ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 350-401 All Questions

View all questions & answers for the 350-401 exam
Go to Exam

Exam 350-401 topic 1 question 266 discussion

Actual exam question from Cisco's 350-401
Question #: 266
Topic #: 1
[All 350-401 Questions]

Which access control list allows only TCP traffic with a destination port range of 22-443, excluding port 80?

  • A. deny tcp any any eq 80 permit tcp any any gt 21 lt 444
  • B. permit tcp any any range 22 443 deny tcp any any eq 80
  • C. permit tcp any any eq 80
  • D. deny tcp any any eq 80 permit tcp any any range 22 443
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by mrserxho1 at June 9, 2020, 12:36 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
nead
Highly Voted 4 years, 10 months ago
No answer is correct A. gt and lt not allowed on same ACE B. Would work if permit and deny ACEs were the other way around C. Permits ALL ports other than 80 D. Allows port 80. Could be typo. If ne 80 was eq 80, then the ACEs would work
upvoted 29 times
UIssuu
9 months, 2 weeks ago
I think its already amended, answer D has eq 80 now
upvoted 1 times
...
rlilewis
3 years, 1 month ago
I agree, there's supposed to be another option (which I see in other dumps): Option E) deny tcp any any eq 80 permit tcp any any range 22 443
upvoted 13 times
...
...
mrserxho1
Highly Voted 4 years, 12 months ago
Correct answer is B, "gt 21 lt 444" are not allowed inside the same statment
upvoted 10 times
fuqcue
4 years, 5 months ago
It cannot be B because 80 would be dropped upon being matched in the first statement...
upvoted 5 times
...
Quick_X
4 years, 10 months ago
Correct, just tested
upvoted 2 times
...
akbntc
4 years, 9 months ago
B cannot be correct as it allows port 80 before it gets denied by the later statement.
upvoted 8 times
...
CBlu
4 years, 11 months ago
D seems correct to me. How can the "deny" statement be reached if it is covered by the permit statement above? ACL's go sequentially and stop on the first match.
upvoted 7 times
timtgh
3 years ago
For packets that are not port 80, the first statement is not a match, so the second statement is checked.
upvoted 1 times
[Removed]
1 year, 11 months ago
but you are specifying a range between 22 and 443, 80 is within it. B is wrong. D specifies the DENYing of port 80 only, and then we can define what to allow
upvoted 1 times
...
...
...
Load full discussion...
...
[Removed]
Most Recent 1 year ago
Selected Answer: D
D is correct first deny TCP port 80, then permit all other ports within the provided range
upvoted 1 times
...
CCNPWILL
1 year, 7 months ago
Selected Answer: D
D is correct my friends.
upvoted 2 times
...
flash007
1 year, 10 months ago
deny is first permit is second
upvoted 2 times
...
ibogovic
1 year, 11 months ago
Selected Answer: D
The correct answer is D. The access control list (ACL) that allows only TCP traffic with a destination port range of 22-443, excluding port 80, is: deny tcp any any eq 80 permit tcp any any range 22 443 This ACL configuration first denies TCP traffic with a destination port of 80 (port 80 is excluded). Then it permits TCP traffic with a destination port in the range of 22-443. By placing the deny statement before the permit statement, it ensures that traffic to port 80 is not allowed, while traffic to other ports in the specified range is permitted. So, option D is the correct answer.
upvoted 6 times
...
musclehamster
2 years, 1 month ago
Selected Answer: D
The error has been fixed in D. It is correct now
upvoted 4 times
[Removed]
1 year, 9 months ago
Thanks, I was so confused with the most voted comment stating it was wrong
upvoted 1 times
...
...
Sammy3637
2 years, 3 months ago
Selected Answer: D
D is correct
upvoted 2 times
...
Nickplayany
2 years, 4 months ago
Selected Answer: D
deny tcp any any eq 80 permit tcp any any range 22 443
upvoted 2 times
...
bendarkel
2 years, 4 months ago
Selected Answer: D
Correct answer is D
upvoted 2 times
...
kewokil120
2 years, 4 months ago
Selected Answer: D
D is correct. Who voting C needs to re-read ACLs
upvoted 2 times
...
kewokil120
2 years, 5 months ago
Selected Answer: D
answer is d
upvoted 2 times
...
nushadu
2 years, 5 months ago
Selected Answer: D
cisco_R3(config)#ip access-list extended q_266 cisco_R3(config-ext-nacl)# cisco_R3(config-ext-nacl)#10 deny tcp any any eq 80 cisco_R3(config-ext-nacl)#20 permit tcp any any range 22 443 cisco_R3(config-ext-nacl)# cisco_R3#s access-l | b 266 Extended IP access list q_266 10 deny tcp any any eq www 20 permit tcp any any range 22 443 cisco_R3#
upvoted 2 times
...
MO_2022
2 years, 6 months ago
Selected Answer: D
D is correct
upvoted 2 times
...
kalbos
2 years, 6 months ago
Selected Answer: D
Answer is D
upvoted 2 times
...
Stylar
2 years, 6 months ago
Selected Answer: D
D for sure. 1st deny rule catches the port 80 traffic. 2nd permit allows the rest of our range. 3rd is implicit deny any any.
upvoted 2 times
...
H3kerman
2 years, 6 months ago
Selected Answer: D
D is correct. first deny 80 then allow required range
upvoted 2 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel