Blocking HTTPS Traffic from Class A Private Network Range to a Host | Cisco Exam 200-125

How to Block HTTPS Traffic from Class A Private Network Range to a Host

Prev Question Next Question

Question

Which command can you enter to block HTTPS traffic from the whole Class A private network range to a host?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

D

The correct answer is option D:

scss
R1(config)#access-list 105 deny tcp 10.0.0.0 0.255.255.255 40.0.0.2 0.0.0.0 eq 443

This command creates an access control list (ACL) named "105" and denies any TCP traffic coming from the Class A private network range of 10.0.0.0/8 and destined for the host with IP address 40.0.0.2 on port 443 (which is the port used for HTTPS traffic).

Now let's break down the other options:

Option A:

scss
R1(config)#access-list 105 deny tcp 10.0.0.0 0.255.255.255 40.0.0.2 0.0.0.0 eq 53

This command blocks TCP traffic from the 10.0.0.0/8 network to the host with IP address 40.0.0.2, but it specifies port 53 (which is used for DNS traffic), not port 443 (which is used for HTTPS traffic). So this command will not block HTTPS traffic.

Option B:

scss
R1(config)#access-list 105 deny tcp 10.1.0.0 0.0.255.255 40.0.0.2 0.0.0.0 eq 53

This command blocks TCP traffic from the 10.1.0.0/16 network to the host with IP address 40.0.0.2, but it specifies port 53 (which is used for DNS traffic), not port 443 (which is used for HTTPS traffic). So this command will not block HTTPS traffic.

Option C:

scss
R1(config)#access-list 105 deny tcp 10.1.0.0 0.0.255.255 40.0.0.2 0.0.0.0 eq 443

This command blocks TCP traffic from the 10.1.0.0/16 network to the host with IP address 40.0.0.2, but it specifies only the Class B subnet of 10.1.0.0/16, not the entire Class A private network range of 10.0.0.0/8. Therefore, this command will not block all HTTPS traffic from the Class A private network range.