Exam 350-401 topic 1 question 274 discussion

Defo D as its an extended ACL the range is betwee 100-199 Router(config)#ip access-list extended ? <100-199> Extended IP access-list number <2000-2699> Extended IP access-list number (expanded range) WORD Access-list name

A. 200 is out of extended access-list range (Available range is 100-199) -> Wrong B. 10 is out of extended access-list range (Available range is 100-199) -> Wrong C. The extended access-list with the name NO_HTTP can be configured. But as per the command, all traffic will block due to not execute the command permit ip any any ->Wrong D. Correct Router(config)#ip access-list extended 100 Router(config-ext-nacl)#deny tcp host 10.10.10.1 any eq 80 Router(config-ext-nacl)#permit ip any any

None of the options is correct! Options A, B, and D are incorrect because the `ip access-list [standard|extended]` command is used with named ACLs. - **Option A**: Incorrect syntax. The service type `eq 80` must be specified after the destination address. The correct syntax is: 'access-list [NUMBER] [permit|deny] [source] [wildcard-mask] [destination] [wildcard-mask] [eq [service-type]]' - **Option B**: Incorrect range for the ACL ID. For extended ACLs, the valid ranges are 100-199 and 2000-2699. - **Option C** is missing the `permit ip any any` command to allow all other traffic (that is not HTTP sourced from `10.10.10.1`). - **Option D**: Would be correct if it didn’t include `ip` and 'extended' keywords.

D is correct Outbound , so you want to block the Workstation from accessing the WAN using port 80

deny tcp ( host ) ( source ) eq port 8080 and then permit any

A. ip access-list extended 200 deny tcp host 10.10.10.1 eq 80 any permit ip any any B. ip access-list extended 10 deny tcp host 10.10.10.1 any eq 80 permit ip any any C. ip access-list extended NO_HTTP deny tcp host 10.10.10.1 any eq 80 D. ip access-list extended 100 deny tcp host 10.10.10.1 any eq 80 permit ip any any

In all cases, we're dealing with a NAMED access list. Why? Because it is 'ip access-list [standard|extended] <name> ...' rather than 'access-list <number> [permit|deny] ...' The ACL name just happens to be numbers. So B can also be the correct answer, ACL name being 10. Unless there's a typo somewhere in the answers compared to what's actually on the test. It just happens that the na

Correct Answer is D however, there is a typo, it should be written like this: ip access-list extended 100 deny tcp host 10.10.10.1 eq 80 any < Source host 10.10.10.1 eq 80 going to any destination. The way that the answer has it written that's a destination Port not a source. permit ip any any

D. ip access-list extended 100 <name of acl> deny tcp host 10.10.10.1 <source ip> <any source port> any <any destination ip> eq 80 <destination port> permit ip any any

The difference between ans A nad D is not only the etended list number range, it also "eq 80 any" and "any eq 80"

The given answer is correct

D is the correct answer.

Correct Answer: D. Syntax: [insert line-num] deny tcp {source-ip [wildcard] | host source-ip | any} [operator port [port]]{dest-ip [wildcard] | host dest-ip | any} [operator port [port]] [established] https://www.cisco.com/c/en/us/td/docs/app_ntwk_services/waas/waas/v401_v403/command/reference/cmdref/ext_acl.pdf