A user is having trouble connecting to websites on the Internet. The network engineer proposes configuring a packet capture that captures only the HTTP response traffic on the Cisco Adaptive Security Appliance between the user’s workstation and Internet. If the user’s workstation IP address is 10.0.0.101, which
ACE is needed to achieve this capture?
A. access-list capture permit tcp host 10.0.0.101 eq 80 any
B. access-list capture permit tcp host 10.0.0.101 any eq 80
C. access-list capture permit tcp any eq 80 host 10.0.0.101
D. access-list capture permit tcp any host 10.0.0.101 eq 80
C is the right answer, also check question 39 (it is the same concept).
You’re right. Just tested it in my lab.
10.0.0.101 is the one that is initiating connection to any host on destination port 80. So the return traffic will be from any on source port 80 to host 10.0.0.100 any destination port, therefore answer C.
Can somebody confirm?
I was thinking the same thing and searching for why D is stated as the answer…
Why not B. access-list capture permit tcp host 10.0.0.101 any eq 80 ???
C is the right answer.
The response Traffic, which you should capture only, has protocol TCP, source ip any(internet ip’s), source port 80, destination ip 10.0.0.100 and destination port any (1024-65535)