Implementing Cisco IP Routing (CCNP ROUTE, legacy) — Question 97

What does the following access list, which is applied on the external interface FastEthernet 1/0 of the perimeter router, accomplish? router(config)#access-list 101 deny ip 10.0.0.0 0.255.255.255 any log router (config)#access-list 101 deny ip 192.168.0.0 0.0.255.255 any log router (config)#access-list 101 deny ip 172.16.0.0 0.15.255.255 any log router (config)#access-list 101 permit ip any any router (config)#interface fastEthernet 1/0 router (config-if)#ip access-group 101 in

Answer options

• A. It prevents incoming traffic from IP address ranges 10.0.0.0-10.0.0.255, 172.16.0.0- 172.31.255.255, 192.168.0.0-192.168.255.255 and logs any intrusion attempts. B. It prevents the internal network from being used in spoofed denial of service attacks and logs any exit to the Internet.
• B. It filters incoming traffic from private addresses in order to prevent spoofing and logs any intrusion attempts.
• C. It prevents private internal addresses to be accessed directly from outside.

Correct answer: C

Explanation

The correct answer is D because the access list specifically denies traffic from private IP address ranges, thereby preventing these addresses from being accessed directly from outside networks. Options A and B are incorrect as they misinterpret the range of IP addresses being blocked and the intent of the access list, while option C does not fully capture the nature of the filtering applied.