350-401 Question #684: Real Exam Question with Answer & Explanation

Question

Refer to the exhibit. A network engineer must block Telnet traffic from hosts in the range of 10.100.2.248 to 10.100.2.255 to the network 10.100.3.0 and permit everything else. Which configuration must the engineer apply'? A. B. C. D.

Options

• ARouterB(config)# access-list 101 deny tcp 10.100.2.0 0.0.0.248 10.100.3.0 0.0.0.255 eq 22 RouterB(config)# access-list 101 permit any any RouterB(config)# int g0/0/2 RouterB(config-if)# ip access-group 101 in
• BRouterB(config)# access-list 101 deny icmp 10.100.2.0 0.0.0.248 10.100.2.0 0.0.0.248 RouterB(config)# access-list 101 permit any any RouterB(config)# int g0/0/2 RouterB(config-if)# ip access-group 101 in
• CRouterB(config)# access-list 101 deny tcp 10.100.2.0 0.0.0.248 10.100.3.0 0.0.0.255 eq 23 RouterB(config)# access-list 101 permit any any RouterB(config)# int g0/0/2 RouterB(config-if)# ip access-group 101 in
• DRouterB(config)# access-list 101 permit tcp 10.100.2.0 0.0.0.252 10.100.3.0 0.0.0.255 RouterB(config)# int g0/0/2 RouterB(config-if)# ip access-group 101 in

Explanation

Option C is correct because it uses a standard extended ACL (101) that denies TCP traffic specifically on port 23 (Telnet) from the host range 10.100.2.248–10.100.2.255, represented by the wildcard mask 0.0.0.248 applied to 10.100.2.0 (matching only the last 3 bits, i.e., .248–.255), destined for the 10.100.3.0/24 network. The subsequent 'permit any any' statement ensures all other traffic is allowed, and the ACL is applied inbound on the correct interface.

No community discussion yet for this question.