Cisco
200-150 · Question #227
200-150 Question #227: Real Exam Question with Answer & Explanation
The correct answer is D: to the inbound and the outbound interfaces of the router. To fully restrict all traffic to and from Host B, ACLs must be applied on both the inbound and outbound interfaces so that traffic is filtered in both directions.
Cisco Data Center Networking Technologies
Question
Refer to the exhibit. You want to restrict access from Host B. Where do you apply the ACL?
Exhibit
Options
- Ato a VTY by using a named ACL
- Bto the outbound interface of the router
- Cto the inbound interface of the router
- Dto the inbound and the outbound interfaces of the router
Explanation
To fully restrict all traffic to and from Host B, ACLs must be applied on both the inbound and outbound interfaces so that traffic is filtered in both directions.
Common mistakes.
- A. A VTY ACL restricts remote management sessions (SSH or Telnet) to the router itself and has no effect on data plane traffic forwarded through the router.
- B. Applying the ACL only outbound blocks traffic leaving the router toward other networks but does not prevent Host B's packets from entering and being processed by the router.
- C. Applying the ACL only inbound blocks Host B's outgoing traffic from entering the router but does not restrict traffic flowing back toward Host B's network segment.
Concept tested. ACL placement for bidirectional host traffic restriction
Reference. https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html
Topics
#ACL#access control#packet filtering#router interface
Community Discussion
No community discussion yet for this question.