ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 200-301 All Questions

View all questions & answers for the 200-301 exam
Go to Exam

Exam 200-301 topic 1 question 976 discussion

Actual exam question from Cisco's 200-301
Question #: 976
Topic #: 1
[All 200-301 Questions]

A network engineer must configure an access list on a new Cisco IOS router. The access list must deny HTTP traffic to network 10.125.128.32/27 from the 192.168.240.0/20 network, but it must allow the 192.168.240.0/20 network to reach the rest of the 10.0.0.0/8 network. Which configuration must the engineer apply?

  • A. ip access-list extended deny_outbound
    10 permit ip 192.168.240.0 255.255.240.0 10.0.0.0 255.0.0.0
    20 deny tcp 192.168.240.0 255.255.240.0 10.125.128.32 255.255.255.224 eq 443
    30 permit ip any any
  • B. ip access-list extended deny_outbound
    10 deny tcp 192.168.240.0 0.0.15.255 10.125.128.32 0.0.0.31 eq 80
    20 permit ip 192.168.240.0 0.0.15.255 10.0.0.0 0.255.255.255
    30 deny ip any any log
  • C. ip access-list extended deny_outbound
    10 deny tcp 10.125.128.32 255.255.255.224 192.168.240.0 255.255.240.0 eq 443
    20 deny tcp 192.168.240.0 255.255.240.0 10.125.128.32 255.255.255.224 eq 443
    30 permit ip 192.168.240.0 255.255.240.0 10.0.0.0 255.0.0.0
  • D. ip access-list extended deny_outbound
    10 deny tcp 192.168.240.0 0.0.15.255 any eq 80
    20 deny tcp 192.168.240.0 0.0.15.255 10.125.128.32 0.0.0.31 eq 80
    30 permit ip 192.168.240.0 0.0.15.255 10.0.0.0 0.255.255.255
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by sdmejia01 at Feb. 18, 2023, 4:23 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
sdmejia01
Highly Voted 2 years, 3 months ago
Selected Answer: B
B is correct
upvoted 9 times
...
[Removed]
Most Recent 1 year, 1 month ago
Selected Answer: B
B is correct
upvoted 2 times
...
picho707
1 year, 6 months ago
Selected Answer: D
TBH, I need to test this in my lab. I do not think B can be the answer due to the deny statement at the end. I think D is the right answer even though it has an extra deny statement at the beginning.
upvoted 3 times
exiledwl
7 months, 3 weeks ago
It cannot be D) because after the ACL checks the first entry it will deny tcp traffic sourced from 192.168.240.0/20 destined to any ip via http, if this is the case then the third statement will never be checked and it can't mete the requirements of the question
upvoted 1 times
...
Rich_rude
1 year ago
If you look at the first configuration on D (10 deny tcp 192.168.240 0.0.15.255 any eq 80) it is not a complete configuration for denying the ip address. I was going to choose D but saw this and had to go for b C. looks like the wrong ip gont the deny
upvoted 1 times
...
...
[Removed]
1 year, 10 months ago
Selected Answer: B
B. ip access-list extended deny_outbound 10 deny tcp 192.168.240.0 0.0.15.255 10.125.128.32 0.0.0.31 eq 80 20 permit ip 192.168.240.0 0.0.15.255 10.0.0.0 0.255.255.255 30 deny ip any any log
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago