A client with IP address 209.165.201.25 must access a web server on port 80 at 209.165.200.225. To allow this traffic, an engineer must add a statement to an access control list that is applied in the inbound direction on the port connecting to the web server.
Which statement allows this traffic?
To allow the client with IP address 209.165.201.25 to access the web server on port 80 at 209.165.200.225, we need to permit traffic with a source IP of the web server and destination IP of the client. Since the traffic is being permitted inbound on the port connecting to the web server, the access control list statement should match traffic coming from the web server's IP with a source port of 80 to the client's IP. Therefore, the correct ACL statement is 'permit tcp host 209.165.200.225 eq 80 host 209.165.201.25'.
inbound direction - C
Correct Option is B.
"on the port connecting to the web server" -> C
it says "inbound"
The correct answer here is C: Remember that the the interface with the ACL applied is the server interface. so the flow at first will be client ==> server Here there is not any acl applied inbound and outbound. Then the traffic flow must return like this: server ==> client In the server port the acl is applied, so in this case because is return traffic the source ip address and tcp port will be of the server and the destination will be the client. So the statement of the ACL is: permit tcp host 209.165.200.225 eq 80 host 209.165.201.25 (permit the traffic sourced by the server to reach the destination) So the answer is for sure C
NOTE: applied in the inbound direction on the port connecting to the web server.
Its C , inbound direction on port connecting the host regards
the inbound traffic coming from the port connected to the server will contain the server's IP address therefore the ACL statement must have the source IP as the server's IP. The client will reach the server using TCP 80 as the destination so the return traffic sourced by the server will have port 80 as the source TCP. Which in this case I'd go with C.
I don't care what interface or direction you try to apply ACL for answer D, it isn't going to work. Why? Because port 80 can only be associated with the webserver host IP. Answer D assumes that port 80 would be associated with the client IP, which would never be the case. Not in the real world anyway.
Inbound on server side >> C
C. permit tcp host 209.165.200.225 eq 80 host 209.165.201.25 Most Voted permit tcp host ---- THE SOURCE - THE PORT --- THE DESTINATION. The exact same question - answer can be found at question 272
Transport Control Protocol (TCP) access-list access-list-number [dynamic dynamic-name [timeout minutes]] {deny | permit} tcp source source-wildcard [operator [port]] destination destination-wildcard [operator [port]] [established] [precedence precedence] [tos tos] [log | log-input] [time-range time-range-name][fragments]
C is the correct answer. Because it's traffic INcoming on the port FROM the Webserver, then the ACL would be configured with that same source/destination orientation, as follows: permit tcp host <FROM_WEBSERVER_IP> eq 80 host <TO_CLIENT_IP> we put the "eq 80" with the webserver since that's the port it listens on, and that's the port it will use to return the data to the client. Admins, please fix the correct answer, it should be C but is showing as D.
i asked chatgpt and it came with this answer. permit tcp host 209.165.201.25 host 209.165.200.225 eq 80 so, according to chatgpt, it is B
no, this will only work if the ACL is applied on the inbound for port facing the client. the question is "inbound port facing web server"
Correct answer is B. Option C is a wrong syntax for an extended access-list which is based in terms of the source and destination IPs.
My bad. it is actually source and destination port that we are considering here, so C has the right syntax for source and destination port.
D the ACL must be applied in the inbound direction of the R
C is correct tricky question, you just need to read it twice, the question is talking about traffic returning from the server to the host
forget to vote :D
So, in this scenario: The destination port must be equal to 80 in the initial request from the client to the server. The source port must be equal to 80 in the response from the server to the client. Here's a summary: Client (host) -> Server (HTTP): Source port (random): >1024 Destination port: 80 Server (HTTP) -> Client (host): Source port: 80 Destination port (matches client's source port): >1024. Therefore, answer C is correct, not D. D is wrong because source TCP port must be 80 in server's response, not destination port.