ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
A company's perimeter Cisco IOS router connects the corporate network to the Internet. Management wants to ensure that outside hosts cannot start new Telnet sessions with any internal device, but employees must still be able to initiate Telnet sessions to business partners on the Internet. Which access-control list (ACL) approach best meets this requirement while following the principle of least privilege and avoiding disruption to other traffic?
Configure a reflexive ACL inbound on the outside interface to permit only established connections and explicitly deny tcp any any eq 23.
Create an extended ACL that denies tcp any any eq 23 and permits all other IP traffic, and apply it inbound on the router's outside interface.
Apply a standard ACL outbound on the inside interface that denies tcp any eq 23 any and then permits all other traffic.
Attach an extended ACL outbound on the inside interface that denies tcp any any eq 23 followed by a permit-ip any any statement.
To block only unsolicited Telnet connections coming from the Internet, an extended ACL should be applied inbound on the external (outside) interface. The ACL must deny TCP packets whose destination port is 23 (Telnet) and then permit all remaining traffic. Because outbound Telnet originates from the inside network, those packets leave through the inside interface and are not affected by an ACL that is evaluated on inbound traffic arriving from the Internet. A standard ACL cannot filter by TCP port, and placing any Telnet deny outbound on the inside interface would also block users' legitimate Telnet connections. Reflexive ACLs are unnecessary for this simple, stateless requirement.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Explain how an extended ACL works.
Open an interactive chat with Bash
What is the principle of least privilege, and how does it apply to ACL configurations?
Open an interactive chat with Bash
What are the key differences between inbound and outbound ACLs?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Network and Communication Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .