Discussion :: Computer Networking
- If you wanted to deny FTP access from network 200.200.10.0 to network 200.199.11.0 but allow everything else, which of the following command strings is valid?
A.
access-list 110 deny 200.200.10.0 to network 200.199.11.0 eq ftp |
B.
access-list 1 deny ftp 200.200.10.0 200.199.11.0 any any |
C.
access-list 100 deny tcp 200.200.10.0 0.0.0.255 200.199.11.0 0.0.0.255 eq ftp |
D.
access-list 198 deny tcp 200.200.10.0 0.0.0.255 200.199.11.0 0.0.0.255 eq ftp |
Answer : Option D
Explanation :
Extended IP access lists use numbers 100-199 and 2000-2699 and filter based on source and destination IP address, protocol number, and port number. The last option is correct because of the second line that specifies permit ip any any. (I used 0.0.0.0 255.255.255.255, which is the same as the any option.) The third option does not have this, so it would deny access but not allow everything else.
Be The First To Comment