A network technician wants to allow HTTP traffic through a stateless firewall. The company uses the 192.168.0.0/24 network. Which of the following ACL should the
technician configure? (Select TWO)
A.
PERMIT SRCIP 192.168.0.0/24 SPORT:80 DSTIP:192.168.0.0/24 DPORT:80
B.
PERMIT SRCIP 192.168.0.0/24 SPORT:ANY DSTIP:ANY DPORT 80
C.
PERMIT SRCIP:ANY SPORT:80 DSTIP:192.168.0.0/24 DPORT ANY
D.
PERMIT SRCIP: ANY SPORT:80 DSTIP:192.168.0.0/24 DPORT:80
E.
PERMIT SRCIP:192.168.0.0/24 SPORT:80 DSTIP:ANY DPORT:80
It says select two, which is the other answer? Are these off the actual exam? I am taking it in a couple days
0
0
Bob or anyone else, were these the actual questions and answers on the exam?
0
0
YES
0
0
Ok bob what was the other answer seems implied in the first question but well… yeah?
0
0
I guess it is B and D
0
0
TCP connections from within a private network thru a firewall to the internet generally have specific port destinations (80 & 443 for example), but a random source port from the client. This is so there can be multiple sessions between said client and destination, or in plain terms multiple browser connections to the same server, for example. Thus you won’t see source port 80 from within the network, but rather a unique source port identifying a unique session. So eliminate those answers with SPORT:80 & DPORT:80 together. BUT remember the firewall is STATELESS, which means it needs two ACLs, one for each direction. So outgoing SPORT:ANY DPORT:80 will get TO the server (with its random source port) – Answer B. Incoming SPORT:80 DPORT:ANY will return to the same client (to the same random port on return) – Answer C. So the answers are B & C.
2
0