Access Control List Interview Questions & Answers

5 avg. rating (100% score) - 2 votes

Access Control List Interview Questions & Answers

Finding another job can be so cumbersome that it can turn into a job itself. If you are expertise in Java then prepare well for the job interviews to get your dream job. Here's our recommendation on the important things to need to prepare for the job interview to achieve your career goals in an easy way. An access control list (ACL) has entries of particular IP addresses which are allowed to hit the server. They are given certain rights for allowing access, denied access and more. To give access to all IP then do not mention anything for ACL. Follow our www.wisdomjobs.com for Access Control List job interview questions and answers page to get through your job interview successfully in first attempt.

Access Control List Interview Questions

Access Control List Interview Questions
    1. Question 1. What Is Acl?

      Answer :

      Access Control List is a packet filtering method that filters the IP packets based on source and destination address. It is a set of rules and conditions that permit or deny IP packets to exercise control over network traffic.

    2. Question 2. What Are Different Types Of Acl?

      Answer :

      There are two main types of Access lists:-

      1. Standard Access List.
      2. Extended Access List.

    3. Question 3. Explain Standard Access List?

      Answer :

      Standard Access List examines only the source IP address in an IP packet to permit or deny that packet. It cannot match other field in the IP packet. Standard Access List can be created using the access-list numbers 1-99 or in the expanded range of 1300-1999. Standard Access List must be applied close to destination. As we are filtering based only on source address, if we put the standard access-list close to the source host or network than nothing would be forwarded from source.

      Example:-

      • R1 (config) # access-list 10 deny host 192.168.1.1
      • R1 (config) # int fa0/0
      • R1 (config-if) # ip access-group 10 in

    4. Question 4. Explain Extended Access List?

      Answer :

      Extended Access List filters the network traffic based on the Source IP address, Destination IP address, Protocol Field in the Network layer, Port number field at the Transport layer. Extended Access List ranges from 100 to 199, In expanded range 2000-2699. Extended Access List should be placed as close to source as possible. Since extended access list filters the traffic based on specific addresses (Source IP, Destination IP) and protocols we don’t want our traffic to traverse the entire network just to be denied wasting the bandwidth.

      Example:-

      • R1 (config) # access-list 110 deny tcp any host 192.168.1.1 eq 23
      • R1 (config) # int fa0/0
      • R1 (config-if) # ip access-group 110 in

    5. Question 5. Explain Named Acl And Its Advantages Over Number Acl?

      Answer :

      It is just another way of creating Standard and Extended ACL. In Named ACL names are given to identify access-list.

      It has following advantage over Number ACL - In Name ACL we can give sequence number which means we can insert a new statement in middle of ACL.

      Example:-

      • R1 (config) # ip access-list extended CCNA
      • R1 (config) # 15 permit tcp host 10.1.1.1 host 20.1.1.1 eq 23
      • R1 (config) # exit
      • This will insert above statement at Line 15.
      • R1 (config) # int fa0/0
      • R1 (config-if) # ip access-group ccna in

    6. Question 6. What Is Wildcard Mask?

      Answer :

      Wildcard mask is used with ACL to specify an individual hosts, a network, or a range of network. Whenever a zero is present, it indicates that octet in the address must match the corresponding reference exactly. Whenever a 255 is present, it indicates those octets need not to be evaluated.

      Wildcard Mask is completely opposite to subnet mask.

      Example:- For /24

      • Subnet Mask - 255.255.255.0
      • Wildcard Mask - 0.0.0.255

    7. Question 7. How To Permit Or Deny Specific Host In Acl?

      Answer :

      1. Using a wildcard mask "0.0.0.0"

      Example: - 192.168.1.1 0.0.0.0 or

      2. Using keyword "Host"

      Example: - Host 192.168.1.1

    8. Question 8. In Which Directions We Can Apply An Access List?

      Answer :

      We can apply access list in two directions:-

      • IN - ip access-group 10 in
      • OUT - ip access-group 10 out

    9. Question 9. Difference Between Inbound Access-list And Outbound Access-list?

      Answer :

      When an access-list is applied to inbound packets on interface, those packets are first processed through ACL and then routed. Any packets that are denied won’t be routed. When an access-list is applied to outbound packets on interface, those packets are first routed to outbound interface and than processed through ACL.

    10. Question 10. Difference Between #sh Access-list Command And #sh Run Access-list Command?

      Answer :

      • #sh access-list shows number of Hit Counts.
      • #sh run access-list does not show number of Hit Counts.

    11. Question 11. How Many Access Lists Can Be Applied To An Interface On A Cisco Router?

      Answer :

      We can assign only one access list per interface per protocol per direction which means that when creating an IP access lists, we can have only one inbound access list and one outbound access list per interface. Multiple access lists are permitted per interface, but they must be for a different protocol.

    12. Question 12. How Access Lists Are Processed?

      Answer :

      Access lists are processed in sequential, logical order, evaluating packets from the top down, one statement at a time. As soon as a match is made, the permit or deny option is applied, and the packet is not evaluated against any more access list statements. Because of this, the order of the statements within any access list is significant. There is an implicit “deny” at the end of each access list which means that if a packet does not match the condition on any of the lines in the access list, the packet will be discarded.

    13. Question 13. What Is At The End Of Each Access List?

      Answer :

      At the end of each access list, there is an implicit deny statement denying any packet for which the match has not been found in the access list.

    14. Question 14. What Is The Function Of Access-list?

      Answer :

      Access-List is going to filter incoming as well as outgoing traffic on the router interface.

    15. Question 15. What Is The Default Wildcard Mask For Access-list?

      Answer :

      Default Wild Card Mask for Access-List is 0.0.0.0

    16. Question 16. How Many Access-lists Can Be Created On The Router?

      Answer :

      • 1 per Interface
      • 1 per Direction
      • 1 per Protocol

    17. Question 17. What Are The Advantages Of Standard Acl?

      Answer :

      1. Simple Packet Filtering Purpose
      2. Limiting Access on VTY lines
      3. Route Filtering
      4. NAT
      5. Route- MAPs

    18. Question 18. What Are The Advantages Of Extended Acl?

      Answer :

      1. Complex Packet Filtering Purpose
      2. Route Filtering
      3. VPN
      4. TCP Intercept
      5. IOS Firewall

    19. Question 19. What Is The Difference Between Standard Acl And Extended Acl?

      Answer :

      1. Standard ACL only checks Source IP address, Extended ACL checks Source IP, Destination IP and Protocol also for filtering traffic.
      2. Standard ACL can be created using number (1-99, 1300-1399) and Extended ACL can be created using number (100-199, 2000-2699).
      3. Two way communication is blocked in Standard ACL, One way communication is stopped in Extended ACL.
      4. Standard ACL implemented near to destination, Extended ACL implemented near to Source.

    20. Question 20. What Is The Difference Between Numbered Acl And Named Acl?

      Answer :

      1. Numbered ACL is created by using number; Named ACL is created by using name,
      2. Removing of specific statement is not possible in Numbered ACL, It is possible in Named ACL.

    21. Question 21. What Is The Difference Between Ipv4 Acl And Ipv6 Acl?

      Answer :

      1. No standard ACL in IPV6
      2. No wildcard mask in IPV6 ACL
      3. In IPV6 only Named ACL's are available, there is no numbered ACL.

    22. Question 22. What Is The Difference Between Access-group And Access-class Command?

      Answer :

      • Access-group command is used to filter traffic on the Interface (Ethernet, Serial).
      • Access-class command is used to filter traffic on Lines (Vty, Console, aux).

    23. Question 23. What Is The Default Action Of Acl, If No Condition Matches In Acl?

      Answer :

      Drop traffic.

    24. Question 24. Which Traffic Is Not Filtered By Acl?

      Answer :

      Traffic that is generated by the router itself, ACL is going to filter only transit traffic.

All rights reserved © 2018 Wisdom IT Services India Pvt. Ltd DMCA.com Protection Status

Network Security Tutorial