ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 350-401 All Questions

View all questions & answers for the 350-401 exam
Go to Exam

Exam 350-401 topic 1 question 285 discussion

Actual exam question from Cisco's 350-401
Question #: 285
Topic #: 1
[All 350-401 Questions]

An engineer must configure an ACL that permits packets which include an ACK in the TCP header. Which entry must be included in the ACL?

  • A. access-list 110 permit tcp any any eq 21 tcp-ack
  • B. access-list 10 permit tcp any any eq 21 established
  • C. access-list 110 permit tcp any any eq 21 established
  • D. access-list 10 permit ip any any eq 21 tcp-ack
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by [deleted] at May 11, 2021, 1:17 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
[Removed]
5 months, 2 weeks ago
Selected Answer: C
C is correct B is wrong cause you need an extended access-list to accomplish this
upvoted 1 times
...
eearmani
10 months, 1 week ago
Selected Answer: C
The key is the access list number as it is extended access list and word established
upvoted 1 times
...
Chuckzero
1 year, 2 months ago
Correct is C. The purpose of using the established keyword is to allow the return traffic of an established connection, while denying any new connection attempts. This can be useful in scenarios where you want to allow responses from outbound connections initiated from within your network while still maintaining security by not allowing new inbound connections on that port. With the given ACL rule in the answer options, it is clear that we are talking about FTP Server which uses port 21. If a client from inside the network initiates an FTP connection to an external FTP server (which typically uses port 21 for control), the firewall would allow the returning control traffic from the FTP server due to the established keyword.
upvoted 2 times
...
flash007
1 year, 3 months ago
extended access lists allow ports whereas standards dont
upvoted 4 times
...
kalbos
1 year, 11 months ago
Selected Answer: C
it is a extendend access-list Standard 1–99 and 1300–1999 Extended IP 100–199 and 2000–2699
upvoted 3 times
...
SergeBesse
2 years, 1 month ago
Selected Answer: C
correct answer
upvoted 1 times
...
youtri
2 years, 7 months ago
B and D are Numbered ,standared ACL, (0-99) Numbered, standered ACL does not filter the trafic type (TCP,UDP, IP,ICMP,TCP.....)
upvoted 4 times
...
Jheax
2 years, 7 months ago
Selected Answer: C
The correct answer is C because the ACL contains the source and destination (it's an extended ACL).
upvoted 4 times
...
[Removed]
3 years, 5 months ago
The given answer is correct
upvoted 3 times
Hustle01
3 years, 4 months ago
Can you please explain , B and C looks similar , the only difference is one has 10 and the other has 110, please can you explain , thanks
upvoted 1 times
mgiuseppe86
1 year, 1 month ago
You cannot create ACLs permitting or denying ports or destination networks in numbered standard ACL lists from 1-99. You must create an extended ACL using access-list 100-199
upvoted 1 times
...
chris110
3 years, 4 months ago
i think: B is ACL 10, so standard acl. Standard acl makes decisions only by ip. C is ACL 110 (Range 100-199 & 2000-2699 is extended acl) so it makes deciscions by ip, protocol etc.
upvoted 9 times
Node
3 years, 3 months ago
to add to the above comment, standard ACL do not require to specify the destination. it would have been "permit any" the second any indicates the destination. It is therefore, the wrong sintax.
upvoted 2 times
...
MookieLoLo
3 years ago
it explicit say TCP traffic so the standard ACL won't work so the given answer is correct
upvoted 1 times
...
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago