Home » Cisco » 350-401 » Which access control list allows only TCP traffic with a destination port range of 22-443, excluding port 80?
Which access control list allows only TCP traffic with a destination port range of 22-443, excluding port 80?
A. deny tcp any any eq 80permit tcp any any gt 21 lt 444
B. permit tcp any any range 22 443deny tcp any any eq 80
C. permit tcp any any ne 80
D. deny tcp any any ne 80 permit tcp any any range 22 443
Correct Answer: A
Explanation/Reference:
350-401: Implementing Cisco Enterprise Network Core Technologies (ENCOR)
Free dumps for 350-401 in PDF format.
High quality 350-401 PDF and software. VALID exam to help you pass.
|
|
There is no correct answer. The best answer would be: C
Blocking port 80 has priority. I would assume there is a typo somewhere in the question.
Explanation:
A = false, lt & gt cannot be put together
B = false, the permit range 22 – 443 would permit 80 as well since traffic on port 80 would hit the permit range first.
C = true, everything other than 80 would be permitted. Even outside the range though.
D = false, everything not 80, would be denied.
below is what we would want to see:
deny tcp any any eq 80
permit tcp any any range 22 443
There for it D if it is a typo when it comes “ne” and should be eq
The correct answer is D. You can not user gt and lt tpgether.
You can use gt and lt in same entry
B
but deny ACE should be first