Refer to the exhibits. Which subject must be configured for the All_noSSH contract to allow all IP traffic except SSH between the two EPGs? A. B. C. D.
D is the correct answer! Though the SSH filter entry has a lower priority, it will still be executed first.. Deny actions and protocol ( SSH ) wins over filter priority.
Also 'apply both directions' and reverse filter port should be checked..
https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-743951.html
D makes your SSH deny less eficient than your allow line, so it would be allowed either way.
If you go with C, your traffic may go one way, but you wont get reply, so in the end it won´t work either
I think C is correct too, Priority become greyed if selected, so option A and B could not be, destination ports should not be swapped at source ports on provider EPG, (no need for provider EPG to answer) hence... Reverse Filter Ports should be disabled. denying SSH is a priority.
This section is not available anymore. Please use the main Exam Page.300-630 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Netdude
8 months, 2 weeks agoH_nna
1 year, 4 months ago[Removed]
10 months agoNSF2
1 year, 6 months agoDSAM9
2 years, 7 months agoapot
3 years, 1 month ago