Exam 350-401 All QuestionsBrowse all questions from this exam
Go to Exam
Question 723

Refer to the exhibit.

Extended access-list 100 is configured on interface GigabitEthernet 0/0 in an inbound direction, but it does not have the expected behavior of allowing only packets to or from 192.168.0.0/16. Which command set properly configures the access list?

    Correct Answer: D

    The access list in the exhibit contains a broad deny statement at sequence 10 which prevents any traffic from passing through, including the desired traffic to or from the 192.168.0.0/16 network. To allow the intended traffic and block all other traffic, the deny statement at sequence 10 should be removed rather than moved or modified. The correct command set to achieve this is to enter the extended access-list 100 configuration mode and remove the sequence 10 statement using the 'no' command. The given command set performs this action, ensuring that only packets to or from the 192.168.0.0/16 network are allowed.

Discussion
yqpmateoOption: B

no access-list 100 seq 10, will delete the entire access-list 100 !!!! you need to enter under the access list configuration and run a no command for the sequence you want to delete.

slacker_at_work

How will you ever learn when you don't make mistakes ?

Cryptoking112211Option: B

The correct answer is B you need to move the deny rule to the bottom of the list as the question says to only allow the subnet to and from.

a197cbf

It's incorrect, because there is no "seq" option in the "no access-list" command. if you run that, it'll delete the entire ACL. I just tried it: R1(config)#no access-list 100 ? <cr> <cr> No options after the ACL number, but if I run the command in B, it will remove my entire ACL: R1(config)#no access-list 100 seq 10 R1(config)#do sh access-list 100 R1(config)#

Pilgrim5Option: D

D makes sense because the 10 statement won't allow ip packets from the 192.168.0.0 subnet or any other subnet pass through

snarkymarkOption: D

correct

SeMo0o0oOption: D

D is correct

SeMo0o0oOption: D

D is correct

raajj354

Can someone explain seq 30? Please.

gorillaenhanced

"... the expected behavior of allowing only packets TO or FROM 192.168.0.0/16" 20 is TO 30 is FROM

CCNPWILLOption: D

D is correct. its short hand but its correct.

djedeenOption: D

Note: At the end of each access list there is an explicit deny all statement, so the second ACL statement wasn’t really necessary. After applying an access list, every traffic not explicitly permited will be denied.

djedeen

Meaning - no deny everything else needed, just the first two permit statements (20 and 30).