Home > CCNA Access List Sim

CCNA Access List Sim

February 10th, 2014 Go to comments



Answer and Explanation

Note: If you are not sure about Access-list, please read my Access-list tutorial. You can also download this sim to practice (open with Packet Tracer) here: http://www.9tut.com/download/9tut.com_CCNA_Access_List_Sim.pkt

For this question we only need to use the show running-config command to answer all the questions below

Router#show running-config




Question 1

How can we fix the problem but only allow ping to work while disabling telnet?

A – Correctly assign an IP address to interface fa0/1
B – Change the ip access-group command on fa0/0 from “in” to “out”
C – Remove access-group 106 in from interface fa0/0 and add access-group 115 in.
D – Remove access-group 102 out from interface s0/0/0 and add access-group 114 in
E – Remove access-group 106 in from interface fa0/0 and add access-group 104 in


Answer: E


Let’s have a look at the access list 104:


The question does not ask about ftp traffic so we don’t care about the two first lines. The 3rd line denies all telnet traffic and the 4th line allows icmp traffic to be sent (ping). Remember that the access list 104 is applied on the inbound direction so the 5th line “access-list 104 deny icmp any any echo-reply” will not affect our icmp traffic because the “echo-reply” message will be sent over the outbound direction.

Question 2

What will happen after issuing the command “ip access-group 114 in” to the fa0/0 interface?

A – Attempts to telnet to the router would fail
B – All traffic from the network would be allow to go through
C – TCP and UDP traffic are not allowed to pass
D – Routing protocol updates for the network would not be accepted from the fa0/0 interface


Answer: B


From the output of access-list 114: access-list 114 permit ip any we can easily understand that this access list allows all traffic (ip) from network

Question 3

What will happen after issuing the command “access-group 115 in” on the s0/0/1 interface?

A – Hosts cannot connect to Router through s0/0/1
B – Telnet and ping would work but routing updates would fail.
C – FTP, FTP-DATA, echo, and HTTP traffic would work but telnet would fail
D – Only traffic from the network would pass through the interface


Answer: A


First let’s see what was configured on interface S0/0/1:


Recall that each interface only accepts one access-list, so when using the command “ip access-group 115 in” on the s0/0/1 interface it will overwrite the initial access-list 102. Therefore any telnet connection will be accepted (so we can eliminate answer C).
B is not correct because if telnet and ping can work then routing updates can, too.
D is not correct because access-list 115 does not mention about network. So the most reasonable answer is A.

But here raise a question…

The wildcard mask of access-list 115, which is, means that only host with ip addresses in the form of x.x.x.0 will be accepted. But we all know that x.x.x.0 is likely to be a network address so the answer A: “no host could connect to Router through s0/0/1” seems right…

But what will happen if we don’t use a subnet mask of For example we can use an ip address of, such a host with that ip address exists and we can connect to the router through that host. Now answer A seems incorrect!

Please comment if you have any idea for this sim!

Other lab-sims on this site:

CCNA NAT SIM Question 1

CCNA NAT SIM Question 2

CCNA Frame Relay Sim

CCNA Configuration SIM Question (RIPv2 SIM)




Comment pages
1 25 26 27 39
  1. Bill Gates Jr. III
    August 19th, 2016


    These sims are identical to Watson 314

  2. blsed
    August 30th, 2016

    any one with new 200-125 quiz please help

  3. Cisco_Ramon
    September 29th, 2016

    I would like to clear up the explanation for Question 3 a bit. Firstly, each interface accepts two access-lists to be precise, though there can only be one access-list in each direction(traffic flow) i.e. “in or out”. For example you can configure an interface like this:-
    ‘ ip access-group 110 in
    ip access-group 120 out ‘
    Secondly, its true that “if we don’t use a subnet mask of, we can use an ip address of and such a host with that ip address exists and we can connect to the router through that host”. Option A is correct because no such host ip(x.x.x.0) exits in the network. Hope it helped.

