nerdexam
Exams200-101Questions#179
Cisco

200-101 · Question #179

200-101 Question #179: Real Exam Question with Answer & Explanation

The correct answer is A: protocol. Extended ACLs operate at Layers 3 and 4, allowing filtering by: (A) protocol (e.g., TCP, UDP, ICMP, IP), (C) TCP or UDP port numbers (e.g., port 80 for HTTP, port 443 for HTTPS), and (E) source and destination IP addresses. VLAN numbers (B) and source switch port numbers (D) are

Question

What three pieces of information can be used in an extended access-list to filter traffic? (Choose three.)

Options

  • Aprotocol
  • BVLAN number
  • CTCP or UDP port numbers
  • Dsource switch port number
  • Esource IP address and destination IP address
  • Fsource MAC address and destination MAC address

Explanation

Extended ACLs operate at Layers 3 and 4, allowing filtering by: (A) protocol (e.g., TCP, UDP, ICMP, IP), (C) TCP or UDP port numbers (e.g., port 80 for HTTP, port 443 for HTTPS), and (E) source and destination IP addresses. VLAN numbers (B) and source switch port numbers (D) are Layer 2 constructs that standard IP ACLs cannot inspect. MAC addresses (F) are also Layer 2 and are not accessible to IP-based extended ACLs. Standard ACLs can only filter by source IP; extended ACLs add protocol and port awareness.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 200-101 Practice