Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

Certifications›300-410›Objectives›IPv4 Access Control Lists
Objective 302.0

IPv4 Access Control Lists

300-410 Practice Questions

Full Practice Test →All Objectives

300-410 IPv4 Access Control Lists — Practice Questions

30 questions from this objective

Question 2mediummultiple choice
Review the full routing breakdown →

A network engineer runs the following command on Router R1:

R1# show access-lists

Extended IP access list 101

10 permit tcp 192.168.1.0 0.0.0.255 any eq 80 (10 matches)
    
20 deny tcp any host 10.1.1.1 eq 22 (5 matches)
    
30 permit icmp any any (2 matches)
    
40 deny ip any any (1 match)

Based on this output, which statement is correct?

Question 3easymultiple choice
Review the full routing breakdown →

A network engineer runs the following command on Router R1:

R1# show ip interface GigabitEthernet0/1

GigabitEthernet0/1 is up, line protocol is up Internet address is 10.1.1.1/24 Broadcast address is 255.255.255.255 Address determined by non-volatile memory MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is disabled Outgoing access list is 101 Inbound access list is not set

Based on this output, which statement is correct?

Question 4mediummultiple choice
Read the full DNS explanation →

A network engineer runs the following command on Router R1:

R1# show ip access-lists

Extended IP access list 120

10 permit tcp 10.0.0.0 0.255.255.255 any eq www (1000 matches)
    
20 permit udp any any eq dns (500 matches)
    
30 deny ip any any (200 matches)

Based on this output, what is the problem?

Question 5easymultiple choice
Review the full routing breakdown →

A network engineer runs the following command on Router R1:

R1# show ip access-lists

Extended IP access list 130

10 deny ip 192.168.1.0 0.0.0.255 any (0 matches)
    
20 permit ip any any (1000 matches)

Based on this output, which statement is correct?

Question 6mediummultiple choice
Review the full routing breakdown →

A network engineer runs the following command on Router R1:

R1# show ip access-lists

Extended IP access list 140

10 deny tcp any host 10.1.1.1 eq 23 (15 matches)
    
20 permit tcp any host 10.1.1.1 eq 22 (20 matches)
    
30 permit ip any any (5 matches)

Based on this output, what is the problem?

Question 7easymultiple choice
Review the full routing breakdown →

A network engineer runs the following command on Router R1:

R1# show ip access-lists

Extended IP access list 150

10 permit ip 10.0.0.0 0.255.255.255 any (500 matches)
    
20 deny ip any any (100 matches)

Based on this output, which statement is correct?

Question 8hardmultiple choice
Review the full routing breakdown →

A network engineer runs the following command on Router R1:

R1# show ip access-lists

Extended IP access list 160

10 permit tcp any any established (200 matches)
    
20 permit udp any any (100 matches)
    
30 deny ip any any (50 matches)

Based on this output, what is the problem?

Question 9mediummultiple choice
Review the full routing breakdown →

A network engineer runs the following command on Router R1:

R1# show ip access-lists

Extended IP access list 170

10 permit icmp any any echo (100 matches)
    
20 permit icmp any any echo-reply (80 matches)
    
30 deny ip any any (10 matches)

Based on this output, which statement is correct?

Question 10mediummultiple choice
Review the full routing breakdown →

A network engineer runs the following command on Router R1:

R1# show ip access-lists

Extended IP access list 180

10 permit tcp 192.168.1.0 0.0.0.255 any eq 80 (50 matches)
    
20 permit tcp 192.168.2.0 0.0.0.255 any eq 443 (30 matches)
    
30 deny ip any any (5 matches)

Based on this output, what is the problem?

Question 11mediummultiple choice
Study the full ACL explanation →

Consider the following partial configuration on router R1: ```

interface GigabitEthernet0/1
 ip access-group MY_ACL in

!

ip access-list extended MY_ACL
 permit tcp 10.1.1.0 0.0.0.255 any eq 80
 permit icmp any any echo
 deny   ip any any

``` What is the effect of this ACL when applied inbound on GigabitEthernet0/1?

Question 12mediummultiple choice
Study the full ACL explanation →

Examine the following configuration snippet: ```

interface GigabitEthernet0/0
 ip access-group BLOCK_TELNET out

!

ip access-list extended BLOCK_TELNET
 deny tcp any any eq 23
 permit ip any any

``` What is the effect of applying this ACL outbound on GigabitEthernet0/0?

Question 13mediummultiple choice
Study the full ACL explanation →

Given the following configuration: ```

interface GigabitEthernet0/2
 ip access-group FILTER_SSH in

!

ip access-list extended FILTER_SSH
 permit tcp any host 192.168.1.10 eq 22
 permit udp any host 192.168.1.10 eq 22

``` What is the issue with this ACL?

Question 14mediummultiple choice
Review the full routing breakdown →

Consider this configuration on router R2: ```

interface GigabitEthernet0/0
 ip access-group RESTRICT_ACCESS in

!

ip access-list extended RESTRICT_ACCESS
 permit ip 10.0.0.0 0.255.255.255 any
 deny   ip any any

``` What traffic will be permitted inbound on GigabitEthernet0/0?

Question 15mediummultiple choice
Study the full ACL explanation →

Examine the following configuration: ```

interface GigabitEthernet0/3
 ip access-group WEB_ONLY out

!

ip access-list extended WEB_ONLY
 permit tcp any any eq 80
 permit tcp any any eq 443

``` What is the effect of this ACL when applied outbound on GigabitEthernet0/3?

Question 16mediummultiple choice
Study the full ACL explanation →

Given this configuration: ```

interface GigabitEthernet0/4
 ip access-group BLOCK_FTP in

!

ip access-list extended BLOCK_FTP
 deny tcp any any eq 21
 deny tcp any any eq

20

permit ip any any

``` What is the effect of this ACL when applied inbound on GigabitEthernet0/4?

