300-410 · topic practice

IPv4 Access Control Lists practice questions

Practise Cisco CCNP ENARSI 300-410 IPv4 Access Control Lists practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: IPv4 Access Control Lists

What the exam tests

What to know about IPv4 Access Control Lists

IPv4 Access Control Lists questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common IPv4 Access Control Lists exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

IPv4 Access Control Lists questions

20 questions · select your answer, then reveal the explanation

Question 1mediummultiple choice
Study the full ACL explanation →

A network engineer runs the following command on Router R1:

R1# show access-lists

Extended IP access list 101

10 permit tcp 192.168.1.0 0.0.0.255 any eq 80 (10 matches)
    
20 deny tcp any host 10.1.1.1 eq 22 (5 matches)
    
30 permit icmp any any (2 matches)
    
40 deny ip any any (1 match)

Based on this output, which statement is correct?

Question 2easymultiple choice
Study the full ACL explanation →

A network engineer runs the following command on Router R1:

R1# show ip interface GigabitEthernet0/1

GigabitEthernet0/1 is up, line protocol is up Internet address is 10.1.1.1/24 Broadcast address is 255.255.255.255 Address determined by non-volatile memory MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is disabled Outgoing access list is 101 Inbound access list is not set

Based on this output, which statement is correct?

Question 3mediummultiple choice
Study the full ACL explanation →

A network engineer runs the following command on Router R1:

R1# show ip access-lists

Extended IP access list 120

10 permit tcp 10.0.0.0 0.255.255.255 any eq www (1000 matches)
    
20 permit udp any any eq dns (500 matches)
    
30 deny ip any any (200 matches)

Based on this output, what is the problem?

Question 4easymultiple choice
Study the full ACL explanation →

A network engineer runs the following command on Router R1:

R1# show ip access-lists

Extended IP access list 130

10 deny ip 192.168.1.0 0.0.0.255 any (0 matches)
    
20 permit ip any any (1000 matches)

Based on this output, which statement is correct?

Question 5mediummultiple choice
Study the full ACL explanation →

A network engineer runs the following command on Router R1:

R1# show ip access-lists

Extended IP access list 140

10 deny tcp any host 10.1.1.1 eq 23 (15 matches)
    
20 permit tcp any host 10.1.1.1 eq 22 (20 matches)
    
30 permit ip any any (5 matches)

Based on this output, what is the problem?

Question 6easymultiple choice
Study the full ACL explanation →

A network engineer runs the following command on Router R1:

R1# show ip access-lists

Extended IP access list 150

10 permit ip 10.0.0.0 0.255.255.255 any (500 matches)
    
20 deny ip any any (100 matches)

Based on this output, which statement is correct?

Question 7hardmultiple choice
Study the full ACL explanation →

A network engineer runs the following command on Router R1:

R1# show ip access-lists

Extended IP access list 160

10 permit tcp any any established (200 matches)
    
20 permit udp any any (100 matches)
    
30 deny ip any any (50 matches)

Based on this output, what is the problem?

Question 8mediummultiple choice
Study the full ACL explanation →

A network engineer runs the following command on Router R1:

R1# show ip access-lists

Extended IP access list 170

10 permit icmp any any echo (100 matches)
    
20 permit icmp any any echo-reply (80 matches)
    
30 deny ip any any (10 matches)

Based on this output, which statement is correct?

Question 9mediummultiple choice
Study the full ACL explanation →

A network engineer runs the following command on Router R1:

R1# show ip access-lists

Extended IP access list 180

10 permit tcp 192.168.1.0 0.0.0.255 any eq 80 (50 matches)
    
20 permit tcp 192.168.2.0 0.0.0.255 any eq 443 (30 matches)
    
30 deny ip any any (5 matches)

Based on this output, what is the problem?

Question 10mediummultiple choice
Study the full ACL explanation →

Consider the following partial configuration on router R1: ```

interface GigabitEthernet0/1
 ip access-group MY_ACL in

!

ip access-list extended MY_ACL
 permit tcp 10.1.1.0 0.0.0.255 any eq 80
 permit icmp any any echo
 deny   ip any any

``` What is the effect of this ACL when applied inbound on GigabitEthernet0/1?

Question 11mediummultiple choice
Study the full ACL explanation →

Examine the following configuration snippet: ```

interface GigabitEthernet0/0
 ip access-group BLOCK_TELNET out

!

ip access-list extended BLOCK_TELNET
 deny tcp any any eq 23
 permit ip any any

``` What is the effect of applying this ACL outbound on GigabitEthernet0/0?

Question 12mediummultiple choice
Study the full ACL explanation →

Given the following configuration: ```

interface GigabitEthernet0/2
 ip access-group FILTER_SSH in

!

ip access-list extended FILTER_SSH
 permit tcp any host 192.168.1.10 eq 22
 permit udp any host 192.168.1.10 eq 22

``` What is the issue with this ACL?

Question 13mediummultiple choice
Study the full ACL explanation →

Consider this configuration on router R2: ```

interface GigabitEthernet0/0
 ip access-group RESTRICT_ACCESS in

!

ip access-list extended RESTRICT_ACCESS
 permit ip 10.0.0.0 0.255.255.255 any
 deny   ip any any

``` What traffic will be permitted inbound on GigabitEthernet0/0?

Question 14mediummultiple choice
Study the full ACL explanation →

Examine the following configuration: ```

interface GigabitEthernet0/3
 ip access-group WEB_ONLY out

!

ip access-list extended WEB_ONLY
 permit tcp any any eq 80
 permit tcp any any eq 443

``` What is the effect of this ACL when applied outbound on GigabitEthernet0/3?

Question 15mediummultiple choice
Study the full ACL explanation →

Given this configuration: ```

interface GigabitEthernet0/4
 ip access-group BLOCK_FTP in

!

ip access-list extended BLOCK_FTP
 deny tcp any any eq 21
 deny tcp any any eq

20

permit ip any any

``` What is the effect of this ACL when applied inbound on GigabitEthernet0/4?

Question 16easymultiple choice
Study the full ACL explanation →

What is the default behavior of an IPv4 access control list (ACL) when no explicit permit or deny statement matches a packet?

Question 17easymultiple choice
Study the full ACL explanation →

In a standard IPv4 ACL, what is the range of valid numbers for the access-list number?

Question 18mediummultiple choice
Study the full ACL explanation →

When using an extended ACL to filter traffic, which fields can be matched? (Choose the most complete answer.)

Question 19mediummulti select
Study the full ACL explanation →

Which TWO commands verify the application and content of an IPv4 access control list on a Cisco IOS router? (Choose TWO.)

Question 20mediummulti select
Study the full ACL explanation →

Which TWO statements about IPv4 extended access control lists are true? (Choose TWO.)

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused IPv4 Access Control Lists sessions

Start a IPv4 Access Control Lists only practice session

Every question in these sessions is drawn from the IPv4 Access Control Lists domain — nothing else.

Related practice questions

Related 300-410 topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the 300-410 exam test about IPv4 Access Control Lists?
IPv4 Access Control Lists questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just IPv4 Access Control Lists questions in a focused session?
Yes — the session launcher on this page draws every question from the IPv4 Access Control Lists domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other 300-410 topics?
Use the topic links above to move to related areas, or go back to the 300-410 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the 300-410 exam covers. They are not copied from any real exam or dump site.