Home > ICND2 – Access list Questions

ICND2 – Access list Questions

November 2nd, 2017 in ICND2 200-105 Go to comments

[am4show have=’p2;’]

Premium Member: You can test your knowledge with these questions first via this link.

[/am4show]

Question 1

[am4show have=’p2;’]Which statement about named ACLs is true?

A. They support standard and extended ACLs.
B. They are used to filter usernames and passwords for Telnet and SSH.
C. They are used to filter Layer 7 traffic.
D. They support standard ACLs only.
E. They are used to rate limit traffic destined to targeted networks.

 

Answer: A[/am4show]

Explanation

The syntax of a named ACL is:

ip access-list {standard | extended} {name | number}

Therefore we can configure a standard acl with keyword “standard” and configure an extended acl with keyword “extended”. For example this is how to configure an named extended access-list:

Router(config)#ip access-list extended in_to_out permit tcp host 10.0.0.1 host 187.100.1.6 eq telnet

Question 2

[am4show have=’p2;’]Which identification number is valid for an extended ACL?

A. 1
B. 64
C. 99
D. 100
E. 299
F. 1099

 

Answer: D[/am4show]

Explanation

Below is the range of standard and extended access list:

Access list type Range
Standard 1-99, 1300-1999
Extended 100-199, 2000-2699

In most cases we only need to remember 1-99 is dedicated for standard access lists while 100 to 199 is dedicated for extended access lists.

Question 3

[am4show have=’p2;’]What three pieces of information can be used in an extended access list to filter traffic? (Choose three)

A. VLAN number
B. TCP or UDP port numbers
C. source switch port number
D. source IP address and destination IP address
E. protocol
F. source MAC address and destination MAC address

 

Answer: B D E[/am4show]

Explanation

The syntax of an extended acl is:

access-list access-list-number {permit | deny} protocol source-IP {source-mask} destination-IP {destination-mask} [eq destination-port]

-> We can define protocol, source & destination IP addresses, destination port number.

For example, we will create an extended ACL that will permit FTP traffic (port 20, 21) from network 10.0.0.0/8 to reach 187.100.1.6 but deny other traffic to go through:

Router(config)#access-list 101 permit tcp 10.0.0.0 0.255.255.255 187.100.1.6 0.0.0.0 eq 21
Router(config)#access-list 101 permit tcp 10.0.0.0 0.255.255.255 187.100.1.6 0.0.0.0 eq 20

Question 4

[am4show have=’p2;’]Which statement about access lists that are applied to an interface is true?

A. you can apply only one access list on any interface
B. you can configure one access list, per direction, per layer 3 protocol
C. you can place as many access lists as you want on any interface
D. you can configure one access list, per direction, per layer 2 protocol

 

Answer: B[/am4show]

Explanation

We can have only 1 access list per protocol, per direction and per interface. It means:

+ We can not have 2 inbound access lists on an interface
+ We can have 1 inbound and 1 outbound access list on an interface

Question 5

[am4show have=’p2;’]When you are troubleshooting an ACL issue on a router, which command can help you to verify which interfaces are affected by the ACL?

A. show ip access-lists
B. show access-lists
C. show interface
D. show ip interface
E. list ip interface

 

Answer: D[/am4show]

Question 6

[am4show have=’p2;’]In which solution is a router ACL used?

A. filtering packets that are passing through a router
B. to change the default administrative distance of a route in the route table
C. protecting a server from unauthorized access
D. controlling path selection, based on the route metric

 

Answer: A[/am4show]

Question 7

[am4show have=’p2;’]Refer to the exhibit.

R1# show access-lists
Extended IP access list 175
10 deny tcp any any time-range nonworkhours (active)
20 permit tcp any any time-range workhours (inactive)

While you troubleshoot a connectivity issue to a PC behind R1, you enter the show access-lists command to generate this output. Which reason for the problem is most likely true?

A. The permit all ACL entry on R1 is inactive.
B. The ACL of R1 is misconfigured.
C. A deny all ACL entry is currently active on R1.
D. An implicit deny is causing R1 to block network traffic.

 

Answer: D[/am4show]

Comments (24) Comments
  1. Anonymous
    March 23rd, 2017

    Just explain where are the questions ?

  2. guru
    March 24th, 2017

    Where are the questions amigo?

  3. icnd2 student
    March 29th, 2017
  4. Sparkey Yates
    May 11th, 2017

    Sorry, those are from 2015, icnd2 student. Not going to do us a lot of good.

  5. Nirbad
    May 16th, 2017

    dumps please…no fckn ads

  6. Gary
    May 29th, 2017

    Thanks Tim,
    Those dumps are still good, passed today using them.

