ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 200-150 All Questions

View all questions & answers for the 200-150 exam
Go to Exam

Exam 200-150 topic 1 question 55 discussion

Actual exam question from Cisco's 200-150
Question #: 55
Topic #: 1
[All 200-150 Questions]

What is the correct format of an access control list on a Cisco Nexus switch to deny unencrypted Web traffic from any source to destination host 10.10.1.110?

  • A. N5K-A(config)#ip access-list 101 N5K-A(config-acl)# deny tcp any host 10.10.1.110 eq 80
  • B. N5K-A(config)# access-list 101 deny tcp any host 10.10.1.110 eq 80
  • C. N5K-A(config)# access-list 101 deny tcp any host 10.10.1.110 eq 80 N5K-A(config)# access-list 101 permit ip any any
  • D. N5K-A(config)# ip access-list 101 N5K-A(config-acl)# deny tcp any host 10.10.1.110 eq 80
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by snapper at Aug. 19, 2019, 12:04 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
BlueYeti
5 years, 6 months ago
A similar one was included in Lammle's DCICN book, using FTP instead of HTTP. ip access-list 101 deny tcp any host 10.10.1.110 eq 21 permit ip any any
upvoted 1 times
BlueYeti
5 years, 6 months ago
I don't think standard or extended is part of NX-OS, only IOS - there is nothing in the Command Reference Guide for standard or extended as part of 'ip access-list'. https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus7000/sw/security/command/reference/n7k_sec_cmd/sec_cmd_i.html#pgfId-1245141
upvoted 1 times
...
...
snapper
5 years, 10 months ago
Sorry, Answer C is correct without modification. BUT, if it had started with "ip access-list", they would have had to say "extended" before the ACL number.
upvoted 1 times
...
snapper
5 years, 10 months ago
I should say Answer C is almost correct. It needs they keyword "extended" before the ACL number.
upvoted 1 times
...
snapper
5 years, 10 months ago
Answers A and D are NOT correct. When you use a named ACL (or more accurately, when you start an access-list statement with IP access-list, you then have to specify whether it's a standard or extended ALC. THEN you can give it a number. R1(config)#ip access-list extended R1(config)#ip access-list extended ? <100-199> Extended IP access-list number Answer C is correct because after you block traffic to that one host, you need to permit all other traffic, and answer C does that with the permit ip any any statement.
upvoted 1 times
...
snapper
5 years, 10 months ago
What is this answer correct????
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel