Question:
Which set of access control entries would allow all users on the 192.168.10.0/24 network to access a web server that is located at 172.17.80.1, but would not allow them to use Telnet?
Which set of access control entries would allow all users on the 192.168.10.0/24 network to access a web server that is located at 172.17.80.1, but would not allow them to use Telnet?
- access-list 103 deny tcp host 192.168.10.0 any eq 23
access-list 103 permit tcp host 192.168.10.1 eq 80 - access-list 103 permit tcp 192.168.10.0 0.0.0.255 any eq 80
access-list 103 deny tcp 192.168.10.0 0.0.0.255 any eq 23 - access-list 103 permit 192.168.10.0 0.0.0.255 host 172.17.80.1
access-list 103 deny tcp 192.168.10.0 0.0.0.255 any eq telnet - access-list 103 permit tcp 192.168.10.0 0.0.0.255 host 172.17.80.1 eq 80
access-list 103 deny tcp 192.168.10.0 0.0.0.255 any eq 23
Explanation:
For an extended ACL to meet these requirements the following need to be included in the access control entries:
- identification number in the range 100-199 or 2000-2699
- permit or deny parameter
- protocol
- source address and wildcard
- destination address and wildcard
- port number or name
More Questions: CCNA 3 v7 Modules 3 – 5 Exam Answers
More Questions: Enterprise Networking, Security, and Automation ( Version 7.00) – ENSA Final Exam
More Questions: CCNA 4 Chapter 4 Exam Answers
More Questions: CCNPv8 ENCOR (Version 8.0) – Access Control and Infrastructure Security Exam
Please login or Register to submit your answer