(ISC)2
301B · Question #166
301B Question #166: Real Exam Question with Answer & Explanation
Sign in or unlock 301B to reveal the answer and full explanation for question #166. The question stem and answer options stay visible for context.
Question
The LTM device is configured to provide load balancing to a set of web servers that implement access control list (ACL) based on the source IP address of the client. The ACL is at the network level and the web server is configured to send a TCP reset back to the client if it is NOT permitted to connect. The virtual server is configured with the default OneConnect profile. The ACL is defined on the web server as:
Permit: 192.168.136.0/24
Deny: 192.168.116.0/24
Client A - Src IP 192.168.136.1 - Virtual Server 192.168.136.100:
Clientside:
09:35:10.573623 IP 192.168.136.1.55684 > 192.168.136.100.80: S
869998901:869998901(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK>
09:35:11.073931 IP 192.168.136.100.80 > 192.168.136.1.55684: S
2273668949:2273668949(0) ack 869998902 win 4368 <mss 1460,nop,wscale
0,sack,eol>
09:35:11.074928 IP 192.168.136.1.55684 > 192.168.136.100.80: . ack 1
win 16425
09:35:11.080936 IP 192.168.136.1.55684 > 192.168.136.100.80: P
1:299(298) ack 1 win 16425
09:35:11.082915 IP 192.168.136.100.80 > 192.168.136.1.55684: . ack 299
win 4378 Serverside:
09:35:11.081022 IP 192.168.136.1.55684 > 192.168.116.128.80: S
685865802:685865802(0) win 4380 <mss 1460,nop,wscale 0,sackOK,eol>
09:35:11.081928 IP 192.168.116.128.80 > 192.168.136.1.55684: S
4193259095:4193259095(0) ack 685865803 win 5840 <mss
1460,nop,nop,sackOK,nop,wscale 6>
09:35:11.081943 IP 192.168.136.1.55684 > 192.168.116.128.80: . ack 1
win 4380
09:35:11.081955 IP 192.168.136.116.128.80 > 192.168.136.1.55684: P
1:299(298) ack 1 win 4380
09:35:11.083765 IP 192.168.136.116.128.80 > 192.168.136.1.55684: . ack 299
win 108 Client B - Src IP 192.168.116.1 - Virtual Server
192.168.136.100:
Clientside:
09:36:11.244040 IP 192.168.116.1.55769 > 192.168.136.100.80: S
3320618388:3320618388(0) win 8192 <mss 1460,nop,wscale
2,nop,nop,sackOK>
09:36:11.244152 IP 192.168.136.100.80 > 192.168.116.1.55769: S
3978120666:3978120666(0) ack 3320618389 win 4380 <mss 1460,nop,wscale
0,sackOK,eol>
09:36:11.244839 IP 192.168.116.1.55769 > 192.168.136.100.80: . ack 1
win 16425
09:36:11.245830 IP 192.168.136.1.55769 > 192.168.136.100.80: P
1:299(298) ack 1 win 16425
09:36:11.245922 IP 192.168.136.100.80 > 192.168.116.1.55769: . ack 299
win 4378 Serverside:
09:36:11.245940 IP 192.168.136.1.55769 > 192.168.116.128.80: P
599:897(298) ack 4525 win 8904
09:36:11.247847 IP 192.168.136.116.128.80 > 192.168.136.1.55769: P
4525:8001(476) ack 897 win 142
Options
- AA global SNAT is defined.
- BSNAT automap was enabled on the virtual server.
- CThe idle TCP session from the first client was re-used.
- DA source address persistence profile is assigned to the virtual server.
Unlock 301B to see the answer
You've previewed enough free 301B questions. Unlock 301B for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.