200-150 · Question #249
Which two actions can access lists be used for? (Choose two)
The correct answer is C. matching packets in QoS policies D. restricting remote access to a switch. Access control lists serve two primary purposes in Cisco environments: classifying traffic for QoS policies and restricting administrative access to devices via VTY lines.
Question
Which two actions can access lists be used for? (Choose two)
Options
- Apreempting VIPs on HSRP selectively
- Btriggering routing updates
- Cmatching packets in QoS policies
- Drestricting remote access to a switch
- Eauthenticating users
How the community answered
(30 responses)- A3% (1)
- C93% (28)
- E3% (1)
Why each option
Access control lists serve two primary purposes in Cisco environments: classifying traffic for QoS policies and restricting administrative access to devices via VTY lines.
HSRP preemption is governed by the 'standby priority' and 'standby preempt' commands on a per-group basis; access lists play no role in selecting or preempting HSRP active routers.
Routing update filtering uses route-maps or distribute-lists applied to routing protocol processes; access lists do not independently trigger or initiate routing protocol updates.
ACLs can be referenced in QoS class-maps using the 'match access-group' command, allowing specific traffic flows to be identified and subjected to marking, policing, or queuing actions within a service policy.
Applying an ACL to VTY lines with the 'access-class' command restricts which source IP addresses may establish Telnet or SSH management sessions to the switch, directly controlling remote administrative access.
User authentication is handled through AAA frameworks using RADIUS or TACACS+ servers configured via the 'aaa authentication' command, not through access lists.
Concept tested: ACL uses for QoS matching and VTY access control
Source: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_acl/configuration/xe-16/sec-data-acl-xe-16-book/sec-access-ctrl-lists.html
Topics
Community Discussion
No community discussion yet for this question.