Consider the following access list.
access-list 100 permit ip host 192.168.10.1 any
access-list 100 deny icmp 192.168.10.0 0.0.0.255 any echo
access-list 100 permit ip any any
Which two actions are taken if the access list is placed inbound on a router Gigabit Ethernet port that has the IP address 192.168.10.254 assigned? (Choose two.)
- Only the network device assigned the IP address 192.168.10.1 is allowed to access the router.
- Devices on the 192.168.10.0/24 network are not allowed to reply to any ping requests.
- Only Layer 3 connections are allowed to be made from the router to any other network device.
- Devices on the 192.168.10.0/24 network are not allowed to ping other devices on the 192.168.11.0 network.
- A Telnet or SSH session is allowed from any device on the 192.168.10.0 into the router with this access list assigned.
Explanation: The first ACE allows the 192.168.10.1 device to do any TCP/IP-based transactions with any other destination. The second ACE stops devices on the 192.168.10.0/24 network from issuing any pings to any other location. Everything else is permitted by the third ACE. Therefore, a Telnet/SSH session or ping reply is allowed from a device on the 192.168.10.0/24 network.
More Questions: CCNA Security Chapter 4 Exam Answers
More Questions: Module 8: Quiz – Access Control Lists Network Security
More Questions: Network Defense: Module 4.8.2 Access Control Lists Quiz