CCNP 350-401 ENCOR Question 377 DISCUSSION

  • 562 views
  • 2023-06-26
« Back to Main Menu

    Refer to the exhibit. An engineer must deny HTTP traffic from host A to host B while allowing all other communication between the hosts. Which command set accomplishes this task?

    Q377

    A. 
    SW1(config)# mac access-list extended HOST-A-B
    SW1(config-ext-macl)# permit host aaaa.bbbb.cccc aaaa.bbbb.dddd
    SW1(config)# ip access-list extended DENY-HTTP
    SW1(config-ext-nacl)#deny tcp host 10.1.1.10 host 10.1.1.20 eq www.
    SW1(config)# vlan access-map DROP-MAC 10
    SW1 (config-access-map)# match mac address HOST-A-B
    SW1 (config-access-map)# action drop
    SW1(config) vlan access-map HOST-A-B 20
    SW1(config-access-map)# match ip address DENY-HTTP
    SW1(config-access-map)# action drop
    SW1(config)# vlan filter HOST-A-B vlan 10

    B. 
    SW1(config)# mac access-list extended HOST-A-B
    SW1 (config-ext-macl)# permit host aaaa.bbbb.cccc aaaa.bbbb.dddd
    SW1 (config)# ip access-list extended DENY-HTTP
    SW1(config-ext-nacl)#permit tcp host 10.1.1.10 host 10.1.1.20 eq www
    SW1(config)# vlan access-map DROP-MAC 10
    SW1 (config-access-map)# match mac address HOST-A-B
    SW1 (config-access-map)# action forwarc
    SW1 (config)# vlan access-map HOST-A-B 20
    SW1 (config-access-map)# match ip address DENY-HTTF
    SW1 (config-access-map)# action drop
    Sw1(confia ylan filter HOST-A-B vlan 10

    C. 
    SW1(config)# ip access-list extended DENY-HTTP
    SW1 (config-ext-nacl)#deny tcp host 10.1.1.10 host 10.1.1.20 eq www
    SW1(config)# ip access-list extended MATCH ALL
    SW1 (config-ext-nacl)# permit ip any any
    SW1 (config)# vlan access-map HOST-A-B 10
    SW1 (config-access-map)# match ip address DENY-HTTP
    SW1(config-access-map)# action drop
    SW1(config)# vlan access-map HOST-A-B 20
    SW1 (config-access-map)# match ip address MATCH ALL
    SW1 (config-access-map)# action forward
    SW1 (config)# vlan filter HOST-A-B vlan 10

    D. 
    SW1 (config)# ip access-list extended DENY-HTTP
    SW1 (config-ext-nacl)#permit tcp host 10.1.1.10 host 10.1.1.20 eq www
    SW1 (config)# ip access-list extended MATCH ALL
    SW1 (config-ext-nacl)# permit ip any any
    SW1 (config)# vlan access-map HOST-A-B 10
    SW1 (config-access-map)# match ip address DENY-HTTP
    SW1 (config-access-map)# action drop
    SW1 (config)# vlan access-map HOST-A-B 20
    SW1 (config-access-map)# match ip address MATCH ALL
    SW1 (config-access-map)# action forward
    SW1 (config)# vlan filter HOST-A-B vlan 10

    « Previous Next »

    Refer to the exhibit. An engineer must deny HTTP traffic from host A to host B while allowing all other communication between the hosts. Which command set accomplishes this task?

    Q377

    A. 
    SW1(config)# mac access-list extended HOST-A-B
    SW1(config-ext-macl)# permit host aaaa.bbbb.cccc aaaa.bbbb.dddd
    SW1(config)# ip access-list extended DENY-HTTP
    SW1(config-ext-nacl)#deny tcp host 10.1.1.10 host 10.1.1.20 eq www.
    SW1(config)# vlan access-map DROP-MAC 10
    SW1 (config-access-map)# match mac address HOST-A-B
    SW1 (config-access-map)# action drop
    SW1(config) vlan access-map HOST-A-B 20
    SW1(config-access-map)# match ip address DENY-HTTP
    SW1(config-access-map)# action drop
    SW1(config)# vlan filter HOST-A-B vlan 10

