SlideShare ist ein Scribd-Unternehmen logo

Cisco discovery drs ent module 8 - v.4 in english.

igede tirtanata
igede tirtanata
1 von 7
Downloaden Sie, um offline zu lesen
Cisco Discovery - DRSEnt Module 8 - V.4 in english. Q.1 Refer to the exhibit. A network administrator needs to add the command deny ip 10.0.0.0 0.255.255.255 any log to R3. After adding the command, the administrator verifies the change using the show access-list command. What sequence number does the new entry have? 0 10, and all other items are shifted down to the next sequence number 50 60 Q.2 Refer to the exhibit. What happens if the network administrator issues the commands shown when an ACL called Managers already exists on the router? The new commands overwrite the current Managers ACL. The new commands are added to the end of the current Managers ACL. The new commands are added to the beginning of the current Managers ACL. An error appears stating that the ACL already exists. Q.3 Why are inbound ACLs more efficient for the router than outbound ACLs? Inbound ACLs deny packets before routing lookups are required. Inbound ACL operation requires less network bandwidth than outbound. Inbound ACLs permit or deny packets to LANs, which are typically more efficient than WANs Inbound ACLs are applied to Ethernet interfaces, while outbound ACLs are applied to slower serial interfaces. Q.4 Refer to the exhibit. The network administrator of a company needs to configure the router RTA to allow its business partner (Partner A) to access the web server located in the internal network. The web server is assigned a private IP address, and a static NAT is configured on the router for its public IP address. Finally, the administrator adds the ACL. However, Partner A is denied access to the web server. What is the cause of the problem?
Port 80 should be specified in the ACL. The public IP address of the server, 209.165.201.5, should be specified as the destination. The ACL should be applied on the s0/0 outbound interface. The source address should be specified as 198.133.219.0 255.255.255.0 in the ACL. Q.5 ACL logging generates what type of syslog message? unstable network warning informational critical situation Q.6 Which two host addresses are included in the range specified by 172.16.31.64 0.0.0.31? (Choose two.) 172.16.31.64 172.16.31.77 172.16.31.78 172.16.31.95 172.16.31.96 Q.7 Traffic from the 64.104.48.0 to 64.104.63.255 range must be denied access to the network. What wildcard mask would the network administrator configure in the access list to cover this range? 0.0.15.255 0.0.47.255 0.0.63.255 255.255.240.0
Q.8 ACLs are used primarily to filter traffic. What are two additional uses of ACLs? (Choose two.) specifying source addresses for authentication specifying internal hosts for NAT identifying traffic for QoS reorganizing traffic into VLANs filtering VTP packets Q.9 What can an administrator do to ensure that ICMP DoS attacks from the outside are mitigated as much as possible, without hampering connectivity tests initiated from the inside out? Create an access list permitting only echo reply and destination unreachable packets from the outside. Create an access list denying all ICMP traffic coming from the outside. Permit ICMP traffic from only known external sources. Create an access list with the established keyword at the end of the line. Q.10 What effect does the command reload in 30 have when entered into a router? If a router process freezes, the router reloads automatically. If a packet from a denied source attempts to enter an interface where an ACL is applied, the router reloads in 30 minutes. If a remote connection lasts for longer than 30 minutes, the router forces the remote user off. A router automatically reloads in 30 minutes. Q.11 Refer to the exhibit. The following commands were entered on RTB. RTB(config)# access-list 4 deny 192.168.20.16 0.0.0.15 RTB(config)# access-list 4 permit any RTB(config)# interface serial 0/0/0 RTB(config-if)# ip access-group 4 in Which addresses do these commands block access to RTB?
192.168.20.17 to 192.168.20.31 192.168.20.16 to 192.168.20.31 192.168.20.16 to 192.168.20.32 192.168.20.16 to 192.168.20.33 Q.12 Refer to the exhibit. The new security policy for the company allows all IP traffic from the Engineering LAN to the Internet while only web traffic from the Marketing LAN is allowed to the Internet. Which ACL can be applied in the outbound direction of Serial 0/1 on the Marketing router to implement the new security policy? access-list 197 permit ip 192.0.2.0 0.0.0.255 any access-list 197 permit ip 198.18.112.0 0.0.0.255 any eq www access-list 165 permit ip 192.0.2.0 0.0.0.255 any access-list 165 permit tcp 198.18.112.0 0.0.0.255 any eq www access-list 165 permit ip any any access-list 137 permit ip 192.0.2.0 0.0.0.255 any access-list 137 permit tcp 198.18.112.0 0.0.0.255 any eq www access-list 89 permit 192.0.2.0 0.0.0.255 any access-list 89 permit tcp 198.18.112.0 0.0.0.255 any eq www Q.13 Which three statements are true concerning standard and extended ACLs? (Choose three.) Extended ACLs are usually placed so that all packets go through the network and are filtered at the destination. Standard ACLs are usually placed so that all packets go through the network and are filtered at the destination. Extended ACLs filter based on source address only, and must be placed near the destination if other traffic is to flow. Standard ACLs filter based on source address only, and must be placed near the destination if other traffic is to flow. Extended ACLs filter with many possible factors, and they allow only desired packets to pass through the network if placed near the source.
Standard ACLs filter with many possible factors, and they allow only desired packets to pass through the network if placed near the source. Q.14 Refer to the exhibit. Company policy for the network that is shown indicates the following guidelines: 1) All hosts on the 192.168.3.0/24 network, except host 192.168.3.77, should be able to reach the 192.168.2.0/24 network. 2) All hosts on the 192.168.3.0/24 network should be able to reach the 192.168.1.0/24 network. 3) All other traffic originating from the 192.168.3.0 network should be denied. Which set of ACL statements meets the stated requirements when they are applied to the Fa0/0 interface of router R2 in the inbound direction? access-list 101 deny ip any any access-list 101 deny ip 192.168.3.77 0.0.0.0 192.168.2.0 0.0.0.255 access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255 access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255 access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255 access-list 101 deny ip 192.168.3.77 0.0.0.0 192.168.2.0 0.0.0.255 access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255 access-list 101 deny ip 192.168.3.77 0.0.0.0 192.168.2.0 0.0.0.255 access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255 access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255 access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255 access-list 101 deny ip 192.168.3.77 0.0.0.0 192.168.2.0 0.0.0.255 access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255 access-list 101 permit ip any any access-list 101 deny ip 192.168.3.77 0.0.0.0 192.168.2.0 0.0.0.255 access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.0.0 0.0.255.255 Q.15 Hosts from the Limerick LAN are not allowed access to the Shannon LAN but should be able to access the Internet. Which set of commands will create a standard ACL that will apply to traffic on the Shannon router interface Fa0/0 implementing this security? access-list 42 deny 172.19.123.0 0.0.0.255 192.0.2.0 0.0.0.255 access-list 42 permit any access-list 56 deny 172.19.123.0 0.0.0.255
access-list 56 permit any access-list 61 deny 172.19.123.0 0.0.0.0 access-list 61 permit any access-list 87 deny ip any 192.0.2.0 0.0.0.255 access-list 87 permit ip any Q.16 Refer to the exhibit. A network administrator needs to configure an access list that will allow the management host with an IP address of 192.168.10.25/24 to be the only host to remotely access and configure router RTA. All vty and enable passwords are configured on the router. Which group of commands will accomplish this task? Router(config)# access-list 101 permit tcp any 192.168.10.25 0.0.0.0 eq telnet Router(config)# access-list 101 deny ip any any Router(config)# int s0/0 Router(config-if)# ip access-group 101 in Router(config-if)# int fa0/0 Router(config-if)#ip access-group 101 in Router(config)# access-list 10 permit 192.168.10.25 eq telnet Router(config)# access-list 10 deny any Router(config)# line vty 0 4 Router(config-line)#access-group 10 in Router(config)# access-list 86 permit host 192.168.10.25 Router(config)# line vty 0 4 Router(config-line)# access-class 86 in Router(config)# access-list 125 permit tcp 192.168.10.25 any eq telnet Router(config)# access-list 125 deny ip any any Router(config)# int s0/0 Router(config-if)# ip access-group 125 in Q.17 Which ACL permits host 10.220.158.10 access to the web server 192.168.3.244? access-list 101 permit tcp host 10.220.158.10 eq 80 host 192.168.3.224 access-list 101 permit tcp 10.220.158.10 0.0.0.0 host 192.168.3.224 0.0.0.0 eq 80 access-list 101 permit host 10.220.158.10 0.0.0.0 host 192.168.3.224 0.0.0.0 eq 80 access-list 101 permit tcp 10.220.158.10 0.0.0.0 host 192.168.3.224 eq 80
Q.18 Which wildcard mask would match the host range for the subnet 192.16.5.32 /27? 0.0.0.32 0.0.0.63 0.0.63.255 0.0.0.31 Q.19 A security administrator wants to secure password exchanges on the vty lines on all routers in the enterprise. What option should be implemented to ensure that passwords are not sent in clear text across the public network? Use Telnet with an authentication server to ensure effective authentication. Apply an access list on the router interfaces to allow only authorized computers. Apply an access list on the vty line to allow only authorized computers. Use only Secure Shell (SSH) on the vty lines. Q.20 Refer to the exhibit. An administrator notes a significant increase in the amount of traffic entering the network from the ISP. The administrator clears the access-list counters. After a few minutes, the administrator again checks the access-list table. What can be concluded from the most recent output shown? A small amount of HTTP trafic is an indication that the web server was not configured correctly. A larger amount of POP3 traffic (compared with SMTP traffic) indicates that there are more POP3 email clients than SMTP clients in the enterprise. A large amount of ICMP traffic is being denied at the interface, which can be an indication of a DoS attack. A larger amount of email traffic (compared with web traffic) is an indication that attackers mainly targeted the email server.

Empfohlen

Ccna 3-discovery-4-0-module-8-100-
Ccna 3-discovery-4-0-module-8-100-Ccna 3-discovery-4-0-module-8-100-
Ccna 3-discovery-4-0-module-8-100-
junkut3
 
4.1.1.10 packet tracer configuring extended ac ls scenario 1
4.1.1.10 packet tracer configuring extended ac ls scenario 14.1.1.10 packet tracer configuring extended ac ls scenario 1
4.1.1.10 packet tracer configuring extended ac ls scenario 1
mps125
 
BACIK CISCO SKILLS
BACIK CISCO SKILLSBACIK CISCO SKILLS
BACIK CISCO SKILLS
Peťko Z Chochoľova
 
Network topology by essay corp uk
Network topology by essay corp ukNetwork topology by essay corp uk
Network topology by essay corp uk
Johnsmith5188
 
CCNA part 7 acl
CCNA part 7 aclCCNA part 7 acl
CCNA part 7 acl
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
Cisco ACL
Cisco ACLCisco ACL
Cisco ACL
faust0
 
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Shu Shin
 
Configure Cisco Routers for Syslog, NTP, and SSH Operations
Configure Cisco Routers for Syslog, NTP, and SSH Operations Configure Cisco Routers for Syslog, NTP, and SSH Operations
Configure Cisco Routers for Syslog, NTP, and SSH Operations
Kelson Silva
 

Empfohlen

Ccna 3-discovery-4-0-module-8-100-
Ccna 3-discovery-4-0-module-8-100-Ccna 3-discovery-4-0-module-8-100-
Ccna 3-discovery-4-0-module-8-100-
junkut3
 
