BÀI TẬP 06 - CÁC GIAO THỨC ĐỊNH TUYẾN

Số câu: 25 câu
Thời gian: 30 phút
Họ và tên: *
Nguyễn Hoàng Anh
MSSV: *
20200128
BÀI TẬP 06

Which two conditions would cause a router to drop a packet? (Choose two.)

*
No routing table entry exists for the packet destination, but the packet matches a permitted address in an outbound ACL.
No outbound ACL exists on the interface where the packet exits the router.
The packet source address does not match the source as permitted in a standard inbound ACE.
No inbound ACL exists on the interface where the packet enters the router.
The ACL that is affecting the packet does not contain at least one deny ACE.
Bắt buộc

A network administrator configures an ACL with the command

R1(config)# access-list 1 permit 172.16.0.0 0.0.15.255

Which two IP addresses will match this ACL statement? (Choose two.)

*
172.16.15.36
172.16.0.255
172.16.65.21
172.16.31.24
172.16.16.12
Bắt buộc
Which two statements describe appropriate general guidelines for configuring and applying ACLs? (Choose two.)
*
Multiple ACLs per protocol and per direction can be applied to an interface.
The most specific ACL statements should be entered first because of the top-down sequential nature of ACLs.
If a single ACL is to be applied to multiple interfaces, it must be configured with a unique number for each interface.
If an ACL contains no permit statements, all traffic is denied by default.
Standard ACLs are placed closest to the source, whereas extended ACLs are placed closest to the destination.
Bắt buộc

What single access list statement matches all of the following networks?

192.168.16.0
192.168.17.0
192.168.18.0
192.168.19.0
*
access-list 10 permit 192.168.16.0 0.0.15.255
access-list 10 permit 192.168.16.0 0.0.3.255
access-list 10 permit 192.168.0.0 0.0.15.255
access-list 10 permit 192.168.16.0 0.0.0.255
A network administrator is configuring an ACL to restrict access to certain servers in the data center. The intent is to apply the
ACL to the interface connected to the data
center LAN. What happens if the ACL is incorrectly applied to an interface in the inbound direction instead of the outbound
direction?
*
The ACL will analyze traffic after it is routed to the outbound interface.
All traffic is denied.
The ACL does not perform as designed.
All traffic is permitted.
In applying an ACL to a router interface, which traffic is designated as outbound?
*
traffic that is coming from the source IP address into the router
traffic that is leaving the router and going toward the destination host
traffic for which the router can find no routing table entry
traffic that is going from the destination IP address into the router

When creating an ACL, which keyword should be used to document and interpret the purpose of the ACL statement on a Cisco
device?

*
description
established
eq
remark
Which range represents all the IP addresses that are affected when network 10.120.160.0 with a wildcard mask of 0.0.7.255 is
used in an ACE?
*
10.120.160.0 to 10.127.255.255
10.120.160.0 to 10.120.167.255
10.120.160.0 to 10.120.168.0
10.120.160.0 to 10.120.191.255
If the provided ACEs are in the same ACL, which ACE should be listed first in the ACL according to best practice?
*
permit tcp 172.16.0.0 0.0.3.255 any established
permit udp 172.16.0.0 0.0.255.255 host 172.16.1.5 eq snmptrap
permit udp any any range 10000 20000
permit ip any any
deny udp any host 172.16.1.5 eq snmptrap
deny tcp any any eq telnet
Which operator is used in an ACL statement to match packets of a specific application?
*
established
gt
eq
lt
The computers used by the network administrators for a school are on the 10.7.0.0/27 network. Which two commands are
needed at a minimum to apply an ACL that will ensure that only devices that are used by the network administrators will be
allowed Telnet access to the routers? (Choose two.)
*
access-list 5 permit 10.7.0.0 0.0.0.31
access-list standard VTY
ip access-group 5 out
access-list 5 deny any
access-class 5 in
permit 10.7.0.0 0.0.0.127
ip access-group 5 in
Bắt buộc

Consider the configured access list.

R1# show access-lists

extended IP access list 100

deny tcp host 10.1.1.2 host 10.1.1.1 eq telnet

deny tcp host 10.1.2.2 host 10.1.2.1 eq telnet

permit ip any any (15 matches)

What are two characteristics of this access list? (Choose two.)

*
Only the 10.1.1.2 device can telnet to the router that has the 10.1.1.1 IP address assigned.
The 10.1.2.1 device is not allowed to telnet to the 10.1.2.2 device.
A network administrator would not be able to tell if the access list has been applied to an interface or not.
Any device can telnet to the 10.1.2.1 device.
The access list has been applied to an interface.
Any device on the 10.1.1.0/24 network (except the 10.1.1.2 device) can telnet to the router that has the IP address 10.1.1.1 assigned.
Bắt buộc
Which access list statement permits HTTP traffic that is sourced from host 10.1.129.100 port 4300 and destined to host
192.168.30.10?
*
access-list 101 permit tcp host 192.168.30.10 eq 80 10.1.0.0 0.0.255.255 eq 4300
access-list 101 permit tcp any eq 4300
access-list 101 permit tcp 192.168.30.10 0.0.0.0 eq 80 10.1.0.0 0.0.255.255
access-list 101 permit tcp 10.1.128.0 0.0.1.255 eq 4300 192.168.30.0 0.0.0.15 eq www
access-list 101 permit tcp 10.1.129.0 0.0.0.255 eq www 192.168.30.10 0.0.0.0 eq www

What packets would match the access control list statement that is shown below?

