2

Refer to the exhibit. The new security

policy for the company allows all IP traffic from the Engineering LAN to the Internet while only web traffic from the
ar!eting LAN is allowe" to the Internet. #hich A$L can be applie" in the outboun" "irection of %erial &'( on the
ar!eting router to implement the new security policy)
Correct
Response
Your
Response
access-list 197 permit ip 192.0.2.0 0.0.0.255 any
access-list 197 permit ip 198.18.112.0 0.0.0.255 any eq www
access-list 165 permit ip 192.0.2.0 0.0.0.255 any
access-list 165 permit tcp 198.18.112.0 0.0.0.255 any eq www
access-list 165 permit ip any any
access-list 137 permit ip 192.0.2.0 0.0.0.255 any
access-list 137 permit tcp 198.18.112.0 0.0.0.255 any eq www
access-list 89 permit 192.0.2.0 0.0.0.255 any
access-list 89 permit tcp 198.18.112.0 0.0.0.255 any eq www
*
Refer to the exhibit. +osts from (,2.(-.(2*.& are not
allowe" access to (-2.&.2.& but shoul" be able to access the Internet. #hich set of comman"s will create a stan"ar"
A$L that will apply to traffic outboun" on the %hannon router interface .a&'& implementing this security)
Correct
Response
Your
Response
access-list 12 !eny ip 172.19.123.0 0.0.0.255 192.0.2.0 0.0.0.255
access-list 12 permit ip any any
access-list 56 !eny 172.19.123.0 0.0.0.255
access-list 56 permit any
access-list 61 !eny 172.19.123.0 0.0.0.0
access-list 61 permit any
access-list 87 !eny 192.0.2.0 0.0.0.255
access-list 87 permit any
/
Refer to the exhibit. An
a"ministrator notes a significant increase in the amount of traffic that is entering the networ! from the I%P. The
a"ministrator clears the counters. After a few minutes0 the a"ministrator again chec!s the access1list table. #hat can be
conclu"e" from the output that is shown)
Correct
Response
Your
Response
A small amount of +TTP traffic is an in"ication that the web ser2er was not configure" correctly.
A larger amount of P3P* traffic0 compare" with %TP traffic0 in"icates that there are more P3P* e1
mail clients than %TP clients in the enterprise.
A large amount of I$P traffic is being "enie" at the interface0 which can be an in"ication of a 4o%
attac!.
A larger amount of e1mail traffic0 compare" with web traffic0 is an in"ication that attac!ers mainly
targete" the e1mail ser2er.
A networ! a"ministrator enters the following comman"s on router RT5.
RT56config78 access-list !eny 192.168.20.16 0.0.0.15
RT56config78 access-list permit any
RT56config78 inter"ace serial 0#0#0
RT56config1if78 ip access-$roup in
#hich a""resses are bloc!e" from entering RT5)
Correct
Response
Your
Response
(-2.(9:.2&.(, to (-2.(9:.2&.*(
(-2.(9:.2&.(9 to (-2.(9:.2&.*(
(-2.(9:.2&.(9 to (-2.(9:.2&.*2
(-2.(9:.2&.(, to (-2.(9:.2&.*2
(2
A$L logging generates what type of syslog message)
Correct
Response
Your
Response
unstable networ!
warning
informational
critical situation
(*
Refer to the exhibit.
$ompany policy for the networ! that is shown in"icates the following gui"elines;
(7 All hosts on the (-2.(9:.*.&'2/ networ!0 except host (-2.(9:.*.,,0 shoul" be able to reach the (-2.(9:.2.&'2/
networ!.
27 All hosts on the (-2.(9:.*.&'2/ networ! shoul" be able to reach the (-2.(9:.(.&'2/ networ!.
*7 All other traffic originating from the (-2.(9:.*.& networ! shoul" be "enie".
