Frequent Questions      

    CCNA™ (200-125) Exam Practice Questions

 

Access List

 

Home
Up             Previous              Next

Q2. Which of the following is a valid extended IP access list?

A. access-list 102 permit ip host 164.42.20.0 any eq 80

B. access-list 102 permit ip host 164.42.20.0 any eq www

C. access-list 102 permit tcp host 164.42.20.0 any eq 80

D.
access-list 102 permit icmp host 164.42.20.0 any eq www

  Correct Answer: C

 

Explanation:

Standard ACLs 
Standard ACLs control traffic by the comparison of the source address of the IP packets to the addresses configured in the ACL. 
This is the command syntax format of a standard ACL.
access-list access-list-number {permit|deny} 
{host|source source-wildcard|any}
In all software releases, the access-list-number can be anything from 1 to 99. In Cisco IOS Software Release 12.0.1, standard ACLs begin to use additional numbers (1300 to 1999). These additional numbers are referred to as expanded IP ACLs. After the ACL is defined, it must be applied to the interface (inbound or outbound). 

Extended ACLs 
Extended ACLs control traffic by the comparison of the source and destination addresses of the IP packets to the addresses configured in the ACL. 
In all software releases, the access-list-number can be 100 to 199. In Cisco IOS Software Release 12.0.1, extended ACLs begin to use additional numbers (2000 to 2699). These additional numbers are referred to as expanded IP ACLs. IP Named ACLs 

An example configuration for extended ACL is given below. Note that www is a TCP protocol.:
access-list 100 deny tcp host 10.0.0.2 host 10.0.1.2 eq www
access-list 100 permit ip any any

interface fastEthernet 0/0
ip access-group 100 in
Observe that the command “ip access-group 100 in” applies the access list to the interface fe 0/0.

IP Named ACLs

The standard and extended ACLs to be given names instead of numbers. 
This is the command syntax format for IP named ACLs. 
ip access-list {extended|standard} name

Ref: 
http://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html#ipnamacl

Home
Up               Previous              Next

Copyright © 2000-2016 SimulationExams.com All rights reserved

Website design by Anandsoft.com

Disclaimer: All Simulation Exams practice tests, study guides and/or material are neither sponsored by, nor endorsed by, nor affiliated with Cisco® Systems or any other company. All trademarks are trademarks of their respective owners and duly  acknowledged. CCNA™, CCENT™, ICND2™, CCNP™, CCIE™ are registered trade marks of Cisco® Systems. The practice tests material is a copyright of SimulationExams.com and the same is not approved or endorsed by respective certifying bodies. Thank-you for your interest in Simulation Exams. Please see read me file before you download, install, and/or use any software from SimulationExams.com  For any information or questions regarding this Website, please e-mail webmaster at simulationexams.com