Access-List Interview Questions
Q) What is Access-List?
A: Access-List is a method of providing basic level of network security
Q) What is the Function of Access-List?
A: Access-List is going to Filter incoming as well as outgoing traffic on the router interface.
Q) What is the Default Wildcard Mask for Access-List?
A: Default Wild Card Mask for Access-List is 0.0.0.0
Q) How many Access-List's can be created on the router?
A: --> 1 per Interface
--> 1 per Direction
--> 1 per Protocol
Q) What are the advantages of Standard ACL?
A: 1) Simple Packet Filtering Purpose
2) Limiting Access on VTY lines
3) Route Filtering
4) NAT
5) Route- MAPs
Q) What are the advantages of Extended ACL?
A: 1) Complex Packet Filtering Purpose
2) Route Filtering
3)VPN
4)TCP Intercept
5) IOS Firewall
Q) What is the difference between Standard ACL and Extended ACL?
2) Standard ACL can be created using number (1-99,1300-1399) and Extended ACL can be created using number(100-199,2000-2699).
3) Two way communication is blocked in Standard ACL, One way communication is stopped in Extended ACL.
4) Standard ACL implemented near to destination, Extended ACL implemented near to Source.
Q) What is the difference between Numbered ACL and Named ACL?
A: 1) Numbered ACL is created by using number, Named ACL is created by using name,
2) Removing of specific statement is not possible in Numbered ACL, It is possible in Named ACL.
Q) What is the difference between IPV4 ACL and IPV6 ACL?
A: 1) No standard ACL in IPV6
2) No wildcard mask in IPV6 ACL
3) In IPV6 only Named ACL's are available,there is no numbered ACL.
Q) What is the difference between Access-group and Access-class command?
A: Access-group command is used to Filter traffic on the Interface ( Ethernet, Serial).
Access-class command is used to Filter traffic on Lines (Vty, Console,aux).
Q) What is the default action of ACL, if no condition matches in ACL?
A: Drop traffic
Q) Access Control Lists are Case-Sensitive or Case-Insensitive?
A: Case Sensitive
Q) Which Traffic is not filtered by ACL?
A: Traffic that is generated by the router itself, ACL is going to filter only transit traffic.
Supve !
ReplyDeleteWhat is the difference between Standard ACL and Extended ACL?
ReplyDeleteStandard ACL can be created using number (1-99.1300-1399) this is wrong it's just a typing mistake i think
the correct range is:
Standard ACL can be created using number (1-99.1300-1999).
Yes, Typing Mistake...
ReplyDeleteIf I have 2 different isp link 1 link fail how traffic will move from others link
ReplyDeleteConfigure the ISP IP in load balancing mode
DeleteIf one ISP goes down second will automatically forward traffic through it