Exam 350-401 topic 1 question 286 discussion

inbound direction - C

Correct Option is B.

CISCO continues to amuse, english is a very powerful language, but when used by someone who doesn't know it could be so confusing. there is a simple way to say this, yet someone chose this obscure wording confusing people who understand this problem very well but yet can give an incorrect answer , let me ask you a simple question, when there is a connection , we have two ports ( otherwise there wouldn't be a connection, right ? ) , each receives a traffic in the inbound direction, server port when it receives a request, client port when it receives a response , which port is the port connecting to the web server ?

So, in this scenario: The destination port must be equal to 80 in the initial request from the client to the server. The source port must be equal to 80 in the response from the server to the client. Here's a summary: Client (host) -> Server (HTTP): Source port (random): >1024 Destination port: 80 Server (HTTP) -> Client (host): Source port: 80 Destination port (matches client's source port): >1024. Therefore, answer C is correct, not D. D is wrong because source TCP port must be 80 in server's response, not destination port.

C is the correct answer. Because it's traffic INcoming on the port FROM the Webserver, then the ACL would be configured with that same source/destination orientation, as follows: permit tcp host <FROM_WEBSERVER_IP> eq 80 host <TO_CLIENT_IP> we put the "eq 80" with the webserver since that's the port it listens on, and that's the port it will use to return the data to the client. Admins, please fix the correct answer, it should be C but is showing as D.

forget to vote :D

C is correct tricky question, you just need to read it twice, the question is talking about traffic returning from the server to the host

Transport Control Protocol (TCP) access-list access-list-number [dynamic dynamic-name [timeout minutes]] {deny | permit} tcp source source-wildcard [operator [port]] destination destination-wildcard [operator [port]] [established] [precedence precedence] [tos tos] [log | log-input] [time-range time-range-name][fragments]

D the ACL must be applied in the inbound direction of the R

Correct answer is B. Option C is a wrong syntax for an extended access-list which is based in terms of the source and destination IPs.

I don't care what interface or direction you try to apply ACL for answer D, it isn't going to work. Why? Because port 80 can only be associated with the webserver host IP. Answer D assumes that port 80 would be associated with the client IP, which would never be the case. Not in the real world anyway.

The correct answer here is C: Remember that the the interface with the ACL applied is the server interface. so the flow at first will be client ==> server Here there is not any acl applied inbound and outbound. Then the traffic flow must return like this: server ==> client In the server port the acl is applied, so in this case because is return traffic the source ip address and tcp port will be of the server and the destination will be the client. So the statement of the ACL is: permit tcp host 209.165.200.225 eq 80 host 209.165.201.25 (permit the traffic sourced by the server to reach the destination) So the answer is for sure C

the inbound traffic coming from the port connected to the server will contain the server's IP address therefore the ACL statement must have the source IP as the server's IP. The client will reach the server using TCP 80 as the destination so the return traffic sourced by the server will have port 80 as the source TCP. Which in this case I'd go with C.

Its C , inbound direction on port connecting the host regards

i asked chatgpt and it came with this answer. permit tcp host 209.165.201.25 host 209.165.200.225 eq 80 so, according to chatgpt, it is B

NOTE: applied in the inbound direction on the port connecting to the web server.

C. permit tcp host 209.165.200.225 eq 80 host 209.165.201.25 Most Voted permit tcp host ---- THE SOURCE - THE PORT --- THE DESTINATION. The exact same question - answer can be found at question 272