A network administrator wants to prevent hosts from the 192.168.5.0/24 network from accessing the 10.0.0.0/8 network, while allowing them access to other networks. Which command should be used to create an extended ACL that accomplishes this?
access-list 100 deny ip any 10.0.0.0 0.255.255.255
access-list 100 deny ip 192.168.5.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 100 deny ip 192.168.5.0 0.0.0.255 any
access-list 100 permit ip 192.168.5.0 0.0.0.255 10.0.0.0 0.255.255.255
An extended access control list (ACL) can filter on both source and destination IP addresses. The line access-list 100 deny ip 192.168.5.0 0.0.0.255 10.0.0.0 0.255.255.255 specifically matches traffic with a source in 192.168.5.0/24 and a destination in 10.0.0.0/8 and denies it, fulfilling the requirement. The distractor that substitutes the destination with any would block that source network from reaching every other network, which is too broad. The distractor that uses any as the source would block every source from reaching 10.0.0.0/8, over-restricting traffic. The statement that begins with permit would allow the traffic that must be denied, so it does not meet the requirement.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an extended ACL?
Open an interactive chat with Bash
What is the purpose of the wildcard mask in ACL commands?
Open an interactive chat with Bash
What is the difference between the commands to deny and permit traffic in ACLs?
Open an interactive chat with Bash
Cisco CCNA 200-301
Security Fundamentals
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access