Cisco CCNA Mini-Test
by Subject

Created by Jay Banks

Access Lists


Before beginning this practice test, you may wish to
become familiar with the Drag-And-Drop Console.

1. At a client location, you issue a show ip interface command and find an access list numbered 910. What type of access list is this?
IP Standard
IP Extended
IPX Standard
IPX Extended

Answer:

2. Which of the following could take the place of the wildcard mask 0.0.0.0 in an access list?
any
deny
host
all

Answer:

3. Which wildcard mask would be used to include any host from the 170.16.0.0 network?
255.255.0.0
0.255.255.255
0.0.0.255
0.0.255.255

Answer:

4. At the end of every access list is an implied "permit any" statement.
True
False

Answer:
 

5. Load Drag & Drop Console. You may return to this test by hitting the "Back" button following the question.
 
6. Which of the following commands is not a valid command to view applied access lists on a Cisco router?
show ip interface
show acl
show access-list
show running-config

Answer:

7. Which of the following sample commands uses the proper syntax to deny telnet access from IP address 10.1.1.54 into 10.1.1.50?
access-list 90 deny tcp 10.1.1.54 0.0.0.0 10.1.1.50 0.0.0.0 eq 21
access-list 99 deny telnet 10.1.1.54 0.0.0.0 10.1.1.50 0.0.0.0
access-list 101 deny ip 10.1.1.54 0.0.0.0 10.1.1.50 0.0.0.0 telnet
access-list 101 deny tcp 10.1.1.54 0.0.0.0 10.1.1.50 0.0.0.0 eq 23

Answer:

7. Extended ACL lists should be placed?
As close to the packet's destination as possible
As close to the default gateway as possible
As close to the source of the packet as possible
As close to a border gateway router as possible

Answer:

8. What wildcard mask would best match any host from the network 10.0.2.0 /21?
0.0.248.255
0.0.0.0
255.255.7.0
0.0.7.255

Answer:
 

9. Load Drag & Drop Console. You may return to this test by hitting the "Back" button following the question.
  
10. In order to block telnet access to any host from network 172.12.10.0 you configure an access list that contains, among others, the line: access-list 100 deny tcp 172.12.10.0 0.0.0.255 eq 23. How do you apply this access list inbound to s0?
Router(config)#interface s0
      Router(config-if)#ip access-group 100 in
Router(config)#interface s0
      Router(config-if)#ip access-list 100 in
Router(config)#interface s0
      Router(config-if)#ip access group 100 in
None of the above

Answer:
 

11. A router interface with the IP address of 192.168.1.0 has the following access list, applied inbound:

     ip access-list 100 permit tcp any any eq 23

    What would happen if a host from the network 172.16.0.0, attempted to SSH to the interface?

SSH traffic would be permitted
SSH traffic would be denied

Answer:
 

12. Standard access lists should be placed?
As close to the default gateway as possible
As close to the source of the packet as possible
As close to the packet's destination as possible
As close to a border gateway router as possible

Answer:
 

13. To filter any IP traffic between the network range 10.0.0.0 and 10.32.0.0, what wildcard mask would best meet your needs?
255.255.31.0
0.0.64.255
0.64.255.255
0.31.255.255

Answer:
 

14. Which of the following would correctly configure an access list, numbered 10, outbound on a VTY line?
access group 10 out
ip access-group 10 out
ip access-class 10 out
access-list 10 out

Answer:
 

15. To represent all hosts from network 172.16.3.0 /22, which wildcard mask would be most appropriate?
0.0.3.255.
0.0.15.255
0.0.16.255
0.0.4.255

Answer:
 

16. Review the following extended access list command:

           access-list 191 deny udp 10.0.0.0 0.255.255.255 lt 1023 any
      
      What does the any mean in this access list?
Any udp traffic from the 10.0.0.0 network with a port less than 1023 and with
      any source IP address, will be blocked
Any udp traffic from the 10.0.0.0 network with a port less than 1023 and with
      any destination IP address, will be blocked
The command will block any udp, regardless of source or destination
None of the above

Answer:
 

17. Which of the following commands uses the proper syntax to block all traffic into network 192.168.3.0 except for SSH traffic?
ip access-list 89 permit any tcp 192.168.3.0 0.0.0.255 eq 23 
ip access-list 99 permit tcp any 192.168.3.0 0.0.0.255 eq 23
ip access-list 100 permit tcp any 192.168.3.0 0.0.0.255 eq 23 any
ip access-list 101 permit tcp any 192.168.3.0 0.0.0.255 eq 22

Answer:
 

18. At a client location, you issue a show ip interface command and find an access list numbered 212. What type of access list is this?
48-bit MAC address?
Protocol type-code
IPX SAP
None of the above

Answer:
 

19. Load Drag & Drop Console. You may return to this test by hitting the "Back" button following the question.
 
20. Which of the following access lists use the proper syntax to allow all telnet traffic to host 192.168.1.3, from network 192.168.10.0, and apply the list inbound on s0?
 
router(config):access-list 110 permit ip 192.168.10.0 0.0.0.255 host 192.168.1.3 eq 23
      router(config):int e0
      router(config-if):ip access-group 110 in
  
router(config)>access-list 105 permit tcp 192.168.10.0 0.0.0.255 host 192.168.1.3 eq 25
      router(config)>int s0
      router(config-if)>ip access-group 105 in
 
router(config)#access-list 101 permit 23 192.168.10.0 0.0.0.255 host 192.168.1.3 eq telnet
      router(config)#int s0
      router(config-if)#ip access-group 100 in
 
router(config)#access-list 100 permit tcp 192.168.10.0 0.0.0.255 host 192.168.1.3 eq 23
      router(config)#int s0
      router(config-if)#ip access-group 100 in

Answer:
 

 


 

 

 


This document released under the

Attribution-NonCommercial-ShareAlike 2.0

You are free:

  • to copy, distribute, display, and perform the work

  • to make derivative works

Under the following conditions:

Attribution. You must give the original author credit.
Noncommercial. You may not use this work for commercial purposes.
Share Alike. If you alter, transform, or build upon this work, you may distribute the resulting work only under a license identical to this one.
  • For any reuse or distribution, you must make clear to others the license terms of this work.

  • Any of these conditions can be waived if you get permission from the copyright holder.

Your fair use and other rights are in no way affected by the above.

This is a human-readable summary of the Legal Code (the full license).