Question:
Which set of access control entries would allow all users on the 192.168.10.0/24 network to access a web server that is located at 172.17.80.1, but would not allow them to use Telnet?
- access-list 103 deny tcp host 192.168.10.0 any eq 23
access-list 103 permit tcp host 192.168.10.1 eq 80 - access-list 103 permit tcp 192.168.10.0 0.0.0.255 any eq 80
access-list 103 deny tcp 192.168.10.0 0.0.0.255 any eq 23 - access-list 103 permit 192.168.10.0 0.0.0.255 host 172.17.80.1
access-list 103 deny tcp 192.168.10.0 0.0.0.255 any eq telnet - access-list 103 permit tcp 192.168.10.0 0.0.0.255 host 172.17.80.1 eq 80
access-list 103 deny tcp 192.168.10.0 0.0.0.255 any eq 23
Explanation:
For an extended ACL to meet these requirements the following need to be included in the access control entries:
- identification number in the range 100-199 or 2000-2699
- permit or deny parameter
- protocol
- source address and wildcard
- destination address and wildcard
- port number or name
Exam with this question: CCNA 3 v7 Modules 3 – 5 Exam Answers
Exam with this question: Enterprise Networking, Security, and Automation ( Version 7.00) - ENSA Final Exam
Exam with this question: CCNA 4 Chapter 4 Exam Answers
Exam with this question: CCNPv8 ENCOR (Version 8.0) – Access Control and Infrastructure Security Exam
Exam with this question: Chapter 21: Quiz - Troubleshooting ACLs and Prefix Lists CCNPv8 ENARSI
Exam with this question: CCNA 2 v5 Chapter 9: Check Your Understanding Questions Answers
Please login or Register to submit your answer