Introducing Cisco Data Center Networking (DCICN) — Question 1

What is the correct format of an access control list on a Cisco Nexus switch to deny FTP traffic from any source to destination host 10.10.1.110?

Answer options

• A. N5K-A(config)# ip access-list 101 N5K-A(config-acl)# deny tcp any host 10.10.1.110 eq ftp
• B. N5K-A(config)#access-list 101 deny tcp any host 10.10.1.110 eq ftp
• C. N5K-A(config)# access-list 101 deny tcp any host 10.10.1.110 eq ftp N5K-A(config)# access-list 101 denyip any any
• D. N5K-A(config)# ip access-list 101 N5K-A(config-acl)# deny udp any host 10.10.1.110 eq 21 N5K-A(config-acl)# permit ip any any
• E. N5K-A(config)# ip access-list 101 N5K-A(config-acl)# deny tcp any host 10.10.1.110 eq 21

Correct answer: E

Explanation

The correct answer is E because it specifies the correct protocol (TCP) and port (21) for FTP traffic, effectively denying it. Option A incorrectly uses 'eq ftp' instead of the appropriate port number, while B lacks the proper syntax for an access control list on a Nexus switch. Option C is incorrect as it includes an invalid command and option D incorrectly uses UDP instead of TCP.