    B. 
    SW1(config)# mac access-list extended HOST-A-B
    SW1 (config-ext-macl)# permit host aaaa.bbbb.cccc aaaa.bbbb.dddd
    SW1 (config)# ip access-list extended DENY-HTTP
    SW1(config-ext-nacl)#permit tcp host 10.1.1.10 host 10.1.1.20 eq www
    SW1(config)# vlan access-map DROP-MAC 10
    SW1 (config-access-map)# match mac address HOST-A-B
    SW1 (config-access-map)# action forwarc
    SW1 (config)# vlan access-map HOST-A-B 20
    SW1 (config-access-map)# match ip address DENY-HTTF
    SW1 (config-access-map)# action drop
    Sw1(confia ylan filter HOST-A-B vlan 10

    C. 
    SW1(config)# ip access-list extended DENY-HTTP
    SW1 (config-ext-nacl)#deny tcp host 10.1.1.10 host 10.1.1.20 eq www
    SW1(config)# ip access-list extended MATCH ALL
    SW1 (config-ext-nacl)# permit ip any any
    SW1 (config)# vlan access-map HOST-A-B 10
    SW1 (config-access-map)# match ip address DENY-HTTP
    SW1(config-access-map)# action drop
    SW1(config)# vlan access-map HOST-A-B 20
    SW1 (config-access-map)# match ip address MATCH ALL
    SW1 (config-access-map)# action forward
    SW1 (config)# vlan filter HOST-A-B vlan 10

    D. 
    SW1 (config)# ip access-list extended DENY-HTTP
    SW1 (config-ext-nacl)#permit tcp host 10.1.1.10 host 10.1.1.20 eq www
    SW1 (config)# ip access-list extended MATCH ALL
    SW1 (config-ext-nacl)# permit ip any any
    SW1 (config)# vlan access-map HOST-A-B 10
    SW1 (config-access-map)# match ip address DENY-HTTP
    SW1 (config-access-map)# action drop
    SW1 (config)# vlan access-map HOST-A-B 20
    SW1 (config-access-map)# match ip address MATCH ALL
    SW1 (config-access-map)# action forward
    SW1 (config)# vlan filter HOST-A-B vlan 10

    Correct Answer: D

    « Previous Next »

    Support AceITCert.com by buying stuff you need!

    2 Comments

    ohhhvictor

    BIG TIPO from speller:

     

    • B. SW1(config)# ip access-list extended DENY-HTTP
      SW1(config-ext-nacl)# deny tcp host 10.1.1.10 host 10.1.1.20 eq www

      SW1(config)# ip access-list extended MATCH_ALL
      SW1(config-ext-nacl)# permit ip any any

      SW1(config)# vlan access-map HOST-A-B 10
      SW1(config-access-map)# match ip address DENY-HTTP
      SW1(config-access-map)# action drop
      SW1(config)# vlan access-map HOST-A-B 20
      SW1(config-access-map)# match ip address MATCH_ALL
      SW1(config-access-map)# action forward

      SW1(config)# vlan filter HOST-A-B vlan 10
    •  
    • C. SW1(config)# mac access-list extended HOST-A-B
      SW1(config-ext-macl)# permit host aaaa.bbbb.cccc aaaa.bbbb.dddd

      SW1(config)# ip access-list extended DENY-HTTP
      SW1(config-ext-nacl)# permit tcp host 10.1.1.10 host 10.1.1.20 eq www

      SW1(config)# vlan access-map DROP-MAC 10
      SW1(config-access-map)# match mac address HOST-A-B
      SW1(config-access-map)# action forward
      SW1(config)# vlan access-map HOST-A-B 20
      SW1(config-access-map)# match ip address DENY-HTTP
      SW1(config-access-map)# action drop

      SW1(config)# vlan filter HOST-A-B vlan 10..

    its ip accesst-list extended..no mac acceess list

    2024-04-24 12:30:30
    IgorLVG

    consider the image:

    2024-08-07 20:02:42
    In order to participate in the comments you need to be logged-in.
    You can sign-up or login (it's free).