#hich set of A$L statements meets the state" re<uirements when they are applie" to the .a&'& interface of router R2 in
the inboun" "irection)
Correct
Response
Your
Response
access1list (&( "eny ip any any
access1list (&( "eny ip (-2.(9:.*.,, &.&.&.& (-2.(9:.2.& &.&.&.2==
access1list (&( permit ip (-2.(9:.*.& &.&.&.2== (-2.(9:.2.& &.&.&.2==
access1list (&( permit ip (-2.(9:.*.& &.&.&.2== (-2.(9:.(.& &.&.&.2==
access1list (&( permit ip (-2.(9:.*.& &.&.&.2== (-2.(9:.2.& &.&.&.2==
access1list (&( "eny ip (-2.(9:.*.,, &.&.&.& (-2.(9:.2.& &.&.&.2==
access1list (&( permit ip (-2.(9:.*.& &.&.&.2== (-2.(9:.(.& &.&.&.2==
access1list (&( "eny ip (-2.(9:.*.,, &.&.&.& (-2.(9:.2.& &.&.&.2==
access1list (&( permit ip (-2.(9:.*.& &.&.&.2== (-2.(9:.2.& &.&.&.2==
access1list (&( permit ip (-2.(9:.*.& &.&.&.2== (-2.(9:.(.& &.&.&.2==
access1list (&( permit ip (-2.(9:.*.& &.&.&.2== (-2.(9:.2.& &.&.&.2==
access1list (&( "eny ip (-2.(9:.*.,, &.&.&.& (-2.(9:.2.& &.&.&.2==
access1list (&( permit ip (-2.(9:.*.& &.&.&.2== (-2.(9:.(.& &.&.&.2==
access1list (&( permit ip any any
access1list (&( "eny ip (-2.(9:.*.,, &.&.&.& (-2.(9:.2.& &.&.&.2==
access1list (&( permit ip (-2.(9:.*.& &.&.&.2== (-2.(9:.&.& &.&.2==.2==
(/
#hich A$L statement permits host (&.22&.(=:.(& access to the web ser2er (-2.(9:.*.22/)
Correct
Response
Your
Response
access1list (&( permit tcp host (&.22&.(=:.(& e< :& host (-2.(9:.*.22/
access1list (&( permit tcp (&.22&.(=:.(& &.&.&.& host (-2.(9:.*.22/ &.&.&.& e< :&
access1list (&( permit host (&.22&.(=:.(& &.&.&.& host (-2.(9:.*.22/ &.&.&.& e< :&
access1list (&( permit tcp (&.22&.(=:.(& &.&.&.& host (-2.(9:.*.22/ e< :&
(=
#hich two statements are true about stan"ar" an" exten"e" A$Ls) 6$hoose two.7
Correct
Response
Your
Response
Exten"e" A$Ls filter only on source a""resses an" must be place" near the "estination a""ress.
%tan"ar" A$Ls are usually place" so that all pac!ets go through the networ! an" are filtere" at the
"estination.
%tan"ar" A$Ls are use" when filtering complex re<uirements0 such as specific protocols.
Exten"e" A$Ls filter with many possible factors0 an" are place" near the source a""ress to re"uce
traffic across the networ!.
Properly "esigne" A$Ls ha2e a negati2e impact on networ! a2ailability an" performance.
(-
A$Ls are use" primarily to filter traffic. #hat are two a""itional uses of A$Ls) 6$hoose two.7
Correct
Response
Your
Response
specifying source a""resses for authentication
specifying internal hosts for NAT
i"entifying traffic for >o%
reorgani?ing traffic into @LANs
filtering @TP pac!ets
2&
Refer to the exhibit. A networ! a"ministrator nee"s to
configure an access list that will allow the management host with an IP a""ress of (-2.(9:.(&.2='2/ to be the only host
to remotely access an" configure router RTA. All 2ty an" enable passwor"s are configure" on the router. #hich group
of comman"s will accomplish this tas!)
Correct
Response
Your
Response
Router6config78 access-list 101 permit tcp any 192.168.10.25 0.0.0.0 eq telnet
Router6config78 access-list 101 !eny ip any any
Router6config78 int s0#0
Router6config1if78 ip access-$roup 101 in
Router6config1if78 int "a0#0
Router6config1if78ip access-$roup 101 in
Router6config78 access-list 10 permit 192.168.10.25 eq telnet
Router6config78 access-list 10 !eny any
Router6config78 line %ty 0
Router6config1line78access-$roup 10 in
Router6config78 access-list 86 permit &ost 192.168.10.25
Router6config78 line %ty 0
Router6config1line78 access-class 86 in
Router6config78 access-list 125 permit tcp 192.168.10.25 any eq telnet
Router6config78 access-list 125 !eny ip any any
Router6config78 int s0#0
Router6config1if78 ip access-$roup 125 in
2(
#hat are two possible uses of access control lists in an enterprise networ!) 6$hoose two.7
Correct
Response
Your
Response
limiting "ebug outputs
re"ucing the processing loa" on routers
allowing Layer 2 traffic to be filtere" by a router
controlling 2irtual terminal access to routers
controlling the physical status of router interfaces