Implementing Cisco IP Routing (CCNP ROUTE, legacy) — Question 198

What does the following access list, which is applied on the external interface FastEthernet 1/0 of the perimeter router, accomplish? router(config)#access-list 101 deny ip 10.0.0.0 0.255.255.255 any log router (config)#access-list 101 deny ip 192.168.0.0 0.0.255.255 any log router (config)
#access-list 101 deny ip 172.16.0.0 0.15.255.255 any log router (config)#access-list 101 permit ip any any router (config)#interface fastEthernet 1/0 router (config-if)#ip access-group 101 in

Answer options

• A. It prevents incoming traffic from IP address ranges 10.0.0.0-10.0.0.255, 172.16.0.0- 172.31.255.255, 192.168.0.0-192.168.255.255 and logs any intrusion attempts.
• B. It prevents the internal network from being used in spoofed denial of service attacks and logs any exit to the Internet.
• C. It filters incoming traffic from private addresses in order to prevent spoofing and logs any intrusion attempts.

Correct answer:

Explanation

The correct answer is C because the access list specifically denies incoming traffic from private IP address ranges, which are typically used for internal networks, and logs these attempts to monitor for unauthorized access. Options A and B misinterpret the ranges covered or the purpose of the logging in relation to external traffic.