Networking - Security - Discussion

Discussion :: Security - Security (Q.No.17)


If you wanted to deny FTP access from network to network but allow everything else, which of the following command strings is valid?

[A]. access-list 110 deny to network eq ftp
access-list 111 permit ip any
[B]. access-list 1 deny ftp any any
[C]. access-list 100 deny tcp eq ftp
[D]. access-list 198 deny tcp eq ftp
access-list 198 permit ip any

Answer: Option D


Extended IP access lists use numbers 100-199 and 2000-2699 and filter based on source and destination IP address, protocol number, and port number. The last option is correct because of the second line that specifies permit ip any any. (I used, which is the same as the any option.) The third option does not have this, so it would deny access but not allow everything else.

Ashu said: (Jul 28, 2018)  
Can anyone explain this?

Post your comments here:

Name *:

Email   : (optional)

» Your comments will be displayed only after manual approval.