ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 350-501 All Questions

View all questions & answers for the 350-501 exam
Go to Exam

Exam 350-501 topic 1 question 439 discussion

Actual exam question from Cisco's 350-501
Question #: 439
Topic #: 1
[All 350-501 Questions]

A network engineer must implement an ACL-based solution to mitigate availability issues on a web service that is hosted on a server at IP address 172.16.15.18/23. Access to the web server should be allowed over HTTP from RFC 1918 addresses only. The network architect has already enabled PMTUD in the network. Which ACL configuration must the engineer implement to complete the task?

  • A. access-list 199 deny ip any host 172.16.15.18 tcp-fragments
    access-list 199 permit tcp 10.0.0.0 255.255.255.255 172.16.15.18 0.254.0.255 eq 80 access-list 199 permit tcp 172.16.0.0 0.0.255.255 172.16.15.18 0.0.254.255 eq 80 access-list 199 permit tcp 192.168.0.0 0.0.0.255 172.16.15.18 0.0.254.255 eq 80 access-list 199 deny ip any any
  • B. access-list 199 deny tcp any host 172.16.15.18 http-fragments access-list 199 permit 16 10.10.0.0 0.255.255.255 172.16.15.18 0.0.2.253 eq 80 access-list 199 permit 16 172.16.0.0 0.0.255.255 172.16.15.18 0.0.2.253 eq 80 access-list 199 permit 16 192.168.0.0 0.0.0.255 172.16.15.18 0.0.2.253 eq 80 access-list 199 deny tcp any any
  • C. access-list 198 deny ip any host 172.16.15.18 ip-fragments
    access-list 198 permit 18 10.10.0.0 255.255.255.0 172.16.15.18 255.255.254.0 access-list 198 permit 18 172.16.0.0 255.255.0.0 172.16.15.18 255.255.254.0 access-list 198 permit 18 192.168.0.0 255.255.255.0 172.16.15.18 255.255.254.0 access-list 198 deny tcp any any
  • D. access-list 198 deny ip any host 172.16.15.18 fragments
    access-list 198 permit 6 10.0.0.0 0.255.255.255 172.16.15.18 0.0.1.255 eq 80 access-list 198 permit 6 172.16.0.0 0.0.255.255 172.16.15.18 0.0.1.255 eq 80 access-list 198 permit 6 192.168.0.0 0.0.0.255 172.16.15.18 0.0.1.255 eq 80 access-list 198 deny ip any any
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by ashwind123 at May 12, 2025, 4:19 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ashwind123
1 month, 3 weeks ago
Selected Answer: D
IOSV-8(config)#access-list 198 deny ip any host 172.16.15.18 ? dscp Match packets with given dscp value fragments Check non-initial fragments log Log matches against this entry log-input Log matches against this entry, including input interface option Match packets with given IP Options value precedence Match packets with given precedence value time-range Specify a time-range tos Match packets with given TOS value ttl Match packets with given TTL value <cr> <cr>
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel