What does the following access list, which is applied on the external interface FastEthernet 1/0 of the perimeter router, accomplish?
Router(config)#access-list 101 deny ip 10.0.0.0 0.255.255.255 any log router (config)#access-list 101 deny ip 192.168.0.0 0.0.255.255 any log router (config)#access-list 101 deny ip 172.16.0.0 0.15.255.255 any log router (config)#access-list 101 permit ip any any router (config)#interface fastEthernet 1/0 router (config-if)#ip access-group 101 in

A. It prevents incoming traffic from IP address ranges 10.0.0.0-10.0.0.255, 172.16.0.0-172.31.255.255, 192.168.0.0-192.168.255.255 and logs any intrusion attempts.

B. It prevents the internal network from being used in spoofed denial of service attacks and logs any exit to the Internet.

C. It filters incoming traffic from private addresses in order to prevent spoofing and logs any intrusion attempts.

D. It prevents private internal addresses to be accessed directly from outside.








 

Suggested Answer: C

The private IP address ranges defined in RFC 1918 are as follows:
10.0.0.0  10.255.255.255
172.16.0.0  172.31.255.255
192.168.0.0  192.168.255.255
These IP addresses should never be allowed from external networks into a corporate network as they would only be able to reach the network from the outside via routing problems or if the IP addresses were spoofed. This ACL is used to prevent all packets with a spoofed reserved private source IP address to enter the network. The log keyword also enables logging of this intrusion attempt.

This question is in 300-101 Cisco Implementing Cisco IP Routing (ROUTE) Exam
For getting Cisco Certified Network Professional (CCNP) Routing and Switching Certificate




Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Cisco.
Trademarks, certification & product names are used for reference only and belong to Cisco.
The website does not contain actual questions and answers from Cisco's Certification Exam.