10-06-2020, 06:04 PM
I believe there is a bug on the scoring of QID: AN153. The question marks the following as the correct answer:
access-list 100 deny tcp host 172.16.1.33 any eq 22
access-list 100 permit ip any any
line vty 0 15
ip access-group 100 in
However, this is not even the correct command to apply an ACL to a VTY line. As even the explanation says, you would use the access-class command rather than access-group. The explanation also breaks down what is the correct answer, the one that applies the ACL to the Gi0/0 interface, which would effectively deny all SSH traffic from the specified host.
If others agree that I am correct in my assessment, hopefully H2P will fix this bug.
access-list 100 deny tcp host 172.16.1.33 any eq 22
access-list 100 permit ip any any
line vty 0 15
ip access-group 100 in
However, this is not even the correct command to apply an ACL to a VTY line. As even the explanation says, you would use the access-class command rather than access-group. The explanation also breaks down what is the correct answer, the one that applies the ACL to the Gi0/0 interface, which would effectively deny all SSH traffic from the specified host.
If others agree that I am correct in my assessment, hopefully H2P will fix this bug.