CCNA: Cisco Certified Network Associate — Question 839

An engineer is configuring remote access to a router from IP subnet 10.139.58.0/28. The domain name, crypto keys, and SSH have been configured. Which configuration enables the traffic on the destination router?

Answer options

• A. interface FastEthernet0/0 ip address 10.122.49.1 255.255.255.252 ip access-group 110 in ip access-list extended 110 permit tcp 10.139.58.0 0.0.0.15 host 10.122.49.1 eq 22
• B. interface FastEthernet0/0 ip address 10.122.49.1 255.255.255.240 access-group 120 in ip access-list extended 120 permit tcp 10.139.58.0 255.255.255.248 any eq 22
• C. interface FastEthernet0/0 ip address 10.122.49.1 255.255.255.252 ip access-group 105 in ip access-list standard 105 permit tcp 10.139.58.0 0.0.0.7 eq 22 host 10.122.49.1
• D. interface FastEthernet0/0 ip address 10.122.49.1 255.255.255.248 ip access-group 10 in ip access-list standard 10 permit udp 10.139.58.0 0.0.0.7 host 10.122.49.1 eq 22

Correct answer: A

Explanation

Option A is correct because it applies an access list that permits TCP traffic from the specified subnet to the router on port 22, which is necessary for SSH connections. Option B uses an incorrect subnet mask and also doesn't match the required access list type for TCP traffic. Option C incorrectly uses a standard access list instead of an extended access list, which cannot filter based on TCP port numbers. Option D mistakenly allows UDP traffic instead of TCP, which is not suitable for SSH.