4.1.1.10 packet tracer configuring extended ac ls scenario 1
4.1.1.10 packet tracer configuring extended ac ls scenario 14.1.1.10 packet tracer configuring extended ac ls scenario 1
4.1.1.10 packet tracer configuring extended ac ls scenario 1
mps125
 
BACIK CISCO SKILLS
BACIK CISCO SKILLSBACIK CISCO SKILLS
BACIK CISCO SKILLS
Peťko Z Chochoľova
 
Network topology by essay corp uk
Network topology by essay corp ukNetwork topology by essay corp uk
Network topology by essay corp uk
Johnsmith5188
 
CCNA part 7 acl
CCNA part 7 aclCCNA part 7 acl
CCNA part 7 acl
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
Cisco ACL
Cisco ACLCisco ACL
Cisco ACL
faust0
 
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Uccn1003 -may09_-_lect09_-_access_control_list_acl_
Shu Shin
 
Configure Cisco Routers for Syslog, NTP, and SSH Operations
Configure Cisco Routers for Syslog, NTP, and SSH Operations Configure Cisco Routers for Syslog, NTP, and SSH Operations
Configure Cisco Routers for Syslog, NTP, and SSH Operations
Kelson Silva
 
Deploy Failover/High Availability in ASA Firewall
Deploy Failover/High Availability in ASA FirewallDeploy Failover/High Availability in ASA Firewall
Deploy Failover/High Availability in ASA Firewall
KHNOG
 
Network security lab certification 350 018
Network security lab certification 350 018Network security lab certification 350 018
Network security lab certification 350 018
VISUAL MART - HERBERT PATZAN CARRILLO
 
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor
Salem Trabelsi
 
IPSec VPN
IPSec VPNIPSec VPN
IPSec VPN
NetProtocol Xpert
 
Ccna 1 chapter 11 v4.0 answers 2011
Ccna 1 chapter 11 v4.0 answers 2011Ccna 1 chapter 11 v4.0 answers 2011
Ccna 1 chapter 11 v4.0 answers 2011
Dân Chơi
 
Chapter10ccna
Chapter10ccnaChapter10ccna
Chapter10ccna
robertoxe
 
6.5.1.3 packet tracer layer 2 vlan security instructor
6.5.1.3 packet tracer layer 2 vlan security instructor6.5.1.3 packet tracer layer 2 vlan security instructor
6.5.1.3 packet tracer layer 2 vlan security instructor
Salem Trabelsi
 
Prueba 2 2015
Prueba 2 2015Prueba 2 2015
Prueba 2 2015
Daniel Viveros Sepulveda
 
Basic ip traffic management with access control lists
Basic ip traffic management with access control listsBasic ip traffic management with access control lists
Basic ip traffic management with access control lists
Sourabh Badve
 
Tri aoi training-supplementary_2011.01
Tri aoi training-supplementary_2011.01Tri aoi training-supplementary_2011.01
Tri aoi training-supplementary_2011.01
Ralph Nguyen
 
4.4.1.3 packet tracer configuring a zone-based policy firewall (zpf) instru...
4.4.1.3 packet tracer configuring a zone-based policy firewall (zpf) instru...4.4.1.3 packet tracer configuring a zone-based policy firewall (zpf) instru...
4.4.1.3 packet tracer configuring a zone-based policy firewall (zpf) instru...
Salem Trabelsi
 
ccna-discowey-final-100
ccna-discowey-final-100 ccna-discowey-final-100
ccna-discowey-final-100
junkut3
 
6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor
Salem Trabelsi
 
הגדרת נתבי סיסקו 1.0
הגדרת נתבי סיסקו 1.0הגדרת נתבי סיסקו 1.0
הגדרת נתבי סיסקו 1.0
ELI KENDEL אלי קנדל
 
Eincop Netwax Lab: Vlan and Trunking ii
Eincop Netwax Lab: Vlan and Trunking iiEincop Netwax Lab: Vlan and Trunking ii
Eincop Netwax Lab: Vlan and Trunking ii
Netwax Lab
 
Basic BGP Configuration
Basic BGP ConfigurationBasic BGP Configuration
Basic BGP Configuration
NetProtocol Xpert
 
Modul 5 access control list
Modul 5 access control listModul 5 access control list
Modul 5 access control list
diah risqiwati
 
Ata basicconfig
Ata basicconfigAta basicconfig
Ata basicconfig
Sergey Bernikov
 
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
Salem Trabelsi
 
Acl
AclAcl
Acl
Raghu Kiran
 
Cisco discovery d homesb module 6 - v.4 in english.
Cisco discovery d homesb module 6 - v.4 in english.Cisco discovery d homesb module 6 - v.4 in english.
Cisco discovery d homesb module 6 - v.4 in english.
igede tirtanata
 
Cisco discovery d homesb module 4 - v.4 in english.
Cisco discovery d homesb module 4 - v.4 in english.Cisco discovery d homesb module 4 - v.4 in english.
Cisco discovery d homesb module 4 - v.4 in english.
igede tirtanata
 

Weitere ähnliche Inhalte

Was ist angesagt?

