Networking Security Policies Quiz

Questions and Answers

A router interface can have both outbound and inbound ACLs for IPv4 and IPv6.

True

Only one type of ACL can be configured per router interface.

False

Basic planning is unnecessary before configuring an ACL.

False

Standard ACLs filter packets based solely on the destination IPv4 address.

False

Using a text editor to manage ACLs can aid in creating a reusable library of ACLs.

True

Documenting ACLs using the remark command can assist others in understanding their purpose.

True

Testing ACLs on a production network is recommended before implementation.

False

ACLs do not require accuracy since they can be modified easily after implementation.

False

Extended ACLs should be placed as close to the destination as possible.

False

An extended ACL on R3 can be used since Company A controls that device.

False

The extended ACL on R1 applies to packets leaving the 192.168.11.0/24 network.

True

Permitting all other traffic is part of the ACL configuration for Company A.

True

Applying the extended ACL to the G0/0/1 interface processes all packets entering R1.

False

Denying Telnet and FTP traffic requires specifying both source and destination addresses in the ACL.

True

If the extended ACL is placed incorrectly, it could lead to unwanted traffic crossing the network.

True

Company A's network is identified as 192.168.30.0/24.

False

The outbound application of the extended ACL will process packets from 192.168.10.0/24.

True

The only successful approach for the extended ACL is to apply it after the packets have reached the destination.

False

The placement of the ACL is influenced by organizational control, bandwidth, and configuration ease.

True

Access control elements (ACE) are a type of access control list (ACL).

False

Wildcard masks are used in ACLs to specify ranges of IP addresses.

True

Extended ACLs can filter packets based on more than just the destination IP address.

True

Standard ACLs are always numbered and cannot be named.

False

An ACL is a series of IOS commands used to filter packets based on the packet body's content.

False

By default, Cisco routers have ACLs configured on all interfaces.

False

An inbound ACL filters packets after they have been routed to the outbound interface.

False

Cisco routers only support standard ACLs.

False

An outbound ACL processes packets based on the inbound interface.

False

A wildcard mask is used to ignore certain bits during the matching process of an IPv4 ACE.

True

A wildcard mask of 0.0.15.255 allows access to hosts in the 192.168.16.0/24 to 192.168.31.0/24 networks.

True

The ANDing process in a wildcard mask works the same way as in a subnet mask.

False

A wildcard mask bit 0 matches the corresponding bit in the IPv4 address.

True

The wildcard mask calculated by subtracting the subnet mask from 255.255.255.0 is valid for any IPv4 address.

False

An ACE for the 192.168.3.0/24 network with a wildcard mask of 0.0.0.255 permits 255 hosts.

True

An ACL consists of a sequential list of permission or prohibition commands, known as ACEs.

True

The wildcard mask for the subnet 192.168.3.32/28 is 0.0.0.255.

False

All packets are evaluated by the router before being forwarded if an ACL is applied.

True

Wildcard masks are used in ACLs to match only specific IP addresses.

False

The access-list command with 0.0.15.255 will deny all requests from hosts in the 192.168.31.0/24 network.

False

The calculation for a wildcard mask is straightforward and doesn't require any specific method.

False

Access-list 10 permit 192.168.3.0 0.0.0.255 allows traffic from a single host.

False

The subnet mask for a /24 network is 255.255.255.0.

True

Wildcards can have more than one valid value for a single mask.

False

Study Notes

Router Interface ACLs

• A router interface can have one outbound and one inbound IPv4 ACL, and one outbound and one inbound IPv6 ACL.
• ACLs can be selectively configured based on the organization's security policy.

ACL Best Practices

• Detailed planning is pivotal for effective ACL implementation.
• ACLs should align with organizational security policies to prevent access issues.
• Writing objectives for ACLs helps clarify their intended function.
• Using a text editor for creating and saving ACLs fosters the development of a reusable library.
• Documenting ACLs with remark commands enhances clarity and understanding.
• Testing ACLs in a development environment is crucial before deploying on a production network to mitigate errors.

Types of IPv4 ACLs

• Two main types of IPv4 ACLs exist: Standard ACLs and Extended ACLs.
• Standard ACLs: Filter packets based solely on the source IPv4 address.

Wildcard Masks in ACLs

• Wildcard masks are used to define address ranges for ACLs.
• Example: To permit all hosts in the range from 192.168.16.0 to 192.168.31.0, use the wildcard mask 0.0.15.255.
• Wildcard mask calculation: Subtract the subnet mask from 255.255.255.255.

Extended ACL Placement

• Place extended ACLs close to the source for effective traffic control.
• An extended ACL should specify both source and destination addresses to properly filter traffic.
• For efficient application, extended ACLs should be placed in the most strategic interface based on organizational control.

Important Concepts

• ACLs filter packets using a series of permit/deny statements known as Access Control Elements (ACEs).
• Inbound ACLs filter packets before routing, while outbound ACLs filter after routing.
• IPv4 ACEs use a 32-bit wildcard mask to determine which address bits to evaluate for matches.

Additional Key Terms

• Access Control List (ACL)
• Access Control Element (ACE)
• Packet Filtering
• Wildcard Mask
• Host Keyword
• Any Keyword
• Numbered ACLs
• Named ACLs

Description

Test your understanding of router interface ACL configurations in networking security. This quiz covers the application of inbound and outbound IPv4 and IPv6 ACLs and their relevance to organizational security policies. See how well you know the rules governing access control lists in routers.