Refer to the exhibit. A network administrator notices these console messages from host 10.11.110.12 originating from interface E1/0. The administrator considers this an unauthorized attempt to access SNMP on R1. Which action prevents the attempts to reach R1 E1/0?
To prevent unauthorized SNMP attempts from a specific host (10.11.110.12), it is effective to create an inbound access control list (ACL) on the interface receiving the requests (E1/0). By adding a deny statement for host 10.11.110.12 in this ACL, it ensures that all SNMP traffic from this host is blocked before reaching the interface. This approach directly addresses the issue by stopping the source of the unauthorized attempts at the interface level. Therefore, creating an inbound ACL on interface E1/0 to deny SNMP traffic from the specified host is the appropriate solution.
Its B. ACL blocks the specific host/port incoming. You cannot use ACLs to protect the 'management plane' on an interface
snmp-server community Public RO 90 snmp-server community Private W 90 R1#show access-list 90 Standard IP access list 90 permit 10.11.110.11 permit 10.11.111.12 Console messages are from 10.11.110.12 See the difference between the permit IP statement and host IP? B is correct.
Lets think through this. A) is wrong because SNMP functions in the management not the control plane. B) this sounds correct, but if you think about it, it may cause unintended traffic denies. If we create a new ACL to deny the host, the answer does not specify other parameters, and we could assume that a permit any at the end will be configured as well. C) is wrong, we are trying to block the host. D) seems to be the best answer. If we use the same ACL 90, we are inherently deny any other hosts that do not require access to R1's management plane, and only permit the ones defined in the ACL. D is the best answer B works, but not entirely the best answer.
In ACL 90 there is no IP that we need to block, so I think the right answer B.
but option D has no association with SNMP... or is it implicit in the management plane??
The ACL would block SNMP packets from reaching the MGMT plane in the first place. Option D would also work but would still be processed via the MGMT plane and then be discarded. The less unnecessary packets processed through the MGMT/control plane the better in my opinion.
So , management plane protection(MPP) can be added to an interface. This makes your router only reachable from that interface. But with MPP you can not specify an ACL. So i do not see how D could be correct. Picking B https://www.cisco.com/c/en/us/td/docs/ios/security/configuration/guide/sec_mgmt_plane_prot.html
yes, correct option B. Easy question
B is corerct
D is correct
How D is correct?
The question does not specify if the new ACL (answer B) will allow other hosts to access the router through E1/0. I believe the best answer would be D as it uses the existing ACL which block access from the suspected attacker to access R1.