nerdexam
Exams200-101Questions#168
Cisco

200-101 · Question #168

200-101 Question #168: Real Exam Question with Answer & Explanation

The correct answer is E: 0.0.0.7. For a /29 subnet, the wildcard mask used in Cisco ACLs is the bitwise inverse of the subnet mask 255.255.255.248, which equals 0.0.0.7.

Question

The company internetwork is subnetted using 29 bits. Which wildcard mask should be used to configure an extended access list to permit or deny access to an entire subnet?

Options

  • A255.255.255.224
  • B255.255.255.248
  • C0.0.0.224
  • D0.0.0.8
  • E0.0.0.7
  • F0.0.0.3

Explanation

For a /29 subnet, the wildcard mask used in Cisco ACLs is the bitwise inverse of the subnet mask 255.255.255.248, which equals 0.0.0.7.

Common mistakes.

  • A. 255.255.255.224 is the subnet mask for a /27 network, not a wildcard mask - ACLs require the inverted form of the subnet mask.
  • B. 255.255.255.248 is the subnet mask itself for a /29 network, not the wildcard mask - placing it directly in an ACL would not correctly match the entire subnet.
  • C. 0.0.0.224 (binary 11100000) is not the bitwise inverse of a /29 subnet mask and does not correspond to any standard subnet boundary for this prefix length.
  • D. 0.0.0.8 is not a valid wildcard mask because its binary representation (00001000) is not a contiguous block of ones from the right, making it unsuitable for matching a contiguous subnet.
  • F. 0.0.0.3 is the correct wildcard mask for a /30 subnet (255.255.255.252), not for a /29 subnet.

Concept tested. Calculating wildcard masks for Cisco ACLs

Reference. https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 200-101 Practice