Question

To deny FTP access from network 200.200.10.0 to network 200.199.11.0 while allowing all other traffic, we need to look for a valid command string that serves this purpose.

The correct command must specify:

1. **Deny traffic** that meets the criteria (from 200.200.10.0 to 200.199.11.0 using FTP).
2. **Allow** all other traffic afterwards (implicitly or explicitly).

Now, let's evaluate the options provided:

1. **`access-list 198 deny tcp 200.200.10.0 0.0.0.255 200.199.11.0 0.0.0.255 eq ftp`**
- This line does deny the specified FTP traffic, but it does not include any entry for allowing other traffic. Access lists generally end with an implicit deny all, so without a permit statement, it could block all other traffic as well.

2. **`access-list 111 permit ip any 0.0.0.0 255.255.255.255`**
- This line permits all IP traffic. While it does allow everything, it does not explicitly deny the FTP access that is required.

3. **`access-list 10 deny tcp 200.200.10.0 0.0.0.255 200.199.11.0 0.0.0.255 eq ftp`**
- This line correctly denies the specified FTP traffic. However, like the first option, there is no permit statement following it.

4. **`access-list 1 deny ftp 200.200.10.0 200.199.11.0 any any`**
- This line does not specify the wildcard mask, and the `any` keywords don't match the previous requirements. This command is incorrect in syntax for the typical access-list formats used.

**Conclusion:** To achieve the objective of denying FTP access from 200.200.10.0 to 200.199.11.0 while permitting all other traffic, the best approach would typically combine a deny statement followed by a permit statement (not listed here).

However, given the options, the closest valid command to deny the specified FTP access is:

**`access-list 10 deny tcp 200.200.10.0 0.0.0.255 200.199.11.0 0.0.0.255 eq ftp`**, but remember that you would need to add a permit statement afterward to ensure all other traffic is allowed.