nerdexam
Cisco

200-101 · Question #179

What three pieces of information can be used in an extended access-list to filter traffic? (Choose three.)

The correct answer is A. protocol C. TCP or UDP port numbers E. source IP address and destination IP address. Extended ACLs operate at Layers 3 and 4, allowing filtering by: (A) protocol (e.g., TCP, UDP, ICMP, IP), (C) TCP or UDP port numbers (e.g., port 80 for HTTP, port 443 for HTTPS), and (E) source and destination IP addresses. VLAN numbers (B) and source switch port numbers (D) are

Network Device Management

Question

What three pieces of information can be used in an extended access-list to filter traffic? (Choose three.)

Options

  • Aprotocol
  • BVLAN number
  • CTCP or UDP port numbers
  • Dsource switch port number
  • Esource IP address and destination IP address
  • Fsource MAC address and destination MAC address

How the community answered

(22 responses)
  • A
    91% (20)
  • B
    5% (1)
  • F
    5% (1)

Explanation

Extended ACLs operate at Layers 3 and 4, allowing filtering by: (A) protocol (e.g., TCP, UDP, ICMP, IP), (C) TCP or UDP port numbers (e.g., port 80 for HTTP, port 443 for HTTPS), and (E) source and destination IP addresses. VLAN numbers (B) and source switch port numbers (D) are Layer 2 constructs that standard IP ACLs cannot inspect. MAC addresses (F) are also Layer 2 and are not accessible to IP-based extended ACLs. Standard ACLs can only filter by source IP; extended ACLs add protocol and port awareness.

Topics

#extended ACL#ACL filtering criteria#protocol filtering#port filtering

Community Discussion

No community discussion yet for this question.

Full 200-101 Practice