Skip to content

Home
CCNA Labs
Linux
Programming
About
- Contact Us
- Privacy Policy

CCNA 7 Exam Answers 2023

Go with our CCIE, Passed 100%

ITE
NE
- MF
CCNA
Cyber-Security
Security
- CCNA Security v2
DevNet
CCNA PT Lab 2023

CCNA 2 v6 RSE Chapter 7 Exam Online

Last Updated on May 20, 2021 by Admin

CCNA 2 v6 RSE Chapter 7 Exam Online

RSE -- Chapter 7 Exam

Time limit: 0

Quiz-summary

0 of 24 questions completed

Questions:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

Information

RSE — Chapter 7 Exam

You have already completed the quiz before. Hence you can not start it again.

Quiz is loading...

You must sign in or sign up to start the quiz.

You have to finish following quiz, to start this quiz:

Results

0 of 24 questions answered correctly

Your time:

Time has elapsed

You have reached 0 of 0 points, (0)

Average score
Your score

Categories

Not categorized 0%

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

Answered
Review

Question 1 of 24

1. Question
1 points
In which configuration would an outbound ACL placement be preferred over an inbound ACL placement?
- when the ACL is applied to an outbound interface to filter packets coming from multiple inbound interfaces before the packets exit the interface
- when a router has more than one ACL
- when an outbound ACL is closer to the source of the traffic flow
- when an interface is filtered by an outbound ACL and the network attached to the interface is the source network being filtered within the ACL
Correct

Incorrect

An outbound ACL should be utilized when the same ACL filtering rules will be applied to packets coming from more than one inbound interface before exiting a single outbound interface. The outbound ACL will be applied on the single outbound interface.

Hint

An outbound ACL should be utilized when the same ACL filtering rules will be applied to packets coming from more than one inbound interface before exiting a single outbound interface. The outbound ACL will be applied on the single outbound interface.
Question 2 of 24

2. Question
1 points
Which address is required in the command syntax of a standard ACL?
- source MAC address
- destination MAC address
- source IP address
- destination IP address
Correct

Incorrect

The only filter that can be applied with a standard ACL is the source IP address. An extended ACL can use multiple criteria to filter traffic, such as source IP address, destination IP address, type of traffic, and type of message.

Hint

The only filter that can be applied with a standard ACL is the source IP address. An extended ACL can use multiple criteria to filter traffic, such as source IP address, destination IP address, type of traffic, and type of message.
Question 3 of 24

3. Question
1 points
Which statement describes a difference between the operation of inbound and outbound ACLs?
- In contrast to outbound ALCs, inbound ACLs can be used to filter packets with multiple criteria.
- Inbound ACLs can be used in both routers and switches but outbound ACLs can be used only on routers.
- Inbound ACLs are processed before the packets are routed while outbound ACLs are processed after the routing is completed.
- On a network interface, more than one inbound ACL can be configured but only one outbound ACL can be configured.
Correct

Incorrect

With an inbound ACL, incoming packets are processed before they are routed. With an outbound ACL, packets are first routed to the outbound interface, then they are processed. Thus processing inbound is more efficient from the router perspective. The structure, filtering methods, and limitations (on an interface, only one inbound and one outbound ACL can be configured) are the same for both types of ACLs.

Hint

With an inbound ACL, incoming packets are processed before they are routed. With an outbound ACL, packets are first routed to the outbound interface, then they are processed. Thus processing inbound is more efficient from the router perspective. The structure, filtering methods, and limitations (on an interface, only one inbound and one outbound ACL can be configured) are the same for both types of ACLs.
Question 4 of 24

4. Question
3 points
Which three statements describe ACL processing of packets? (Choose three.)
- An implicit deny any rejects any packet that does not match any ACE.
- A packet can either be rejected or forwarded as directed by the ACE that is matched.
- A packet that has been denied by one ACE can be permitted by a subsequent ACE.
- A packet that does not match the conditions of any ACE will be forwarded by default.
- Each statement is checked only until a match is detected or until the end of the ACE list.
- Each packet is compared to the conditions of every ACE in the ACL before a forwarding decision is made.
Correct

Incorrect

When a packet comes into a router that has an ACL configured on the interface, the router compares the condition of each ACE to determine if the defined criteria has been met. If met, the router takes the action defined in the ACE (allows the packet through or discards it). If the defined criteria has not been met, the router proceeds to the next ACE. An implicit deny any statement is at the end of every standard ACL.

Hint

When a packet comes into a router that has an ACL configured on the interface, the router compares the condition of each ACE to determine if the defined criteria has been met. If met, the router takes the action defined in the ACE (allows the packet through or discards it). If the defined criteria has not been met, the router proceeds to the next ACE. An implicit deny any statement is at the end of every standard ACL.
Question 5 of 24

5. Question
1 points
What single access list statement matches all of the following networks?
192.168.16.0
192.168.17.0
192.168.18.0
192.168.19.0
- access-list 10 permit 192.168.16.0 0.0.3.255
- access-list 10 permit 192.168.16.0 0.0.0.255
- access-list 10 permit 192.168.16.0 0.0.15.255
- access-list 10 permit 192.168.0.0 0.0.15.255
Correct

Incorrect

The ACL statement access-list 10 permit 192.168.16.0 0.0.3.255 will match all four network prefixes. All four prefixes have the same 22 high order bits. These 22 high order bits are matched by the network prefix and wildcard mask of 192.168.16.0 0.0.3.255.

Hint

The ACL statement access-list 10 permit 192.168.16.0 0.0.3.255 will match all four network prefixes. All four prefixes have the same 22 high order bits. These 22 high order bits are matched by the network prefix and wildcard mask of 192.168.16.0 0.0.3.255.
Question 6 of 24

6. Question
2 points
A network administrator needs to configure a standard ACL so that only the workstation of the administrator with the IP address 192.168.15.23 can access the virtual terminal of the main router. Which two configuration commands can achieve the task? (Choose two.)
- Router1(config)# access-list 10 permit host 192.168.15.23
- Router1(config)# access-list 10 permit 192.168.15.23 0.0.0.0
- Router1(config)# access-list 10 permit 192.168.15.23 0.0.0.255
- Router1(config)# access-list 10 permit 192.168.15.23 255.255.255.0
- Router1(config)# access-list 10 permit 192.168.15.23 255.255.255.255
Correct

Incorrect

To permit or deny one specific IP address, either the wildcard mask 0.0.0.0 (used after the IP address) or the wildcard mask keyword host (used before the IP address) can be used.

Hint

To permit or deny one specific IP address, either the wildcard mask 0.0.0.0 (used after the IP address) or the wildcard mask keyword host (used before the IP address) can be used.
Question 7 of 24

7. Question
1 points
If a router has two interfaces and is routing both IPv4 and IPv6 traffic, how many ACLs could be created and applied to it?
- 4
- 6
- 8
- 12
- 16
Correct

Incorrect

In calculating how many ACLs can be configured, use the rule of “three Ps”: one ACL per protocol, per direction, per interface. In this case, 2 interfaces x 2 protocols x 2 directions yields 8 possible ACLs.

Hint

In calculating how many ACLs can be configured, use the rule of “three Ps”: one ACL per protocol, per direction, per interface. In this case, 2 interfaces x 2 protocols x 2 directions yields 8 possible ACLs.
Question 8 of 24

8. Question
3 points
Which three statements are generally considered to be best practices in the placement of ACLs? (Choose three.)
- Place standard ACLs close to the source IP address of the traffic.
- Place extended ACLs close to the destination IP address of the traffic.
- Filter unwanted traffic before it travels onto a low-bandwidth link.
- Place extended ACLs close to the source IP address of the traffic.
- Place standard ACLs close to the destination IP address of the traffic.
- For every inbound ACL placed on an interface, there should be a matching outbound ACL.
Correct

Incorrect

Extended ACLs should be placed as close as possible to the source IP address, so that traffic that needs to be filtered does not cross the network and use network resources. Because standard ACLs do not specify a destination address, they should be placed as close to the destination as possible. Placing a standard ACL close to the source may have the effect of filtering all traffic, and limiting services to other hosts. Filtering unwanted traffic before it enters low-bandwidth links preserves bandwidth and supports network functionality. Decisions on placing ACLs inbound or outbound are dependent on the requirements to be met.