4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor
Salem Trabelsi
 
Ccna 1 chapter 11 v4.0 answers 2011
Ccna 1 chapter 11 v4.0 answers 2011Ccna 1 chapter 11 v4.0 answers 2011
Ccna 1 chapter 11 v4.0 answers 2011
Dân Chơi
 
Chapter10ccna
Chapter10ccnaChapter10ccna
Chapter10ccna
robertoxe
 
6.5.1.3 packet tracer layer 2 vlan security instructor
6.5.1.3 packet tracer layer 2 vlan security instructor6.5.1.3 packet tracer layer 2 vlan security instructor
6.5.1.3 packet tracer layer 2 vlan security instructor
Salem Trabelsi
 
Tri aoi training-supplementary_2011.01
Tri aoi training-supplementary_2011.01Tri aoi training-supplementary_2011.01
Tri aoi training-supplementary_2011.01
Ralph Nguyen
 
4.4.1.3 packet tracer configuring a zone-based policy firewall (zpf) instru...
4.4.1.3 packet tracer configuring a zone-based policy firewall (zpf) instru...4.4.1.3 packet tracer configuring a zone-based policy firewall (zpf) instru...
4.4.1.3 packet tracer configuring a zone-based policy firewall (zpf) instru...
Salem Trabelsi
 
ccna-discowey-final-100
ccna-discowey-final-100 ccna-discowey-final-100
ccna-discowey-final-100
junkut3
 
6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor
Salem Trabelsi
 
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
Salem Trabelsi
 

Was ist angesagt? (20)

Deploy Failover/High Availability in ASA Firewall
Deploy Failover/High Availability in ASA FirewallDeploy Failover/High Availability in ASA Firewall
Deploy Failover/High Availability in ASA Firewall
 
Network security lab certification 350 018
Network security lab certification 350 018Network security lab certification 350 018
Network security lab certification 350 018
 
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor
 
IPSec VPN
IPSec VPNIPSec VPN
IPSec VPN
 
Ccna 1 chapter 11 v4.0 answers 2011
Ccna 1 chapter 11 v4.0 answers 2011Ccna 1 chapter 11 v4.0 answers 2011
Ccna 1 chapter 11 v4.0 answers 2011
 
Chapter10ccna
Chapter10ccnaChapter10ccna
Chapter10ccna
 
6.5.1.3 packet tracer layer 2 vlan security instructor
6.5.1.3 packet tracer layer 2 vlan security instructor6.5.1.3 packet tracer layer 2 vlan security instructor
6.5.1.3 packet tracer layer 2 vlan security instructor
 
Prueba 2 2015
Prueba 2 2015Prueba 2 2015
Prueba 2 2015
 
Basic ip traffic management with access control lists
Basic ip traffic management with access control listsBasic ip traffic management with access control lists
Basic ip traffic management with access control lists
 
Tri aoi training-supplementary_2011.01
Tri aoi training-supplementary_2011.01Tri aoi training-supplementary_2011.01
Tri aoi training-supplementary_2011.01
 
4.4.1.3 packet tracer configuring a zone-based policy firewall (zpf) instru...
4.4.1.3 packet tracer configuring a zone-based policy firewall (zpf) instru...4.4.1.3 packet tracer configuring a zone-based policy firewall (zpf) instru...
4.4.1.3 packet tracer configuring a zone-based policy firewall (zpf) instru...
 
ccna-discowey-final-100
ccna-discowey-final-100 ccna-discowey-final-100
ccna-discowey-final-100
 
6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor
 
הגדרת נתבי סיסקו 1.0
הגדרת נתבי סיסקו 1.0הגדרת נתבי סיסקו 1.0
הגדרת נתבי סיסקו 1.0
 
Eincop Netwax Lab: Vlan and Trunking ii
Eincop Netwax Lab: Vlan and Trunking iiEincop Netwax Lab: Vlan and Trunking ii
Eincop Netwax Lab: Vlan and Trunking ii
 
Basic BGP Configuration
Basic BGP ConfigurationBasic BGP Configuration
Basic BGP Configuration
 
Modul 5 access control list
Modul 5 access control listModul 5 access control list
Modul 5 access control list
 
Ata basicconfig
Ata basicconfigAta basicconfig
Ata basicconfig
 
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
 
Acl
AclAcl
Acl
 

Andere mochten auch

Cisco discovery d homesb module 6 - v.4 in english.
Cisco discovery d homesb module 6 - v.4 in english.Cisco discovery d homesb module 6 - v.4 in english.
Cisco discovery d homesb module 6 - v.4 in english.
igede tirtanata
 
Cisco discovery d homesb module 4 - v.4 in english.
Cisco discovery d homesb module 4 - v.4 in english.Cisco discovery d homesb module 4 - v.4 in english.
Cisco discovery d homesb module 4 - v.4 in english.
igede tirtanata
 
Cisco discovery drs ent module 3 - v.4 in english.
Cisco discovery drs ent module 3 - v.4 in english.Cisco discovery drs ent module 3 - v.4 in english.
Cisco discovery drs ent module 3 - v.4 in english.
igede tirtanata
 
Cisco discovery drs ent module 5 - v.4 in english.
Cisco discovery drs ent module 5 - v.4 in english.Cisco discovery drs ent module 5 - v.4 in english.
Cisco discovery drs ent module 5 - v.4 in english.
igede tirtanata
 
E wallet nfc service payment
E wallet nfc service paymentE wallet nfc service payment
E wallet nfc service payment
igede tirtanata
 
EduDivision-DATACOM NETWORKING
EduDivision-DATACOM NETWORKINGEduDivision-DATACOM NETWORKING
EduDivision-DATACOM NETWORKING
igede tirtanata
 

Andere mochten auch (8)

Cisco discovery d homesb module 6 - v.4 in english.
Cisco discovery d homesb module 6 - v.4 in english.Cisco discovery d homesb module 6 - v.4 in english.
Cisco discovery d homesb module 6 - v.4 in english.
 
Cisco discovery d homesb module 4 - v.4 in english.
Cisco discovery d homesb module 4 - v.4 in english.Cisco discovery d homesb module 4 - v.4 in english.
Cisco discovery d homesb module 4 - v.4 in english.
 
