RE: Access-list , Cisco exam question [7:41]
You would be correct sir. Somehow I did not read that answer correctly _three_ times. Sorry bout the incorrect answer -Original Message- From: Tony van Ree [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 10, 2001 3:49 PM To: COULOMBE. TROY; [EMAIL PROTECTED] Subject: RE: Access-list , Cisco exam question [7:41] Hi, I would answer a. telnet sessions will be denied if initiated from any address other than 172.16.0.0 network Afterall the access list specifically says permit those sessions established by the 172.16.0.0 network and nothing else is specified therefore I would assume the implicit deny at this point. Just a thought. Teunis Hobart, Tasmania Australia On Tuesday, April 10, 2001 at 12:32:08 PM, COULOMBE. TROY wrote: Poorly worded, I would have answered (C); because of the keyword (to). But I guess it depends! What I see this access list doing is: allowing return packets of any telnet session established from 172.16.x.x to _any_ other network. If 172.16.x.x is an external network, then I might (struggle ) say (D). Then what the access-list is really saying, and I am assuming that it is applied on in interface as "in", is that any telnet session created from internal network to the 172.16.x.x net may come back in (established). And any telnet session created to another network (172.31.x.x) would not be allowed--return packets dropped, but the initial outgoing packet to establish the connection would go out to 172.31.x.x. If 172.16.x.x is an internal network, then I would say (C). Then the access-list would be saying, and with another assumption that it is also applied on an interface as "in", is that any telnet session return packets may come back to the 172.16.x.x (established). established : For the TCP protocol only; indicates an established connection. A match occurs if the TCP datagram has the ACK or RST bits set. The nonmatching case is that of the initial TCP datagram to form a connection. HTH, TroyC -Original Message- From: Arthur Simplina [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 10, 2001 3:49 AM To: [EMAIL PROTECTED] Subject: Access-list , Cisco exam question [7:41] What is the result of the command? access-list 101 permit tcp any 172.16.0.0 0.0.255.255 establisbed a. telnet sessions will be denied if initiated from any address other than 172.16.0.0 network b. telnet sessions will be denied to the 172.16.0.0 network only c. telnet sessions will be permitted regardless of the source address d. telnet sessions will be permitted to the 172.16.0.0 network only e. telnet sessions will be denied regardless of the source address FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] -- www.tasmail.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=222t=41 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Access-list , Cisco exam question [7:41]
Poorly worded, I would have answered (C); because of the keyword (to). But I guess it depends! What I see this access list doing is: allowing return packets of any telnet session established from 172.16.x.x to _any_ other network. If 172.16.x.x is an external network, then I might (struggle ) say (D). Then what the access-list is really saying, and I am assuming that it is applied on in interface as "in", is that any telnet session created from internal network to the 172.16.x.x net may come back in (established). And any telnet session created to another network (172.31.x.x) would not be allowed--return packets dropped, but the initial outgoing packet to establish the connection would go out to 172.31.x.x. If 172.16.x.x is an internal network, then I would say (C). Then the access-list would be saying, and with another assumption that it is also applied on an interface as "in", is that any telnet session return packets may come back to the 172.16.x.x (established). established : For the TCP protocol only; indicates an established connection. A match occurs if the TCP datagram has the ACK or RST bits set. The nonmatching case is that of the initial TCP datagram to form a connection. HTH, TroyC -Original Message- From: Arthur Simplina [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 10, 2001 3:49 AM To: [EMAIL PROTECTED] Subject: Access-list , Cisco exam question [7:41] What is the result of the command? access-list 101 permit tcp any 172.16.0.0 0.0.255.255 establisbed a. telnet sessions will be denied if initiated from any address other than 172.16.0.0 network b. telnet sessions will be denied to the 172.16.0.0 network only c. telnet sessions will be permitted regardless of the source address d. telnet sessions will be permitted to the 172.16.0.0 network only e. telnet sessions will be denied regardless of the source address FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=68t=41 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Access-list , Cisco exam question [7:41]
Hi, I would answer a. telnet sessions will be denied if initiated from any address other than 172.16.0.0 network Afterall the access list specifically says permit those sessions established by the 172.16.0.0 network and nothing else is specified therefore I would assume the implicit deny at this point. Just a thought. Teunis Hobart, Tasmania Australia On Tuesday, April 10, 2001 at 12:32:08 PM, COULOMBE. TROY wrote: Poorly worded, I would have answered (C); because of the keyword (to). But I guess it depends! What I see this access list doing is: allowing return packets of any telnet session established from 172.16.x.x to _any_ other network. If 172.16.x.x is an external network, then I might (struggle ) say (D). Then what the access-list is really saying, and I am assuming that it is applied on in interface as "in", is that any telnet session created from internal network to the 172.16.x.x net may come back in (established). And any telnet session created to another network (172.31.x.x) would not be allowed--return packets dropped, but the initial outgoing packet to establish the connection would go out to 172.31.x.x. If 172.16.x.x is an internal network, then I would say (C). Then the access-list would be saying, and with another assumption that it is also applied on an interface as "in", is that any telnet session return packets may come back to the 172.16.x.x (established). established : For the TCP protocol only; indicates an established connection. A match occurs if the TCP datagram has the ACK or RST bits set. The nonmatching case is that of the initial TCP datagram to form a connection. HTH, TroyC -Original Message- From: Arthur Simplina [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 10, 2001 3:49 AM To: [EMAIL PROTECTED] Subject: Access-list , Cisco exam question [7:41] What is the result of the command? access-list 101 permit tcp any 172.16.0.0 0.0.255.255 establisbed a. telnet sessions will be denied if initiated from any address other than 172.16.0.0 network b. telnet sessions will be denied to the 172.16.0.0 network only c. telnet sessions will be permitted regardless of the source address d. telnet sessions will be permitted to the 172.16.0.0 network only e. telnet sessions will be denied regardless of the source address FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] -- www.tasmail.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=135t=41 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
