Introducing Cisco Data Center Networking (DCICN) — Question 15

What is the correct format of an access control list on a Cisco Nexus switch to deny unencrypted Web traffic from any source to destination host 10.10.1.110?

Answer options

• A. N5K-A(config)#ip access-list 101 N5K-A(config-acl)# deny tcp any host 10.10.1.110 eq 80
• B. N5K-A(config)# access-list 101 deny tcp any host 10.10.1.110 eq 80
• C. N5K-A(config)# access-list 101 deny tcp any host 10.10.1.110 eq 80 N5K-A(config)# access-list 101 permit ip any any
• D. N5K-A(config)# ip access-list 101 N5K-A(config-acl)# deny tcp any host 10.10.1.110 eq 80

Correct answer: D

Explanation

Option D is correct because it correctly uses the 'ip access-list' command followed by the ACL name and the 'deny' statement in the right context. Other options either use the wrong command format or do not properly define the access list for denying TCP traffic specifically to that host.