Cisco discovery drs ent module 3 - v.4 in english.
Cisco discovery drs ent module 3 - v.4 in english.Cisco discovery drs ent module 3 - v.4 in english.
Cisco discovery drs ent module 3 - v.4 in english.
 
Cisco discovery drs ent module 5 - v.4 in english.
Cisco discovery drs ent module 5 - v.4 in english.Cisco discovery drs ent module 5 - v.4 in english.
Cisco discovery drs ent module 5 - v.4 in english.
 
iSeries IBM
iSeries IBMiSeries IBM
iSeries IBM
 
E wallet nfc service payment
E wallet nfc service paymentE wallet nfc service payment
E wallet nfc service payment
 
GSM 3G Basic
GSM 3G BasicGSM 3G Basic
GSM 3G Basic
 
EduDivision-DATACOM NETWORKING
EduDivision-DATACOM NETWORKINGEduDivision-DATACOM NETWORKING
EduDivision-DATACOM NETWORKING
 

Ähnlich wie Cisco discovery drs ent module 8 - v.4 in english.

Practice exam #2
Practice exam #2Practice exam #2
Practice exam #2
Kris Mofu
 
Lab8 Controlling traffic using Extended ACL Objectives Per.pdf
Lab8 Controlling traffic using Extended ACL Objectives Per.pdfLab8 Controlling traffic using Extended ACL Objectives Per.pdf
Lab8 Controlling traffic using Extended ACL Objectives Per.pdf
adityacommunication1
 
26.2.1 Packet Tracer - Configure Extended IPv4 ACLs - Scenario 1 - ITExamAnsw...
26.2.1 Packet Tracer - Configure Extended IPv4 ACLs - Scenario 1 - ITExamAnsw...26.2.1 Packet Tracer - Configure Extended IPv4 ACLs - Scenario 1 - ITExamAnsw...
26.2.1 Packet Tracer - Configure Extended IPv4 ACLs - Scenario 1 - ITExamAnsw...
rediani
 
Cisco discovery drs ent module 10 - v.4 in english.
Cisco discovery drs ent module 10 - v.4 in english.Cisco discovery drs ent module 10 - v.4 in english.
Cisco discovery drs ent module 10 - v.4 in english.
igede tirtanata
 
1 SEC450 ACL Tutorial This document highlights.docx
1 SEC450 ACL Tutorial This document highlights.docx1 SEC450 ACL Tutorial This document highlights.docx
1 SEC450 ACL Tutorial This document highlights.docx
dorishigh
 
CIsco ACL- Network and host security
CIsco ACL- Network and host securityCIsco ACL- Network and host security
CIsco ACL- Network and host security
Shiv Koppad
 
Router security-configuration-guide-executive-summary
Router security-configuration-guide-executive-summaryRouter security-configuration-guide-executive-summary
Router security-configuration-guide-executive-summary
moonmanik
 
4.1.1.10 Packet Tracer - Configuring Extended ACLs Scenario 1.pdf
4.1.1.10 Packet Tracer - Configuring Extended ACLs Scenario 1.pdf4.1.1.10 Packet Tracer - Configuring Extended ACLs Scenario 1.pdf
4.1.1.10 Packet Tracer - Configuring Extended ACLs Scenario 1.pdf
ssuserf7cd2b
 
Ccna 2 chapter 5 v4.0 answers 2011
Ccna 2 chapter 5 v4.0 answers 2011Ccna 2 chapter 5 v4.0 answers 2011
Ccna 2 chapter 5 v4.0 answers 2011
Dân Chơi
 

Ähnlich wie Cisco discovery drs ent module 8 - v.4 in english. (20)

Network Design on cisco packet tracer 6.0
Network Design on cisco packet tracer 6.0Network Design on cisco packet tracer 6.0
Network Design on cisco packet tracer 6.0
 
Practice exam #2
Practice exam #2Practice exam #2
Practice exam #2
 
Lab8 Controlling traffic using Extended ACL Objectives Per.pdf
Lab8 Controlling traffic using Extended ACL Objectives Per.pdfLab8 Controlling traffic using Extended ACL Objectives Per.pdf
Lab8 Controlling traffic using Extended ACL Objectives Per.pdf
 
Ccna 3 Final V4.0 Answers
Ccna 3 Final V4.0 AnswersCcna 3 Final V4.0 Answers
Ccna 3 Final V4.0 Answers
 
Chapter10ccna
Chapter10ccnaChapter10ccna
Chapter10ccna
 
Chapter10ccna
Chapter10ccnaChapter10ccna
Chapter10ccna
 
Ip Access Lists
Ip Access ListsIp Access Lists
Ip Access Lists
 
26.2.1 Packet Tracer - Configure Extended IPv4 ACLs - Scenario 1 - ITExamAnsw...
26.2.1 Packet Tracer - Configure Extended IPv4 ACLs - Scenario 1 - ITExamAnsw...26.2.1 Packet Tracer - Configure Extended IPv4 ACLs - Scenario 1 - ITExamAnsw...
26.2.1 Packet Tracer - Configure Extended IPv4 ACLs - Scenario 1 - ITExamAnsw...
 
Ccna 4 Final 2 Version 4.0 Answers
Ccna 4 Final 2 Version 4.0 AnswersCcna 4 Final 2 Version 4.0 Answers
Ccna 4 Final 2 Version 4.0 Answers
 
Cisco discovery drs ent module 10 - v.4 in english.
Cisco discovery drs ent module 10 - v.4 in english.Cisco discovery drs ent module 10 - v.4 in english.
Cisco discovery drs ent module 10 - v.4 in english.
 
