+ Reply to Thread
Results 1 to 2 of 2

Thread: Chapter 10 - Exam Preparation Questions and Answers [Security & ACL]

  1. #1
    Junior Member
    Join Date
    Apr 2012
    Posts
    17

    Chapter 10 - Exam Preparation Questions and Answers [Security & ACL]

    1) You want to only allow an ip address : 192.168.1.15 to access your router via telnet.
    What series of commands will you use ?
    Code:
    access-list 3 permit host 192.168.1.15
    line vty 0 4
    access—class 3 in

    2) You want to deny access to server at 192.16.5.5 from any host comming from this subnet : 192.16.5.128/28.
    What series of commands will you use ?
    Code:
    access—list 101 deny tcp 192.16.5.128 0.0.0.15 192.16.5.5 0.0.0.0 eq 23
    access—list 101 permit ip any any
    
    eq = 23 because /28 is 23 Network bits on
    0.0.0.15 is a wildcard

    3) Why using service password-encryption command is good?
    Code:
    because It will encrypt all current and future passwords.

    4) What IPSec security protocol should be used when confidentiality is a must?
    Code:
    ESP

    5) State two security appliances which could be installed on a network
    Code:
    IDS
    IPS

    6) Which CLI mode is secured when using the enable secret command?
    Code:
    privileged EXEC mode

    7) What security protocol is commonly used as a standard protocol in VPN to provide secure end-to-end connections?
    Code:
    IPSec

    8) What device is used to manage an IPSec site-to-site VPN?
    Code:
    Cisco Adaptive Security Appliance

    9) What VPN technology ensures that the sent data is being read by its intended incipient ?
    Code:
    Authentication

    10) What three pieces of information that can be used to filter traffic?
    Code:
    1) TCP or UDP port numbers
    2) Source and Destination IP Address
    3) Protocol

    11) What is the main standard parameter ACL uses to filter traffic?
    Code:
    Source IP Address

    12) What algorithms must be used when verifying data integrity ?
    Code:
    HMAC-MD5
    HMAC-SHA1

    13) What Type of ACL will be used to allow a temporary access for a remote user with username and password ?
    Code:
    Dynamic

    14) How to determine if an ACL is assigned to an interface?
    Code:
    Simply applying that command :
    show ip interface [interface name]

    15) What is the name of network attack that floods the server with TCP Packets?
    Code:
    Denial Of Service [DOS Attack]

    16) Given these IP Addresses :
    source ip address: 192.168.15.5; destination port: 21
    source ip address: 192.168.15.37 destination port: 21
    source ip address: 192.168.15.41 destination port: 21
    source ip address: 192.168.15.36 destination port: 23
    source ip address: 192.168.15.46; destination port: 23
    source ip address: 192.168.15.49 destination port: 23

    Based on that figure which two packets will be denied ?
    Code:
    source ip address: 192.168.15.36 destination port: 23
    source ip address: 192.168.15.46; destination port: 23

    17) You are applying this ACL on the E0 interface of the router
    The interface is connected to the 192.168.1.8/29 LAN.
    How will the above access lists affect traffic?
    Click image for larger version

Name:	17.PNG
Views:	0
Size:	31.2 KB
ID:	187
    Code:
    All traffic exiting E0 will be denied.

    18) ACL has been written with these below four statements, How can you summarize that in one command only ?
    Click image for larger version

Name:	18.PNG
Views:	0
Size:	41.3 KB
ID:	188
    Code:
    access-list 10 permit 172.29.16.0 0.0.3.255

    19) You are requested to prevent all packets comming from Router 1 to Enter Router 2, What command will you use to accomplish that ?
    Click image for larger version

Name:	19.PNG
Views:	0
Size:	37.1 KB
ID:	189
    Code:
    ip access-group 101 in

    20) ACL is applied on R1, Which TELNET Session will be blocked by this ACL?
    Click image for larger version

Name:	20.jpg
Views:	0
Size:	26.1 KB
ID:	190
    Code:
    From PC 1 to Host 5.1.3.10
    From PC 2 to Host 5.1.3.8

    21) What is the effect of applying this ACL configuration on 172.16.16.0 subnet when trying to connect to SVR-A using telnet or SSH?
    Click image for larger version

Name:	21.jpg
Views:	0
Size:	36.3 KB
ID:	191
    Code:
    Devices will be able to use SSH, but not Telnet.

  2. #2
    Junior Member
    Join Date
    Apr 2012
    Posts
    17
    22) What is effect of this ACL configuration on RA ?
    Click image for larger version

Name:	22.jpg
Views:	0
Size:	21.3 KB
ID:	192
    Code:
    That will prevent students from accessing the command prompt of RA

    23) After applying this ACL, What will happen to traffic coming from internet to 172.16.12.10?
    Click image for larger version

Name:	23.PNG
Views:	0
Size:	30.8 KB
ID:	193
    Code:
    Traffic will be dropped.
    Because this ACL Denies all HTTP Traffic

    24) PC 1 must not be accessing the server, What commands are required to prevent PC 1 from accessing the server while allowing other Hosts to access the server?
    Click image for larger version

Name:	24.jpg
Views:	1
Size:	14.8 KB
ID:	194
    Code:
    Router(config)# interface fa0/0
    Router(config-if)# ip access-group 101 in
    Router(config)# access-list 101 deny ip host 172.16.161.150 host 172.16.162.163
    Router(config)# access-list 101 permit ip any any

+ Reply to Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts