Implementing and Operating Cisco Enterprise Network Core Technologies (ENCOR) — Question 16

Which access control list allows only TCP traffic with a destination port range of 22-443, excluding port 80?

Answer options

• A. deny tcp any any eq 80 permit tcp any any gt 21 lt 444
• B. permit tcp any any range 22 443 deny tcp any any eq 80
• C. permit tcp any any eq 80
• D. deny tcp any any eq 80 permit tcp any any range 22 443

Correct answer: D

Explanation

The correct answer, D, first denies TCP traffic on port 80 and then permits TCP traffic in the range of 22 to 443. Option A incorrectly allows traffic greater than port 21 and less than 444, which does not specifically enforce the required range. Option B also incorrectly allows port 80 traffic by placing the deny statement after the permit. Option C only allows traffic on port 80, which does not meet the question's requirement.