1 SEC450 ACL Tutorial This document highlights.docx
1 SEC450 ACL Tutorial This document highlights.docx1 SEC450 ACL Tutorial This document highlights.docx
1 SEC450 ACL Tutorial This document highlights.docx
 
Icnd210 s06l02
Icnd210 s06l02Icnd210 s06l02
Icnd210 s06l02
 
CCNA_RSE_Chp7.pptx
CCNA_RSE_Chp7.pptxCCNA_RSE_Chp7.pptx
CCNA_RSE_Chp7.pptx
 
CIsco ACL- Network and host security
CIsco ACL- Network and host securityCIsco ACL- Network and host security
CIsco ACL- Network and host security
 
Router security-configuration-guide-executive-summary
Router security-configuration-guide-executive-summaryRouter security-configuration-guide-executive-summary
Router security-configuration-guide-executive-summary
 
4.1.1.10 Packet Tracer - Configuring Extended ACLs Scenario 1.pdf
4.1.1.10 Packet Tracer - Configuring Extended ACLs Scenario 1.pdf4.1.1.10 Packet Tracer - Configuring Extended ACLs Scenario 1.pdf
4.1.1.10 Packet Tracer - Configuring Extended ACLs Scenario 1.pdf
 
CMIT 350 FINAL EXAM CCNA CERTIFICATION PRACTICE EXAM
CMIT 350 FINAL EXAM CCNA CERTIFICATION PRACTICE EXAMCMIT 350 FINAL EXAM CCNA CERTIFICATION PRACTICE EXAM
CMIT 350 FINAL EXAM CCNA CERTIFICATION PRACTICE EXAM
 
Ccna 2 chapter 5 v4.0 answers 2011
Ccna 2 chapter 5 v4.0 answers 2011Ccna 2 chapter 5 v4.0 answers 2011
Ccna 2 chapter 5 v4.0 answers 2011
 
Ccna 4 Chapter 8 V4.0 Answers
Ccna 4 Chapter 8 V4.0 AnswersCcna 4 Chapter 8 V4.0 Answers
Ccna 4 Chapter 8 V4.0 Answers
 
Icnd210 s06l01
Icnd210 s06l01Icnd210 s06l01
Icnd210 s06l01
 

Mehr von igede tirtanata

Cisco discovery drs ent module 4 - v.4 in english.
Cisco discovery drs ent module 4 - v.4 in english.Cisco discovery drs ent module 4 - v.4 in english.
Cisco discovery drs ent module 4 - v.4 in english.
igede tirtanata
 
Cisco discovery drs ent module 6 - v.4 in english.
Cisco discovery drs ent module 6 - v.4 in english.Cisco discovery drs ent module 6 - v.4 in english.
Cisco discovery drs ent module 6 - v.4 in english.
igede tirtanata
 
Cisco discovery drs ent module 7 - v.4 in english.
Cisco discovery drs ent module 7 - v.4 in english.Cisco discovery drs ent module 7 - v.4 in english.
Cisco discovery drs ent module 7 - v.4 in english.
igede tirtanata
 
Cisco discovery d homesb module 10 final exam - v.4 in english.
Cisco discovery d homesb module 10 final exam - v.4 in english.Cisco discovery d homesb module 10 final exam - v.4 in english.
Cisco discovery d homesb module 10 final exam - v.4 in english.
igede tirtanata
 
Cisco discovery d homesb module 7 - v.4 in english.
Cisco discovery d homesb module 7 - v.4 in english.Cisco discovery d homesb module 7 - v.4 in english.
Cisco discovery d homesb module 7 - v.4 in english.
igede tirtanata
 
Cisco discovery d homesb module 7 - v.4 in english.
Cisco discovery d homesb module 7 - v.4 in english.Cisco discovery d homesb module 7 - v.4 in english.
Cisco discovery d homesb module 7 - v.4 in english.
igede tirtanata
 
Cisco discovery d homesb module 10 final exam - v.4 in english.
Cisco discovery d homesb module 10 final exam - v.4 in english.Cisco discovery d homesb module 10 final exam - v.4 in english.
Cisco discovery d homesb module 10 final exam - v.4 in english.
igede tirtanata
 

Mehr von igede tirtanata (20)

Cisco discovery drs ent module 4 - v.4 in english.
Cisco discovery drs ent module 4 - v.4 in english.Cisco discovery drs ent module 4 - v.4 in english.
Cisco discovery drs ent module 4 - v.4 in english.
 
Cisco discovery drs ent module 6 - v.4 in english.
Cisco discovery drs ent module 6 - v.4 in english.Cisco discovery drs ent module 6 - v.4 in english.
Cisco discovery drs ent module 6 - v.4 in english.
 
Cisco discovery drs ent module 7 - v.4 in english.
Cisco discovery drs ent module 7 - v.4 in english.Cisco discovery drs ent module 7 - v.4 in english.
Cisco discovery drs ent module 7 - v.4 in english.
 
Cisco discovery d homesb module 10 final exam - v.4 in english.
Cisco discovery d homesb module 10 final exam - v.4 in english.Cisco discovery d homesb module 10 final exam - v.4 in english.
Cisco discovery d homesb module 10 final exam - v.4 in english.
 
Cisco discovery d homesb module 7 - v.4 in english.
Cisco discovery d homesb module 7 - v.4 in english.Cisco discovery d homesb module 7 - v.4 in english.
Cisco discovery d homesb module 7 - v.4 in english.
 
Cisco discovery d homesb module 7 - v.4 in english.
Cisco discovery d homesb module 7 - v.4 in english.Cisco discovery d homesb module 7 - v.4 in english.
Cisco discovery d homesb module 7 - v.4 in english.
 
Cisco discovery d homesb module 10 final exam - v.4 in english.
Cisco discovery d homesb module 10 final exam - v.4 in english.Cisco discovery d homesb module 10 final exam - v.4 in english.
Cisco discovery d homesb module 10 final exam - v.4 in english.
 
