Refer to the exhibit.
Which statement about this partial CLI configuration of an access control list is true?
A.
The access list accepts all traffic on the 10.0.0.0 subnets.
B.
All traffic from the 10.10.0.0 subnets is denied.
C.
Only traffic from 10.10.0.10 is allowed.
D.
This configuration is invalid. It should be configured as an extended ACL to permit the associated
wildcard mask.
E.
From the 10.10.0.0 subnet, only traffic sourced from 10.10.0.10 is allowed; traffic sourced from
the other 10.0.0.0 subnets also is allowed.
F.
The access list permits traffic destined to the 10.10.0.10 host on FastEthernet0/0 from any source.
Explanation:
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_data_acl/configuration/15-2mt/sec-acl-ovgdl.html
The Order in Which You Enter Criteria Statements
Note that each additional criteria statement that you enter is appended to the end of the access list
statements.
Also note that you cannot delete individual statements after they have been created. You can only
delete an entire access list.
The order of access list statements is important! When the router is deciding whether to forward or
block a packet, the Cisco IOS software tests the packet against each criteria statement in the order in
which the statements were created. After a match is found, no more criteria statements are
checked.
If you create a criteria statement that explicitly permits all traffic, no statements added later will
ever be checked. If you need additional statements, you must delete the access list and retype it
with the new entries.
Apply an Access Control List to an Interface
With some protocols, you can apply up to two access lists to an interfacE. one inbound access list
and one outbound access list. With other protocols, you apply only one access list that checks both
inbound and outbound packets.
If the access list is inbound, when a device receives a packet, Cisco software checks the access list’s
criteria statements for a match. If the packet is permitted, the software continues to process the
packet. If the packet is denied, the software discards the packet.
If the access list is outbound, after receiving and routing a packet to the outbound interface, Cisco
software checks the access list’s criteria statements for a match. If the packet is permitted, the
software transmits the packet. If the packet is denied, the software discards the packet.
Note
Access lists that are applied to interfaces on a device do not filter traffic that originates from that
device.
The access list check is bypassed for locally generated packets, which are always outbound.By default, an access list that is applied to an outbound interface for matching locally generated
traffic will bypass the outbound access list check; but transit traffic is subjected to the outbound
access list check.