Refer to the exhibit.
A network administrator must configure router B to allow traffic only from network 10.100.2.0 to networks outside of router B. Which configuration must be applied?
Exam 350-401 All QuestionsBrowse all questions from this exam
Question 682
Correct Answer: D
To allow traffic only from network 10.100.2.0 to networks outside of router B, you should configure an access control list (ACL) on the outbound interfaces (g0/0/0 and g0/0/1) of router B. The ACL will permit traffic from network 10.100.2.0 and deny all other traffic. This can be done by first permitting traffic from 10.100.2.0 with a wildcard mask of 0.0.0.255 to any destination, followed by an implicit deny of all other traffic. Applying this ACL to both outbound interfaces ensures that traffic leaving router B is properly filtered. Therefore, the correct configuration is to permit the 10.100.2.0 network, configure the deny any rule implicitly, and apply this ACL to both the g0/0/0 and g0/0/1 interfaces in the out direction.
Discussion
well123Option: D
A: Not ok, missing to apply ACL on int g0/0/1 B: Not ok, permits 10.100.3.0 (wrong) C: not ok, applied ACL on wrong interface D: OK, correct answer
x3roxOption: D
A - WRONG. destination is missing an 'any' and it only affect traffic to 1 external network. B - WRONG. wrong network souce and missing 'any' and only affect traffic to 1 external network. C - WRONG. Select the best interface for this scenario, however, it's missing an 'any'; it it only had this missing any, would've been the best choice. D - Correct. Correct network sources, implicit deny takes care of the rest. Interfaces are ok in the out direction.
teikitizOption: D
C looked ok, but the ACL's deny component should be "deny ip any any". D's ACL carries the explicit deny, so it's correct
ColmenarezOption: C
hmmm what about interface gi 0/0/3?
SeMo0o0oOption: D
D is correct
SeMo0o0o
...........................
SeMo0o0oOption: D
D is correct