Cisco Certified Network Associate (CCNA) 2025 – 400 Free Practice Questions to Pass the Exam

The correct answer for configuring an extended ACL for ICMP echo and echo-reply is based on the specific command syntax that allows for the filtering of ICMP traffic. The command structure involves using the `access-list` command followed by a unique identifier for the list, and then specifying `permit icmp` to allow ICMP packets. After that, you need to define the source IP address and the corresponding wildcard mask, which enables the ACL to identify packets from specific sources.

In this case, `permit icmp` is crucial because it specifically targets the ICMP protocol, which encompasses both echo requests and echo replies. This allows for appropriate handling of ping requests that are common in network diagnostics. By correctly using the source IP address and wildcard mask, the ACL can be finely tuned to either allow or deny traffic coming from particular hosts or subnets.

The other options focus on different functionalities:

- The second option deals with Network Address Translation (NAT), which is not relevant to configuring an ACL specifically for ICMP traffic.

- The third option pertains to MAC-based access control lists, which are used for Layer 2 filtering and do not apply to an ICMP configuration, which operates at Layer 3.

- The fourth option sets up