350-401 · Question #923
350-401 Question #923: Real Exam Question with Answer & Explanation
The correct answer is D: RouterB(config)# access-list 101 permit ip 10.100.2.0 0.0.0.255 any. To allow traffic only from network 10.100.2.0 to exit Router B, a standard access list permitting this source network must be created and then applied outbound on the interface connected to external networks.
Question
Refer to the exhibit. A network administrator must configure router B to allow traffic only from network 10.100.2.0 to networks outside of router B. Which configuration must be applied?
Options
- ARouterB(config)# access-list 101 permit ip 10.100.2.0 0.0.0.255 any
- BRouterB(config)# access-list 101 permit ip 10.100.3.0 0.0.0.255 any
- CRouterB(config)# access-list 101 permit ip 10.100.2.0 0.0.0.255 any
- DRouterB(config)# access-list 101 permit ip 10.100.2.0 0.0.0.255 any
Explanation
To allow traffic only from network 10.100.2.0 to exit Router B, a standard access list permitting this source network must be created and then applied outbound on the interface connected to external networks.
Common mistakes.
- A. Applying the access list with ip access-group 101 in would filter traffic entering the Gi0/1 interface, which is the opposite direction needed to control traffic leaving Router B towards external networks.
- B. This option incorrectly specifies the source network as 10.100.3.0 instead of the required 10.100.2.0 for the permit statement.
- C. Choice C is identical to choice D and is also a correct configuration, making D also correct.
Concept tested. Standard IP Access List configuration (outbound)
Reference. https://www.cisco.com/c/en/us/td/docs/ios/security/configuration/guide/sec_acl_overview.html
Topics
Community Discussion
No community discussion yet for this question.