Ccna1v31 mod09
Ccna1v31 mod09Ccna1v31 mod09
Ccna1v31 mod09
 
Ccna1v31 mod07
Ccna1v31 mod07Ccna1v31 mod07
Ccna1v31 mod07
 
Ccna1v31 mod06
Ccna1v31 mod06Ccna1v31 mod06
Ccna1v31 mod06
 
Ccna1v31 mod05
Ccna1v31 mod05Ccna1v31 mod05
Ccna1v31 mod05
 
Ccna1v31 mod04
Ccna1v31 mod04Ccna1v31 mod04
Ccna1v31 mod04
 
Ccna1v31 mod03
Ccna1v31 mod03Ccna1v31 mod03
Ccna1v31 mod03
 
Ccna1v31 mod02
Ccna1v31 mod02Ccna1v31 mod02
Ccna1v31 mod02
 
Ccna1v31 mod01
Ccna1v31 mod01Ccna1v31 mod01
Ccna1v31 mod01
 
Ccna1v3 mod11
Ccna1v3 mod11Ccna1v3 mod11
Ccna1v3 mod11
 
Ccna1v3 mod10
Ccna1v3 mod10Ccna1v3 mod10
Ccna1v3 mod10
 
Ccna1v3 mod09
Ccna1v3 mod09Ccna1v3 mod09
Ccna1v3 mod09
 
Ccna1v3 mod08
Ccna1v3 mod08Ccna1v3 mod08
Ccna1v3 mod08
 
Ccna1v3 mod03
Ccna1v3 mod03Ccna1v3 mod03
Ccna1v3 mod03
 

Cisco discovery drs ent module 8 - v.4 in english.

