Home > Access list Questions

Access list Questions

November 8th, 2018 Go to comments

Note: If you are not sure about Access list, please read our Access List Tutorial.

Question 1

Explanation

Below is the range of standard and extended access list:

Access list type Range
Standard 1-99, 1300-1999
Extended 100-199, 2000-2699

In most cases we only need to remember 1-99 is dedicated for standard access lists while 100 to 199 is dedicated for extended access lists.

Question 2

Explanation

The syntax of a named ACL is:

ip access-list {standard | extended} {name | number}

Therefore we can configure a standard acl with keyword “standard” and configure an extended acl with keyword “extended”. For example this is how to configure an named extended access-list:

Router(config)#ip access-list extended in_to_out permit tcp host 10.0.0.1 host 187.100.1.6 eq telnet

Question 3

Explanation

Below is the range of standard and extended access list

Access list type Range
Standard 1-99, 1300-1999
Extended 100-199, 2000-2699

Question 4

Explanation

We can use a dynamic access list to authenticate a remote user with a specific username and password. The authentication process is done by the router or a central access server such as a TACACS+ or RADIUS server. The configuration of dynamic ACL can be read here: http://www.cisco.com/en/US/tech/tk583/tk822/technologies_tech_note09186a0080094524.shtml

Question 5

Question 6

Explanation

You can check the named access-list with the “show ip access-list” (or “show access-list”) command:

R1#show ip access-list
Standard IP access list nat_traffic
    10 permit 10.1.0.0, wildcard bits 0.0.255.255
    15 permit 10.2.0.0, wildcard bits 0.0.255.255
    20 permit 10.3.0.0, wildcard bits 0.0.255.255

We can resequence a named access-list with the command: “ip access-list resequence access-list-name starting-sequence-number increment“. For example:

R1(config)#ip access-list nat_traffic 100 10

Then we can check this access-list again:

R1#show ip access-list
Standard IP access list nat_traffic
    100 permit 10.1.0.0, wildcard bits 0.0.255.255
    110 permit 10.2.0.0, wildcard bits 0.0.255.255
    120 permit 10.3.0.0, wildcard bits 0.0.255.255

We can see the starting sequence number is now 100 and the increment is 10. But notice that resequencing an access-list cannot change the order of entries inside it but it is the best choice in this question. Adding or removing a n entry does not change the order of entries. Maybe we should understand this question “how to renumber the entries in a named access-list”.

Question 7

Explanation

The range of standard ACL is 1-99, 1300-1999 so 50 and 1550 are two valid numbers.

Question 8

Question 9

Explanation

The range of standard ACL is 1-99, 1300-1999 so 50 is a valid number for standard ACL.

Question 10

Question 11

Question 12

Question 13

Comments (40) Comments
  1. JLopesn
    February 8th, 2017

    Someone could add link for these questions ?

  2. mandy
    February 21st, 2017

    did you find it? link is mentioned in their FAQ section

  3. Anonymous
    April 11th, 2017

    hi everyone here

  4. MM
    April 24th, 2017

    Which Cisco platform can verify ACLs?
    A. Cisco Prime Infrastructure
    B. Cisco Wireless LAN Controller
    C. Cisco APIC-EM
    D. Cisco IOS-XE
    Correct Answer:B or C ??(correct ans)

  5. Anees
    April 25th, 2017

    @MM. C. Cisco APIC-EM

  6. KACS
    April 27th, 2017

    Which Cisco platform can verify ACLs?
    Answer: Cisco APIC-EM

  7. Becky
    June 21st, 2017

    For question 6, i think the correct answer should be C

    We can add change the order by adding entry at specified line.
    For example, I can specify 15 before a rule to add entry between 10 and 20

  8. Neo
    July 18th, 2017

    Where can I find the actual questions? Not sure how to efficiently use this popular website. Please advise.

  9. Latest Dumps
    August 31st, 2017

    clkmein .com/q4pyws
    Remove the space before .com. You’ll be redirected to latest dumps pdf. Enjoy.