  7. Anonymous
    June 14th, 2017

    @i am bhaskar, I have booked my CCNA 200-125 exam on 9 july, plz provide me ccna dumps 200-125 .email me details to (bhaskar.sapkota016 @ gmail dot ca)
    Thanks

  8. Jonas
    June 24th, 2017

    where are the questions

  9. Guy
    June 29th, 2017

    @Jonas

    The questions are visible if you are logged in as a premium member. Not bad at $9 for 45 days. I get really anxious before taking a test so when I did ICND1 I studied and then when I thought I was ready for the test I paid the 9 bucks, we through the tests here and after I felt confident I went in and took the test, it was a breeze.

    Hopefully ICND2 goes as easily.

  10. no
    July 30th, 2017

    Clarification requested: To verify ACLs, one CAN use the APIC-EM Path Trace (just called APIC-EM in the mult choice), but the Wireless LAN Controller absolutely verifies ACLs.

    Bogus answer in icnd2PDF.pdf?

  11. WizIT
    September 28th, 2017

    Hi All,
    I can see explanation of the question and the question number. Where is the real question? Can someone post all the questions please.

  12. Curtis
    November 24th, 2017

    CHeck out https://drive.google.com/open?id=0B5mAFqgydmCzNno3dnFocF9HckU there are a lot of useful stuff here

  13. Anonymous
    November 25th, 2017

    Hello, do you know that you have a few repeated questions here? There aren’t 11 questions actually…so you should remove those and just leave the 7 or 8 questions… I know this service is cheap but come on…I’ve noticed this issue in many of the topics.

  14. Anonymous
    November 29th, 2017

    passed my ccent with 856

  15. Aramjc
    December 23rd, 2017

    this link is just 15% of the real exam i did mine on 11/10/2017
    https://mega.co.nz/#!oIdESYbD!yyu33vygrfKPy4rcmcbV6qW2fxINNoTokuDM3CjA_og

  16. Anonymous
    February 22nd, 2018

    Good day. can some share with me the latest dump for CCNA 200-125 exam to wee_yit at yahoo . com. many many for your help.

  17. Anonymous1
    April 17th, 2018

    ok I’m confused on question 7….the Permit all ACL is not Active on the access-list for during working hours…so how is the answer not A…I totally understand ACL’s and understand that Implicit Deny is a correct Answer as well but since ACL’s read from the top down the first issue should be the Permit Statement….any ideas?

  18. YC
    June 8th, 2018

    Can somebody explain Q7 please? According the ACL it looks like A and C are also correct answers.

  19. Satchmo
    July 16th, 2018

    Q7
    IP would include all traffic. When you want to get specific on filtering a certain type of traffic,
    TCP or UDP, you would use the relevant keywords with your permit or deny statements.
    Not A – Does not include IP keyword
    Not B – It is not misconfigured as such but is merely blocking traffic.
    Not C – There is no deny all ACL entry
    D – There is an implicit deny deny statement here. Any other traffic which does not fall under the 2 acl statements is denied

  20. gold
    August 31st, 2018

    Q7 cannot be D.

    Reasons:
    1) If you are troubelshooting, that means you are at work. During work hours.
    2) If you are troubleshooting during work hours, the work hours ACL should be active, it is not.

    Therefore, the ACL is misconfigured.

  21. marknie
    November 30th, 2018

    R1# show access-lists
    Extended IP access list 175
    10 deny tcp any any time-range nonworkhours (active)
    20 permit tcp any any time-range workhours (inactive)

    sequence 10 : nonworkhours (say 5:01 PM to 7:59 AM) it is active, which is what you want when you are not there…denies tcp (which is EVERY ip protocol) any any, so nothing gets in

    sequence 20: workhours (say 8 AM to 5 PM) it is inactive, so it means nothing, so do not consider it during work hours…

    then left with implicit deny

    if wrong please correct me; want to help us all

  22. Idk
    June 29th, 2019

    Q7

    The question doesn’t say what kind of connection is being attempted or how you are supposed to be troubleshooting it. My guess is that you are supposed to assume that you are trying to ping the PC, which would only match the implicit deny at the end of the ACL.

  23. Anonymous
    October 3rd, 2019

    There is no exhibit.

  24. paseedicnd2mexico
    November 9th, 2019

    I passed ICND2 on November 4th with 854! There are 54 questions, 4 drag and drop 2 labs for me EIGRP and GRE, BGP, ACL, IP SLA, RSTP, HSRP, PPPOE Questions! I have all the labs, and the majority of the questions, I have two courses and a lot of labs to be prepare write alberthdr AT hotmail point com