Sim-Ex™ Practice Exams for CCNA:Practice Questions

Access List

Home     Previous      Up     Next

Q2. Which of the following is a valid extended IP access list?

A. access-list 102 permit ip host 164.42.20.0 any eq 80

B. access-list 102 permit ip host 164.42.20.0 any eq www

C. access-list 102 permit tcp host 164.42.20.0 any eq 80

D. access-list 102 permit icmp host 164.42.20.0 any eq www

Correct Answer: C

Explanation:

Standard ACLs 
Standard ACLs control traffic by the comparison of the source address of the IP packets to the addresses configured in the ACL. 
This is the command syntax format of a standard ACL.
access-list access-list-number {permit|deny} 
{host|source source-wildcard|any}
In all software releases, the access-list-number can be anything from 1 to 99. In Cisco IOS Software Release 12.0.1, standard ACLs begin to use additional numbers (1300 to 1999). These additional numbers are referred to as expanded IP ACLs. After the ACL is defined, it must be applied to the interface (inbound or outbound). 

Extended ACLs 
Extended ACLs control traffic by the comparison of the source and destination addresses of the IP packets to the addresses configured in the ACL. 
In all software releases, the access-list-number can be 100 to 199. In Cisco IOS Software Release 12.0.1, extended ACLs begin to use additional numbers (2000 to 2699). These additional numbers are referred to as expanded IP ACLs. IP Named ACLs 

An example configuration for extended ACL is given below. Note that www is a TCP protocol.:
access-list 100 deny tcp host 10.0.0.2 host 10.0.1.2 eq www
access-list 100 permit ip any any

interface fastEthernet 0/0
ip access-group 100 in
Observe that the command “ip access-group 100 in” applies the access list to the interface fe 0/0.

IP Named ACLs

The standard and extended ACLs to be given names instead of numbers. 
This is the command syntax format for IP named ACLs. 
ip access-list {extended|standard} name

Ref: 
http://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html#ipnamacl

Home     Previous      Up     Next


Disclaimer: Simulationexams.com is not affiliated with any certification vendor, and Sim-Ex™ Practice Exams are written independently by SimulationExams.com and not affiliated or authorized by respective certification providers. Sim-Ex™ is a trade mark of SimulationExams.com or entity representing Simulationexams.com.CCNA™ is a trademark of Cisco® systems