Home > CCNA – Access list Questions

CCNA – Access list Questions

April 29th, 2015 Go to comments

Note: If you are not sure about Access list, please read our Access List Tutorial.

Question 1

Explanation

The standard access lists are ranged from 1 to 99 and from 1300 to 1999 so only access list 50 is a standard access list.

Question 2

Explanation

We see the difference of the four networks 192.168.146.0, 192.168.147.0, 192.168.148.0, and 192.168.149.0 is at the third octet (146, 147, 148, 149) so we need to convert them into binary numbers (the different bit is underlined):

146 = 10010010
147 = 10010011

We see only the last bit is different so a wildcard mask can be created to cover them with XOR operation:

Wildcard mask = 10010010 XOR 10010011 = 00000001 = 1

Note: The XOR operation here means “if two compared bits are same, write 0; if two compared bits are different, write 1”. Remember, for the wildcard mask, 1 means “I DON’T CARE”, and 0 means “I CARE”

Therefore the full wildcard mask should be 0.0.1.255. The last octet is “255” to cover all hosts in /24 range. And the “access-list 10 permit ip 192.168.146.0 0.0.1.255” can cover networks 192.168.146.0, 192.168.147.0.

Do the same for two remaining networks:

148 = 10010100
149 = 10010101

So the “access-list 10 permit ip 192.168.148.0 0.0.1.255” can cover these two networks.

Note:

If we want to use only one command in the access-list, we can compare all four networks at the same time:

146 = 10010010
147 = 10010011
148 = 10010100
149 = 10010101

-> Wildcard mask = 00000011 = 3

Therefore we can use one command “access-list 10 permit ip 192.168.146.0 0.0.3.255” to cover all four networks.

Question 3

Question 4

Question 5

Explanation

An access-list will be checked from the first to last statement. If a statement is matched then the check will finish immediately. A rule of thumb when creating an access-list is writing more specific matches first. So for this question we need to:

+ Permit hosts 172.21.1.129 & 172.21.1.142 (first & last IP of subnet 172.21.1.128/28)
+ Deny other hosts in subnet 172.21.1.128/28
+ Permit anyone else

Remember another rule of thumb: the “permit/deny anyone else” statement is always put at the end of the access-list because it will be matched surely and the check will finish immediately (so any statements under this statement cannot be checked -> they are useless). Therefore in this case, the “permit any” statement will surely be at the end of the access-list.

We cannot place statement B: “deny 172.21.1.128 0.0.0.15” before statement A: “permit 172.21.1.129 0.0.0.0” and statement C: “permit 172.21.1.142 0.0.0.0” because any IP that matches statement A & C will surely match statement B and the check will finish immediately -> statements A & C are never been matched. Therefore statements A & C must be placed on top of statement B.

Question 6

Explanation

We can have only 1 access list per protocol, per direction and per interface. It means:

+ We can not have 2 inbound access lists on an interface
+ We can have 1 inbound and 1 outbound access list on an interface

Question 7

Explanation

We can use a dynamic access list to authenticate a remote user with a specific username and password. The authentication process is done by the router or a central access server such as a TACACS+ or RADIUS server. The configuration of dynamic ACL can be read here: http://www.cisco.com/en/US/tech/tk583/tk822/technologies_tech_note09186a0080094524.shtml

Comments (44) Comments
Comment pages
1 4 5 6 1782
  1. Nas12
    May 18th, 2016

    where do I see the questions for each of the topics? all I see are the explanations without the actual question

  2. Southern
    May 23rd, 2016

    Nas, someone has posted a link that contains questions and answers, cannot remember where exactly, just look under comments in other pages and you’ll find them. Otherwise just sign in and you will have total access to everything. I highly recommend that you do this, it is not expensive at all and really worth it, especially with simulations and labs. Good luck.

  3. Anonymous
    June 5th, 2016

    could any one please send to me CCNA dump at mahmoudhamid101@GMAIL

  4. Anonymous
    June 10th, 2016

    @gotTest Tomorrow or anyone who took the test already….
    Hello everyone can someone please explain me where is the famous ospf lab sim her on the site i see acl, acl2 eigrp but everyone are mentioning OSPF lab too on exams, but where is it here actually? Please answer me i am studying for exam soon…

  5. Nene
    June 13th, 2016

    I failed my CCNA exam last week. Can someone help me with answers to the EIGRP questions that have six routers.m It actually have four questions.

  6. @Yoom
    June 18th, 2016

    I plan to taking CCNA 200-120 in next month. please ,can you help me I can not get the dump it is not possible to me to pay . It is did not accessible for me to pay. Please send me the PDF to my email

    {email not allowed}

  7. Anil kumbhar
    June 22nd, 2016

    i Am about to answer ccna can you please mail me latest dumps on {email not allowed}

  8. ckay
    June 25th, 2016

    Preparing for my exam, anyone please share the latest dump. email c.alenga911 @ gmail.com thanks in advance.

  9. hpcisco
    June 28th, 2016

    Hi Guys my exam next week anyone please send me latest dump at my email
    {email not allowed}

  10. hpcisco
    June 28th, 2016

    Hi Guys my exam next week anyone please send me latest dump at my email
    hpcisco @ yahoo.com

  11. dinesh
    June 30th, 2016

    Hi Guys my exam next week anyone please send me latest dump at my email {email not allowed}
    thanks & Regards

  12. dinesh
    June 30th, 2016

    Hi Guys my exam next week anyone please send me latest dump at my email
    {email not allowed}

  13. Ted
    July 13th, 2016

    all. one person said in their exam In access
    list 2 sim they had 2 servers instead of 3.
    host was A and last line they put permit ip
    any server ip rather than permit ip any any.
    anyone else get this and their answer is correct ?

  14. Ted
    July 13th, 2016

    Hello all. one person (Peter) in the ”
    CCNA FAQs & Tips” blog advised
    in his exam In “access
    list 2 sim” the sim had 2 servers instead of 3.
    host to allow access was “A” and the last acl line he put permit “ip
    any PUBLIC SERVER ADDRESS “rather than “permit ip any any” and he advised it was correct .
    anyone else get this and their answer is correct ? I am questioning as most blogs say in the exam “permit ip any any” is correct. also his exam he has 980 points. not sure where he lost his 20 points , but if he had the last line wrong he’d lose 20 points Thanks !

  15. CCNA
    July 20th, 2016

    Note:

    If we want to use only one command in the access-list, we can compare all four networks at the same time:

    146 = 10010010
    147 = 10010011
    148 = 10010100
    149 = 10010101

    -> Wildcard mask = 00000011 = 3

    Therefore we can use one command “access-list 10 permit ip 192.168.146.0 0.0.3.255” to cover all four networks.

    This is not possible. We can’t use one command. This access-list doesn’t allow 192.168.148.0 and 192.168.149.0 networks. Am I right?

  16. Jarot Panorama Shandi
    August 3rd, 2016

    hello kevin
    can u share to me actual test v25

    thanks advance

  17. Anonymous
    August 4th, 2016

    taking ccna in 2wks, can anyone pls send dumps via email. Thx.

    briccboi at yahoo dot com

  18. Anonymous
    August 4th, 2016

    taking test in 2 weeks, can someone send dumps via email
    cleetus underscore 2004 at yahoo
    thanks

  19. suji
    August 4th, 2016

    Hello all . need dumps pls -sud.kcmr @ gmail.com-
    aug 20 is v2 exam, so next month onwards v3 ? when it will be ?

    Thank you in Advance ..

  20. Anonymous
    August 9th, 2016

    please send me latest dumps. my email id {email not allowed}

  21. Anonymous
    August 9th, 2016

    send me dump . my id yousufduet15 @ gmail.com

  22. Anonymous
    August 10th, 2016

    hi taking ccna exam can you please send me the latest dumps

  23. Ali tt
    August 15th, 2016

    Please can someone send me the last dump to alinotala yahoo dot friends

  24. Ali tt
    August 15th, 2016

    Please can someone send me the last dump to alinotala yahoo dot fr

  25. Oz
    August 17th, 2016

    Passed today, 850/1000 OSPF and EGRIP, ACL Mod 4, and also ACL sims. 40 questions, tough fair.