  • 1. Cisco Discovery - DRSEnt Module 8 - V.4 in english. Q.1 Refer to the exhibit. A network administrator needs to add the command deny ip 10.0.0.0 0.255.255.255 any log to R3. After adding the command, the administrator verifies the change using the show access-list command. What sequence number does the new entry have? 0 10, and all other items are shifted down to the next sequence number 50 60 Q.2 Refer to the exhibit. What happens if the network administrator issues the commands shown when an ACL called Managers already exists on the router? The new commands overwrite the current Managers ACL. The new commands are added to the end of the current Managers ACL. The new commands are added to the beginning of the current Managers ACL. An error appears stating that the ACL already exists. Q.3 Why are inbound ACLs more efficient for the router than outbound ACLs? Inbound ACLs deny packets before routing lookups are required. Inbound ACL operation requires less network bandwidth than outbound. Inbound ACLs permit or deny packets to LANs, which are typically more efficient than WANs Inbound ACLs are applied to Ethernet interfaces, while outbound ACLs are applied to slower serial interfaces. Q.4 Refer to the exhibit. The network administrator of a company needs to configure the router RTA to allow its business partner (Partner A) to access the web server located in the internal network. The web server is assigned a private IP address, and a static NAT is configured on the router for its public IP address. Finally, the administrator adds the ACL. However, Partner A is denied access to the web server. What is the cause of the problem?
  • 2. Port 80 should be specified in the ACL. The public IP address of the server, 209.165.201.5, should be specified as the destination. The ACL should be applied on the s0/0 outbound interface. The source address should be specified as 198.133.219.0 255.255.255.0 in the ACL. Q.5 ACL logging generates what type of syslog message? unstable network warning informational critical situation Q.6 Which two host addresses are included in the range specified by 172.16.31.64 0.0.0.31? (Choose two.) 172.16.31.64 172.16.31.77 172.16.31.78 172.16.31.95 172.16.31.96 Q.7 Traffic from the 64.104.48.0 to 64.104.63.255 range must be denied access to the network. What wildcard mask would the network administrator configure in the access list to cover this range? 0.0.15.255 0.0.47.255 0.0.63.255 255.255.240.0
  • 3. Q.8 ACLs are used primarily to filter traffic. What are two additional uses of ACLs? (Choose two.) specifying source addresses for authentication specifying internal hosts for NAT identifying traffic for QoS reorganizing traffic into VLANs filtering VTP packets Q.9 What can an administrator do to ensure that ICMP DoS attacks from the outside are mitigated as much as possible, without hampering connectivity tests initiated from the inside out? Create an access list permitting only echo reply and destination unreachable packets from the outside. Create an access list denying all ICMP traffic coming from the outside. Permit ICMP traffic from only known external sources. Create an access list with the established keyword at the end of the line. Q.10 What effect does the command reload in 30 have when entered into a router? If a router process freezes, the router reloads automatically. If a packet from a denied source attempts to enter an interface where an ACL is applied, the router reloads in 30 minutes. If a remote connection lasts for longer than 30 minutes, the router forces the remote user off. A router automatically reloads in 30 minutes. Q.11 Refer to the exhibit. The following commands were entered on RTB. RTB(config)# access-list 4 deny 192.168.20.16 0.0.0.15 RTB(config)# access-list 4 permit any RTB(config)# interface serial 0/0/0 RTB(config-if)# ip access-group 4 in Which addresses do these commands block access to RTB?
  • 4. 192.168.20.17 to 192.168.20.31 192.168.20.16 to 192.168.20.31 192.168.20.16 to 192.168.20.32 192.168.20.16 to 192.168.20.33 Q.12 Refer to the exhibit. The new security policy for the company allows all IP traffic from the Engineering LAN to the Internet while only web traffic from the Marketing LAN is allowed to the Internet. Which ACL can be applied in the outbound direction of Serial 0/1 on the Marketing router to implement the new security policy? access-list 197 permit ip 192.0.2.0 0.0.0.255 any access-list 197 permit ip 198.18.112.0 0.0.0.255 any eq www access-list 165 permit ip 192.0.2.0 0.0.0.255 any access-list 165 permit tcp 198.18.112.0 0.0.0.255 any eq www access-list 165 permit ip any any access-list 137 permit ip 192.0.2.0 0.0.0.255 any access-list 137 permit tcp 198.18.112.0 0.0.0.255 any eq www access-list 89 permit 192.0.2.0 0.0.0.255 any access-list 89 permit tcp 198.18.112.0 0.0.0.255 any eq www Q.13 Which three statements are true concerning standard and extended ACLs? (Choose three.) Extended ACLs are usually placed so that all packets go through the network and are filtered at the destination. Standard ACLs are usually placed so that all packets go through the network and are filtered at the destination. Extended ACLs filter based on source address only, and must be placed near the destination if other traffic is to flow. Standard ACLs filter based on source address only, and must be placed near the destination if other traffic is to flow. Extended ACLs filter with many possible factors, and they allow only desired packets to pass through the network if placed near the source.
  • 5. Standard ACLs filter with many possible factors, and they allow only desired packets to pass through the network if placed near the source. Q.14 Refer to the exhibit. Company policy for the network that is shown indicates the following guidelines: 1) All hosts on the 192.168.3.0/24 network, except host 192.168.3.77, should be able to reach the 192.168.2.0/24 network. 2) All hosts on the 192.168.3.0/24 network should be able to reach the 192.168.1.0/24 network. 3) All other traffic originating from the 192.168.3.0 network should be denied. Which set of ACL statements meets the stated requirements when they are applied to the Fa0/0 interface of router R2 in the inbound direction? access-list 101 deny ip any any access-list 101 deny ip 192.168.3.77 0.0.0.0 192.168.2.0 0.0.0.255 access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255 access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255 access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255 access-list 101 deny ip 192.168.3.77 0.0.0.0 192.168.2.0 0.0.0.255 access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255 access-list 101 deny ip 192.168.3.77 0.0.0.0 192.168.2.0 0.0.0.255 access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255 access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255 access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255 access-list 101 deny ip 192.168.3.77 0.0.0.0 192.168.2.0 0.0.0.255 access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255 access-list 101 permit ip any any access-list 101 deny ip 192.168.3.77 0.0.0.0 192.168.2.0 0.0.0.255 access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.0.0 0.0.255.255 Q.15 Hosts from the Limerick LAN are not allowed access to the Shannon LAN but should be able to access the Internet. Which set of commands will create a standard ACL that will apply to traffic on the Shannon router interface Fa0/0 implementing this security? access-list 42 deny 172.19.123.0 0.0.0.255 192.0.2.0 0.0.0.255 access-list 42 permit any access-list 56 deny 172.19.123.0 0.0.0.255
  • 6. access-list 56 permit any access-list 61 deny 172.19.123.0 0.0.0.0 access-list 61 permit any access-list 87 deny ip any 192.0.2.0 0.0.0.255 access-list 87 permit ip any Q.16 Refer to the exhibit. A network administrator needs to configure an access list that will allow the management host with an IP address of 192.168.10.25/24 to be the only host to remotely access and configure router RTA. All vty and enable passwords are configured on the router. Which group of commands will accomplish this task? Router(config)# access-list 101 permit tcp any 192.168.10.25 0.0.0.0 eq telnet Router(config)# access-list 101 deny ip any any Router(config)# int s0/0 Router(config-if)# ip access-group 101 in Router(config-if)# int fa0/0 Router(config-if)#ip access-group 101 in Router(config)# access-list 10 permit 192.168.10.25 eq telnet Router(config)# access-list 10 deny any Router(config)# line vty 0 4 Router(config-line)#access-group 10 in Router(config)# access-list 86 permit host 192.168.10.25 Router(config)# line vty 0 4 Router(config-line)# access-class 86 in Router(config)# access-list 125 permit tcp 192.168.10.25 any eq telnet Router(config)# access-list 125 deny ip any any Router(config)# int s0/0 Router(config-if)# ip access-group 125 in Q.17 Which ACL permits host 10.220.158.10 access to the web server 192.168.3.244? access-list 101 permit tcp host 10.220.158.10 eq 80 host 192.168.3.224 access-list 101 permit tcp 10.220.158.10 0.0.0.0 host 192.168.3.224 0.0.0.0 eq 80 access-list 101 permit host 10.220.158.10 0.0.0.0 host 192.168.3.224 0.0.0.0 eq 80 access-list 101 permit tcp 10.220.158.10 0.0.0.0 host 192.168.3.224 eq 80
  • 7. Q.18 Which wildcard mask would match the host range for the subnet 192.16.5.32 /27? 0.0.0.32 0.0.0.63 0.0.63.255 0.0.0.31 Q.19 A security administrator wants to secure password exchanges on the vty lines on all routers in the enterprise. What option should be implemented to ensure that passwords are not sent in clear text across the public network? Use Telnet with an authentication server to ensure effective authentication. Apply an access list on the router interfaces to allow only authorized computers. Apply an access list on the vty line to allow only authorized computers. Use only Secure Shell (SSH) on the vty lines. Q.20 Refer to the exhibit. An administrator notes a significant increase in the amount of traffic entering the network from the ISP. The administrator clears the access-list counters. After a few minutes, the administrator again checks the access-list table. What can be concluded from the most recent output shown? A small amount of HTTP trafic is an indication that the web server was not configured correctly. A larger amount of POP3 traffic (compared with SMTP traffic) indicates that there are more POP3 email clients than SMTP clients in the enterprise. A large amount of ICMP traffic is being denied at the interface, which can be an indication of a DoS attack. A larger amount of email traffic (compared with web traffic) is an indication that attackers mainly targeted the email server.