Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertifications300-410TopicsIPv4 Access Control Lists
Free · No Signup RequiredCisco · 300-410

300-410 IPv4 Access Control Lists Practice Questions

20+ practice questions focused on IPv4 Access Control Lists — one of the most tested topics on the Cisco CCNP ENARSI 300-410 exam. Each question includes a detailed explanation so you learn why the right answer is correct.

Start IPv4 Access Control Lists Practice

Exam Domains

Layer 3 TechnologiesEIGRP TroubleshootingOSPF Troubleshooting (v2/v3)BGP TroubleshootingRoute RedistributionPolicy-Based Routing (PBR)VRF-LiteAll domains →

Study Tools

Practice TestMock ExamFlashcardsAll Topics

Sample IPv4 Access Control Lists Questions

Practice all 20+ →
1.

A network engineer runs the following command on Router R1: R1# show access-lists Extended IP access list 101 10 permit tcp 192.168.1.0 0.0.0.255 any eq 80 (10 matches) 20 deny tcp any host 10.1.1.1 eq 22 (5 matches) 30 permit icmp any any (2 matches) 40 deny ip any any (1 match) Based on this output, which statement is correct?

A.Traffic matching line 10 is permitted and counted correctly.
B.All traffic is permitted because line 40 has only 1 match.
C.Line 20 denies SSH traffic to host 10.1.1.1, and 5 packets matched.
D.The ACL has no effect because it is not applied to an interface.

Explanation: Option A is correct because the ACL shows 10 matches for line 10, which permits TCP traffic from the 192.168.1.0/24 network to any destination on port 80 (HTTP). The match counter accurately reflects the number of packets that have matched this specific entry, confirming that permitted traffic is being counted correctly.

2.

A network engineer runs the following command on Router R1: R1# show ip interface GigabitEthernet0/1 GigabitEthernet0/1 is up, line protocol is up Internet address is 10.1.1.1/24 Broadcast address is 255.255.255.255 Address determined by non-volatile memory MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is disabled Outgoing access list is 101 Inbound access list is not set Based on this output, which statement is correct?

A.ACL 101 filters traffic entering the interface.
B.ACL 101 filters traffic leaving the interface.
C.The interface has no ACL applied.
D.ACL 101 is applied in both directions.

Explanation: The command output shows 'Outgoing access list is 101', which indicates that ACL 101 is applied to filter traffic leaving the GigabitEthernet0/1 interface. This is confirmed by the absence of an 'Inbound access list' entry, meaning no ACL is applied to incoming traffic. Therefore, ACL 101 filters traffic leaving the interface.

3.

A network engineer runs the following command on Router R1: R1# show ip access-lists Extended IP access list 120 10 permit tcp 10.0.0.0 0.255.255.255 any eq www (1000 matches) 20 permit udp any any eq dns (500 matches) 30 deny ip any any (200 matches) Based on this output, what is the problem?

A.The ACL is correctly permitting web and DNS traffic.
B.The ACL is blocking all traffic except web and DNS, which may be too restrictive.
C.The ACL has no effect because it is not applied.
D.The ACL allows all traffic because of the permit statements.

Explanation: Option B is correct because the ACL explicitly permits only TCP port 80 (www) and UDP port 53 (dns) traffic, while the final deny ip any any statement blocks all other traffic. With only 1000 matches for web and 500 for DNS, the ACL is likely too restrictive for a production network, as it would drop essential traffic such as routing protocols, management traffic (e.g., SSH, SNMP), or other application flows. The output shows the ACL is present and has hit counts, but its restrictive nature is the problem.

4.

A network engineer runs the following command on Router R1: R1# show ip access-lists Extended IP access list 130 10 deny ip 192.168.1.0 0.0.0.255 any (0 matches) 20 permit ip any any (1000 matches) Based on this output, which statement is correct?

A.Traffic from 192.168.1.0/24 is being denied.
B.Traffic from 192.168.1.0/24 is being permitted.
C.The ACL is blocking all traffic.
D.The ACL is misconfigured because line 10 is not needed.

Explanation: Option B is correct because the ACL processes packets sequentially: line 10 denies traffic from 192.168.1.0/24 but has 0 matches, meaning no packets from that source have been evaluated. Line 20 permits all other traffic and has 1000 matches, so traffic from 192.168.1.0/24 is implicitly permitted by the permit any any statement since it is never denied.

5.

A network engineer runs the following command on Router R1: R1# show ip access-lists Extended IP access list 140 10 deny tcp any host 10.1.1.1 eq 23 (15 matches) 20 permit tcp any host 10.1.1.1 eq 22 (20 matches) 30 permit ip any any (5 matches) Based on this output, what is the problem?

A.SSH to 10.1.1.1 is being denied.
B.Telnet to 10.1.1.1 is being denied, which may be intentional.
C.All traffic is permitted because of line 30.
D.The ACL is not applied to any interface.

Explanation: Option B is correct because the ACL explicitly denies TCP traffic to host 10.1.1.1 on port 23 (Telnet) with line 10, and the match count of 15 confirms that Telnet attempts are being blocked. While this may be intentional to enforce secure management via SSH (permitted on port 22), the question asks for the problem, and the output shows Telnet is being denied. The ACL does not block SSH (line 20 permits it), so the issue is specifically that Telnet access is denied.

+15 more IPv4 Access Control Lists questions available

Practice all IPv4 Access Control Lists questions

How to master IPv4 Access Control Lists for 300-410

1. Baseline your knowledge

Start with 10 questions to gauge your current understanding of IPv4 Access Control Lists. This tells you whether you need a concept refresher or just practice.

2. Review every explanation

For each question — right or wrong — read the full explanation. Understanding why an answer is correct is more valuable than knowing the answer itself.

3. Focus on exam traps

IPv4 Access Control Lists questions on the 300-410 frequently use trap wording. Look for subtle differences in answers that test your precision, not just general knowledge.

4. Reach 80% consistently

Do repeated sessions until you score 80%+ three times in a row. Then move to mixed-mode practice to test cross-topic recall under realistic conditions.

Frequently asked questions

How many 300-410 IPv4 Access Control Lists questions are on the real exam?

The exact number varies per candidate. IPv4 Access Control Lists is tested as part of the Cisco CCNP ENARSI 300-410 blueprint. Practicing with targeted IPv4 Access Control Lists questions ensures you can handle any format or difficulty that appears.

Are these 300-410 IPv4 Access Control Lists practice questions free?

Yes. Courseiva provides free 300-410 practice questions across all exam topics and domains. The platform includes topic-based practice, mock exams, missed-question review, bookmarked questions, and readiness tracking — no account required.

Is IPv4 Access Control Lists one of the harder 300-410 topics?

Difficulty is subjective, but IPv4 Access Control Lists is a high-priority exam concept tested in multiple ways — direct recall, scenario analysis, and command-output interpretation. Consistent practice is the best way to build confidence.

Ready to practice?

Launch a full IPv4 Access Control Lists practice session with instant scoring and detailed explanations.

Start IPv4 Access Control Lists Practice →

Topic Info

Topic

IPv4 Access Control Lists

Exam

300-410

Questions available

20+