  10. Hello
    September 9th, 2017
  11. Podranok
    September 14th, 2017

    Question 6

    Which action can change the order of entries in a named access-list?
    A. removing an entry
    B. opening the access-list in notepad
    C. adding an entry
    D. resequencing

    Answer: D

    I think this Q is wrong. Can some1 agree or deny my thoughts?

    Actually to CHANGE the order of entries we must ADD or REMOVE the entry. packetlife(dot)net/blog/2010/apr/30/resequencing-acl-entries/

    Resequencing just changes seq. numbers by some value in order to we could add new acl rule between the lines if existing seq. numbers are occupied! But it DOES NOT change THE ORDER of lines themself! itknowledgeexchange(dot)techtarget(dot)com/network-technologies/resequence-the-access-list/

    The answer should be A or C.

  12. Tanios
    November 30th, 2017

    Hello Guys,

    Anyone took the CCNA this month? is all the questions here present in the CCNA?
    I am taking it tomorrow please I need some feedback will help

  13. alfred
    December 21st, 2017

    question 2 .
    named acls can filter layer -7(application) traffic like telnet using port and protocol field typed in the syntax..
    eg :ip access-list extended 110
    deny tcp any any eq 23 .

  14. david g
    December 27th, 2017

    I cant see the questions just the answers

  15. Markos Simov
    February 22nd, 2018

    @david g You said that You just see the Questions and you can’t see Answers. You know !
    You Have to Pay !! — You Know. Sign in. 9 USD for 30 days. Subscribe. You know.

  16. Charice :)
    March 28th, 2018

    Hi all, i need a feedback from someone who has recently taken the exam, how helpful is this site? do u need other questions or u can pass the exam by relying on what u learn from here…

    Thanks

  17. AB
    April 19th, 2018

    Hi Charice,

    I appeared for the exam and I can assure you all (no jokes) that if you buy 9tut premium membership ($12 USD) and go through all the SIMS on right hand side of the home page, all MCQ’s starting with CCNA Lab Sim, Bassic Questions,….. all the way till Drag and Drop 4 and if you have little experience in subnetting and devices (if not then i recommend just going through the CBT nuggets or simialr sort if possible – ICND1 plus ICND2) then you will PASS the exam with flying colours.

    Also, No need to have prior cisco knowledge as 9tut covers and explains you all. Also try the “15 Composite Quizzes” if you have time.

    All the best!!!

  18. Shakir
    May 3rd, 2018

    Hi, I am looking for a VCE EXAM SIMULATOR can any one provide me cracked version.

  19. Ronn
    May 21st, 2018

    I’ve found this VCE EXAM SIMULATOR and it’s very good.

    http*://*j.gs/*19626470/vce-simulator

    Just remove the “*”.

  20. Pegao
    June 3rd, 2018

    Which of the following are the valid numbers of standard ACL? (Choose two)
    A. 50
    B. 1550
    C. 150
    D. 1250
    E. 2050
    I understand that the answer is A & B, why not 1250. 1250 is within the range of 1300 – 1999.

    Keep the good work!

  21. John
    June 7th, 2018

    What is ACL reflexive

  22. fire13
    June 10th, 2018

    Hi all
    Who knows the access-list 2 lab in there?
    I HAVE A QUESTION IN ACL 2 LAB— > SO THERE ARE ASKED PERMIT 1 HOST TO 1 SERVER, AFTER CONFIG THERE IS A MODIFICATION 1,2,3,4. THESE MODIFICATIONS MAY BE ALSO GIVEN LIKE THE OTHER TASK RIGHT ? I MEAN IN EXAM THEY MAY GIVE US LIKE THIS TASKS (MODIFICATIONS 1.2.3.4 may be ) ?

