ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 350-401 All Questions

View all questions & answers for the 350-401 exam
Go to Exam

Exam 350-401 topic 1 question 292 discussion

Actual exam question from Cisco's 350-401
Question #: 292
Topic #: 1
[All 350-401 Questions]

Refer to the exhibit.

An engineer must block all traffic from a router to its directly connected subnet 209.165.200.0/24. The engineer applies access control list EGRESS in the outbound direction on the GigabitEthernet0/0 interface of the router. However, the router can still ping hosts on the 209.165.200.0/24 subnet.
What explains this behavior?

  • A. Access control lists that are applied outbound to a router interface do not affect traffic that is sourced from the router.
  • B. After an access control list is applied to an interface, that interface must be shut and no shut for the access control list to take effect.
  • C. Only standard access control lists can block traffic from a source IP address.
  • D. The access control list must contain an explicit deny to block traffic from the router.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Jheax at March 20, 2022, 4:37 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
[Removed]
4 months, 4 weeks ago
Selected Answer: A
A is corrrect When an ACL is applied outbound on a router interface, it filters traffic passing through the interface, not traffic generated by the router itself. Since the router-generated traffic is not subject to outbound ACLs, it can still reach the directly connected subnet, allowing the router to ping hosts on the 209.165.200.0/24 subnet.
upvoted 1 times
...
nushadu
1 year, 10 months ago
Selected Answer: A
https://community.cisco.com/t5/routing/why-do-the-access-lists-not-apply-to-the-locally-generated/td-p/2906340
upvoted 3 times
...
Jheax
2 years, 7 months ago
Selected Answer: A
Locally (control plane) generated traffic goes from control plane directly to "tx-ring". That is different from processing/forwarding of Transit traffic. Please see the platform's "packet journey" session of Cisco Live or other documentation to see the different internal path & processing for: Transit, forus, exception, locally generated.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago