What two ACEs could be used to deny IP traffic from a single source host 10.1.1.1 to the 192.168.0.0/16 network? (Choose two.)
- access-list 100 deny ip 10.1.1.1 255.255.255.255 192.168.0.0 0.0.255.255
- access-list 100 deny ip 10.1.1.1 0.0.0.0 192.168.0.0 0.0.255.255
- access-list 100 deny ip 192.168.0.0 0.0.255.255 host 10.1.1.1
- access-list 100 deny ip host 10.1.1.1 192.168.0.0 0.0.255.255
- access-list 100 deny ip 192.168.0.0 0.0.255.255 10.1.1.1 0.0.0.0
- access-list 100 deny ip 192.168.0.0 0.0.255.255 10.1.1.1 255.255.255.255
Explanation: There are two ways to identify a single host in an access list entry. One, is to use the host keyword with the host IP address, the other is to use a wildcard mask of 0.0.0.0 with the host IP address. The source of the traffic to be inspected by the access list goes first in the syntax and the destination goes last.
Exam with this question: CCNA 4 Chapter 4 Exam Answers
Exam with this question: CCNA 3 v7 Module 5 Quiz - ACLs for IPv4 Configuration
Please login or Register to submit your answer