Cisco
200-150 · Question #162
200-150 Question #162: Real Exam Question with Answer & Explanation
The correct answer is D: Traffic that originates from subnet 190.169.100.0/24 fails to again terminal access to the switch.. A standard ACL applied to VTY lines with 'access-class' permits only matched subnets for terminal access, with an implicit deny blocking all other sources including the subnet referenced in choice D.
Question
Refer to the exhibit. What is the result of the configuration?
Exhibit
Options
- ATraffic that originates from subnet 192.168.100.0/24 is denied access through the switch.
- BOnly traffic that originates from subnet 192.168.100.0/24 can gain terminal access to the switch.
- CACL 1 allows TCP traffic that originates from subnet 192.168.100.0/24 gain access to the switch.
- DTraffic that originates from subnet 190.169.100.0/24 fails to again terminal access to the switch.
Explanation
A standard ACL applied to VTY lines with 'access-class' permits only matched subnets for terminal access, with an implicit deny blocking all other sources including the subnet referenced in choice D.
Common mistakes.
- A. ACL 1 explicitly permits traffic from 192.168.100.0/24, so that subnet is allowed terminal access - not denied - by the access-class configuration on the VTY lines.
- B. While 192.168.100.0/24 is the only permitted source, the most precise and testable result of the configuration is what happens to non-matching traffic; additionally, without confirming all VTY lines are covered, 'only' is too absolute a qualifier.
- C. ACL 1 is a standard IP ACL that matches solely on source IP address - it does not specify TCP or any other protocol; only extended ACLs can match on Layer 4 protocol, and access-class applies a standard ACL to VTY sessions.
Concept tested. Standard ACL access-class on VTY lines
Community Discussion
No community discussion yet for this question.