Home > CCNA Access List Sim

CCNA Access List Sim

February 10th, 2014 Go to comments

Question

accesslist_sim

Answer and Explanation

Note: If you are not sure about Access-list, please read my Access-list tutorial. You can also download this sim to practice (open with Packet Tracer) here: http://www.pentagona.com/?exams=download/9tut.com_CCNA_Access_List_Sim.zip

For this question we only need to use the show running-config command to answer all the questions below

Router>enable
Router#show running-config

accesslist_sim_showrun1

accesslist_sim_showrun2

accesslist_sim_showrun3

Question 1

How can we fix the problem but only allow ping to work while disabling telnet?

A – Correctly assign an IP address to interface fa0/1
B – Change the ip access-group command on fa0/0 from “in” to “out”
C – Remove access-group 106 in from interface fa0/0 and add access-group 115 in.
D – Remove access-group 102 out from interface s0/0/0 and add access-group 114 in
E – Remove access-group 106 in from interface fa0/0 and add access-group 104 in

 

Answer: E

Explanation

Let’s have a look at the access list 104:

accesslist_sim_answer1

The question does not ask about ftp traffic so we don’t care about the two first lines. The 3rd line denies all telnet traffic and the 4th line allows icmp traffic to be sent (ping). Remember that the access list 104 is applied on the inbound direction so the 5th line “access-list 104 deny icmp any any echo-reply” will not affect our icmp traffic because the “echo-reply” message will be sent over the outbound direction.

Question 2

What will happen after issuing the command “ip access-group 114 in” to the fa0/0 interface?

A – Attempts to telnet to the router would fail
B – All traffic from the 10.4.4.0 network would be allow to go through
C – TCP and UDP traffic are not allowed to pass
D – Routing protocol updates for the 10.4.4.0 network would not be accepted from the fa0/0 interface

 

Answer: B

Explanation

From the output of access-list 114: access-list 114 permit ip 10.4.4.0 0.0.0.255 any we can easily understand that this access list allows all traffic (ip) from 10.4.4.0/24 network

Question 3

What will happen after issuing the command “access-group 115 in” on the s0/0/1 interface?

A – Hosts cannot connect to Router through s0/0/1
B – Telnet and ping would work but routing updates would fail.
C – FTP, FTP-DATA, echo, and HTTP traffic would work but telnet would fail
D – Only traffic from the 10.4.4.0 network would pass through the interface

 

Answer: A

Explanation

First let’s see what was configured on interface S0/0/1:

accesslist_sim_answer3

Recall that each interface only accepts one access-list, so when using the command “ip access-group 115 in” on the s0/0/1 interface it will overwrite the initial access-list 102. Therefore any telnet connection will be accepted (so we can eliminate answer C).
B is not correct because if telnet and ping can work then routing updates can, too.
D is not correct because access-list 115 does not mention about 10.4.4.0 network. So the most reasonable answer is A.

But here raise a question…

The wildcard mask of access-list 115, which is 255.255.255.0, means that only host with ip addresses in the form of x.x.x.0 will be accepted. But we all know that x.x.x.0 is likely to be a network address so the answer A: “no host could connect to Router through s0/0/1” seems right…

But what will happen if we don’t use a subnet mask of 255.255.255.0? For example we can use an ip address of 10.45.45.0 255.255.0.0, such a host with that ip address exists and we can connect to the router through that host. Now answer A seems incorrect!

Please comment if you have any idea for this sim!

Comments
Comment pages
1 26 27 28 39
  1. anon…
    December 12th, 2017

    @henry plz share ur experience
    mcqs and labs

  2. Faustin
    December 13th, 2017

    @henry, which labs appeared in your exam

  3. OMAR
    January 2nd, 2018

    hi everyone i need the latest dumps plz… otouray97 (@) gmail (dot) .com

  4. disdaining
    January 9th, 2018

    Could anyone please share the latest dumps on disdaining(at)gmail(dot)(com)?
    Thanks

  5. Mohammad
    February 2nd, 2018

    Tody this Sim came in the exam but with the questions were little bit different..

  6. ice
    February 8th, 2018

    @All could someone tell me the ACL sim 1 in the exam is it exactly same as here in 9tut? can someone confirm thank u friends.

  7. Anonymous
    February 12th, 2018

    Yes it is the same

  8. @ANONYMOUS-
    February 15th, 2018

    exact question in exa,m yesterday. passed with 929/1000

  9. Zack
    February 27th, 2018

    Passed with the 552q dumps, all questions were from there.

  10. Luca
    March 1st, 2018

    Hi Zack
    where can i find the 552q dumps?
    I’am going to take the test soon ?

    Regards,

  11. Dara
    March 1st, 2018

    Hi everyone I will take exam next week, please help share me
    dararim (@) gmail.com

  12. Rye
    March 12th, 2018

    Hi Zack, please send the 552q here. {email not allowed}, thanks

  13. Alonso
    March 19th, 2018

    I just did my exam today and had around 5 Drag and Drop. Labs ACL 1 (old one) and 2, RIP, OSPF v3 and new Lab EIGRP GRE

  14. Alonso
    March 19th, 2018

    also be careful with :: because when I was doing the LAB OSPFv3 did not let me to put it. Notify this information as well

  15. Tom
    March 20th, 2018

    hi alonso what about if we use the command 0000:0000:0000:0000:0000:0000:0000:0000/0 instead of ::/0 will it work then?

  16. Rocky
    March 28th, 2018

    Question 1

    How can we fix the problem but only allow ping to work while disabling telnet?

    A – Correctly assign an IP address to interface fa0/1
    B – Change the ip access-group command on fa0/0 from “in” to “out”
    C – Remove access-group 106 in from interface fa0/0 and add access-group 115 in.
    D – Remove access-group 102 out from interface s0/0/0 and add access-group 114 in
    E – Remove access-group 106 in from interface fa0/0 and add access-group 104 in

    The answer B is correct, I think.

  17. sumitra
    March 28th, 2018

    hello every one, I am from nepal so there is not easy access to dumps question to download for CCNA 200-125 . I am going to attend exam next week. please can you help me for dumps question if you have.

  18. seud
    April 4th, 2018

    got same sim, as it is in march 2018

  19. seud
    April 4th, 2018

    thanks 9tut

  20. Student
    April 6th, 2018

    @Rocky

    How come you say like that?
    have you try?

  21. H7
    April 8th, 2018

    regarding to q3 A is correct coz the wild mask is : 255.255.255.0 means the subnet mask is :
    0.0.0.255 and no subnet mask like this form..

    in my acknowledge all forms : x.x.x.0
    x.x.0.0
    x.0.0.0
    0.0.0.0
    x.x.x.x
    but there is no 0.0.0.x , so any hosts like PC with that mask will not be acceptable .

  22. Ali
    April 12th, 2018

    this lab is valid

  23. Ali
    April 12th, 2018

    there are lot of new drag and drop question exam

  24. ip-packets
    April 18th, 2018

    I am having so much problems trying to understand this statement.
    ((The wildcard mask of access-list 115, which is 255.255.255.0, means that only host with ip addresses in the form of x.x.x.0 will be accepted. But we all know that x.x.x.0 is likely to be a network address so the answer A: “no host could connect to Router through s0/0/1))

  25. Nelson
    April 21st, 2018

    Ali – drag/drop focus on which topics?

  26. quantisol
    May 10th, 2018

    Pls I have my exams next week help me out.. With the latest dump 200-125. {email not allowed}

  27. quantisol
    May 10th, 2018

    My mail is quantisol4 at gmail.com

  28. Anonymous
    May 30th, 2018

    @Rocky you can’t change the access list by changing the command. You need to remove it first and add it again to the interface. Now B if is you change acc-group 106 from in out without remove it, the acc-list it will block inbound and outbound traffic. I think this answer is incorrect.

  29. Carl
    May 31st, 2018

    Can someone tell me what are simulation topics that are included in the CCNA certification exam?
    Including the question in Troubleshooting I will be taking the exam next week.. Please help

  30. Amigo
    June 1st, 2018

    Alhamdullillah I passed the exam with the score of 9xx…

    1.Config : ACL mod 3 (different IP and host A) , ACL1 same answer as in 9tut
    2.Troubleshoot : RIPV2 , OSPF Neighbor Sim , EIGRP GRE , GRE Multilink Sim
    3. VLAN Sim was Very difficult for me I spent 30+ minutes on it and I gave up and left it undone… (study it very well and Pray u dont get it on the exam, its time consuming)…

    Drag and Drop same from 9tut and 4 new drag and drops that I havent seen anyway but very easy…
    1.Cable(100BASE-T , 10GBASE-LR , …)
    2.DNS , domain , cache , …
    3.eBGP , BGP peer , Prefix , …
    4.Requesting , Intializing , ….
    5.Administrative , Destination network , Metric , …
    6.IP host , IP name ,IP DNS server , ….
    7.QoS (CAR , PBR , NBAR , ….)

    Multiple Choice questions same from the Chines Dumps…

    https://www.mediafire.com/folder/0wcszkz9qkqf2/CCNA#zmvvwa19jkk8c

    Special Thanks to @Youki @Doka @Anoymous and everyone else… :)

    Good Luck for you all…

  31. Norman
    June 10th, 2018

    I think that Q3 is A because in the topology there aren’t hosts that can connect to the router through interface s0/0/1

  32. GAR
    June 24th, 2018

    Please can someone post the exam questions for access list

  33. usamabinmohd
    July 3rd, 2018

    Regarding “Please comment if you have any idea for this sim!”3rd question answer explanation, I would say, such an host ip (with x.x.x.0 form) doesn’t exist in this scenario. So we could definitely say that option A is valid for this question

  34. Gideon
    July 8th, 2018

    Anyone send me the latest dumps? gidlound at gmail . com please!

  35. Simon
    July 9th, 2018

    Hi Can please send me the latest dump?

    sopprusbarbosa (2) gmail.com

  36. ROXANA
    July 12th, 2018

    Can somebody please tell me why in question 1 of the quiz, option “Change the ip access-group command on fa0/0 from in to out” would be wrong? I tested both and both work!!

  37. ROXANA
    July 13th, 2018

    by both I meant both answers. B and E.

  38. ahmed
    July 16th, 2018

    Roxana, for question 1, even though you tested and both work, you still have to do what the question is asking, even though it seems silly. ACL 106 only mentions echo reply, which is not good enough, we need full ping – echo

  39. Anonymous
    July 30th, 2018

    Got this exam today exactly the same

  40. prince
    July 31st, 2018

    Hi everyone anyone can dumps me latest?
    I gonna take exam 1 week from now thanks!

    frince.aldreich@gmail(.)com

  41. George!
    August 2nd, 2018

    Hey guys!, can someone send me the latest dumps for ccna 200-125 ?

    I’m going to take the test a week from now. Thank :)

    here’s my email.

    galgalaman@gmail(.)com

Comment pages
1 26 27 28 39
Add a Comment