Exam 300-410 All QuestionsBrowse all questions from this exam
Go to Exam
Question 250

Refer to the exhibit. A network administrator must block ping from user 3 to the App Server only. An inbound standard access list is applied to R1 interface G0/0 to block ping. The network administrator was notified that user 3 cannot even ping user 9 anymore. Where must the access list be applied in the outgoing direction to resolve the issue?

    Correct Answer: B

    In the context of network management, standard access control lists (ACLs) are generally placed as close to the destination as possible. This approach minimizes the impact on network traffic by blocking undesirable traffic only when it is about to reach its final destination, rather than filtering it prematurely and potentially affecting other network flows. Given the requirement to block ping from User 3 to the App Server while still allowing communication between User 3 and other devices (like User 9), the appropriate interface to apply the ACL in the outgoing direction is SW1 interface G1/10, which is the closest point to the destination (App Server). Applying the ACL here ensures that only the traffic to the App Server is filtered, meeting the given criteria effectively.

Discussion
Patrick1234Option: B

It's a standard ACL. Standard ACL's should always be installed as close to the DESTINATION as possible. Read this: Standard ACLs should be located as close to the destination as possible. If a standard ACL were placed at the source of the traffic, the “permit” or “deny” would occur based on the given source address, regardless of the traffic destination. So the only right answer in this question is B: SW1 interface G1/10.

MusteOption: B

provided answer is correct standard access-list should be placed as close to the destination as possible

IceFireSoulOption: B

Given answer is correct, at least by my standards. Switch device in this diagram is not a pure layer 2 switch, in fact its a layer 3 switch and therefor can make routing decisions as well , in this case block ping going out the interface G1/10

Remsync

If you're usign an ACL to block ping, that means you're using an extended ACL, and it's recommended to place de ACL closest to the source, so the given answer is correct. By putting the ACL on the L3 SW it goes against that principle since you're placing it closes to the destination.

Remsync

I mean, C is correct, not the given answer.

Remsync

My bad, it says standard ACL. Given answer is correct. You're correct.

Commando1664

Using a standard ACL to block icmp doesn't make sense...it can't be done. Stupid quesiton

louisvuitton12Option: B

Closest to the destination

inteldarvidOption: B

correct

pepguaOption: B

By applying the access list in the outgoing direction on the interface facing the App Server, you can ensure that ping traffic from user 3 to other destinations, including user 9, is not affected. Only the ping traffic specifically destined for the App Server will be blocked in the outgoing direction on SW1.

TypovyOption: B

If vlan's are terminated on switch and then routed to router answer is B. If vlans are terminated on router via .q subinterfaces then answer is C. Switch icon indicates that this is L3 switch so most propably vlans are ended there on SVI so answet is propably B :)

Jerome_2046Option: B

Standard ACL's should always be installed as close to the DESTINATION as possible

chris7890Option: C

Where must the access list be applied in the outgoing direction to resolve the issue? Answer C must be correct!

lisanta12

No, in the case of C, ping cannot be executed until SW1.

SeMo0o0o0Option: B

B is correct standard ACL = closest to the destination extended ACL = closest to the source

ChiarettaOption: C

An ACL can be applied on L3 equipment, switch is a L2 equipment, take the CCNA first.

jansan55Option: C

A standard ACL can only deny the IP address of User 3, not only just ping. So the first step to remove that statndard ACL from R1 Gi0/0. We are not sure that SW1 is a an L3 type, so i rule out any SW1 related answers.

inteldarvidOption: D

Correct 100% "D": team sorry for my earlier reply. The correct answer is "D", it is true, it is the closest to the destination, but it cannot be added (outside or inside) in the swi (g1/10), because the traffic that I want to deny comes from the source and enters the switch through the G2/21, (I tried all the options in my lab) and the correct answer is "D": SW1 interface G2/21

Brand

"Where must the access list be applied in the outgoing direction" It says "outgoing direction" how would you block a traffic sourced by the user3 by applying the ACL to the return traffic back from server?

anaisa_goncalvesOption: D

Hi, Why not answer D. Since, it's a standard ACL that has to be applied in outgoing interface. Because if we apply in R2 G1/0, we will not let that User 3 ping SW1, and the question says that it cannot ping ONLY App Server. And this is assuming that SW1 is a layer 3 switch.

anaisa_goncalves

Correction I meant option B SW1 Interface Gi 1/10 as correct answer

VergilP

I am confuse of question is ask about.. so question is ask ..delete R1 G0/0 ACL and place the ACL "somewhere" then make User3 can ping User9 but can not reach app server? Is my understanding correct?

RemsyncOption: C

If you're usign an ACL to block ping, that means you're using an extended ACL, and it's recommended to place de ACL closest to the source, so the given answer is correct.

Remsync

I mean, C is correct, not the given answer.

Remsync

My bad, it says standard ACL. Given answer is correct.