ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 300-430 All Questions

View all questions & answers for the 300-430 exam
Go to Exam

Exam 300-430 topic 1 question 88 discussion

Actual exam question from Cisco's 300-430
Question #: 88
Topic #: 1
[All 300-430 Questions]

An engineer is following the proper upgrade path to upgrade a Cisco AireOS WLC from version 7.3 to 8.9. Which two ACLs for Cisco CWA must be configured when upgrading from the specified codes? (Choose two.)

  • A. Permit 0.0.0.0 0.0.0.0 any DNS any
  • B. Permit 0.0.0.0 0.0.0.0 UDP DNS any
  • C. Permit 0.0.0.0 0.0.0.0 UDP any DNS
  • D. Permit any any any
  • E. Permit 0.0.0.0 0.0.0.0 UDP any any
Show Suggested Answer Hide Answer
Suggested Answer: BC 🗳️
Reference:
https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html
by cvndani at Sept. 23, 2022, 2:06 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
rrahim
1 week ago
Selected Answer: BC
B. Permit 0.0.0.0 0.0.0.0 UDP DNS any C. Permit 0.0.0.0 0.0.0.0 UDP any DNS Explanation: Permit 0.0.0.0 0.0.0.0 UDP DNS any: This ACL allows DNS traffic (UDP port 53) from any source to any destination. DNS is required for resolving hostnames during the CWA process. Permit 0.0.0.0 0.0.0.0 UDP any DNS: This ACL allows DNS traffic (UDP port 53) from any source to any destination. It ensures that DNS queries and responses are permitted, which is critical for CWA to function properly.
upvoted 1 times
rrahim
1 week ago
Why the Other Options Are Incorrect: A. Permit 0.0.0.0 0.0.0.0 any DNS any: This ACL is incorrect because it uses any instead of specifying UDP for DNS traffic. DNS uses UDP (and sometimes TCP), but this ACL is too broad and not specific enough. D. Permit any any any: This ACL is overly permissive and not recommended for CWA. It allows all traffic, which is not necessary and could pose a security risk. E. Permit 0.0.0.0 0.0.0.0 UDP any any: This ACL is too broad and not specific to DNS traffic. It allows all UDP traffic, which is not required for CWA and could lead to unnecessary traffic being permitted.
upvoted 1 times
...
...
Jason233
1 year, 5 months ago
Selected Answer: CE
>permit 0.0.0.0 0.0.0.0 UDP any DNS >permit 0.0.0.0 0.0.0.0 UDP any any
upvoted 1 times
Gumpy1
2 months, 3 weeks ago
I agree with Jason233, here is a power point slide that helps explain #47 https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2020/pdf/BRKEWN-2014.pdf
upvoted 1 times
...
...
Jason233
1 year, 5 months ago
Note: Earlier versions of WLC software such as 7.2 or 7.3 did not require you to specify Domain Name System (DNS), but later code versions require you to permit DNS traffic on that redirect ACL. >permit 0.0.0.0 0.0.0.0 UDP any DNS >permit 0.0.0.0 0.0.0.0 UDP any any
upvoted 1 times
...
cvndani
1 year, 11 months ago
Provide answer is correct.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago