What should a network engineer modify on a core router to prevent unauthorized internal access from specific IP address ranges?

Modifying an Access Control List (ACL) on a core router is an effective way to prevent unauthorized internal access from specific IP address ranges. ACLs are used to create rules that dictate which packets are allowed or denied as they pass through a network device. By applying an ACL, a network engineer can specify criteria based on source and destination IP addresses, allowing the administrator to block traffic coming from specified ranges that should not have access to internal resources.

This method is advantageous because ACLs operate at the router level, which can efficiently filter traffic before it even reaches internal devices. This simplifies network security management by controlling access directly at the entry points of the network.

The other options are valuable network security configurations but do not directly address the need for preventing unauthorized access based on IP address ranges in the same straightforward manner as an ACL. Routing protocols primarily manage how data packets are forwarded within a network, firewalls provide broader security measures but are typically applied at the perimeter rather than the core routing level, and NAT settings are focused on address translation rather than access control. Thus, an ACL serves as the most appropriate solution in this scenario.