200-301 Question #1130: Real Exam Question with Answer & Explanation

Question

Refer to the exhibit. This ACL is configured to allow client access only to HTTP, HTTPS, and DNS services via UDP. The new administrator wants to add TCP access to the ONS service. Which configuration updates the ACL efficiently?

Options

• Ano ip access-list extended Services
• Bip access-list extended Services
• Cip access-list extended Services
• Dno ip access-list extended Services

Explanation

To efficiently add new entries to an existing extended access control list (ACL), the administrator should enter the ACL configuration mode for the specified ACL name.

Common mistakes.

• A. no ip access-list extended Services deletes the entire ACL, which is disruptive and inefficient as all existing rules would need to be reconfigured.
• C. This option would first enter the ACL configuration mode but then immediately delete the ACL with no ip access-list extended Services, making it ineffective for adding rules.
• D. This option first deletes the entire ACL with no ip access-list extended Services before attempting to add new entries, which is inefficient and causes service interruption for all traffic previously handled by the ACL.

Concept tested. Adding rules to Cisco extended ACLs

Reference. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/xe-16/nat-xe-16-book/ipaddr-acl.html

No community discussion yet for this question.