CCNA Access List Sim
Question
Answer and Explanation
Note: If you are not sure about Access-list, please read my Access-list tutorial. You can also download this sim to practice (open with Packet Tracer) here: https://www.9tut.com/download/9tut.com_CCNA_Access_List_Sim.zip
For this question we only need to use the show running-config command to answer all the questions below
Router>enable
Router#show running-config
Question 1
How can we fix the problem but only allow ping to work while disabling telnet?
A – Correctly assign an IP address to interface fa0/1
B – Change the ip access-group command on fa0/0 from “in” to “out”
C – Remove access-group 106 in from interface fa0/0 and add access-group 115 in.
D – Remove access-group 102 out from interface s0/0/0 and add access-group 114 in
E – Remove access-group 106 in from interface fa0/0 and add access-group 104 in
Answer: E
Explanation
Let’s have a look at the access list 104:
The question does not ask about ftp traffic so we don’t care about the two first lines. The 3rd line denies all telnet traffic and the 4th line allows icmp traffic to be sent (ping). Remember that the access list 104 is applied on the inbound direction so the 5th line “access-list 104 deny icmp any any echo-reply” will not affect our icmp traffic because the “echo-reply” message will be sent over the outbound direction.
Question 2
What will happen after issuing the command “ip access-group 114 in” to the fa0/0 interface?
A – Attempts to telnet to the router would fail
B – All traffic from the 10.4.4.0 network would be allow to go through
C – TCP and UDP traffic are not allowed to pass
D – Routing protocol updates for the 10.4.4.0 network would not be accepted from the fa0/0 interface
Answer: B
Explanation
From the output of access-list 114: access-list 114 permit ip 10.4.4.0 0.0.0.255 any we can easily understand that this access list allows all traffic (ip) from 10.4.4.0/24 network
Question 3
What will happen after issuing the command “access-group 115 in” on the s0/0/1 interface?
A – Hosts cannot connect to Router through s0/0/1
B – Telnet and ping would work but routing updates would fail.
C – FTP, FTP-DATA, echo, and HTTP traffic would work but telnet would fail
D – Only traffic from the 10.4.4.0 network would pass through the interface
Answer: A
Explanation
First let’s see what was configured on interface S0/0/1:
Recall that each interface only accepts one access-list, so when using the command “ip access-group 115 in” on the s0/0/1 interface it will overwrite the initial access-list 102. Therefore any telnet connection will be accepted (so we can eliminate answer C).
B is not correct because if telnet and ping can work then routing updates can, too.
D is not correct because access-list 115 does not mention about 10.4.4.0 network. So the most reasonable answer is A.
But here raise a question…
The wildcard mask of access-list 115, which is 255.255.255.0, means that only host with ip addresses in the form of x.x.x.0 will be accepted. But we all know that x.x.x.0 is likely to be a network address so the answer A: “no host could connect to Router through s0/0/1” seems right…
But what will happen if we don’t use a subnet mask of 255.255.255.0? For example we can use an ip address of 10.45.45.0 255.255.0.0, such a host with that ip address exists and we can connect to the router through that host. Now answer A seems incorrect!
Please comment if you have any idea for this sim!
Hello Team, I am expected to sit my CCAN exams on at the end of the month, Can i get most recent Dump,
My email {email not allowed}
Hey Show me the Latest Labs comes in exam plz . i studied the ACL LAB. ACL SIM .VLAN SIM .EIDGRP GRE TUNNEL .OSPFV6 …..Show me more my exam on after 10 feb 2020
I’m going To have CCNA 200-125 exam on Feb 20. Pleaseee CCNAv3 questions (1-7)
Thanks
braithwaite_julio at yahoo c o m
I’m going To have CCNA 200-125 exam on 14 Feb 20. Pleaseee CCNAv3 questions (1-7)rberg_2 at yahoo com
Passed the exam Feb 9th, 9xx/1000. This sim was present word from word. ACL LAB was in my exam different IP’s. Be aware of the outbound interfaces. Check it.
Just passed today.. whoever needs dumps email, will send them back juankarlos 31 at gmail com
good job @matt
i have booked my exam on 21 feb i need advise for sim please
what other sims were present @matt and @Juan
I dont get the answer for questions 3. cause the access-list 115 is permitt any. why any host wont be able to connect?
its it because the way wilcald set: 0.0.0.0 255.255.255.0 meaning no match up octets from any class address (A, B, C)
in the end, what do you mean “For example we can use an ip address of 10.45.45.0 255.255.0.0, such a host with that ip address exists and we can connect to the router through that host.”
how could a host with address “x.x.45.0” exist???
Hello! i don’t understand in question 3
“ip access-group 115 in” on the s0/0/1 interface it will overwrite the initial access-list 102. Therefore any telnet connection will be accepted (so we can eliminate answer C).
why?
Hi 9tut. Thank you thank you thank you. I studied your material for my CCNA 200-125 and today i passed with 877/1000!!!
The key is to read the questions and practice the labs with time, there is not shortcut and magic to get to the highest.
took me two months to this moment!!
This Question was on my exam
I wish to say thank you 9tut you are really amazing, I just passed my ccna 200-125 test today 944/1000 , this lap and DHCP , ACL sim 2 , four drags and drops and other questions more than 75% from 9tut , I advice all people here study the material and 9tut questions and practice the labs the tests will be easy,Note: if you want to test 200-125 the last day will be at 23rd Feb 2020.
This website really worth the money you pay for it get the paid membership and study the questions don’t focus about the Dumps. Cisco materiel some youtube videos and 9tut will be so enough to pass
I am new to taking Cisco exams. I have a question. In this sim, do we actually have to make the changes on the interfaces, like fa0/0 and apply the ip access-group 104 in and also make changes to the s0/0/1? Or do we just have to use the show run command to see the actual access-lists and answer the question? Please let me know. I’m taking my exam at the end of this week. Thanks!
Please, please send the newest dumps, taking my exam Friday ( last day for 200-125). thmark1987 (@) gmail.com
Kindly please
took my exam today and got 908/1000
must of the Questions was from the 1-7 new questions
i got this lab and also Acl case 2 and dhcp
thanks 9tut!
Heya guys just wondering for this Sim do i need to make configurations and save it? because i have to configure fa0/0 twice.. One 104 in and one 114 in.. Thanks
I have scheduled exam tomorrow. Kindly someone share latest dumb syedmuhammadaliuddin at gmail com
Anyone passed exam in last 2-3 days, which lab was part of exam.
i have on tmrw.
Anyone passed exam in last 2-3 days, which lab was part of exam.
i have on tmrw.
please for acl 2 can one use anyone (tcp or ip) when configuring? or there is difference between the two.
There is a difference between the
if the question says deny or permit web browser access on finance web server, then that is when you are to use tcp (eq 80) but if the question only say deny/ permit access to finance web server only. Just use ip.
Note: For the last access-list, use the Permit ip any any even if you are told to permit all other access to public web server. Try to understand the question and you are good to go.
Hi 9tut or anybody, please help,
ACL1, still has 3 MCQs? Is q1 still valid with answer: remove ag106 and add ag 104 in?
Thanks so much!
Q3: The correct answer is A (Hosts cannot connect to Router through S0/0/1.
The explanation is: The interface S0/0/0/1 is administratively down.
hi can anyone pls help me my exam in 12 sep and i need dumb