Exam 350-401 topic 1 question 299 discussion

I think the first answer is "Deny".

The reason the ACLs must Both be 'permit' is that they create the 'test condition' , then based on that test , we drop it later in the Map.

correct

given answers are correct. https://www.networkstraining.com/vlan-access-map-example-configuration/

SW1(config)# ip access-list extended DENY-HTTP SW1(config-ext-nacl)# deny tcp host 10.1.1.10 host 10.1.1.20 eq www SW1(config)# ip access-list extended MATCH_ALL SW1(config-ext-nacl)# permit ip any any SW1(config)# vlan access-map HOST-A-B 10 SW1(config-access-map)# match ip address DENY-HTTP SW1(config-access-map)# action drop SW1(config)# vlan access-map HOST-A-B 20 SW1(config-access-map)# match ip address MATCH_ALL SW1(config-access-map)# action forward SW1(config)# vlan filter HOST-A-B vlan 10

the correct answer is: 1- Deny: you want to deny HTTP 2- permit: to allow other traffic 3- drop: to drop traffic that matches the map "HTTP_Drop" 4- forward: to forward the other traffic

Trick question - Given Answer is correct - some options can be used twice create a condition by permit then later deny by action drop

In this case we need to configure a VLAN access-map to deny HTTP traffic and apply it to VLAN 10. To do it, first create an access-list, by which interesting traffic will be matched. The principle of VLAN access-map config is similar to the route-map principle. After this we’ll create a vlan access-map, which has two main parameters: action and match. Match: by this parameter the interesting traffic is matched and here RACL or MAC ACL can be applied as well. Action: what to do with matched traffic. Two main parameters exist: Drop and Forward. In case of Drop, matched traffic will be dropped, and in case of forward, matched traffic will be allowed

Provided answer is correct. permit, permit, action drop, action forward.

When talking about access-lists or prefix-lists associated with *-maps, Permit and Deny take on new meanings. As we all know, a *-list processes each entry until a match is found. Once a match is found, processing of the *-list stops. *-maps operate the same way. - If the matched statement is 'permit,' the *-list reports back to the *-map with a match success, which allows the *-map to process the associated action. No further *-map sequences are processed. - If the matched statement is 'deny,' the *-list reports back to the *-map with NO MATCH; wherein the *-map will proceed to the next *-map sequence until a *-map match IS found. - If NO statement is matched in the *-list, the implicit 'deny any any' is ALWAYS matched. In This case, the *-list will report to the *-map with NO MATCH, and the *-map will proceed to the next sequence until a match IS found.

The answer provided is correct. Because even the first statement is 'permit' but once it is matched , the action will be dropped

I agree I think the first answer is "Deny". Can someone clarify why this is or isn't true?

addrelanina do we have chance to use permit couple times? if is a drop and drag question i see only one permit available