  4. Zaz
    January 10th, 2017

    zindagi na milegi dobara mp3 – myfreemp3.review/search/zindagi-na-milegi-dobara-mp3/
    download free music

  5. Anonymous
    January 28th, 2017

    I think q3 is the case of implicit deny

  6. Ttepi
    February 18th, 2017

    Q3. I think the suggested answer is correct .. but the explanation is incorrect.

    For access-list 115, the given wild card mask of means network x.x.x.255 (not x.x.x.0) … so the access-list is saying “only allow traffic from hosts with an IP address ending in .255”. However no host could have such an address because an address ending in .255 would always be a broadcast address.

  7. ^
    March 21st, 2017

    I don’t understand what is the problem in first question

  8. Cisco11
    March 29th, 2017

    Do both of the ACL sims appear in the exam, if not which one?

    March 29th, 2017

    I FAILED :(
    SCORED 1000/800 :(
    2 SIM
    *ACL2 Is VALIED*

  10. Anonymous
    April 3rd, 2017

    i have cleared CCNA 200-125 on 24-March-17….. 182 questions dump is not valid anymore.. I got lucky that I obtained 848 marks, but my friend fails to clear the exam using 182 question dumps..
    i got two labs..1 ACL and another OSPF
    rest 62 questions were very difficult.
    prepare theory properly this is the only way you can clear the exam.. “For Now”
    Best of Luck..

  11. Ali
    April 3rd, 2017

    An administrator is trying to ping and telnet from Switch to Router with the results shown below: Switch>
    Switch> ping
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to,timeout is 2 seconds:
    Success rate is 0 percent (0/5)
    Switch> telnet Trying … % Destination unreachable; gateway or host down
    Switch> Click the console connected to Router and issue the appropriate commands to answer the questions.

  12. del
    April 6th, 2017

    hi all,
    does anyone can tell where we can find the ccna dumps?
    cost of the ccna exam ?
    which labs are valid,,and which labs are not valid ?
    plz answer ????????

    plz answer the above questions ,,,i asked a lot of times,lot of questions

  13. del
    April 6th, 2017

    DOES any one tell how to ccna exam in the first attempt???

  14. lucky
    April 6th, 2017

    mail id :: {email not allowed}

  15. muyed
    April 10th, 2017

    lab eigrp ospf dhcp ripv2 Acl Valid and Dump 266Q

  16. Anonymous
    April 25th, 2017

    Anyone who can forward me the 266Q dumps. akbarqazi2(at)gmail(dot)com

    April 26th, 2017

    Hello everyone, can someone send me the last question dump CCNA Exam 200-125
    I will take ccna exam next month
    rngeanmongkoln at gmail.com

    Best Regards,

  18. PIHU
    April 27th, 2017

    i m going to give ccna exam next month.ny1 having valid ccna latest dumps plz help. email dumps to {email not allowed}

  19. PIHU
    April 27th, 2017

    i m going to give ccna exam next month.ny1 having valid ccna latest dumps plz help. email dumps to pihuccna(at)gmail(dot)com

  20. tyson
    May 30th, 2017

    guys pls i need the last dump {email not allowed}

  21. tyson
    May 30th, 2017

    guys pls need the last dump eng.s.abdelkader(at)gmail(dot)com

  22. EmperorPenguin
    May 31st, 2017

    Just Passed the Exam Last Monday! i got ripv2 and ACLmod 3 in my exam. 266q still valid.
    there are 10+ new questions in it. cant remember the questions.
    i do remember there is one question with choices like this:
    A. 1:N
    B. 1:1
    C. N:1
    D. 1+N
    i dont know the answer to this.
    Good luck!

  23. Adna
    June 7th, 2017

    @EmperorPenguin can you please send to me 266q dumps i have the exam next week.

  24. Cebo
    June 8th, 2017

    Please good people I need Dumps for ccna, am writing month end, forward them at nhlekocebo(at)gmail(dot)com

  25. ali
    June 9th, 2017

    Hi my 9TUT friends. please send me latest dumps for 200-125. I am going to appear in next week.
    Email asgharshahhashmi @ gmail. com (remove space)
    I will be really thanks to you.

Comment pages
1 25 26 27 39
  1. No trackbacks yet.