  23. Regy Octavian
    June 13th, 2018

    hi all,
    can u explain me about q11, i didn’t get it why the answer is D, thx before

  24. BB
    June 13th, 2018

    @Regy Octavian….HTTPS uses TCP/443 & the Class A network IP (From IP’s) is 10.0.0.0 w/ wildcard mask of 0.255.255.255….You can eliminate answers this way….If you don’t know the answer, eliminate the possible choices….

  25. Regy Octavian
    June 14th, 2018

    @BB thx for your explain pal!! GBU

  26. fire13
    June 25th, 2018

    HI all, I have passed in 13 June 2018 and the questions in this site are available. Thanks GOD,
    I am happy and thanks to this site also,
    -ACL 1
    -ACL 2
    -Vlan
    -Ospf
    -Eigrp troubleshootings are available and questions very easy guys

  27. Ngo Ngoc Luu
    June 28th, 2018

    Hi everyone,

    Please share the latest dump 200-125,
    my email: ngongocluuuct @ gmail . com

    thank you so much,

  28. Anonymous
    July 5th, 2018

    just frigging pay for the dumps if you are not going to study anyway, you lazy morons!

  29. syed
    July 9th, 2018

    @fire13 can you please share the latest dumbs at my mail id mushaffalanka at gmail dot com

  30. ahmad
    July 14th, 2018

    @fire13
    kindly can you please share your latest dumps with eme please i will be very thankful to yoy !!!
    my email is
    royaljerry13(at)gmail.com
    plz as soon as poosible

  31. Ronn
    July 19th, 2018

    I found these DUMPS for FREE, If you’d like to have it, here the link:

    *http*:*//q.gs/19626470/last-dump-ccna200-125-free

    (Just remove the *) Study hard guys (Not only from dumps), because being certified is tough. Good luck.

  32. NAN
    August 9th, 2018

    Share a useful link, the content inside is true and effective.
    h ttp://t.cn/RDf8 DJW

  33. Patrick
    September 11th, 2018

    Guys can some one help, what is the reason behind eq and equal in an ACL list. I under stand extended and standard plus ports but in the sim one statement is (equal www) and the next statement ends eq 80 ??? If equal what equals to I purposely reversed the command and it ((did’nt work)))
    Can someone throw some light, please.

  34. Patrick
    September 11th, 2018

    Also, what is the reason of permit ip (any any) or ip (any host)

  35. jowbits
    September 25th, 2018

    hi guys. can you help me on this one lab exam about ACL? i cannot complete practice lab because of my error in ACL 100. this is the question:

    5. Set access-list to prevent the connection
    from hosts in LAN as:
    – allow only Admin-Host to telnet to
    Ranet-CoreSW (password: ranetpass)
    – Not permit only User-Host1 to connect
    to any site in the internet.
    – Any traffic beside these should be allow.

    can you guys give me the correct ACL commands for this one?

    Thanks in advance

  36. Anonymous
    October 1st, 2018

    hello! im am taking the ccna exam next month , i need dumps. my email bakytjansambaev @ gmail. com

  37. ItsShowtime
    October 7th, 2018

    Regarding question 12 “When you are troubleshooting an ACL issue on a router, which command would you use to verify which interfaces are affected by the ACL?” every other sourceon the internet tells me it is the “how ip interface” command and also I am unable to find the “list ip interface” command… ?!

  38. shrestha
    October 9th, 2018

    @ jowbits

    ip access-list standard LINE_VTY
    permit host 192.168.10.2(Admin host)

    line vty 0 15
    password ranetpass
    login
    ip access-class LINE_VTY in

    For website block,

    access-list 101 deny host 192.168.10.50(User-Host1) host 200.64.255.254(web server) eq 80

    and apply to source router as possible

    Sometimes packet tracer wont work, you can close and reopen it.

  39. shrestha
    October 9th, 2018

    access-list 101 permit any any at the end

  40. q12
    November 4th, 2018

    it’s a crap question, you can only get that output by doing a sh run int and then looking at the acl to see what it’s doing.

    I doubt you’ll see this question on the exam, they would catch hell for putting it on there, it’s obviously a crap question

Add a Comment