Networking - Security - Discussion

Discussion :: Security - Security (Q.No.13)

13. 

If you wanted to deny all Telnet connections to only network 192.168.10.0, which command could you use?

[A]. access-list 100 deny tcp 192.168.10.0 255.255.255.0 eq telnet
[B]. access-list 100 deny tcp 192.168.10.0 0.255.255.255 eq telnet
[C]. access-list 100 deny tcp any 192.168.10.0 0.0.0.255 eq 23
[D]. access-list 100 deny 192.168.10.0 0.0.0.255 any eq 23

Answer: Option C

Explanation:

The extended access list ranges are 100-199 and 2000-2699, so the access-list number of 100 is valid. Telnet uses TCP, so the protocol TCP is valid. Now you just need to look for the source and destination address. Only the third option has the correct sequence of parameters. Answer B may work, but the question specifically states "only" to network 192.168.10.0, and the wildcard in answer B is too broad.

Post your comments here:

Name *:

Email   : (optional)

» Your comments will be displayed only after manual approval.