Exam 300-410 topic 1 question 250 discussion

It's a standard ACL. Standard ACL's should always be installed as close to the DESTINATION as possible. Read this: Standard ACLs should be located as close to the destination as possible. If a standard ACL were placed at the source of the traffic, the “permit” or “deny” would occur based on the given source address, regardless of the traffic destination. So the only right answer in this question is B: SW1 interface G1/10.

For me is C cause the interface is connected to the server I think that B is not a good answer, if you have an SVI is another story, or for example several switches connected to that port. In this example they are talking about the interface connected to the server, for sure you are not gonna configure an IP to that port but a VLAN, the routed interface is the router interface.

It's definitely B.

B is correct standard ACL = closest to the destination extended ACL = closest to the source

Using a standard ACL to block icmp doesn't make sense...it can't be done. Stupid quesiton

An ACL can be applied on L3 equipment, switch is a L2 equipment, take the CCNA first.

Closest to the destination

A standard ACL can only deny the IP address of User 3, not only just ping. So the first step to remove that statndard ACL from R1 Gi0/0. We are not sure that SW1 is a an L3 type, so i rule out any SW1 related answers.

provided answer is correct standard access-list should be placed as close to the destination as possible

Correct 100% "D": team sorry for my earlier reply. The correct answer is "D", it is true, it is the closest to the destination, but it cannot be added (outside or inside) in the swi (g1/10), because the traffic that I want to deny comes from the source and enters the switch through the G2/21, (I tried all the options in my lab) and the correct answer is "D": SW1 interface G2/21

correct

By applying the access list in the outgoing direction on the interface facing the App Server, you can ensure that ping traffic from user 3 to other destinations, including user 9, is not affected. Only the ping traffic specifically destined for the App Server will be blocked in the outgoing direction on SW1.

If vlan's are terminated on switch and then routed to router answer is B. If vlans are terminated on router via .q subinterfaces then answer is C. Switch icon indicates that this is L3 switch so most propably vlans are ended there on SVI so answet is propably B :)

Standard ACL's should always be installed as close to the DESTINATION as possible

Hi, Why not answer D. Since, it's a standard ACL that has to be applied in outgoing interface. Because if we apply in R2 G1/0, we will not let that User 3 ping SW1, and the question says that it cannot ping ONLY App Server. And this is assuming that SW1 is a layer 3 switch.

I am confuse of question is ask about.. so question is ask ..delete R1 G0/0 ACL and place the ACL "somewhere" then make User3 can ping User9 but can not reach app server? Is my understanding correct?

If you're usign an ACL to block ping, that means you're using an extended ACL, and it's recommended to place de ACL closest to the source, so the given answer is correct.