R4RIN – MCQs, Mock Tests | Computer Hardware and Networking Network Security Multiple Choice questions

Which of the following is true regarding access lists applied to an interface?

1. Which of the following is true regarding access lists applied to an interface?
2. You can apply only one access list on any interface.
3. One access list may be configured, per direction, for each layer 3 protocol configured on an interface.
4. You can apply two access lists to any interface.

✅ Correct Answer: 3

Which command would you use to apply an access list to a router interface?

1. ip access-list 101 out
2. access-list ip 101 in
3. ip access-group 101 in
4. access-group ip 101 in

✅ Correct Answer: 3

Which of the following is an example of a standard IP access list?

1. access-list 110 permit host 1.1.1.1
2. access-list 1 deny 172.16.10.1 0.0.0.0
3. access-list 1 permit 172.16.10.1 255.255.0.0
4. access-list standard 1.1.1.1

✅ Correct Answer: 2

Which of the following is an example of a standard IP access list? A. B. C. D.

1. access-list 110 permit host 1.1.1.1
2. access-list 1 deny 172.16.10.1 0.0.0.0
3. access-list 1 permit 172.16.10.1 255.255.0.0
4. access-list standard 1.1.1.1

✅ Correct Answer: 2

You need to create an access list that will prevent hosts in the network range of 192.168.160.0 to 192.168.191.0. Which of the following lists will you use?

1. access-list 10 deny 192.168.160.0 255.255.224.0
2. access-list 10 deny 192.168.160.0 0.0.191.255
3. access-list 10 deny 192.168.160.0 0.0.31.255
4. access-list 10 deny 192.168.0.0 0.0.31.255

✅ Correct Answer: 3

You are working on a router that has established privilege levels that restrict access to certain functions. You discover that you are not able to execute the commandshow running-configuration. How can you view and confirm the access lists that have been applied to the Ethernet 0 interface on your router?

1. show access-lists
2. show interface Ethernet 0
3. show ip access-lists
4. show ip interface Ethernet 0

✅ Correct Answer: 4

What command will permit SMTP mail to only host 1.1.1.1?

1. access-list 10 permit smtp host 1.1.1.1
2. access-list 110 permit ip smtp host 1.1.1.1
3. access-list 10 permit tcp any host 1.1.1.1 eq smtp
4. access-list 110 permit tcp any host 1.1.1.1 eq smtp

✅ Correct Answer: 4

You want to create a standard access list that denies the subnet of the following host: 172.16.50.172/20. Which of the following would you start your list with?

1. access-list 10 deny 172.16.48.0 255.255.240.0
2. access-list 10 deny 172.16.0.0 0.0.255.255
3. access-list 10 deny 172.16.64.0 0.0.31.255
4. access-list 10 deny 172.16.48.0 0.0.15.255

✅ Correct Answer: 4

What router command allows you to determine whether an IP access list is enabled on a particular interface?

1. show ip port
2. show access-lists
3. show ip interface
4. show access-lists interface

✅ Correct Answer: 3

You have created a named access list called Blocksales. Which of the following is a valid command for applying this to packets trying to enter interface s0 of your router?

1. (config)# ip access-group 110 in
2. (config-if)# ip access-group 110 in
3. (config-if)# ip access-group Blocksales in
4. (config-if)# blocksales ip access-list in

✅ Correct Answer: 3

You want to create a standard access list that denies the subnet of the following host: 172.16.144.17/21. Which of the following would you start your list with?

1. access-list 10 deny 172.16.48.0 255.255.240.0
2. access-list 10 deny 172.16.144.0 0.0.7.255
3. access-list 10 deny 172.16.64.0 0.0.31.255
4. access-list 10 deny 172.16.136.0 0.0.15.255

✅ Correct Answer: 2

You configure the following access list: access-list 110 deny tcp 10.1.1.128 0.0.0.63 any eq smtp access-list 110 deny tcp any eq 23 int ethernet 0 ip access-group 110 out What will the result of this access list be?

1. Email and Telnet will be allowed out E0.
2. Email and Telnet will be allowed in E0.
3. Everything but email and Telnet will be allowed out E0
4. No IP traffic will be allowed out E0.

✅ Correct Answer: 4

You want to create a standard access list that denies the subnet of the following host: 172.16.198.94/19. Which of the following would you start your list with?

1. access-list 10 deny 172.16.192.0 0.0.31.255
2. access-list 10 deny 172.16.0.0 0.0.255.255
3. access-list 10 deny 172.16.172.0 0.0.31.255
4. access-list 10 deny 172.16.188.0 0.0.15.255

✅ Correct Answer: 1

If you wanted to deny all Telnet connections to only network 192.168.10.0, which command could you use?

1. If you wanted to deny all Telnet connections to only network 192.168.10.0, which command could you use?
2. access-list 100 deny tcp 192.168.10.0 0.255.255.255 eq telnet
3. access-list 100 deny tcp any 192.168.10.0 0.0.0.255 eq 23
4. access-list 100 deny 192.168.10.0 0.0.0.255 any eq 23

✅ Correct Answer: 3

Which router command allows you to view the entire contents of all access lists?

1. Router# show interface
2. Router> show ip interface
3. Router# show access-lists
4. Router> show all access-lists

✅ Correct Answer: 3

Which of the following access lists will allow only HTTP traffic into network 196.15.7.0?

1. access-list 100 permit tcp any 196.15.7.0 0.0.0.255 eq www
2. access-list 10 deny tcp any 196.15.7.0 eq www
3. access-list 100 permit 196.15.7.0 0.0.0.255 eq www
4. access-list 110 permit ip any 196.15.7.0 0.0.0.255

✅ Correct Answer: 1

Which of the following are valid ways to refer only to host 172.16.30.55 in an IP access list? 1. 172.16.30.55 0.0.0.255 2. 172.16.30.55 0.0.0.0 3. any 172.16.30.55 4. host 172.16.30.55 5. 0.0.0.0 172.16.30.55 6. ip any 172.16.30.55

1. 1 and 4
2. 2 and 4
3. 1, 4 and 6
4. 3 and 5

✅ Correct Answer: 2

If you wanted to deny FTP access from network 200.200.10.0 to network 200.199.11.0 but allow everything else, which of the following command strings is valid?

1. access-list 110 deny 200.200.10.0 to network 200.199.11.0 eq ftp access-list 111 permit ip any 0.0.0.0 255.255.255.255
2. access-list 1 deny ftp 200.200.10.0 200.199.11.0 any any
3. access-list 100 deny tcp 200.200.10.0 0.0.0.255 200.199.11.0 0.0.0.255 eq ftp
4. access-list 198 deny tcp 200.200.10.0 0.0.0.255 200.199.11.0 0.0.0.255 eq ftp access-list 198 permit ip any 0.0.0.0 255.255.255.255

✅ Correct Answer: 4

Which of the following series of commands will restrict Telnet access to the router?

1. Lab_A(config)#access-list 10 permit 172.16.1.1 Lab_A(config)#line con 0 Lab_A(config-line)#ip access-group 10 in
2. Lab_A(config)#access-list 10 permit 172.16.1.1 Lab_A(config)#line vty 0 4 Lab_A(config-line)#access-class 10 out
3. Lab_A(config)#access-list 10 permit 172.16.1.1 Lab_A(config)#line vty 0 4 Lab_A(config-line)#access-class 10 in
4. Lab_A(config)#access-list 10 permit 172.16.1.1 Lab_A(config)#line vty 0 4 Lab_A(config-line)#ip access-group 10 in

✅ Correct Answer: 3

Which of the following commands connect access list 110 inbound to interface ethernet0?

1. Router(config)# ip access-group 110 in
2. Router(config)# ip access-list 110 in
3. Router(config-if)# ip access-group 110 in
4. Router(config-if)# ip access-list 110 in

✅ Correct Answer: 3

What is the standard IANA port number used for requesting web pages?

1. 80
2. 53
3. 21
4. 25

✅ Correct Answer: 1

A high profile company has been receiving a high volume of attacks on their website. The network administrator wants to be able to collect information on the attacker(s) so legal action can be taken. What should be implementated?

1. A DMZ (Demilitarized Zone)
2. A honey pot
3. A firewall
4. A new subnet

✅ Correct Answer: 2

What Directive would you use to block access to certain domains if you are using Apache as a proxy server?

1. ProxyBlock baddomain.com
2. Block baddomain.com
3. Deny baddomain.com
4. Apache’s proxy server implementation has no mechanism to block access to a specific domain.

✅ Correct Answer: 1

Wireless Application Protocol (WAP) has several layers. Which of the following is the security layer?

1. Wireless Security Layer (WSL)
2. Wireless Transport Layer (WTL)
3. Wireless Transport Layer Security (WTLS)
4. Wireless Security Layer Transport (WSLT)

✅ Correct Answer: 3

Why would you configure virtual hosting with a single daemon rather than multiple daemons?

1. If the machine services large numbers of request and performance is a concern.
2. To simplify the restart process
3. To improve security
4. None of the above

✅ Correct Answer: 2

Which of these is NOT a type of firewall?

1. Stateful Query
2. Application Proxy
3. Static packet filtering
4. Transparent Proxy

✅ Correct Answer: 4

Are “Secure” servers really secured?

1. Yes. They are secure.
2. Yes. SSL and other technologies make Secure Servers as secure as possible?
3. No. They do not provide client security.
4. No. They provide only encryption for documents in transit.

✅ Correct Answer: 4

As a security measure, you change the TCP port in FTP Site Properties to 19,960. Some users complain that they are unable to access the FTP site. What might be the cause of the problem?

1. You cannot set the TCP port to a number above 1023.
2. The users having problems are still accessing port number 21.
3. The users must access port number 80
4. You cannot set the TCP port to an even number.

✅ Correct Answer: 2

One way to limit hostile sniffing on a LAN (Local Area Network) is by installing:

1. An ethernet switch
2. A firewall
3. An ethernet hub
4. A CSU/DSU (Channel Service Unit/Data Service Unit)

✅ Correct Answer: 1

What does favicon.ico in a webserver’s log indicate?

1. In MSIE v.5, when a user adds a link to his bookmarks, or drags the link to his desktop, the browser attempts to retrieve an icon for the URL.
2. Web search engines frequently give higher ranking to sites that keep icons for their service on the front page.
3. The “favicon.ico” is a hacker trinket meant to mark servers on which a hacker has “got root” for his friends.
4. Somebody has probed the webserver looking for a mis-configured FrontPage implementation.

✅ Correct Answer: 3

What does “chmod 1777 ./” do?

1. Modifies all files in the current working directory so that they can be deleted.
2. Changes the directory date to 1777; commonly used by hackers to cover changes. Lets any user delete the files, but not create new ones.
3. Freezes all files in the current working directory so that they cannot be modified.
4. Sets the permissions on the current working directory to rwxrwxrwt on a Unix filesystem.

✅ Correct Answer: 4