Home > CCNA Access List Sim

CCNA Access List Sim

February 10th, 2014 Go to comments

Question

accesslist_sim

Answer and Explanation

Note: If you are not sure about Access-list, please read my Access-list tutorial. You can also download this sim to practice (open with Packet Tracer) here: http://www.9tut.com/download/9tut.com_CCNA_Access_List_Sim.zip

For this question we only need to use the show running-config command to answer all the questions below

Router>enable
Router#show running-config

accesslist_sim_showrun1

accesslist_sim_showrun2

accesslist_sim_showrun3

Question 1

How can we fix the problem but only allow ping to work while disabling telnet?

A – Correctly assign an IP address to interface fa0/1
B – Change the ip access-group command on fa0/0 from “in” to “out”
C – Remove access-group 106 in from interface fa0/0 and add access-group 115 in.
D – Remove access-group 102 out from interface s0/0/0 and add access-group 114 in
E – Remove access-group 106 in from interface fa0/0 and add access-group 104 in

 

Answer: E

Explanation

Let’s have a look at the access list 104:

accesslist_sim_answer1

The question does not ask about ftp traffic so we don’t care about the two first lines. The 3rd line denies all telnet traffic and the 4th line allows icmp traffic to be sent (ping). Remember that the access list 104 is applied on the inbound direction so the 5th line “access-list 104 deny icmp any any echo-reply” will not affect our icmp traffic because the “echo-reply” message will be sent over the outbound direction.

Question 2

What will happen after issuing the command “ip access-group 114 in” to the fa0/0 interface?

A – Attempts to telnet to the router would fail
B – All traffic from the 10.4.4.0 network would be allow to go through
C – TCP and UDP traffic are not allowed to pass
D – Routing protocol updates for the 10.4.4.0 network would not be accepted from the fa0/0 interface

 

Answer: B

Explanation

From the output of access-list 114: access-list 114 permit ip 10.4.4.0 0.0.0.255 any we can easily understand that this access list allows all traffic (ip) from 10.4.4.0/24 network

Question 3

What will happen after issuing the command “access-group 115 in” on the s0/0/1 interface?

A – Hosts cannot connect to Router through s0/0/1
B – Telnet and ping would work but routing updates would fail.
C – FTP, FTP-DATA, echo, and HTTP traffic would work but telnet would fail
D – Only traffic from the 10.4.4.0 network would pass through the interface

 

Answer: A

Explanation

First let’s see what was configured on interface S0/0/1:

accesslist_sim_answer3

Recall that each interface only accepts one access-list, so when using the command “ip access-group 115 in” on the s0/0/1 interface it will overwrite the initial access-list 102. Therefore any telnet connection will be accepted (so we can eliminate answer C).
B is not correct because if telnet and ping can work then routing updates can, too.
D is not correct because access-list 115 does not mention about 10.4.4.0 network. So the most reasonable answer is A.

But here raise a question…

The wildcard mask of access-list 115, which is 255.255.255.0, means that only host with ip addresses in the form of x.x.x.0 will be accepted. But we all know that x.x.x.0 is likely to be a network address so the answer A: “no host could connect to Router through s0/0/1” seems right…

But what will happen if we don’t use a subnet mask of 255.255.255.0? For example we can use an ip address of 10.45.45.0 255.255.0.0, such a host with that ip address exists and we can connect to the router through that host. Now answer A seems incorrect!

Please comment if you have any idea for this sim!

Comments
Comment pages
1 26 27 28 39
  1. Henry
    December 5th, 2017

    Passed today, used the dumps shared by Easy on https://drive.google.com/open?id=0B5mAFqgydmCzc3BmR214LWFuTDg

  2. anon…
    December 12th, 2017

    @henry plz share ur experience
    mcqs and labs

  3. Faustin
    December 13th, 2017

    @henry, which labs appeared in your exam

Comment pages
1 26 27 28 39
Add a Comment