If you wanted to deny FTP access from network 200 200...

Home / Networking / Security / Question
Examveda
Examveda

If you wanted to deny FTP access from network 200.200.10.0 to network 200.199.11.0 but allow everything else, which of the following command strings is valid?

A. access-list 110 deny 200.200.10.0 to network 200.199.11.0 eq ftp
access-list 111 permit ip any 0.0.0.0 255.255.255.255

B. access-list 1 deny ftp 200.200.10.0 200.199.11.0 any any

C. access-list 100 deny tcp 200.200.10.0 0.0.0.255 200.199.11.0 0.0.0.255 eq ftp

D. access-list 198 deny tcp 200.200.10.0 0.0.0.255 200.199.11.0 0.0.0.255 eq ftp
access-list 198 permit ip any 0.0.0.0 255.255.255.255

Answer: Option D

Solution(By Examveda Team)

Extended IP access lists use numbers 100-199 and 2000-2699 and filter based on source and destination IP address, protocol number, and port number. The last option is correct because of the second line that specifies permit ip any any. (I used 0.0.0.0 255.255.255.255, which is the same as the any option.) The third option does not have this, so it would deny access but not allow everything else.

This Question Belongs to Networking >> Security

Join The Discussion

Related Questions on Security
  View Answer
  View Answer
  View Answer
  View Answer

Read More: MCQ Type Questions and Answers