Which access controls list allows only TCP traffic with a destination port range of 22-433, excluding port 80?

350-401 8 Comments

Which access controls list allows only TCP traffic with a destination port range of 22-433, excluding port 80?
A . Deny tcp any any eq 80
Permit tcp any any gt 21 it 444
B . Permit tcp any any ne 80
C . Permit tcp any any range 22 443
Deny tcp any any eq 80
D . Deny tcp any any ne 80
Permit tcp any any range 22 443

Answer: C

Explanation:

Although the statement “permit tcp any any gt … lt …” seems to be correct but in fact it is not.

Each ACL statement only supports either “gt” or “lt” but not both:

In fact answer ‘Permit tcp any any range 22 443

Deny tcp any any eq 80

eq80.

Latest 350-401 Dumps Valid Version with 404 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download 350-401 PDF     350-401 Questions Online Training
Subscribe
Notify of
guest
8 Comments
Inline Feedbacks
View all comments
KZM
KZM
2 years ago

The answer should be ‘D’ not “B”.
If B,

Permit tcp any any range 22 443
Deny tcp any any eq 80

ACL works sequentially and TCP 80 will not be denied.

0
Reply
ED
ED
3 years ago

first need to deny an later permit, I think is D

0
Reply
abu md numan.ahmed
abu md numan.ahmed
3 years ago

the correct answer is not in the list, the deny statement should proceed the permit statement.

Deny tcp any any eq 80
Permit tcp any any range 22 433

0
Reply
Numan
Numan
3 years ago

Yep I agree, I saw that as well, the deny ACE should have BEEN placed before the permit ACE

0
Reply
sajjad.malik
sajjad.malik
3 years ago

Nathan regarding C you are correct, Smart i don’t think its A either because the below line you cannot type on the device in one go

Permit tcp any any gt 21 it 444 – the correct syntax is below

permit tcp any any gt 21
permit tcp any any lt 444

so i reckon answer is D but its got the typo that puts me off

0
Reply
sajjad.malik
sajjad.malik
3 years ago

so it has to be D then even though it has a typo there

D . Deny tcp any any ne 80
Permit tcp any any range 22 443

0
Reply
Smart Chinonso
Smart Chinonso
3 years ago

you are correct,
i think that in ACL due to the sequential method , within 22-443 , 80 is inside.
so traffic which is made to be block will be allowed because since the permit statement is including port 80 we will not achieve what we want. so therefore the c is wrong. i think the correct on is A

0
Reply
Nathan Asay
Nathan Asay
3 years ago

This answer is incorrect. It says C is the correct answer but it is not. Traffic destined for port 80 would match on the first access-list entry of:

Permit tcp any any range 22 443

And would stop processing there. Traffic over tcp 80 would never make it to the deny statement underneath.

0
Reply