Which command sequence adds an allowed subnet to an address-list and permits that subnet through the input chain?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Study for the MTCNA Foundation Exam. Prepare with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your certification!

Multiple Choice

Which command sequence adds an allowed subnet to an address-list and permits that subnet through the input chain?

Explanation:
Controlling inbound traffic with an allowlist relies on two things: having the allowed subnet in an address-list and then using a rule that matches that list to permit traffic, with a final rule to drop everything else. In this sequence, you first create the address-list entry for the subnet (192.168.0.0/16). Next, you add a firewall rule in the input chain that matches src-address-list=allowed-subnet and sets action=accept. Finally, you include a catch-all drop rule for the input chain. This order ensures that traffic from the allowed subnet is accepted, while all other inbound traffic is blocked by the subsequent drop rule. Why this works better than the other sequences: if the drop rule is placed before the accept rule, any traffic from the allowed subnet would be dropped before the accept rule can apply. If you create the accept rule before the address-list exists, the rule would reference a list that isn’t defined yet, which can lead to confusion or misbehavior. And having a broad accept rule (with no specific source-list) would defeat the purpose of using an allowlist. The sequence that creates the address-list first, then the accept rule referencing that list, followed by a drop rule, cleanly implements an allowlist on the input chain.

Controlling inbound traffic with an allowlist relies on two things: having the allowed subnet in an address-list and then using a rule that matches that list to permit traffic, with a final rule to drop everything else. In this sequence, you first create the address-list entry for the subnet (192.168.0.0/16). Next, you add a firewall rule in the input chain that matches src-address-list=allowed-subnet and sets action=accept. Finally, you include a catch-all drop rule for the input chain. This order ensures that traffic from the allowed subnet is accepted, while all other inbound traffic is blocked by the subsequent drop rule.

Why this works better than the other sequences: if the drop rule is placed before the accept rule, any traffic from the allowed subnet would be dropped before the accept rule can apply. If you create the accept rule before the address-list exists, the rule would reference a list that isn’t defined yet, which can lead to confusion or misbehavior. And having a broad accept rule (with no specific source-list) would defeat the purpose of using an allowlist. The sequence that creates the address-list first, then the accept rule referencing that list, followed by a drop rule, cleanly implements an allowlist on the input chain.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy