Question 335 of 507
Security MonitoringmediumMultiple ChoiceObjective-mapped

200-201 Security Monitoring Practice Question

This 200-201 practice question tests your understanding of security monitoring. Read the scenario carefully and evaluate each option against the stated constraints before committing to an answer. After answering, compare your reasoning against the explanation and wrong-answer breakdown below. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.

Exhibit

access-list 100 permit tcp any host 192.168.1.100 eq www
access-list 100 permit tcp any host 192.168.1.100 eq 443
access-list 100 deny tcp any host 192.168.1.100 range 1 1023
access-list 100 permit ip any any

Refer to the exhibit. An analyst observes that the router's ACL is allowing all traffic to the web server at 192.168.1.100 on ports 80 and 443, but blocking all other TCP ports below 1024. However, the web server is also running an SSH service on port 22. What will happen to SSH traffic from the outside?

Question 1mediummultiple choice
Study the full ACL explanation →

Exhibit

access-list 100 permit tcp any host 192.168.1.100 eq www
access-list 100 permit tcp any host 192.168.1.100 eq 443
access-list 100 deny tcp any host 192.168.1.100 range 1 1023
access-list 100 permit ip any any

Answer choices

Why each option matters

Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.

Correct answer & explanation

SSH will be denied because of the deny line range.

The ACL denies all TCP ports below 1024 except ports 80 and 443, which are explicitly permitted. Since SSH uses TCP port 22, which falls within the denied range (below 1024) and is not explicitly permitted, it is blocked by the deny line. The last line 'permit ip any any' only applies to traffic not already denied, but SSH traffic is already denied by the earlier rule, so it never reaches that permit statement.

Key principle: Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Answer analysis

Option-by-option breakdown

For each option: why learners choose it and why it is or isn't the right answer here.

  • SSH will be permitted because of the last line 'permit ip any any'.

    Why it's wrong here

    The last line is processed only after earlier rules; the deny rule matches first.

  • SSH will be denied because the ACL does not have an explicit permit for SSH.

    Why it's wrong here

    While true that there is no explicit permit, the deny rule is the direct reason.

  • SSH will be permitted because it is not blocked by any rule.

    Why it's wrong here

    The deny rule explicitly blocks it.

  • SSH will be denied because of the deny line range.

    Why this is correct

    The deny line covers port 22, so SSH traffic is denied.

    Related concept

    Read the scenario before looking for a memorised answer.

Common exam traps

Common exam trap: answer the scenario, not the keyword

Cisco often tests the misconception that a final 'permit ip any any' overrides earlier deny statements, when in fact ACLs stop processing after the first match, so traffic denied earlier never reaches the final permit.

Detailed technical explanation

How to think about this question

Cisco ACLs are processed top-down with implicit deny at the end; the deny line in the exhibit uses a range (lt 1024) that matches any TCP destination port less than 1024, including port 22. Even though SSH is a different service, the ACL matches on port numbers, not application protocols, so any TCP traffic to a port in that range is denied unless explicitly permitted. In real-world scenarios, administrators often forget that services like SSH (port 22) or DNS (port 53) are blocked by such broad deny rules, leading to unintended outages.

KKey Concepts to Remember

  • Read the scenario before looking for a memorised answer.
  • Find the constraint that changes the correct option.
  • Eliminate answers that are true in general but not in this case.

TExam Day Tips

  • Watch for words such as best, first, most likely and least administrative effort.
  • Review why wrong options are wrong, not only why the correct option is correct.

Key takeaway

Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Real-world example

How this comes up in practice

A security administrator must allow nursing staff to reach a patient records server while blocking access from the guest Wi-Fi VLAN. After applying an extended ACL, traffic is still blocked from nursing workstations. The ACL was applied outbound instead of inbound on the wrong interface. Questions like this test ACL direction and placement rules.

What to study next

Got this wrong? Here's your next step.

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

Related practice questions

Related 200-201 practice-question pages

Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.

Practice this exam

Start a free 200-201 practice session

Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.

FAQ

Questions learners often ask

What does this 200-201 question test?

Security Monitoring — This question tests Security Monitoring — Read the scenario before looking for a memorised answer..

What is the correct answer to this question?

The correct answer is: SSH will be denied because of the deny line range. — The ACL denies all TCP ports below 1024 except ports 80 and 443, which are explicitly permitted. Since SSH uses TCP port 22, which falls within the denied range (below 1024) and is not explicitly permitted, it is blocked by the deny line. The last line 'permit ip any any' only applies to traffic not already denied, but SSH traffic is already denied by the earlier rule, so it never reaches that permit statement.

What should I do if I get this 200-201 question wrong?

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

What is the key concept behind this question?

Read the scenario before looking for a memorised answer.

About these practice questions

Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →

How Courseiva writes practice questions · Editorial policy

Last reviewed: Jun 25, 2026

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

This 200-201 practice question is part of Courseiva's free Cisco certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the 200-201 exam.