exam questions

Exam 350-401 All Questions

View all questions & answers for the 350-401 exam

Exam 350-401 topic 1 question 682 discussion

Actual exam question from Cisco's 350-401
Question #: 682
Topic #: 1
[All 350-401 Questions]

Refer to the exhibit.



A network administrator must configure router B to allow traffic only from network 10.100.2.0 to networks outside of router B. Which configuration must be applied?

  • A. RouterB(config)# access-list 101 permit ip 10.100.2.0 0.0.0.255 any
    RouterB(config)# access-list 101 deny any

    RouterB(config)# int g0/0/0 -
    RouterB(config-if)# ip access-group 101 out
  • B. RouterB(config)# access-list 101 permit ip 10.100.3.0 0.0.0.255 any
    RouterB(config)# access-list 101 deny any

    RouterB(config)# int g0/0/0 -
    RouterB(config-if)# ip access-group 101 out

    RouterB(config)# int g0/0/1 -
    RouterB(config-if)# ip access-group 101 out
  • C. RouterB(config)# access-list 101 permit ip 10.100.2.0 0.0.0.255 any
    RouterB(config)# access-list 101 deny any

    RouterB(config)# int g0/0/2 -
    RouterB(config-if)# ip access-group 101 in
  • D. RouterB(config)# access-list 101 permit ip 10.100.2.0 0.0.0.255 any

    RouterB(config)# int g0/0/0 -
    RouterB(config-if)# ip access-group 101 out

    RouterB(config)# int g0/0/1 -
    RouterB(config-if)# ip access-group 101 out
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
well123
Highly Voted 1 year, 9 months ago
Selected Answer: D
A: Not ok, missing to apply ACL on int g0/0/1 B: Not ok, permits 10.100.3.0 (wrong) C: not ok, applied ACL on wrong interface D: OK, correct answer
upvoted 13 times
...
x3rox
Highly Voted 1 year, 9 months ago
A - WRONG. destination is missing an 'any' and it only affect traffic to 1 external network. B - WRONG. wrong network souce and missing 'any' and only affect traffic to 1 external network. C - WRONG. Select the best interface for this scenario, however, it's missing an 'any'; it it only had this missing any, would've been the best choice. D - Correct. Correct network sources, implicit deny takes care of the rest. Interfaces are ok in the out direction.
upvoted 8 times
...
[Removed]
Most Recent 5 months, 3 weeks ago
Selected Answer: D
D is correct
upvoted 1 times
[Removed]
5 months, 1 week ago
...........................
upvoted 1 times
...
...
[Removed]
6 months, 1 week ago
D is correct
upvoted 1 times
...
Colmenarez
1 year, 4 months ago
Selected Answer: C
hmmm what about interface gi 0/0/3?
upvoted 3 times
AbdullahMohammad251
2 months ago
Interface gi 0/0/3 is a directly connected interface of router B, and thus the network "10.100.3.0/24" is an inside network. No need to apply any sort of filtering on this interface. We have 2 exit interfaces g 0/0/0 & g 0/0/1 to reach external networks. Option 'D' ensures that only network 10.100.2.0 can send traffic out of these 2 interfaces.
upvoted 1 times
...
...
teikitiz
1 year, 4 months ago
Selected Answer: D
C looked ok, but the ACL's deny component should be "deny ip any any". D's ACL carries the explicit deny, so it's correct
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...