640 - 607
Leading the way in IT testing and certification tools, www.testking.com
- 73 -
Q. 113
Which statement should you use to deny FTP access only from Network 210.93.105.0 to Network
223.8.151.0?
A. Access-list one deny 210.93.105.0.0.0.0.0.0 any eq ftp access-list one permit any.
B. Access-list 100 deny tcp 210.93.105.0 0.0.0.255 223.8.151.0 0.0.0.255 eq ftp
C. Access-list 100 deny ip 223.8.151.0 0.0.0.255 any eq ftp
Access-list 100 permit ip any any
D. Access-list 100 deny tcp 210.93.105.0 0.0.0.255 223.8.151.0 0.0.0.255 eq ftp
Access-list 100 permit ip any any
Answer: D
Explanation: Great care must be taken whenever an access list is configure as there is an assumption of deny
all when they do not match the access list. The proper command for configuring an extended access to deny ftp
traffic is: access-list 100 deny tcp source address destination address eq FTP. When configured this way the
access list will deny ftp traffic and permit all other.
Incorrect Answers:
A is incorrect; the entire statement has syntax problems. You use a number, not a word (one) for the access list,
and the access list for this problem needs to be an extended address list in the range of 100-199.
B is incorrect; this access list will deny access, but then any non-match falls through and will be denied.
C is incorrect; this access list denies access from 223.8.151.0 to anywhere else – this is not what the problem
asked. 223.8.151.0 is supposed to be the destination, not the source.
Steve McQuerry. Interconnecting Cisco Network Devices. (Cisco Press: 2000) pages 318-320.
Q. 114
Which network mask should you place on a class C address to accommodate a user requirement of two
sub networks with a maximum of 35 hosts on each network?
A. 255.255.255.192
B. 255.255.255.224
C. 255.255.255.240
D. 255.255.255.248
Answer: A
Explanation: For the networks, we need 2 bits. We must really accommodate for networks, because when we
subnet the formula is 2**n –2. For 35 hosts, we need a minimum of 37 hosts for the same reason, 2**n –2. We
round 37 up to the next power of 2, which is 64, and we need 6 bits for the host. We use 2+6=8 bits.