Refer to the exhibit. A network engineer must correct the security policy on the EDGE_R router, which is connected to two Tier 1 ISPs. After another engineer added ip as-path access-list 11 permit 11 to EDGE_R, some routes from AS 11 and AS 4832 started to appear in the routing information base (RIB). Traffic control via Community options is disabled on both ISPs.
How should the network engineer update the router configuration on EDGE_R so that only routes for AS 11 are permitted?
To ensure that only routes originating from AS 11 are permitted, the configuration should allow routes that traverse AS 11. The appropriate configuration command in this case is to use ip as-path access-list 11 permit ^11_ which allows routes that originate from AS 11. This matches routes where AS 11 is the first AS in the AS path. This method ensures that only routes from AS 11 are permitted into the BGP routing table.
What a strange way to word this.. What does "only routes for AS 11 are permitted" mean?? Do we mean routes that traverse AS 11? then C, Do we mean routes originating from AS 11? Then D. B will just deny ALL routes due to implicit deny..
Definitely a weird way to construct the question. I think when it meant by updating the configuration, it just wants to add the configuration after the initial one, hence why B is the answer.
And since also the question said that "some routes from AS 11" so we can safely assume that it indeed originated in AS11.