350-401 · Question #91
Which access controls list allows only TCP traffic with a destination port range of 22-433, excluding port 80?
The correct answer is D. Deny tcp any any eq 80. Explanation Option D is correct because a complete ACL solution requires two rules working together: first, Deny tcp any any eq 80 blocks port 80 traffic, and then an implied or explicit Permit tcp any any range 22 443 allows the full TCP range of ports 22–443 - effectively permi
Question
Which access controls list allows only TCP traffic with a destination port range of 22-433, excluding port 80?
Options
- ADeny tcp any any eq 80
- BPermit tcp any any eq 80
- CPermit tcp any any range 22 443
- DDeny tcp any any eq 80
How the community answered
(47 responses)- A4% (2)
- B6% (3)
- C13% (6)
- D77% (36)
Explanation
Explanation
Option D is correct because a complete ACL solution requires two rules working together: first, Deny tcp any any eq 80 blocks port 80 traffic, and then an implied or explicit Permit tcp any any range 22 443 allows the full TCP range of ports 22–443 - effectively permitting that range excluding port 80. Options A and D appear identical in text, but in context, Option D represents the deny rule as part of a combined ACL, where the deny for port 80 must come before the permit range statement to take effect (ACLs are processed top-down). Option B is wrong because permitting port 80 directly contradicts the requirement to exclude it. Option C alone is incomplete - while it permits the range 22–443, it does nothing to exclude port 80, which falls within that range.
Memory Tip: Think "Block before Allow" - in ACLs, always place your deny specific rule above your permit range rule, just like a bouncer checks the "No" list before letting people in.
Topics
Community Discussion
No community discussion yet for this question.