The computer at 10.10.10.4 on your network has been infected by a botnet that directs traffic to a malware site at 168.65.201.120. Assuming that filtering will be performed on a Cisco ASA. What command can you use to block all current and future connections from the infected host?
A. ip access-list extended BLOCK_BOT_OUT deny ip any host 10.10.10.4
B. shun 10.10.10.4 168.65.201.120 6000 80
C. ip access-list extended BLOCK_BOT_OUT deny ip host 10.10.10.4 host 168.65.201.120
D. ip access-list extended BLOCK_BOT_OUT deny ip host 168.65.201.120 host 10.10.10.4
E. shun 168.65.201.120 10.10.10.4 6000 80
B is not right.
Question says: ” …block all current and future connections from the infected host?”
“shun 10.10.10.4 168.65.201.120 6000 80” is only blocking conns sourced on port 6000 and dst on port 80.
“C” is indeed the right one.
B. shun 10.10.10.4 168.65.201.120 6000 80 is the correct answer
https://www.cisco.com/c/en/us/td/docs/security/asa/special/botnet/guide/asa-botnet.html
Agree “B” to be the right answer. ACL would also work (based on the ref doc) however the answers (A,C &D) are missing additional ACL commands which are needed (i.e. permit ip any any and the access-group cmds). With “B” you just need to enter that one line “shun” cmd,