What is the result of applying this access control list?

What is the result of applying this access control list?

ip access-list extended STATEFUL

10 permit tcp any any established

20 deny ip any any
A . TCP traffic with the URG bit set is allowed
B . TCP traffic with the SYN bit set is allowed
C . TCP traffic with the ACK bit set is allowed
D . TCP traffic with the DF bit set is allowed

Answer: C

Explanation:

The established keyword is only applicable to TCP access list entries to match TCP segments that have the ACK and/or RST control bit set (regardless of the source and destination ports), which assumes that a TCP connection has already been established in one direction only.

Let’s see an example below:

Suppose you only want to allow the hosts inside your company to telnet to an outside server but not vice versa, you can simply use an “established” access-list like this: access-list 100 permit tcp any any established access-list 101 permit tcp any any eq telnet ! interface S0/0 ip access-group 100 in ip access-group 101 out

Latest 350-401 Dumps Valid Version with 404 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments