SY0-301 · Question #874
The security administrator needs to manage traffic on a layer 3 device to support FTP from a new remote site. Which of the following would need to be implemented?
The correct answer is D. Access control lists. Access Control Lists (ACLs) are rule sets applied on Layer 3 devices (routers, Layer 3 switches, firewalls) that permit or deny traffic based on criteria such as source/destination IP addresses, protocols, and port numbers. To allow FTP traffic (TCP ports 20 and 21) from a new re
Question
The security administrator needs to manage traffic on a layer 3 device to support FTP from a new remote site. Which of the following would need to be implemented?
Options
- AImplicit deny
- BVLAN management
- CPort security
- DAccess control lists
How the community answered
(14 responses)- C7% (1)
- D93% (13)
Explanation
Access Control Lists (ACLs) are rule sets applied on Layer 3 devices (routers, Layer 3 switches, firewalls) that permit or deny traffic based on criteria such as source/destination IP addresses, protocols, and port numbers. To allow FTP traffic (TCP ports 20 and 21) from a new remote site, the administrator would add ACL rules explicitly permitting that traffic. Implicit deny is a principle (all traffic not explicitly permitted is denied) already built into ACLs, not a separate implementation step. VLAN management segments networks at Layer 2 and does not directly control inter-site traffic. Port security is a Layer 2 feature that restricts which MAC addresses can access a switch port - not applicable for routing/traffic filtering at Layer 3.
Topics
Community Discussion
No community discussion yet for this question.