nerdexam
Cisco

200-150 · Question #249

Which two actions can access lists be used for? (Choose two)

The correct answer is C. matching packets in QoS policies D. restricting remote access to a switch. Access control lists serve two primary purposes in Cisco environments: classifying traffic for QoS policies and restricting administrative access to devices via VTY lines.

Cisco Data Center Networking Technologies

Question

Which two actions can access lists be used for? (Choose two)

Options

  • Apreempting VIPs on HSRP selectively
  • Btriggering routing updates
  • Cmatching packets in QoS policies
  • Drestricting remote access to a switch
  • Eauthenticating users

How the community answered

(30 responses)
  • A
    3% (1)
  • C
    93% (28)
  • E
    3% (1)

Why each option

Access control lists serve two primary purposes in Cisco environments: classifying traffic for QoS policies and restricting administrative access to devices via VTY lines.

Apreempting VIPs on HSRP selectively

HSRP preemption is governed by the 'standby priority' and 'standby preempt' commands on a per-group basis; access lists play no role in selecting or preempting HSRP active routers.

Btriggering routing updates

Routing update filtering uses route-maps or distribute-lists applied to routing protocol processes; access lists do not independently trigger or initiate routing protocol updates.

Cmatching packets in QoS policiesCorrect

ACLs can be referenced in QoS class-maps using the 'match access-group' command, allowing specific traffic flows to be identified and subjected to marking, policing, or queuing actions within a service policy.

Drestricting remote access to a switchCorrect

Applying an ACL to VTY lines with the 'access-class' command restricts which source IP addresses may establish Telnet or SSH management sessions to the switch, directly controlling remote administrative access.

Eauthenticating users

User authentication is handled through AAA frameworks using RADIUS or TACACS+ servers configured via the 'aaa authentication' command, not through access lists.

Concept tested: ACL uses for QoS matching and VTY access control

Source: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_acl/configuration/xe-16/sec-data-acl-xe-16-book/sec-access-ctrl-lists.html

Topics

#ACL#QoS policy matching#access control#remote access

Community Discussion

No community discussion yet for this question.

Full 200-150 Practice