The answer is that the syslog message indicates a TCP connection from 203.0.113.50 to 10.10.10.10 was denied by the ACL named OUTSIDE. This is correct because the ASA syslog 106023 interpretation hinges on the message format: the code "%ASA-4-106023" specifically signals an ACL deny action, and the interface name "OUTSIDE" is explicitly stated in the log, followed by the source IP (203.0.113.50) and destination IP (10.10.10.10). On the Cisco SCOR / CCNP Security Core 350-701 exam, this tests your ability to read ASA syslog messages quickly, as they often appear in scenario-based questions where you must identify whether traffic was permitted or denied and on which interface. A common trap is confusing the source and destination order—remember that the source IP always comes first in the 106023 message, not the destination. For a memory tip, think "106023 = Deny the Party" where the first IP listed is the one trying to crash the gate.
350-701 Network Security Practice Question
This 350-701 practice question tests your understanding of network security. Read the scenario carefully and evaluate each option against the stated constraints before committing to an answer. After answering, compare your reasoning against the explanation and wrong-answer breakdown below. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.
Exhibit
%ASA-4-106023: Deny tcp src outside:203.0.113.50/443 dst DMZ:10.10.10.10/80 by access-group "OUTSIDE"
Refer to the exhibit. A security analyst sees this syslog message on a Cisco ASA. What does it indicate?
Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.
Correct answer & explanation
✓
A TCP connection from 203.0.113.50 to 10.10.10.10 was denied by the ACL named OUTSIDE.
The syslog message shows an ACL deny action on the OUTSIDE interface for a TCP connection from source 203.0.113.50 to destination 10.10.10.10. The format '%ASA-4-106023' indicates a deny, and the interface name 'OUTSIDE' is explicitly stated. The source IP is listed first in the message, confirming the connection attempt originated from 203.0.113.50.
Key principle: Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.
Answer analysis
Option-by-option breakdown
For each option: why learners choose it and why it is or isn't the right answer here.
✗
A TCP connection from 10.10.10.10 to 203.0.113.50 was denied.
Why it's wrong here
The message shows source as 203.0.113.50 and destination as 10.10.10.10.
✓
A TCP connection from 203.0.113.50 to 10.10.10.10 was denied by the ACL named OUTSIDE.
Why this is correct
The syslog clearly indicates a deny by access-group OUTSIDE.
Related concept
Read the scenario before looking for a memorised answer.
✗
A TCP connection from 203.0.113.50 to 10.10.10.10 was allowed and logged.
Why it's wrong here
The message says 'Deny', not 'Allow'.
✗
The ASA interface OUTSIDE is experiencing high CPU due to Denial of Service.
Why it's wrong here
The message is a single deny log, not an indication of high CPU or DoS.
Common exam traps
Common exam trap: answer the scenario, not the keyword
Cisco often tests the order of IP addresses in syslog messages—candidates mistakenly assume the first IP is the destination, but in ASA syslogs, the source IP is listed first, leading to reversed direction errors.
Trap categories for this question
Command / output trap
The message shows source as 203.0.113.50 and destination as 10.10.10.10.
Detailed technical explanation
How to think about this question
The Cisco ASA syslog message 106023 is generated when an ACL denies a packet, and it includes the interface name, source/destination IPs, and protocol. The ASA processes ACLs in order, and the first matching deny entry triggers this log. In real-world scenarios, this message helps identify misconfigured ACLs or malicious traffic hitting a perimeter interface.
KKey Concepts to Remember
Read the scenario before looking for a memorised answer.
Find the constraint that changes the correct option.
Eliminate answers that are true in general but not in this case.
TExam Day Tips
→Watch for words such as best, first, most likely and least administrative effort.
→Review why wrong options are wrong, not only why the correct option is correct.
Key takeaway
Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.
Real-world example
How this comes up in practice
A small business has 20 workstations on the 192.168.1.0/24 network and one public IP from its ISP. The router uses PAT (NAT overload) so all 20 devices share one public address using different source ports. NAT questions test whether you understand the four address terms and which direction each translation applies.
What to study next
Got this wrong? Here's your next step.
Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.
Network Security — This question tests Network Security — Read the scenario before looking for a memorised answer..
What is the correct answer to this question?
The correct answer is: A TCP connection from 203.0.113.50 to 10.10.10.10 was denied by the ACL named OUTSIDE. — The syslog message shows an ACL deny action on the OUTSIDE interface for a TCP connection from source 203.0.113.50 to destination 10.10.10.10. The format '%ASA-4-106023' indicates a deny, and the interface name 'OUTSIDE' is explicitly stated. The source IP is listed first in the message, confirming the connection attempt originated from 203.0.113.50.
What should I do if I get this 350-701 question wrong?
Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.
What is the key concept behind this question?
Read the scenario before looking for a memorised answer.
About these practice questions
Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →
Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.
This 350-701 practice question is part of Courseiva's free Cisco certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the 350-701 exam.
Question Discussion
Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.
Sign in to join the discussion.