Configuring Numbered Extended IPv4 ACLs Quiz

Questions and Answers

PDF Questions PDF Answers

Where should the ACL be placed if the objective is to prevent traffic from 192.168.10.0/24 network to reach 192.168.30.0/24 network?

At the source of traffic (correct)

At the destination network

In the middle of the network infrastructure

At the edge of the network

In ACL placement, what factor might influence where an ACL is placed?

Color of the network devices

Time of day when attacks occur

Type of cables used in the network

Extent of network administrator's control (correct)

What does a standard ACL placed at the source of traffic apply to?

Source and destination addresses equally

Source address for all destinations (correct)

Destination address for all sources

Neither the source nor destination address

In which example scenario would an extended ACL be more suitable?

Denying Telnet and FTP traffic from PC2 to Company B's PC3

What is the purpose of an extended ACL compared to a standard ACL?

Filter specific traffic based on protocols, ports, and addresses

How does placing an ACL close to the source of a network benefit security?

Minimizes undesirable traffic before it enters the network infrastructure

What is the purpose of the 'Source quench' ICMP message?

Throttles down traffic when necessary

Which ICMP message should be allowed to exit the network to enable users to ping external hosts?

Echo

In the context of ICMP messages, what is the purpose of the 'Parameter problem' message?

Informs the host of packet header problems

Why should all other ICMP message types be blocked as a rule?

To ensure proper network operation

What is one of the primary purposes of an ACL in the context of ICMP messages?

To selectively allow specific ICMP services to exit or enter the network

'Introducing IPv6 ACLs' suggests a transition from which protocol to which protocol?

IPv4 to IPv6

What is the command to create a numbered extended ACL?

R1(config)# access-list access-list-number {deny | permit | remark text} protocol source source-wildcard [operator {port}] destination destination-wildcard [operator {port}] [established] [log]

What are the steps for configuring extended ACLs compared to standard ACLs?

Steps for configuring extended ACLs are the same as standard ACLs

Which command is used to apply an extended IPv4 ACL to an interface?

Router(config-if)# ip access-group

What does the 'established' parameter signify in extended ACL configuration?

It indicates that only established connections are considered

In extended ACL syntax, what does 'access-list-number' refer to?

Decimal number of the ACL

What is the purpose of using the 'log' parameter in extended ACL configuration?

To track and log any permitted traffic

What is the primary advantage of Classic Firewall over ZPF?

Blocks traffic by default unless explicitly allowed

In ZPF design, what does the establishment of policies between zones involve?

Defining sessions that clients in source zones can request from servers in destination zones

Why is it mentioned that policies are easy to read in the context of ZPF?

As a result of requiring only one policy for any given traffic

What is a common ZPF design mentioned in the text?

LAN-to-Internet connections

What is a key step in designing ZPF according to the text?

Establishing physical infrastructure after identifying zones and traffic requirements

How does ZPF differ from Classic Firewall regarding traffic handling?

Classic Firewall blocks traffic unless explicitly allowed

What is the purpose of the ACL named SURFING?

Allow inbound traffic on port 80 and 443

How is the ACL named BROWSING applied in the configuration?

Outbound on interface G0/0

Which command is used to apply an ACL to an interface?

ip access-group {acl-# | name} {in | out}

What is the purpose of the named ACL VTY_ACCESS in the configuration?

Permit traffic from 192.168.10.10 and deny all other traffic

What does the 'established' keyword in an ACL rule signify?

It allows only established connections to pass through

What is the significance of using the 'log' parameter in an ACL rule?

It records information about permitted traffic for monitoring purposes