Hint

Extended ACLs should be placed as close as possible to the source IP address, so that traffic that needs to be filtered does not cross the network and use network resources. Because standard ACLs do not specify a destination address, they should be placed as close to the destination as possible. Placing a standard ACL close to the source may have the effect of filtering all traffic, and limiting services to other hosts. Filtering unwanted traffic before it enters low-bandwidth links preserves bandwidth and supports network functionality. Decisions on placing ACLs inbound or outbound are dependent on the requirements to be met.
Question 9 of 24

9. Question
1 points
Refer to the exhibit. Which command would be used in a standard ACL to allow only devices on the network attached to R2 G0/0 interface to access the networks attached to R1?

CCNA 2 RSE 6.0 Chapter 7 Exam Answers 2018 2019 02
- access-list 1 permit 192.168.10.0 0.0.0.63
- access-list 1 permit 192.168.10.96 0.0.0.31
- access-list 1 permit 192.168.10.0 0.0.0.255
- access-list 1 permit 192.168.10.128 0.0.0.63
Correct

Incorrect

Standard access lists only filter on the source IP address. In the design, the packets would be coming from the 192.168.10.96/27 network (the R2 G0/0 network). The correct ACL is access-list 1 permit 192.168.10.96 0.0.0.31.

Hint

Standard access lists only filter on the source IP address. In the design, the packets would be coming from the 192.168.10.96/27 network (the R2 G0/0 network). The correct ACL is access-list 1 permit 192.168.10.96 0.0.0.31.
Question 10 of 24

10. Question
1 points
Refer to the exhibit. If the network administrator created a standard ACL that allows only devices that connect to the R2 G0/0 network access to the devices on the R1 G0/1 interface, how should the ACL be applied?

CCNA 2 RSE 6.0 Chapter 7 Exam Answers 2018 2019 03
- inbound on the R2 G0/0 interface
- outbound on the R1 G0/1 interface
- inbound on the R1 G0/1 interface
- outbound on the R2 S0/0/1 interface
Correct

Incorrect

Because standard access lists only filter on the source IP address, they are commonly placed closest to the destination network. In this example, the source packets will be coming from the R2 G0/0 network. The destination is the R1 G0/1 network. The proper ACL placement is outbound on the R1 G0/1 interface.

Hint

Because standard access lists only filter on the source IP address, they are commonly placed closest to the destination network. In this example, the source packets will be coming from the R2 G0/0 network. The destination is the R1 G0/1 network. The proper ACL placement is outbound on the R1 G0/1 interface.
Question 11 of 24

11. Question
1 points
Refer to the following output. What is the significance of the 4 match(es) statement?

R1# <output omitted>
10 permit 192.168.1.56 0.0.0.7
20 permit 192.168.1.64 0.0.0.63 (4 match(es))
30 deny any (8 match(es))
- Four packets have been denied that have been sourced from any IP address.
- Four packets have been denied that are destined for the 192.168.1.64 network.
- Four packets have been allowed through the router from PCs in the network of 192.168.1.64.
- Four packets have been allowed through the router to reach the destination network of 192.168.1.64/26.
Correct

Incorrect

The show access-lists command shows how many packets have met the criteria for each ACE in terms of a specific number of “matches.”

Hint

The show access-lists command shows how many packets have met the criteria for each ACE in terms of a specific number of “matches.”
Question 12 of 24

12. Question
1 points
On which router should the show access-lists command be executed?
- on the router that routes the packet referenced in the ACL to the final destination network
- on the router that routes the packet referenced in the ACL from the source network
- on any router through which the packet referenced in the ACL travels
- on the router that has the ACL configured
Correct

Incorrect

The show access-lists command is only relevant to traffic passing through the router on which the ACL is configured.

Hint

The show access-lists command is only relevant to traffic passing through the router on which the ACL is configured.
Question 13 of 24

13. Question
1 points
What is the quickest way to remove a single ACE from a named ACL?
- Use the no keyword and the sequence number of the ACE to be removed.
- Use the no access-list command to remove the entire ACL, then recreate it without the ACE.
- Copy the ACL into a text editor, remove the ACE, then copy the ACL back into the router.
- Create a new ACL with a different number and apply the new ACL to the router interface.
Correct

Incorrect

Named ACL ACEs can be removed using the no command followed by the sequence number.