  26. Perfect
    August 18th, 2016

    Hello, Can you post the link for the question?

  27. killy
    August 18th, 2016

    I missed with 2% guys ahhgrrr

  28. lambertini
    August 19th, 2016

    hi I just want to know if they are going change the new version of ccna 200-125 exam after August 20th.

  29. Anonymous
    August 25th, 2016

    Dears
    Does someone can tell me if this material is still valid for 200-125 exam. If not does someone send me a valid material to my email {email not allowed}
    Best Regards

  30. ppa
    September 5th, 2016

    sent me dumps pyephyoeaung1 @ gmail . com

  31. Smitha472
    September 16th, 2016

    I really like and appreciate your blog post.Thanks Again. fgggdbddffkbaeed

  32. Anonymous
    September 24th, 2016

    Can some send to me the latest dumps for 200-125 exam?

  33. digoz
    October 5th, 2016

    Hie guys can you send me the latest dumps at godfreykatsande1987 at gmail dot com.

  34. God will bless you
    October 16th, 2016

    Could someone send me dumps for CCNA 200-125 ? Please….

  35. braintech
    October 24th, 2016

    Dear All,
    If anyone want valid dumps for CCNA+Voucher (Any track), CCNP(any track) and CCIE R&A (Dumps+Lab) in affordable price.

    Contact:

    Whatsapp or call

    +966592832164

  36. SYED
    October 29th, 2016

    Guys i want to practice more ASL sims, where can i find them ?

  37. Lo Sing
    November 11th, 2016

    Passed the CCNA Finally! I had to take the CCNA twice, as I failed on my first attempt. However for my second, I used the e8ay dump to study the update that happened for the CCNA and passed the exam finally :D All Questions came from the dump. The e8ay dump has a total of 142 questions (58 + 84 updated questions) and the 4 variations of the ACL sims. I didn’t check out the study materials here but they seem helpful stated from other comments.

    Information to the exam:

    54 MC Questions
    1 ACL simulation
    1 EIGRP TSHOOT Simlet
    1 OSPF TShoot Simlet
    1 RIPv2 Simlet

    Total of 58 questions.

    If you would like to check out the materials I used, here you go:

    e8ay.com/itm/200-125-v3-Dump-/322325097800? (change the “8” to a “b”)

    Good Luck!

  38. Anonymous
    December 1st, 2016

    hello

  39. Wacky Techy
    December 2nd, 2016

    Passed using “Lo Sing” e8ay link. Still very much valid. However, looks like the link got updated. Here is the link if you guys want to use:
    e8ay.com/itm/322336782526? (change the “8” to a “b”)

    Good Luck!

  40. Istring
    December 13th, 2016

    I passed the Cisco Certified Entry Networking Technician 100-101 with 90%. Almost each question is from this http://www.grades4sure.com/100-101-exam-questions.html dumps! Such a great work, guys! You can pass the exam easily by using this material alone. About 3 questions were new but all were easy. Thanks for your help!

  41. CCNA-v3
    December 15th, 2016

    Guys finally passes today 171q is super valid right now
    Lab acl mod 3 host , ospf , dhcp Ntp, ripv2

    Dumps available at below webpage: remover asteriks
    ccna200-125dumps.blogs*pot.co*m

  42. McKnight
    December 27th, 2016

    Overall there are many websites of Cisco 200-125. But I’m recommend to vcetests of Cisco https://www.vcetests.com/200-125-vce.html Exam. Once ready, you can easily pass it exam in first attempt.
    Latest of 26th December!!!!!!!

  43. Aruma
    January 10th, 2017

    hey lumineers mp3 – myfreemp3.review/search/hey-lumineers-mp3/
    download free music

  44. Julianna
    January 10th, 2017

    billboard hot 100 singles chart of the year 2015 320kbps] – myfreemp3.review/search/billboard-hot-100-singles-chart-of-the-year-2015–320kbps]/
    download free music

Comment pages
1 4 5 6 1782