Implementing and Operating Cisco Enterprise Network Core Technologies (ENCOR) — Question 398

You want to create a policy that allows all TCP traffic in the port range of 20 to 110, except for telnet traffic, which should be dropped. Which of the following access control lists will accomplish this?

Answer options

• A. deny tcp any any eq 22 permit tcp any any gt 20 lt 110
• B. permit tcp any any range 22 443 deny tcp any any eq 23
• C. deny tcp any any eq 23 permit tcp any any
• D. deny tcp any any eq 23 permit tcp any any range 20 110

Correct answer: D

Explanation

Option D is correct because it denies telnet traffic on port 23 and allows all TCP traffic within the specified range of 20 to 110. Option A incorrectly allows traffic on port 22 and does not address the specified range properly. Option B allows traffic on port 23 and does not fulfill the requirement to allow traffic in the specified range. Option C allows all TCP traffic but fails to restrict telnet traffic as required.