Refer to the exhibit. A network administrator must permit SSH access to remotely manage routers in a network. The operations team resides on the 10.20.1.0/25 network. Which command will accomplish this task?
A.
access-list 2699 permit udp 10.20.1.0 0.0.0.255
B.
no access-list 2699 deny tcp any 10.20.1.0 0.0.0.127 eq 22
C.
access-list 2699 permit tcp any 10.20.1.0 0.0.0.255 eq 22
D.
no access-list 2699 deny ip any 10.20.1.0 0.0.0.255
remember on ACLs that the rules apply in order. so it will never matter if you have the right config at the bottom if the one at the top is not allowing it.
Is the question really from Cisco? No wonder Cisco is losing market share to competitors year by year.
It has deny entries before permit entries, which are causing the issue. That's an intended mistake which requires the examinees to identify and choose an answer to rectify.
However, apart from that, there are also other issues.
The last entry, it's permitting outbound traffic to the operations team, and limiting the port to 22 on the operations side computers! Who told you the client side port of an SSH session is 22 as well?
As for the 'correct' answer, D, it's actually deleting the whole ACL, and not just the single entry in the command. If you want to remove the whole ACL and write a new one, why don't you simply execute no access-list 2699?
Do you think the Cisco employees who created those questions can pass CCNA?
the network admin from this ACL should get fired or asked to take the CCNA certification exam , this happens when uncertified people input commands =)).
I think the second statement doesn't match our destination network since 10.20.1.0 will have a wildcard mask of 0.0.0.127. The access-list should have this command in the figure:
access-list 2699 deny ip any 10.20.10.0 0.0.0.127
Are there different "rules" for the 2000-2699 range? According to Netacad (current course) and the latest packet tracer the "no access-list" command (in 0-200 range standard + extended) always deletes the whole ACL no matter if you specify an ACE after the command? This would nuke the ACL making tcp traffic for Operations possible but also all other traffic? B would give the same result?
In the current IOS you can also enter the acl subconfig for numbered ACL's like you can for named and delete ACE's by their sequence number which is the preferred and recommended way to do it.
Sorry guys, but removing an ACE of a numbered ACL does not remove the entire ACL??? Of course, this will allow the SSH to pass, but I think it was not the goal of the command!
DELETE DENY FOR THIS LINE: access-list 2699 deny ip any 10.20.1.0 0.0.0.255
SO COMMAND IS: no access-list 2699 deny ip any 10.20.1.0 0.0.0.255 CAN SOLVE THE ISSUE , WHILE 22 PORT IS ALREADY ENABLED IN THE LAST COMMAND IN THE TABLE, NO NEED TO ADD IT AGAIN.
This section is not available anymore. Please use the main Exam Page.200-301 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
distortion
Highly Voted 3 years, 10 months agodave1992
Highly Voted 3 years, 6 months agoMinSun600
Most Recent 3 months, 1 week agoJoshua25
6 months, 3 weeks agomatass_md
9 months, 3 weeks ago[Removed]
1 year, 1 month ago[Removed]
1 year, 1 month agoAbdullahMohammad251
1 year, 5 months agoAbdullahMohammad251
1 year, 5 months agopicho707
1 year, 6 months agoShabeth
1 year, 10 months agormartin3444
2 years, 1 month agosplashy
2 years, 7 months agopagamar
3 years agoHodicek
3 years, 5 months agorgg
3 years, 6 months ago