Hint

Named ACL ACEs can be removed using the no command followed by the sequence number.
Question 14 of 24

14. Question
1 points
An administrator has configured an access list on R1 to allow SSH administrative access from host 172.16.1.100. Which command correctly applies the ACL?
- R1(config-if)# ip access-group 1 in
- R1(config-if)# ip access-group 1 out
- R1(config-line)# access-class 1 in
- R1(config-line)# access-class 1 out
Correct

Incorrect

Administrative access over SSH to the router is through the vty lines. Therefore, the ACL must be applied to those lines in the inbound direction. This is accomplished by entering line configuration mode and issuing the access-class command.

Hint

Administrative access over SSH to the router is through the vty lines. Therefore, the ACL must be applied to those lines in the inbound direction. This is accomplished by entering line configuration mode and issuing the access-class command.
Question 15 of 24

15. Question
1 points
Which type of router connection can be secured by the access-class command?
- vty
- console
- serial
- Ethernet
Correct

Incorrect

Access to vty lines can be filtered with an ACL and applied using the access-class in command.

Hint

Access to vty lines can be filtered with an ACL and applied using the access-class in command.
Question 16 of 24

16. Question
1 points
Consider the following output for an ACL that has been applied to a router via the access-class in command. What can a network administrator determine from the output that is shown?

R1# <output omitted>
Standard IP access list 2
10 permit 192.168.10.0, wildcard bits 0.0.0.255 (2 matches)
20 deny any (1 match)
- Two devices connected to the router have IP addresses of 192.168.10.x.
- Traffic from one device was not allowed to come into one router port and be routed outbound a different router port.
- Two devices were able to use SSH or Telnet to gain access to the router.
- Traffic from two devices was allowed to enter one router port and be routed outbound to a different router port.
Correct

Incorrect

The access-class command is used only on VTY ports. VTY ports support Telnet and/or SSH traffic. The match permit ACE is how many attempts were allowed using the VTY ports. The match deny ACE shows that a device from a network other than 192.168.10.0 was not allowed to access the router through the VTY ports.

Hint

The access-class command is used only on VTY ports. VTY ports support Telnet and/or SSH traffic. The match permit ACE is how many attempts were allowed using the VTY ports. The match deny ACE shows that a device from a network other than 192.168.10.0 was not allowed to access the router through the VTY ports.
Question 17 of 24

17. Question
1 points
Refer to the exhibit. A router has an existing ACL that permits all traffic from the 172.16.0.0 network. The administrator attempts to add a new ACE to the ACL that denies packets from host 172.16.0.1 and receives the error message that is shown in the exhibit. What action can the administrator take to block packets from host 172.16.0.1 while still permitting all other traffic from the 172.16.0.0 network?

CCNA 2 RSE 6.0 Chapter 7 Exam Answers 2018 2019 05
- Manually add the new deny ACE with a sequence number of 5.
- Manually add the new deny ACE with a sequence number of 15.
- Create a second access list denying the host and apply it to the same interface.
- Add a deny any any ACE to access-list 1.
Correct

Incorrect

Because the new deny ACE is a host address that falls within the existing 172.16.0.0 network that is permitted, the router rejects the command and displays an error message. For the new deny ACE to take effect, it must be manually configured by the administrator with a sequence number that is less than 10.

Hint

Because the new deny ACE is a host address that falls within the existing 172.16.0.0 network that is permitted, the router rejects the command and displays an error message. For the new deny ACE to take effect, it must be manually configured by the administrator with a sequence number that is less than 10.
Question 18 of 24

18. Question
1 points
Refer to the exhibit. An ACL was configured on R1 with the intention of denying traffic from subnet 172.16.4.0/24 into subnet 172.16.3.0/24. All other traffic into subnet 172.16.3.0/24 should be permitted. This standard ACL was then applied outbound on interface Fa0/0. Which conclusion can be drawn from this configuration?