Question 17easymultiple choice
Study the full ACL explanation →

What is the default behavior of an IPv4 access control list (ACL) when no explicit permit or deny statement matches a packet?

Question 18easymultiple choice
Study the full ACL explanation →

In a standard IPv4 ACL, what is the range of valid numbers for the access-list number?

Question 19mediummultiple choice
Study the full ACL explanation →

When using an extended ACL to filter traffic, which fields can be matched? (Choose the most complete answer.)

Question 20mediummulti select
Study the full ACL explanation →

Which TWO commands verify the application and content of an IPv4 access control list on a Cisco IOS router? (Choose TWO.)

Question 21mediummulti select
Study the full ACL explanation →

Which TWO statements about IPv4 extended access control lists are true? (Choose TWO.)

Question 22mediummulti select
Full question →

Which TWO configuration steps are required to apply an IPv4 extended access list to an interface in Cisco IOS? (Choose TWO.)

Question 23hardmulti select
Study the full ACL explanation →

Which THREE symptoms indicate that an IPv4 access control list may be misconfigured or not applied correctly? (Choose THREE.)

Question 24hardmulti select
Study the full ACL explanation →

Which THREE statements about IPv4 access control list sequence numbers are true? (Choose THREE.)

Question 25hardmultiple choice
Study the full EIGRP explanation →

A large enterprise network uses EIGRP with route summarization. Router R1 has the following configuration: interface GigabitEthernet0/0, ip summary-address eigrp 100 10.0.0.0 255.255.252.0. Router R2 shows: show ip route eigrp includes 10.0.0.0/22 but not 10.0.3.0/24. What is the root cause?

Question 26hardmultiple choice
Review the full OSPF breakdown →

A network redistributes OSPF into EIGRP. Router R1 has: redistribute ospf 1 metric 10000 100 255 1 1500. Router R2 shows: show ip route eigrp includes some OSPF routes but not 192.168.1.0/24. What is the root cause?

Question 27hardmultiple choice
Open the full BGP breakdown →

BGP is used between two ISPs. Router R1 has: neighbor 10.0.0.2 route-map SET-MED in, route-map SET-MED permit 10, set metric 50. Router R2 shows: show ip bgp 172.16.0.0 includes MED 50 but the path is not preferred. What is the root cause?

Question 28hardmultiple choice
Review the full OSPF breakdown →

OSPF is configured on a multi-access link between R1 and R2. R1 has: interface GigabitEthernet0/0, ip ospf network point-to-point. R2 has default broadcast network type. R1 shows: show ip ospf neighbor includes R2 in FULL state, but R2 shows: show ip ospf neighbor includes R1 in INIT state. What is the root cause?

Question 29hardmultiple choice
Study the full EIGRP explanation →

EIGRP network is experiencing stuck-in-active (SIA) routes. Router R1 shows: show ip eigrp topology active includes 10.0.0.0/24. Router R2 has: interface GigabitEthernet0/0, ip summary-address eigrp 100 10.0.0.0 255.255.255.0. What is the root cause?

Question 30hardmultiple choice
Read the full VPN explanation →

DMVPN phase 2 network: spoke-to-spoke tunnels fail. Router Spoke1 has: tunnel source GigabitEthernet0/0, tunnel mode gre multipoint, ip nhrp network-id 1, ip nhrp nhs 10.0.0.1. Router Spoke2 shows: show dmvpn includes Spoke1 in NHRP cache but no spoke-to-spoke tunnel. What is the root cause?

Question 31hardmultiple choice
Read the full MPLS explanation →

MPLS network: LDP neighbors are down between R1 and R2. R1 shows: show mpls ldp neighbor includes nothing. R2 has: interface GigabitEthernet0/0, mpls ip, but R1 has no mpls ip on its interface. What is the root cause?

More IPv4 Access Control Lists questions available in the full practice test.

Continue Practising →
←

Previous objective

Device Access Control

Next objective

IPv6 Traffic Filtering and uRPF

→

All 300-410 Objectives

  • 100.Layer 3 Technologies35%
  • 101.EIGRP Troubleshooting
  • 102.OSPF Troubleshooting (v2/v3)
  • 103.BGP Troubleshooting
  • 104.Route Redistribution
  • 105.Policy-Based Routing (PBR)
  • 106.VRF-Lite
  • 107.Route Maps and Route Filtering
  • 108.Administrative Distance
  • 109.Route Summarization
  • 110.Bidirectional Forwarding Detection (BFD)
  • 200.VPN Technologies20%
  • 201.MPLS Operations
  • 202.MPLS L3VPN
  • 203.DMVPN
  • 204.IPsec Site-to-Site VPN
  • 205.IPv6 Tunneling Techniques
  • 300.Infrastructure Security20%
  • 301.Device Access Control
  • 302.IPv4 Access Control Lists
  • 303.IPv6 Traffic Filtering and uRPF
  • 304.Control Plane Policing (CoPP)
  • 305.IPv6 First Hop Security
  • 400.Infrastructure Services25%
  • 401.Device Management
  • 402.SNMP Troubleshooting
  • 403.Network Logging and Syslog
  • 404.Embedded Event Manager (EEM)
  • 405.IP SLA
  • 406.NetFlow and Flexible NetFlow
  • 407.SPAN, RSPAN, and ERSPAN
  • 408.DHCP (IPv4 and IPv6)
  • 409.NAT and PAT