Exam 200-150 topic 1 question 58 discussion

Actual exam question from Cisco's 200-150

Question #: 58
Topic #: 1

What is the correct format of an access control list on a Cisco Nexus switch to only permit unencrypted Web traffic from the 172.16.1.0/25 network to destination host 10.10.1.110?

A. N5K-A(config)# ip access-list 101 N5K-A(config-acl)# permit tcp host 172.16.1.0/25 any eq 80
B. N5K-A(config)# ip access-list 101 N5K-A(config-acl)# permit tcp 172.16.1.0 255.255.255.128 any eq 80
C. N5K-A(config)# ip access-list 101 N5K-A(config-acl)# permit tcp 172.16.1.0/25 any eq 80
D. N5K-A(config)# access-list 101 permit tcp 172.16.1.0/25 0.0.0.128 eq 80
E. N5K-A(config)# ip access-list 101

Show Suggested Answer

Suggested Answer: C 🗳️

by snapper at Aug. 22, 2019, 11:37 p.m.

Comments

Submit Cancel

snapper

5 years, 10 months ago

None of these are right for two reasons: 1. None of them specify the destination host in the answer. 2. All ALCs starting with ip access-list need the keyword "standard" or "extended" before the ACL number: R1(config)#ip access-list 101 ^ % Invalid input detected at '^' marker. R1(config)#ip access-list ? extended Extended Access List log-update Control access list log updates logging Control access list logging resequence Resequence Access List standard Standard Access List

upvoted 1 times

DimS

5 years, 10 months ago

Answer C is right. https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/security/503_n1_1/b_Cisco_n5k_security_config_gd_rel_503_n1_1/Cisco_n5k_security_config_gd_rel_503_n1_1_chapter7.html

upvoted 1 times

...

BlueYeti

5 years, 6 months ago

Omitting the destination host in the answer will still fulfill the goal - answer C will block traffic to the destination host by blocking traffic to any host. It's technically correct but practically incorrect, not that Cisco cares about that kind of thing. Also, the part about including 'standard' and 'extended' is not true for NX-OS.

upvoted 1 times

...