ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 200-301 All Questions

View all questions & answers for the 200-301 exam
Go to Exam

Exam 200-301 topic 1 question 621 discussion

Actual exam question from Cisco's 200-301
Question #: 621
Topic #: 1
[All 200-301 Questions]


Refer to the exhibit. An extended ACL has been configured and applied to router R2. The configuration failed to work as intended.
Which two changes stop outbound traffic on TCP ports 25 and 80 to 10.0.20.0/26 from the 10.0.10.0/26 subnet while still allowing all other traffic? (Choose two.)

  • A. Add a ג€permit ip any anyג€ statement at the end of ACL 101 for allowed traffic.
  • B. Add a ג€permit ip any anyג€ statement to the beginning of ACL 101 for allowed traffic.
  • C. The ACL must be moved to the Gi0/1 interface outbound on R2.
  • D. The source and destination IPs must be swapped in ACL 101.
  • E. The ACL must be configured the Gi0/2 interface inbound on R1.
Show Suggested Answer Hide Answer
Suggested Answer: AD 🗳️
by sinear at Jan. 9, 2021, 3:48 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
sinear
Highly Voted 4 years ago
Edit: forget, answer is OK. I misread.
upvoted 8 times
...
Njavwa
Most Recent 1 year, 9 months ago
extended ACL close to source source IP if applied to R2 is 10.0.10.0 destination 10.0.20.0 all configs has to do with the R2 two int
upvoted 1 times
...
splashy
2 years, 3 months ago
Selected Answer: AD
Can't be E because an extended access list needs to be closest to source
upvoted 3 times
...
AWSEMA
2 years, 6 months ago
deny tcp 10.0.10.0 0.0.0.63 10.0.20.0 0.0.0.63 eq 25 deny tcp 10.0.10.0 0.0.0.63 10.0.20.0 0.0.0.63 eq 80 permit ip any any
upvoted 3 times
...
guille_teleco
2 years, 8 months ago
A and D are the correct, all the configuration is applied on R2. R1 has nothing to do on this question.
upvoted 1 times
...
Terra_Nova
2 years, 9 months ago
Selected Answer: AD
A and D are correct All ACLs have a implicit deny at the end which blocks all traffic so we need to add a permit to allow that traffic through The Source and destinations then need swapped. Using packet tracer the source has to be first... R1(config)#access-list 101 deny tcp ? A.B.C.D Source address any Any source host host A single source host and then the destination- R1(config)#access-list 101 deny tcp 10.0.10.0 0.0.0.63 ? A.B.C.D Destination address any Any destination host eq Match only packets on a given port number gt Match only packets with a greater port number host A single destination host lt Match only packets with a lower port number neq Match only packets not on a given port number range Match only packets in the range of port numbers
upvoted 2 times
...
LilGhost_404
2 years, 11 months ago
Selected Answer: AE
it should be A and E, moving the acl to the router 1 port 2, does the same like in the router router 2 port 2, important is the allow command at the end of the acl or the implicit deny kicks in
upvoted 1 times
...
gaber
3 years ago
without the permit statement, it'll just deny those things and do nothing else for acls, you enter the source first and then the dest: source_address_argument [port_argument] dest_address_argument [port_argument] indicated answers are good
upvoted 2 times
...
Mursal99
3 years ago
I think A, C are correct
upvoted 1 times
...
dave1992
3 years, 1 month ago
I THINK its DE because D should be moved closest to the source for extended, and because we are denying traffic, it auto permits all the rest of the traffic, leaving us with needing to swap the dest and source around to make the question true.
upvoted 1 times
laurvy36
2 years, 11 months ago
the acces list is already configured inbound, so that results that is configured on g0/2 being in this manner close to source
upvoted 1 times
...
...
Ed12345
3 years, 3 months ago
I think A, C are correct
upvoted 2 times
...
Robin999
3 years, 10 months ago
Correct Answers
upvoted 3 times
...
sinear
4 years ago
Wrong. Should be D E. Extended should be moved close to the source of trafic, so here interface Gi0/2 on R2. And ip should be swapped.
upvoted 4 times
Tintin_06
3 years, 9 months ago
"If you intend to filter a packet, filtering closer to the packet’s source means that the packet takes up less bandwidth in the network, which seems to be more efficient—and it is. Therefore, Cisco suggests locating extended ACLs as close to the source as possible. However, the second point seems to contradict the first point, at least for standard ACLs, to locate them close to the destination. Why? Well, because standard ACLs look only at the source IP address, they tend to filter more than you want filtered when placed close to the source."
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel