A network engineer must implement an ACL-based solution to mitigate availability issues o…

Question

A network engineer must implement an ACL-based solution to mitigate availability issues on a web service that is hosted on a server at IP address 172.16.15.18/23. Access to the web server should be allowed over HTTP from RFC 1918 addresses only. The network architect has already enabled PMTUD in the network. Which ACL configuration must the engineer implement to complete the task?

Accepted Answer

Correct answer: D. D. access-list 198 deny ip any host 172.16.15.18 fragments
access-list 198 permit 6 10.0.0.0 0.255.255.255 172.16.15.18 0.0.1.255 eq 80 access-list 198 permit 6 172.16.0.0 0.0.255.255 172.16.15.18 0.0.1.255 eq 80 access-list 198 permit 6 192.168.0.0 0.0.0.255 172.16.15.18 0.0.1.255 eq 80 access-list 198 deny ip any any — The correct answer D allows HTTP access only from RFC 1918 addresses by explicitly permitting traffic on port 80 from the specified private IP ranges. It also denies all other traffic to the web server, effectively securing it. The other options either use incorrect syntax, allow non-RFC 1918 addresses, or fail to properly deny unwanted traffic.

Implementing and Operating Cisco Service Provider Network Core Technologies (SPCOR) — Question 345

Answer options

Correct answer: D

Explanation