While examining excessive traffic on the network, it is noted that all incoming packets on an interface appear to be allowed even though an IPv4 ACL is applied to the interface. Which two misconfigurations cause this behavior? (Choose two.)
A.
The ACL is empty
B.
A matching permit statement is too broadly defined
C.
The packets fail to match any permit statement
D.
A matching deny statement is too high in the access list
E.
A matching permit statement is too high in the access list
A. not even sure what that means.
B. is the answer because its too specific meaning its allowing everthing it shouldnt
C. not the answer because if it was failing to match, then traffic would be getting denied
D. not the answer because traffic would be getting denied.
E. is the answer because it wouldnt matter how many deny commands if you are permitting it first at the top of the ACL
If ACL is empty it allows all packet. hidden deny works not here
check here
https://community.cisco.com/t5/routing/apply-empty-acl-what-happens/td-p/740473
So A is correct
And D is correct
B is half correct. so we have to chose 2 anwsers
B and E is correct. Because a matching permit is too broadly defined and is located too high in the list, it cannot filter any incoming traffic.
A is not the answer because the empty ACL allows ALL traffics, not just incoming traffics. The question just specified all 'incoming' traffic, not 'outbound' traffic.
A can't be correct. and If a permit statement in the access list is too broad and matches more packets than intended, all incoming packets may be allowed, even though an ACL is applied to the interface.
"The behavior for access-class when the specified access list is empty (or does not exist) has changed over time. In some (quite early) versions of IOS the default behavior was followed and all traffic was denied. In most versions of IOS (in its various flavors) has been that an empty (or non existent) access list results in all traffic being permitted."
Link: https://community.cisco.com/t5/routing/empty-access-list/td-p/630883
"The statement that an ACL always has an implicit deny any at the bottom has one exception. And that exception is when the ACL is empty. If you use ip access-group to apply an ACL and that ACL has no statements then all traffic is permitted."
https://community.cisco.com/t5/routing/apply-empty-acl-what-happens/td-p/740473#:~:text=If%20you%20use%20ip%20access,empty%20ACL%20would%20deny%20traffic.
This section is not available anymore. Please use the main Exam Page.200-301 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
kijken
Highly Voted 3 years, 3 months agodave1992
Highly Voted 3 years, 7 months agoChupacabro
3 years, 4 months agoGangsterDady
3 years, 6 months agoc9957e3
10 months agoNmk173
Most Recent 1 year agoNmk173
1 year agoeb63e5a
1 year ago[Removed]
1 year, 1 month agokalitwol
1 year, 2 months agobrimon
1 year, 2 months agof2faf2e
1 year, 2 months agoa67c04a
1 year, 3 months agoNewJeans
1 year, 7 months agoebachka
1 year, 3 months ago[Removed]
1 year, 7 months agoElmasquentona963
1 year, 8 months agods0321
1 year, 9 months agoCynthia2023
1 year, 9 months agoRODCCN
1 year, 10 months agoxbololi
1 year, 10 months ago[Removed]
1 year, 10 months ago