To deny FTP access from network 200.200.10.0 to network 200.199.11.0 while allowing all other traffic, we need to look for a valid command string that serves this purpose.
The correct command must specify:
- Deny traffic that meets the criteria (from 200.200.10.0 to 200.199.11.0 using FTP).
- Allow all other traffic afterwards (implicitly or explicitly).
Now, let's evaluate the options provided:
-
access-list 198 deny tcp 200.200.10.0 0.0.0.255 200.199.11.0 0.0.0.255 eq ftp- This line does deny the specified FTP traffic, but it does not include any entry for allowing other traffic. Access lists generally end with an implicit deny all, so without a permit statement, it could block all other traffic as well.
-
access-list 111 permit ip any 0.0.0.0 255.255.255.255- This line permits all IP traffic. While it does allow everything, it does not explicitly deny the FTP access that is required.
-
access-list 10 deny tcp 200.200.10.0 0.0.0.255 200.199.11.0 0.0.0.255 eq ftp- This line correctly denies the specified FTP traffic. However, like the first option, there is no permit statement following it.
-
access-list 1 deny ftp 200.200.10.0 200.199.11.0 any any- This line does not specify the wildcard mask, and the
anykeywords don't match the previous requirements. This command is incorrect in syntax for the typical access-list formats used.
- This line does not specify the wildcard mask, and the
Conclusion: To achieve the objective of denying FTP access from 200.200.10.0 to 200.199.11.0 while permitting all other traffic, the best approach would typically combine a deny statement followed by a permit statement (not listed here).
However, given the options, the closest valid command to deny the specified FTP access is:
access-list 10 deny tcp 200.200.10.0 0.0.0.255 200.199.11.0 0.0.0.255 eq ftp, but remember that you would need to add a permit statement afterward to ensure all other traffic is allowed.
1 answer