SY0-501 Question #563: Real Exam Question with Answer & Explanation

Question

A network administrator adds an ACL to allow only HTTPS connections form host 192.168.2.3 to web server 192.168.5.2. After applying the rule, the host is unable to access the server. The network administrator runs the output and notices the configuration below: Which of the following rules would be BEST to resolve the issue? A. B. C. D.

Options

• Aaccesslist 102 permit tcp host 192.168.2.3 host 192.168. accesslist 102 permit tcp host 192.168.2.6 host 192.168.5. accesslist 102 deny ip any any log accesslist 102 permit tcp host 192.168.2.3 eq 443 host 192.168.5.2
• Baccesslist 102 permit tcp host 192.168.2.6 host 192.168. accesslist 102 permit tcp host 192.168.2.6 host 192.168.5. accesslist 102 deny ip any any log accesslist 102 permit tcp host 192.168.2.3 eq 443 host 192.168.5.2
• Caccesslist 102 permit tcp host 192.168.2.3 host 192.168. accesslist 102 deny ip any any log accesslist 102 permit tcp host 192.168.2.3 eq 443 host 192.168.5. accesslist 102 permit tcp host 192.168.2.3 eq 443 host 192.168.5.2
• Daccesslist 102 permit tcp host 192.168.2.3 eq 3389 host 192.168. accesslist 102 permit tcp host 192.168.2.6 eq 3389 host 192.168.5. accesslist 102 deny ip any any log accesslist 102 permit tcp host 192.168.2.3 eq 443 host 192.168.5.2

Explanation

Option A is correct because it properly constructs an ACL that permits TCP traffic from host 192.168.2.3 to the web server using port 443 (HTTPS), which is the specific requirement. The key rule 'accesslist 102 permit tcp host 192.168.2.3 eq 443 host 192.168.5.2' correctly specifies the source host, the HTTPS port (443), and the destination web server, ensuring only HTTPS traffic is allowed while the implicit/explicit deny blocks everything else. This resolves the issue by placing the correct permit statement targeting port 443 in the ACL.

No community discussion yet for this question.