350-401 · Question #820
Refer to the exhibit. Which two commands are required on router R1 to block FTP and allow all other traffic from the Branch 2 network? (Choose two)
The correct answer is A. access-list 101 deny tcp 10.0.2.0 0.0.0.255 host 10.0.101.3 eq ftp C. interface GigabitEthernet0/0. To block FTP traffic from the Branch 2 network to a specific host, an extended access list must be defined with a deny tcp eq ftp rule and then applied to the relevant interface.
Question
Refer to the exhibit. Which two commands are required on router R1 to block FTP and allow all other traffic from the Branch 2 network? (Choose two)
Exhibits
Options
- Aaccess-list 101 deny tcp 10.0.2.0 0.0.0.255 host 10.0.101.3 eq ftp
- Baccess-list 101 deny tcp 10.0.2.0 0.0.0.255 host 10.0.101.3 eq ftp-data
- Cinterface GigabitEthernet0/0
- Daccess-list 101 deny tcp 10.0.2.0 0.0.0.255 host 10.0.101.3 eq ftp
- Einterface GigabitEthernet0/0
How the community answered
(43 responses)- A72% (31)
- B5% (2)
- D7% (3)
- E16% (7)
Why each option
To block FTP traffic from the Branch 2 network to a specific host, an extended access list must be defined with a `deny tcp eq ftp` rule and then applied to the relevant interface.
This command correctly defines an extended access list (101) to deny TCP traffic originating from the 10.0.2.0/24 network (Branch 2) destined for host 10.0.101.3, specifically targeting the FTP control port (21).
`eq ftp-data` typically refers to TCP port 20, which is used for the FTP data connection, while `eq ftp` refers to TCP port 21, the control connection usually targeted to block FTP access.
This command is required to enter interface configuration mode for GigabitEthernet0/0, which is where the access list would subsequently be applied using the `ip access-group` command.
This is a duplicate of option A and does not represent an additional unique required command.
This is a duplicate of option C and does not represent an additional unique required command.
Concept tested: Extended ACL configuration and application
Source: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_acl/configuration/xe-16-5/sec-data-acl-xe-16-5-book.html
Topics
Community Discussion
No community discussion yet for this question.