CCNA 2 RSE 6.0 Chapter 7 Exam Answers 2018 2019 01
- Only traffic from the 172.16.4.0/24 subnet is blocked, and all other traffic is allowed.
- An extended ACL must be used in this situation.
- The ACL should be applied to the FastEthernet 0/0 interface of R1 inbound to accomplish the requirements.
- All traffic will be blocked, not just traffic from the 172.16.4.0/24 subnet.
- The ACL should be applied outbound on all interfaces of R1.
Correct

Incorrect

Because of the implicit deny at the end of all ACLs, the access-list 1 permit any command must be included to ensure that only traffic from the 172.16.4.0/24 subnet is blocked and that all other traffic is allowed.

Hint

Because of the implicit deny at the end of all ACLs, the access-list 1 permit any command must be included to ensure that only traffic from the 172.16.4.0/24 subnet is blocked and that all other traffic is allowed.
Question 19 of 24

19. Question
1 points
Refer to the exhibit. What will happen to the access list 10 ACEs if the router is rebooted before any other commands are implemented?

CCNA 2 RSE 6.0 Chapter 7 Exam Answers 2018 2019 04
- The ACEs of access list 10 will be deleted.
- The ACEs of access list 10 will not be affected.
- The ACEs of access list 10 will be renumbered.
- The ACEs of access list 10 wildcard masks will be converted to subnet masks.
Correct

Incorrect

After a reboot, access list entries will be renumbered to allow host statements to be listed first and thus more efficiently processed by the Cisco IOS.

Hint

After a reboot, access list entries will be renumbered to allow host statements to be listed first and thus more efficiently processed by the Cisco IOS.
Question 20 of 24

20. Question
1 points
What is the effect of configuring an ACL with only ACEs that deny traffic?
- The ACL will permit any traffic that is not specifically denied.
- The ACL will block all traffic.
- The ACL must be applied inbound only.
- The ACL must be applied outbound only.
Correct

Incorrect

Because there is a deny any ACE at the end of every standard ACL, the effect of having all deny statements is that all traffic will be denied regardless of the direction in which the ACL is applied.

Hint

Because there is a deny any ACE at the end of every standard ACL, the effect of having all deny statements is that all traffic will be denied regardless of the direction in which the ACL is applied.
Question 21 of 24

21. Question
1 points
Which type of ACL statements are commonly reordered by the Cisco IOS as the first ACEs?
- host
- range
- permit any
- lowest sequence number
Correct

Incorrect

ACEs are commonly reordered from the way they were entered by the network administrator. The ACEs that have host criteria such as in the statement permit host 192.168.10.5, are reordered as the first statements because they are the most specific (have the most number of bits that must match).

Hint

ACEs are commonly reordered from the way they were entered by the network administrator. The ACEs that have host criteria such as in the statement permit host 192.168.10.5, are reordered as the first statements because they are the most specific (have the most number of bits that must match).
Question 22 of 24

22. Question
1 points
A network administrator is configuring an ACL to restrict access to certain servers in the data center. The intent is to apply the ACL to the interface connected to the data center LAN. What happens if the ACL is incorrectly applied to an interface in the inbound direction instead of the outbound direction?
- All traffic is denied.
- All traffic is permitted.
- The ACL does not perform as designed.
- The ACL will analyze traffic after it is routed to the outbound interface.
Correct

Incorrect

Always test an ACL to ensure that it performs as it was designed. Applying an ACL that is applied using the ip access-group in command instead of using the ip access-group out command is not going to work as designed.

Hint

Always test an ACL to ensure that it performs as it was designed. Applying an ACL that is applied using the ip access-group in command instead of using the ip access-group out command is not going to work as designed.
Question 23 of 24

23. Question
1 points
When would a network administrator use the clear access-list counters command?
- when obtaining a baseline
- when buffer memory is low
- when an ACE is deleted from an ACL
- when troubleshooting an ACL and needing to know how many packets matched
Correct

Incorrect

The clear access-list counters command is used to reset all numbers relating to ACE match conditions that have been made within a particular ACE. The command is useful when troubleshooting an ACL that has recently been deployed.

