PrepAway - Latest Free Exam Questions & Answers

Which of the following ACL should the technician configure?

A network technician wants to allow HTTP traffic through a stateless firewall. The company uses the 192.168.0.0/24 network. Which of the following ACL should the
technician configure? (Select TWO)

PrepAway - Latest Free Exam Questions & Answers

A.
PERMIT SRCIP 192.168.0.0/24 SPORT:80 DSTIP:192.168.0.0/24 DPORT:80

B.
PERMIT SRCIP 192.168.0.0/24 SPORT:ANY DSTIP:ANY DPORT 80

C.
PERMIT SRCIP:ANY SPORT:80 DSTIP:192.168.0.0/24 DPORT ANY

D.
PERMIT SRCIP: ANY SPORT:80 DSTIP:192.168.0.0/24 DPORT:80

E.
PERMIT SRCIP:192.168.0.0/24 SPORT:80 DSTIP:ANY DPORT:80

6 Comments on “Which of the following ACL should the technician configure?

  1. klt316 says:

    TCP connections from within a private network thru a firewall to the internet generally have specific port destinations (80 & 443 for example), but a random source port from the client. This is so there can be multiple sessions between said client and destination, or in plain terms multiple browser connections to the same server, for example. Thus you won’t see source port 80 from within the network, but rather a unique source port identifying a unique session. So eliminate those answers with SPORT:80 & DPORT:80 together. BUT remember the firewall is STATELESS, which means it needs two ACLs, one for each direction. So outgoing SPORT:ANY DPORT:80 will get TO the server (with its random source port) – Answer B. Incoming SPORT:80 DPORT:ANY will return to the same client (to the same random port on return) – Answer C. So the answers are B & C.




    2



    0

Leave a Reply