Home > Access list Questions

Access list Questions

November 8th, 2017 Go to comments

Note: If you are not sure about Access list, please read our Access List Tutorial.

Question 1


Below is the range of standard and extended access list:

Access list type Range
Standard 1-99, 1300-1999
Extended 100-199, 2000-2699

In most cases we only need to remember 1-99 is dedicated for standard access lists while 100 to 199 is dedicated for extended access lists.

Question 2


The syntax of a named ACL is:

ip access-list {standard | extended} {name | number}

Therefore we can configure a standard acl with keyword “standard” and configure an extended acl with keyword “extended”. For example this is how to configure an named extended access-list:

Router(config)#ip access-list extended in_to_out permit tcp host host eq telnet

Question 3


Below is the range of standard and extended access list

Access list type Range
Standard 1-99, 1300-1999
Extended 100-199, 2000-2699

Question 4


We can use a dynamic access list to authenticate a remote user with a specific username and password. The authentication process is done by the router or a central access server such as a TACACS+ or RADIUS server. The configuration of dynamic ACL can be read here: http://www.cisco.com/en/US/tech/tk583/tk822/technologies_tech_note09186a0080094524.shtml

Question 5

Question 6


You can check the named access-list with the “show ip access-list” (or “show access-list”) command:

R1#show ip access-list
Standard IP access list nat_traffic
    10 permit, wildcard bits
    15 permit, wildcard bits
    20 permit, wildcard bits

We can resequence a named access-list with the command: “ip access-list resequence access-list-name starting-sequence-number increment“. For example:

R1(config)#ip access-list nat_traffic 100 10

Then we can check this access-list again:

R1#show ip access-list
Standard IP access list nat_traffic
    100 permit, wildcard bits
    110 permit, wildcard bits
    120 permit, wildcard bits

We can see the starting sequence number is now 100 and the increment is 10. But notice that resequencing an access-list cannot change the order of entries inside it but it is the best choice in this question. Adding or removing a n entry does not change the order of entries. Maybe we should understand this question “how to renumber the entries in a named access-list”.

Question 7


The range of standard ACL is 1-99, 1300-1999 so 50 and 1550 are two valid numbers.

Question 8

Question 9


The range of standard ACL is 1-99, 1300-1999 so 50 is a valid number for standard ACL.

Question 10

Question 11

Comments (15) Comments
  1. JLopesn
    February 8th, 2017

    Someone could add link for these questions ?

  2. mandy
    February 21st, 2017

    did you find it? link is mentioned in their FAQ section

  3. Anonymous
    April 11th, 2017

    hi everyone here

  4. MM
    April 24th, 2017

    Which Cisco platform can verify ACLs?
    A. Cisco Prime Infrastructure
    B. Cisco Wireless LAN Controller
    C. Cisco APIC-EM
    D. Cisco IOS-XE
    Correct Answer:B or C ??(correct ans)

  5. Anees
    April 25th, 2017

    @MM. C. Cisco APIC-EM

  6. KACS
    April 27th, 2017

    Which Cisco platform can verify ACLs?
    Answer: Cisco APIC-EM

  7. Becky
    June 21st, 2017

    For question 6, i think the correct answer should be C

    We can add change the order by adding entry at specified line.
    For example, I can specify 15 before a rule to add entry between 10 and 20

  8. Neo
    July 18th, 2017

    Where can I find the actual questions? Not sure how to efficiently use this popular website. Please advise.

  9. Latest Dumps
    August 31st, 2017

    clkmein .com/q4pyws
    Remove the space before .com. You’ll be redirected to latest dumps pdf. Enjoy.

  10. Hello
    September 9th, 2017
  11. Podranok
    September 14th, 2017

    Question 6

    Which action can change the order of entries in a named access-list?
    A. removing an entry
    B. opening the access-list in notepad
    C. adding an entry
    D. resequencing

    Answer: D

    I think this Q is wrong. Can some1 agree or deny my thoughts?

    Actually to CHANGE the order of entries we must ADD or REMOVE the entry. packetlife(dot)net/blog/2010/apr/30/resequencing-acl-entries/

    Resequencing just changes seq. numbers by some value in order to we could add new acl rule between the lines if existing seq. numbers are occupied! But it DOES NOT change THE ORDER of lines themself! itknowledgeexchange(dot)techtarget(dot)com/network-technologies/resequence-the-access-list/

    The answer should be A or C.

  12. Tanios
    November 30th, 2017

    Hello Guys,

    Anyone took the CCNA this month? is all the questions here present in the CCNA?
    I am taking it tomorrow please I need some feedback will help

  13. alfred
    December 21st, 2017

    question 2 .
    named acls can filter layer -7(application) traffic like telnet using port and protocol field typed in the syntax..
    eg :ip access-list extended 110
    deny tcp any any eq 23 .

  14. david g
    December 27th, 2017

    I cant see the questions just the answers

  15. Markos Simov
    February 22nd, 2018

    @david g You said that You just see the Questions and you can’t see Answers. You know !
    You Have to Pay !! — You Know. Sign in. 9 USD for 30 days. Subscribe. You know.

Add a Comment