 0.0.0.255 eq 80permit ip any anyC.
deny tcp 172.16.16.0 0.0.0.255 172.17.17.252 0.0.0.0 eq 80permit ip any anyD. permit ip any naydeny tcp 172.16.16.0 0.0.0.255 172.17.17.252 0.0.0.0 eq 80E. None of the aboveAnswer: CQUESTION 599:For security reasons, the Certkiller network administrator needs to prevent pingsinto the corporate networks from hosts outside the internetwork. Using accesscontrol lists, which protocol should be blocked?A. IPB.
UDPC. TCPD. ICMPE. None of the aboveAnswer: DExplanation:A ping is a computer network tool used to test whether a particular host is reachableacross an IP network. It works by sending ICMP "echo request" packets to the target hostand listening for ICMP "echo response" replies. ping estimates the round-trip time,generally in milliseconds, and records any packet loss, and prints a statistical summarywhen finished.ICMP ping packetBit 0 - 7HeaderBit 8 - 15Version/IHLBit 16 - 23Type of serviceIdentificationTime To Live(TTL)Bit 24 - 31Lengthflags et offsetProtocolCRCSource IP addressDestination IP addressActualtests.com - The Power of Knowing640-802PayloadType of messageCodeCRCQuenchData (optional)QUESTION 600:Part of the Certkiller network is shown below:You work as a network technician at Certkiller . Certkiller is concerned aboutunauthorized access to the Certkiller E server.
The Certkiller 1, Certkiller 4, Certkiller 6and Certkiller 7 PCs should be the only computers with access to the Certkiller Eserver. What two technologies should be implemented to help prevent unauthorizedaccess to this server? (Choose two)A. Encrypted router passwordsB. VLANsC. STPD. VTPE. Access listsF. Wireless LANsG.
![](https://s.studizba.com/z.php?f=/templates/si/i/noavatar.png&w=100&h=100&t=1"){kind=avatar}
