350-401 Practice Questions
30 questions from this objective
A network engineer runs the following command on Router R1:
R1# show access-lists
Extended IP access list 101
10 permit tcp host 10.1.1.1 host 192.168.1.100 eq 80 (4 matches)
20 deny tcp any host 192.168.1.100 eq 80 (12 matches)
30 permit ip any any (8 matches)Based on this output, what can be concluded?
A network engineer runs the following command on Router R1:
R1# show policy-map control-plane
Control Plane
Service-policy input: CoPP-POLICY
Class-map: ICMP-CLASS (match-all) 10 packets, 1000 bytes 5 minute offered rate 0 bps Match: access-group name ICMP-ACL police: cir 8000 bps, bc 1500 bytes, be 1500 bytes conformed 10 packets, 1000 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop violated 0 packets, 0 bytes; actions: drop
Class-map: SSH-CLASS (match-all) 5 packets, 500 bytes 5 minute offered rate 0 bps Match: access-group name SSH-ACL police: cir 16000 bps, bc 3000 bytes, be 3000 bytes conformed 5 packets, 500 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop violated 0 packets, 0 bytes; actions: drop
Class-map: class-default (match-any) 20 packets, 2000 bytes 5 minute offered rate 0 bps Match: any police: cir 64000 bps, bc 8000 bytes, be 8000 bytes conformed 20 packets, 2000 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop violated 0 packets, 0 bytes; actions: drop
Based on this output, what can be concluded?
A network engineer runs the following command on Router R1:
R1# show ip interface GigabitEthernet0/0 | include access list
Inbound access list is 101 Outbound access list is not set
R1# show access-lists 101
Extended IP access list 101
10 permit tcp 192.168.1.0 0.0.0.255 any eq 80 (100 matches)
20 deny tcp any any eq 80 (50 matches)
30 permit ip any any (200 matches)Based on this output, what can be concluded?
A network engineer runs the following command on Router R1:
R1# show ip access-lists
Extended IP access list 120
10 permit tcp 10.0.0.0 0.255.255.255 any eq 22 (5 matches)
20 permit tcp 172.16.0.0 0.0.255.255 any eq 22 (3 matches)
30 deny tcp any any eq 22 (2 matches)
40 permit ip any any (10 matches)Based on this output, what can be concluded?
A network engineer runs the following command on Router R1:
R1# show access-lists 130
Extended IP access list 130
10 permit icmp host 10.1.1.1 any echo (8 matches)
20 permit icmp host 10.1.1.1 any echo-reply (5 matches)
30 deny icmp any any (3 matches)
40 permit ip any any (12 matches)Based on this output, what can be concluded?
A network engineer runs the following command on Router R1:
R1# show policy-map control-plane
Control Plane
Service-policy input: CoPP-POLICY
Class-map: MGMT-CLASS (match-all) 100 packets, 5000 bytes 5 minute offered rate 1000 bps Match: access-group name MGMT-ACL police: cir 32000 bps, bc 4000 bytes, be 4000 bytes conformed 80 packets, 4000 bytes; actions: transmit exceeded 15 packets, 750 bytes; actions: drop violated 5 packets, 250 bytes; actions: drop
Class-map: class-default (match-any) 200 packets, 10000 bytes 5 minute offered rate 2000 bps Match: any police: cir 64000 bps, bc 8000 bytes, be 8000 bytes conformed 200 packets, 10000 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop violated 0 packets, 0 bytes; actions: drop
Based on this output, what can be concluded?
A network engineer runs the following command on Router R1:
R1# show ip interface GigabitEthernet0/1 | include access list
Inbound access list is not set Outbound access list is 140
R1# show access-lists 140
Extended IP access list 140
10 permit tcp 192.168.1.0 0.0.0.255 any eq 443 (25 matches)
20 deny tcp any any eq 443 (10 matches)
30 permit ip any any (50 matches)Based on this output, what can be concluded?
A network engineer runs the following command on Router R1:
R1# show ip access-lists
Extended IP access list 150
10 permit tcp 10.0.0.0 0.255.255.255 any eq 23 (2 matches)
20 deny tcp any any eq 23 (8 matches)
30 permit tcp 172.16.0.0 0.0.255.255 any eq 22 (4 matches)
40 deny tcp any any eq 22 (1 match)
50 permit ip any any (15 matches)Based on this output, what can be concluded?
A network engineer runs the following command on Router R1:
R1# show policy-map control-plane
Control Plane
Service-policy input: CoPP-POLICY
Class-map: BGP-CLASS (match-all) 50 packets, 2500 bytes 5 minute offered rate 500 bps Match: access-group name BGP-ACL police: cir 64000 bps, bc 8000 bytes, be 8000 bytes conformed 50 packets, 2500 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop violated 0 packets, 0 bytes; actions: drop
Class-map: SNMP-CLASS (match-all) 200 packets, 10000 bytes 5 minute offered rate 2000 bps Match: access-group name SNMP-ACL police: cir 16000 bps, bc 2000 bytes, be 2000 bytes conformed 150 packets, 7500 bytes; actions: transmit exceeded 40 packets, 2000 bytes; actions: drop violated 10 packets, 500 bytes; actions: drop
Class-map: class-default (match-any) 100 packets, 5000 bytes 5 minute offered rate 1000 bps Match: any police: cir 32000 bps, bc 4000 bytes, be 4000 bytes conformed 100 packets, 5000 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop violated 0 packets, 0 bytes; actions: drop
Based on this output, what can be concluded?
Examine the following configuration snippet:
interface GigabitEthernet0/1 ip access-group FILTER_IN in
!
ip access-list extended FILTER_IN deny icmp any any echo permit ip any any
What is the effect of this configuration?
Consider the following configuration:
ip access-list extended BLOCK_TELNET deny tcp any any eq 23 permit ip any any
!
interface GigabitEthernet0/2 ip access-group BLOCK_TELNET out
Which statement is true?
Given the following CoPP configuration:
class-map match-all COPP_ICMP match access-group name ICMP_ACL ! policy-map COPP_POLICY
class COPP_ICMP
police 8000 conform-action transmit exceed-action drop ! control-plane service-policy input COPP_POLICY
What is the effect?
Review the ACL configuration:
ip access-list extended TEST permit tcp 192.168.1.0 0.0.0.255 any eq 80 permit tcp 192.168.1.0 0.0.0.255 any eq
443
deny ip any any
!
interface GigabitEthernet0/3 ip access-group TEST in
What is missing or incorrect?
Examine the CoPP configuration:
class-map match-any COPP_SSH match access-group name SSH_ACL ! policy-map COPP_POLICY
class COPP_SSH
police 10000 conform-action transmit exceed-action drop
class class-default
police 5000 conform-action transmit exceed-action drop ! control-plane service-policy input COPP_POLICY
Which statement is true?
Given the following configuration:
ip access-list extended FILTER permit tcp any host 10.1.1.1 eq 22 permit icmp any any echo-reply
!
interface GigabitEthernet0/4 ip access-group FILTER in
What traffic is permitted?
More ACLs and CoPP questions available in the full practice test.
Continue Practising →