Which Cisco IOS command would configure an extended IP ACL statement that denies all HTTP traffic from the 10.10.20.128/25 network to the 172.17.1.0/24 network?

A) access-list 101 deny tcp 172.17.1.0 0.0.0.255 eq www 10.10.20.128 0.0.0.127
B) access-list 101 deny udp 172.17.1.0 0.0.0.255 eq 80 10.10.20.128 0.0.0.127
C) access-list 101 deny udp 10.10.20.128 0.0.0.127 172.17.1.0 0.0.0.255 eq 80
D) access-list 101 deny tcp 10.10.20.128 0.0.0.127 172.17.1.0 0.0.0.255 eq www

D
Explanation: D) HTTP is TCP and uses port 80, so this is used to determine the protocol and port number used in the statement. The first address that is listed in the statement is the source and the second is the destination. Because the question was to control the traffic coming from the 10.10.30.128/25 network to the 172.17.1.0/24 network, this means that the statement to control this traffic would be access-list 101 deny tcp 10.10.20.128 0.0.0.127 172.17.1.0 0.0.0.255 eq www.