Hint

The clear access-list counters command is used to reset all numbers relating to ACE match conditions that have been made within a particular ACE. The command is useful when troubleshooting an ACL that has recently been deployed.

Question 24 of 24

24. Question

5 points

Match each statement with the example subnet and wildcard that it describes. (Not all options are used.)

Sort elements

192.168.15.65 255.255.255.240
192.168.15.144 0.0.0.15
host 192.168.15.12
192.168.5.0 0.0.3.255
192.168.3.64 0.0.0.7
192.168.100.63 255.255.255.192

the first valid host address in a subnet

subnetwork address of a subnet with 14 valid host addresses

all IP address bits must match exactly

hosts in a subnet with the subnet mask 255.255.252.0

addresses with a subnet mask of 255.255.255.248

Correct

Incorrect

Converting the wildcard mask 0.0.3.255 to binary and subtracting it from 255.255.255.255 yields a subnet mask of 255.255.252.0.
Using the host parameter in a wildcard mask requires that all bits match the given address.
192.168.15.65 is the first valid host address in a subnetwork beginning with the subnetwork address 192.168.15.64. The subnet mask contains 4 host bits, yielding subnets with 16 addresses.
192.168.15.144 is a valid subnetwork address in a similar subnetwork. Change the wildcard mask 0.0.0.15 to binary and subtract it from 255.255.255.255, and the resulting subnet mask is 255.255.255.240.
192.168.3.64 is a subnetwork address in a subnet with 8 addresses. Convert 0.0.0.7 to binary and subtract it from 255.255.255.255, and the resulting subnet mask is 255.255.255.248. That mask contains 3 host bits, and yields 8 addresses.

Hint

Converting the wildcard mask 0.0.3.255 to binary and subtracting it from 255.255.255.255 yields a subnet mask of 255.255.252.0.
Using the host parameter in a wildcard mask requires that all bits match the given address.
192.168.15.65 is the first valid host address in a subnetwork beginning with the subnetwork address 192.168.15.64. The subnet mask contains 4 host bits, yielding subnets with 16 addresses.
192.168.15.144 is a valid subnetwork address in a similar subnetwork. Change the wildcard mask 0.0.0.15 to binary and subtract it from 255.255.255.255, and the resulting subnet mask is 255.255.255.240.
192.168.3.64 is a subnetwork address in a subnet with 8 addresses. Convert 0.0.0.7 to binary and subtract it from 255.255.255.255, and the resulting subnet mask is 255.255.255.248. That mask contains 3 host bits, and yields 8 addresses.

Search for:

CCNA1 v7
CCNA2 v7
CCNA3 v7

System Test Exam Answers

Modules 1 – 3 Exam Answers

Modules 4 – 7 Exam Answers

Modules 8 – 10 Exam Answers

Modules 11 – 13 Exam Answers

Modules 14 – 15 Exam Answers

Modules 16 – 17 Exam Answers

Practice Final – ITN Answers

Course Feedback

ITN Practice PT Skills Assessment (PTSA)

Final Exam Answers

Modules 1 – 4 Exam Answers

Modules 5 – 6 Exam Answers

Modules 7 – 9 Exam Answers

Modules 10 – 13 Exam Answers

Modules 14 – 16 Exam Answers

ITN Practice Skills Assessment – PT Answers

SRWE Practice Skills Assessment – PT Part 1 Answers

SRWE Practice Skills Assessment – PT Part 2 Answers

SRWE Hands On Skills Exam Answers

SRWE Practice Final Exam Answers

SRWE Final Exam Answers

Modules 1 – 2 Exam Answers

Modules 3 – 5 Exam Answers

Modules 6 – 8 Exam Answers

Modules 9 – 12 Exam Answers

Modules 13 – 14 Exam Answers

ITN Practice PT Skills Assessment (PTSA) Answers

SRWE Practice PT Skills Assessment (PTSA) – Part 1 Answers

SRWE Practice PT Skills Assessment (PTSA) – Part 2 Answers

ENSA Practice PT Skills Assessment (PTSA) Answers

ENSA Hands On Skills Exam Answers

Practice Final – ENSA Answers

ENSA Final Exam Answers

CCNA Certification Practice Exam Answers

Copyright © 2023 PressExam.