Cisco Certified Network Associate (CCNA) Practice Exam

Disable ads (and more) with a membership for a one time $4.99 payment

Prepare for the Cisco Certified Network Associate (CCNA) Practice Exam. Test your knowledge with our interactive quizzes featuring multiple choice questions, hints, and explanations. Equip yourself for success!

Start Multiple Choice Practice Test
Start Flash Cards

Practice this question and more.

What command is used to permit or deny ICMP traffic in an extended ACL?

  1. access-list ACL NUMBER permit/deny icmp SOURCE IP ADDRESS

  2. access-list ACL NUMBER permit/deny ip SOURCE IP ADDRESS

  3. ip nat source static PRIVATE IP ADDRESS

  4. ip nat inside source list ACCESS LIST NUMBER

The correct answer is: access-list ACL NUMBER permit/deny icmp SOURCE IP ADDRESS

The command that is used to permit or deny ICMP traffic in an extended Access Control List (ACL) is correctly identified. Extended ACLs allow you to filter IP traffic based on various criteria, including the type of protocol and source/destination IP addresses. In this case, using "access-list ACL NUMBER permit/deny icmp SOURCE IP ADDRESS" directly specifies the ICMP protocol along with the source IP address, enabling you to control ICMP traffic specifically. This granularity is crucial for managing and securing networks, as ICMP is commonly used for functions like pinging and network troubleshooting but can also be abused for malicious purposes. The other options involve commands related to different functionalities. For instance, the command involving "ip nat" pertains to Network Address Translation and would not serve to filter ICMP traffic in an ACL context, as it deals more with how IP packets are translated between private and public addresses. Thus, focusing on ICMP in the intended command makes it the correct approach for controlling this type of traffic with an extended ACL.

More Questions Like This