Which three statements about applying access control lists to a Cisco router are true?

Which three statements about applying access control lists to a Cisco router are true? (Choose three.)

Which three statements about applying access control lists to a Cisco router are true? (Choose three.)

A.
Place more specific ACL entries at the top of the ACL.

B.
ACLs always search for the most speeific entry before taking any filtering action.

C.
Router-generated packets cannot be filtered by ACls on the router.

D.
Place generic ACL entries at the top of the ACL to filter general traffic and thereby reduce “noise” on the network.

E.
IF an access list is applied but is not configured, all traffic will pass.

Explanation:
Yes, there is an implicit DENY at the end of every ACL. If, though, you use the ” ip
access-group 101 in” command, but haven’t yet created ACL 101, there is no access-list,
therefore, there is no implicit DENY. All traffic flows.
You could apply an ACL that denies all traffic outbound on an interface and still be able
to ping from that router to a neighbour . Router generated traffic is not checked against
outbound filters.
Since ACL’s are read from top down, you will want your most specific ACL’s up high to
ensure they’re applied before more generic ACL’s lower in the list have a chance to act
upon the traffic with undesirable consequences.



Leave a Reply 1

Your email address will not be published. Required fields are marked *


mr_tienvu

mr_tienvu

I have the same idea. ACE