There are two steps to use an access list .
1. Create the list
2. Place the access list on a interface
The analogy I use in class is:
Suppose you reside in a gated community. The community is not protected until you hire the guard and then place him at the gate. If you hire the guard and never place him at the gate all traffic will be permitted.
When there is no access list on an interface it is implicit permit any
When an access list is placed on a interface it is implicit deny any
16. [xxNx] What is the result of the command?
" access-list 101 permit tcp any 172.16.0.0 0.0.255.255 established"
a) telnet sessions will be permitted regardless of the source address
b) telnet sessions will be denied regardless of the source address
c) telnet sessions will be denied if initiated from any address other than 172.16.0.0 network
d) telnet sessions will be permitted to the 172.16.0.0 network only
e) telnet sessions will be denied to the 172.16.0.0 network only
Answer
c) telnet sessions will be denied if initiated from any address other than 172.16.0.0 network
The secret to this question is the key word "established." Established means that the packet will be permitted unless it is the first part of the three way handshake. Recall that when we initiate a TCP connection we have no ACK. How can we acknowledge a sequence number from the other side when we have not established a session with him?
17. [xxNx] Which is generally true of the location of access-lists? (Choose all that apply.)
a) Standard lists will most likely be placed close to the destination.
b) Standard lists will most likely be placed close to the source.
c) Extended lists will most likely be placed close to the destination.
d) Extended lists will most likely be placed close to the source.
e) It does not matter.
Answer
a) Standard lists will most likely be placed close to the destination.
d) Extended lists will most likely be placed close to the source.
A standard list will only check the source address. It makes no difference where the packet is going. If you place a standard list close to the source you could very well be denying that traffic to go to other destinations. An extended list can be placed close to the source because we can permit or deny traffic based upon the source and destination address. This insures that only traffic we wish to have denied is denied.
18. [RxNx] Which of the following is most correct?
a) IP is to TCP. as IPX is to SPX.
b) RTMP is to Appletalk as IP RIP is to IP.
c) NLSP is to IPX as OSPF is to IP.
d) a is true.
e) b is true.
f) a & b are true.
g) c is true.
h) b & c are true.
i) a, b and c are true.
Answer
i) a, b and c are true.
19. [ExNx] If Host A sends a packet to Host B over ethernet and Host B is not active:
a) The packet will time out.
b) The packet will be removed by Host A.
c) The NVRAM of Host B will remove the packet.
d) The packet will "die" when it reaches the terminator.
e) The packet will be removed by the token monitor.
Answer
d) The packet will "die" when it reaches the terminator.
上一页 [1] [2] [3] [4]
责任编辑:小草
您现在的位置: 