CCNA - Security

  1. What command do you use to see the configured access lists on a router?
    show access-list
  2. What command do you use to verify an access list on a router interface? This command also shows you which direction it is filtering.
    show ip interface
  3. What is the extended IP access-list configuration command?
    permit or deny
  4. What is the number ranges for a standard IP access list?
    1-99 & 1300-1999
  5. What is the number ranges for extended IP access-list?
    100-199 and 2000-2699
  6. This type of access list can evaluate many of the other fields in the layer 3 and layer 4 headers of an IP packet.
    Extended Access List
  7. This type of access list can evaluate source and destination IP addresses, the protocol field in the Network layer header, and the port number at the Transport layer header.
    Extended Access List
  8. This type of access list is applied to traffic going out on an interface, those packets are routed and then processed through the access list before being queued.
    Outbound access list
  9. Any time a new entry is added to the access list, where is it added?
    at the bottom of the list
  10. What common tool or application is highly suggested that you use when creating or editing your access list?
    a text editor
  11. How many inbound/outbound access lists can you have for one interface?
    One of each per interface.
  12. What will happen if you attempt to remove one line from an access list?
    you will removed the entire list
  13. Why is it best to place the IP extended access list as close to the source [address] as possible?
    by placing this list as close to the source address you can filter traffic before it uses up your precious bandwidth.
  14. What must you do after you create an access list to have it apply?
    You must apply the access list to an interface.
  15. Why don't we want to use standard access lists in our networks?
    because you can only filter based on source address and nothing would be forwarded
  16. If you do not have at least one permit statement in your access lists what will happen?
    All traffic will be denied.
  17. What are the list of rules to live by when configuring ACLs from the Internet to your production network to mitigate security problems?
    • Deny any address from your internal networks.
    • Deny any local host addresses (127.0.0.0/8)
    • Deny any reserved private address.
    • Deny any address in the IP multicast address range (224.0.0.0/4)
  18. What is the command to create a standard access lists?
    access-list <1-99> deny <source_IP>
  19. What is the command to create a extended access lists?
    access-list 110 deny <protocol> any host <source_ip> eq <port>
  20. Where can port ACLs only be applied?
    to layer 2 interfaces on switches
Author
lokeey
ID
219959
Card Set
CCNA - Security
Description
cisco security
Updated