350-401 · Question #923
Refer to the exhibit. A network administrator must configure router B to allow traffic only from network 10.100.2.0 to networks outside of router B. Which configuration must be applied?
The correct answer is D. RouterB(config)# access-list 101 permit ip 10.100.2.0 0.0.0.255 any. To allow traffic only from network 10.100.2.0 to exit Router B, a standard access list permitting this source network must be created and then applied outbound on the interface connected to external networks.
Question
Refer to the exhibit. A network administrator must configure router B to allow traffic only from network 10.100.2.0 to networks outside of router B. Which configuration must be applied?
Exhibits
Options
- ARouterB(config)# access-list 101 permit ip 10.100.2.0 0.0.0.255 any
- BRouterB(config)# access-list 101 permit ip 10.100.3.0 0.0.0.255 any
- CRouterB(config)# access-list 101 permit ip 10.100.2.0 0.0.0.255 any
- DRouterB(config)# access-list 101 permit ip 10.100.2.0 0.0.0.255 any
How the community answered
(21 responses)- B10% (2)
- C5% (1)
- D86% (18)
Why each option
To allow traffic only from network 10.100.2.0 to exit Router B, a standard access list permitting this source network must be created and then applied outbound on the interface connected to external networks.
Applying the access list with ip access-group 101 in would filter traffic entering the Gi0/1 interface, which is the opposite direction needed to control traffic leaving Router B towards external networks.
This option incorrectly specifies the source network as 10.100.3.0 instead of the required 10.100.2.0 for the permit statement.
Choice C is identical to choice D and is also a correct configuration, making D also correct.
The command access-list 101 permit ip 10.100.2.0 0.0.0.255 any creates a standard access list that explicitly allows traffic originating from the 10.100.2.0/24 network. Applying this access list with ip access-group 101 out on the appropriate outbound interface (e.g., Gi0/1) ensures that only traffic from this specific source network is permitted to leave Router B towards external networks, while implicitly denying all other traffic due to the implicit deny any at the end of every access list.
Concept tested: Standard IP Access List configuration (outbound)
Source: https://www.cisco.com/c/en/us/td/docs/ios/security/configuration/guide/sec_acl_overview.html
Topics
Community Discussion
No community discussion yet for this question.

