ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 350-501 All Questions

View all questions & answers for the 350-501 exam
Go to Exam

Exam 350-501 topic 1 question 38 discussion

Actual exam question from Cisco's 350-501
Question #: 38
Topic #: 1
[All 350-501 Questions]


Refer to the exhibit. To protect in-band management access to CPE-R7, an engineer wants to allow only SSH management and provisioning traffic from management network 192.168.0.0/16. Which infrastructure ACL change must be applied to router PE-R9 to complete this task?

  • A. ip access-list extended INFRA-ACL 15 permit tcp 192.168.0.0 0.0.255.255 range 49152 65535 100.64.0.0 0.31.255.255 eq 443
  • B. ip access-list extended INFRA-ACL no 10 15 permit tcp 192.168.0.0 0.0.255.255 range 49152 65535 100.64.0.0 0.31.255.255 eq 22
  • C. ip access-list extended INFRA-ACL 15 permit tcp 192.168.0.0 0.0.255.255 range 49152 65535 100.64.0.0 0.31.255.255 eq 22
  • D. ip access-list extended INFRA-ACL no 10 15 permit tcp 192.168.0.0 0.0.255.255 eq 22 100.64.0.0 0.31.255.255 eq 22
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by sherlock0 at Dec. 2, 2021, 7:32 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Nostafar
Highly Voted 3 years, 5 months ago
Selected Answer: B
The 'no 10' is required to remove the acl line allowing telnet. It should have a line break at that point though which would make this question clearer.
upvoted 8 times
...
manjulabas
Most Recent 7 months, 3 weeks ago
answer C Syntax if the command line in B is incorrect
upvoted 1 times
...
thejag
2 years, 4 months ago
Selected Answer: B
Only answer possible is B You need to remove line 10 which allows the telnet, then allow ssh. NOTE: the SOURCE ports will be from the dynamic port range, not from port 22 but the DESTINATION port will be port 22.
upvoted 1 times
...
Father
3 years, 5 months ago
Selected Answer: C
If we look at the question we notice that the Ip access-list ANFRA-ACL permit syntex does not have the "no" found in options B and D.
upvoted 2 times
thejag
2 years, 2 months ago
That makes no sense, the answer is B. " allow only SSH management" so you must remove the telnet access line 10
upvoted 1 times
...
...
sherlock0
3 years, 6 months ago
B is correct
upvoted 2 times
waldo33
2 years, 8 months ago
B says to remove a acl rule with port 22 (22 = ssh). there is no such rule in the current config?
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel