A network administrator wants to prevent hosts from the 192.168.5.0/24 network from accessing the 10.0.0.0/8 network, while allowing them access to other networks. Which command should be used to create an extended ACL that accomplishes this?
access-list 100 deny ip 192.168.5.0 0.0.0.255 any
access-list 100 deny ip 192.168.5.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 100 deny ip any 10.0.0.0 0.255.255.255
access-list 100 permit ip 192.168.5.0 0.0.0.255 10.0.0.0 0.255.255.255
To block traffic from the 192.168.5.0/24 network to the 10.0.0.0/8 network, an extended access control list (ACL) is required because it can filter based on both source and destination IP addresses. The command access-list 100 deny ip 192.168.5.0 0.0.0.255 10.0.0.0 0.255.255.255 correctly denies traffic from the specified source to the specified destination.
Option A denies all traffic from 192.168.5.0/24 to any destination, which would block more traffic than intended. Option B denies traffic from any source to the 10.0.0.0/8 network, affecting all hosts, not just those from 192.168.5.0/24. Option D permits the traffic that should be denied, failing to meet the requirement.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an extended ACL?
Open an interactive chat with Bash
What is the purpose of the wildcard mask in ACL commands?
Open an interactive chat with Bash
What is the difference between the commands to deny and permit traffic in ACLs?
Open an interactive chat with Bash
Cisco CCNA 200-301
Security Fundamentals
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access