Refer to the exhibit. PC-1 must access the web server on port 8080. To allow this traffic, which statement must be added to an access control list that is applied on SW2 port G0/0 in the inbound direction?
A.
permit tcp host 172.16.0.2 host 192.168.0.5 eq 8080
B.
permit tcp host 192.168.0.5 host 172.16.0.2 eq 8080
C.
permit tcp host 192.168.0.5 eq 8080 host 172.16.0.2
D.
permit tcp host 192.168.0.5 lt 8080 host 172.16.0.2
Option A would have been correct if we were filtering the outbound traffic exiting port G 0/0.
Option B is incorrect because the web server is using port 8080, not PC1. PC1 will randomly choose a source port from the ephemeral range: 49152 and 65535.
Option D is incorrect because we need to filter traffic coming from the web server on port 8080 ("lt 8080" will allow TCP connections coming from the server with a source port less than 8080).
C is correct
the question states "Inbound direction"
which means that if the PC tried to connect to the server, the server should have the ability to reply. so in reality you should have 2 access-lists one for traffic from PC1 to the server and another one for traffic from the server to PC1.
the question is asking you in a tricky way about the traffic from the server to the PC1 just by stating "Inbound"
Be aware that G0/0 port is the one connected to the server.
The catch here is that the ACE doesn't filter any ingress traffic from PC-1. It filters the inbound traffic from the webserver. So naturally, you need to permit the ingress traffic sourced at the web server.
The correct answer is C.
Since the rule is to be applied Inbound to SW2 Gi0/0, we need to invoke the rule guiding Source Port and Destination Port.
<protocol> <source IP/source network> <source port> <destination IP/destination network> <destination port>
Therefore,
permit tcp host 192.168.0.5 eq 8080 host 172.16.0.2
Answer is C.
The ACL is put on the interface facing the web server that receives a request on port 8080 ---> the answer has source port 8080 and is the web-server as the direction of the ACL is input (from outside to the router).
the obvious quick answer choice for most commonly seen deployments would be answer A. but since that is the only one with 172 as the source, there must be some trick going on! So after looking again, C it is, but this is not a typical ACL found almost anywhere and on a switch for that matter. dumb question for real life. also remember that ports can be applied to both source and dest, which means the port will follow each one. this rules out B as syntactically incorrect.
If your ACL is in an outbound direction on the G0/0 A would be fine, but in this case the ACL is in a inbound direction meaning that it will be looking at traffic from the server to the PC
C will not prevent the PC from accessing port 8080 on the webserver. Only the answer is not allowed, AFTER the access did already happen.
Terrible question, terrible graph, everything terrible. I go for A
This section is not available anymore. Please use the main Exam Page.350-401 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Jclemente
Highly Voted 4 years, 1 month agonetpeer
Highly Voted 4 years agoJh0nh
2 years, 6 months agoCCNPWILL
1 year, 6 months agoAbdullahMohammad251
Most Recent 8 months, 1 week agoZendahr
10 months, 2 weeks ago[Removed]
11 months, 2 weeks ago146b675
1 year, 3 months agoClaudiu1
1 year, 5 months agoChuckzero
1 year, 8 months agoihateciscoreally
1 year, 8 months agoNjavwa
1 year, 8 months agoCapt_23
1 year, 10 months agowr4net
1 year, 11 months agoChiaretta
2 years agodragonwise
2 years, 1 month agomhizha
2 years agoDataset
2 years, 2 months agoSammy3637
2 years, 2 months agorafaelinho88
2 years, 3 months agoStefanOT2
2 years, 3 months ago