300-410 Question #4: Real Exam Question with Answer & Explanation

Question

Refer to the exhibit. Which configuration denies Telnet traffic to router 2 from 198A:0:200C::1/64?

Options

• Aipv6 access-list Deny_Telnet sequence 10 deny tcp host 198A:0:200C::1/64 host 201A:0:205C::1/64 ! int Gi0/0 ipv6 traffic-filter Deny_Telnet in
• Bipv6 access-list Deny_Telnet sequence 10 deny tcp host 198A:0:200C::1/64 host 201A:0:205C::1/64 ! int Gi0/0 ipv6 access-map Deny_Telnet in
• Cipv6 access-list Deny_Telnet sequence 10 deny tcp host 198A:0:200C::1/64 host 201A:0:205C::1/64 ! int Gi0/0 ipv6 access-map Deny_Telnet in
• Dipv6 access-list Deny_Telnet sequence 10 deny tcp host 198A:0:200C::1/64 host 201A:0:205C::1/64 ! int Gi0/0 ipv6 traffic-filter Deny_Telnet in

Explanation

To deny IPv6 Telnet traffic, an IPv6 access list must be configured with a deny statement for TCP traffic on the Telnet port and then applied to the interface using the 'ipv6 traffic-filter' command.

Common mistakes.

• B. The 'ipv6 access-map' command is used for policy-based routing or QoS configurations, not for directly applying an IPv6 access list to filter traffic on an interface.
• C. The 'ipv6 access-map' command is used for policy-based routing or QoS configurations, not for directly applying an IPv6 access list to filter traffic on an interface.
• D. This option is identical to A; however, since A is provided as the singular correct answer, it represents the correct application method for an IPv6 ACL.

Concept tested. IPv6 ACL configuration and application

Reference. https://www.cisco.com/c/en/us/td/docs/ios/ipv6/configuration/guide/ipv6_access_control_lists_psg_c17-660233.html

No community discussion yet for this question.