*
any TCP traffic from the 172.16.0.0 network to any destination network
SSH traffic from the 172.16.0.0 network to any destination network
access-list 110 permit tcp 172.16.0.0 0.0.0.255 any eq 22
any TCP traffic from any host to the 172.16.0.0 network
SSH traffic from any source network to the 172.16.0.0 network
What two ACEs could be used to deny IP traffic from a single source host 10.1.1.1 to the 192.168.0.0/16 network? (Choose two.)
*
access-list 100 deny ip 10.1.1.1 0.0.0.0 192.168.0.0 0.0.255.255
access-list 100 deny ip 192.168.0.0 0.0.255.255 10.1.1.1 255.255.255.255
access-list 100 deny ip 192.168.0.0 0.0.255.255 10.1.1.1 0.0.0.0
access-list 100 deny ip 192.168.0.0 0.0.255.255 host 10.1.1.1
access-list 100 deny ip 10.1.1.1 255.255.255.255 192.168.0.0 0.0.255.255
access-list 100 deny ip host 10.1.1.1 192.168.0.0 0.0.255.255
Bắt buộc
Which two statements accurately describe an advantage or a disadvantage when deploying NAT for IPv4 in a network? (Choose
two.)
*
NAT causes routing tables to include more information.
NAT adds authentication capability to IPv4.
NAT provides a solution to slow down the IPv4 address depletion.
NAT will impact negatively on switch performance.
NAT improves packet handling.
NAT introduces problems for some applications that require end-to-end connectivity.
Bắt buộc
A network administrator wants to examine the active NAT translations on a border router. Which command would perform the
task?
*
Router# debug ip nat translations
Router# clear ip nat translations
Router# show ip nat statistics
Router# show ip nat translations
What are two tasks to perform when configuring static NAT? (Choose two.)
*
Create a mapping between the inside local and outside local addresses.
Identify the participating interfaces as inside or outside interfaces.
Define the inside global address on the server
Configure a NAT pool.
Define the outside global address.
Bắt buộc
What benefit does NAT64 provide?
*
It allows sites to connect multiple IPv4 hosts to the Internet via the use of a single public IPv4 address.
It allows sites to use private IPv6 addresses and translates them to global IPv6 addresses.
It allows sites to connect IPv6 hosts to an IPv4 network by translating the IPv6 addresses to IPv4 addresses.
It allows sites to use private IPv4 addresses, and thus hides the internal addressing structure from hosts on public IPv4 networks.

What address translation is performed by static NAT?

*
An inside local address is translated to a specified inside global address.
An inside local address is translated to a specified outside global address.
An outside local address is translated to a specified outside global address
An inside local address is translated to a specified outside local address.

Which statement accurately describes dynamic NAT?

*
It always maps a private IP address to a public IP address.
It dynamically provides IP addressing to internal hosts.
It provides a mapping of internal host names to IP addresses.
It provides an automated mapping of inside local to inside global IP addresses.

Why is NAT not needed in IPv6?

*
Because IPv6 has integrated security, there is no need to hide the IPv6 addresses of internal networks.
The end-to-end connectivity problems that are caused by NAT are solved because the number of routes increases with the number of nodes that
are connected to the Internet.
Any host or user can get a public IPv6 network address because the number of available IPv6 addresses is extremely large.
The problems that are induced by NAT applications are solved because the IPv6 header improves packet handling by intermediate routers.
A company designs its network so that the PCs in the internal network are assigned IP addresses from DHCP servers, and the
packets that are sent to the Internet are translated through a NAT-enabled router. What type of NAT enables the router to
populate the translation table from a pool of unique public addresses, as the PCs send packets through the router to the
Internet?
*
dynamic NAT
PAT
ARP
static NAT

What is a security feature of using NAT on a network?

*
denies all packets that originate from private IP addresses
denies all internal hosts from communicating outside their own network
allows external IP addresses to be concealed from internal users
allows internal IP addresses to be concealed from external users

Which version of NAT allows many hosts inside a private network to simultaneously use a single inside global address for
connecting to the Internet?

*
PAT
static NAT
dynamic NAT
port forwarding
Biểu mẫu này đã được tạo ra bên trong Trường Đại học Khoa học Tự nhiên, ĐHQG-HCM.
Google
Biểu mẫu

Không thể tải một số phông chữ. Hãy tải lại.Loại bỏ