Explanation: ACEs are commonly reordered from the way they were entered by the network administrator. The ACEs that have host criteria such as in the statement permit host 192.168. 10.5, are reordered as the first statements because they are the most specific (have the most number of bits that must match).
What is considered a best practice when configuring ACLs on Vty lines?
Place identical restrictions on all vty lines. Remove the vty password since the ACL restricts access to trusted users.
Where is the recommended placement implementation of a named standard ACL?
Following the guidelines for ACL placement, standard ACLs should be located as close to the destination as possible. In Figure 4-6, the administrator wants to prevent traffic originating in the 192.168. 10.0/24 network from reaching the 192.168. 30.0/24 network.
Which two statements are correct about extended ACLs choose two?
Which two statements are correct about extended ACLs? (Choose two
Extended ACLs evaluate the source and destination addresses.Port numbers can be used to add greater definition to an ACL.Extended ACLs end with an implicit permit statement.Extended ACLs use a number range from 1-99.
In which configuration would an outbound ACL?
In which configuration would an outbound ACL placement be preferred over an inbound ACL placement? Explanation: An outbound ACL should be utilized when the same ACL filtering rules will be applied to packets coming from more than one inbound interface before exiting a single outbound interface.
What commands can be used to verify implementation of ACL is on a device?
Use the show ip interface command to verify that the ACL is applied to the correct interface.The output will display the name of the access list and the direction in which it was applied to the interface.Use the show access-lists command to display the access-lists configured on the router.
In which configuration would an outbound ACL placement be preferred over an inbound ACL placement?
In which configuration would an outbound ACL placement be preferred over an inbound ACL placement? Explanation: An outbound ACL should be utilized when the same ACL filtering rules will be applied to packets coming from more than one inbound interface before exiting a single outbound interface.
Which IPv6 ACL command entry will permit traffic from any host to an SMTP server on network 2001 DB8 10 10 ::/ 64?
255.255. 19. Which IPv6 ACL command entry will permit traffic from any host to an SMTP server on network 2001:DB8:10:10::/64? The IPv6 access list statement, permit tcp any host 2001:DB8:10:10::100 eq 25, will allow IPv6 packets from any host to the SMTP server at 2001:DB8:10:10::100.
Which feature is unique to IPv6 ACLs when compared to those of IPv4 ACLs?
Which feature is unique to IPv6 ACLs when compared to those of IPv4 ACLs? Explanation: One of the major differences between IPv6 and IPv4 ACLs are two implicit permit ACEs at the end of any IPv6 ACL. These two permit ACEs allow neighbor discovery operations to function on the router interface.
What is ACL configuration?
Access Control Lists (ACLs) are a collection of permit and deny conditions, called rules, that provide security by blocking unauthorized users and allowing authorized users to access specific resources.
Which command will configure a standard ACL?
Apply a standard ACL using the ip access-group out command. Explanation: Having all ACEs with deny statements denies all traffic because there is an implicit deny any command at the end of every standard ACL.
Where should you place a standard ACL why Where should you place an extended ACL Why?
– Extended ACLs are placed on routers as close to the source as possible that is being filtered. – Placing Extended ACLs too far from the source is inefficient use of network resources because packets can be sent a long way only to be dropped or denied.
Which three statements describe ACL processing of packets choose two?
Which three statements describe ACL processing of packets? (Choose three.) An implicit deny any rejects any packet that does not match any ACE. A packet can either be rejected or forwarded as directed by the ACE that is matched. A packet that has been denied by one ACE can be permitted by a subsequent ACE.
What two ACEs could be used to deny IP traffic from a single source host?
Explanation: There are two ways to identify a single host in an access list entry. One, is to use the host keyword with the host IP address, the other is to use a wildcard mask of 0.0. 0.0 with the host IP address.
What type of ACL offers greater flexibility and control over network access?
Explanation: The two types of ACLs are standard and extended. Both types can be named or numbered, but extended ACLs offer greater flexibility.
When an inbound Internet traffic ACL is being implemented what should be included to prevent the spoofing of internal networks?
When an inbound Internet-traffic ACL is being implemented, what should be included to prevent the spoofing of internal networks? Common ACEs to assist with antispoofing include blocking packets that have a source address in the 127.0. 0.0/8 range, any private address, or any multicast addresses.
How many ipv4 and ipv6 ACLs could be applied to a router if it has two interfaces?
In calculating how many ACLs can be configured, use the rule of “three Ps”: one ACL per protocol, per direction, per interface. In this case, 2 interfaces x 2 protocols x 2 directions yields 8 possible ACLs.
What address is required in the command syntax of a standard ACL?
Explanation: The only filter that can be applied with a standard ACL is the source IP address.
