Which of the following rules is necessary to support this implementation?

A system administrator is implementing a firewall ACL to block specific communication to and from
a predefined list of IP addresses, while allowing all other communication. Which of the following
rules is necessary to support this implementation?

A.
Implicit allow as the last rule

B.
Implicit allow as the first rule

C.
Implicit deny as the first rule

D.
Implicit deny as the last rule

Explanation:

Show Hint

← Previous question

Next question →

Leave a Reply to Loraine Vanlier Cancel reply9

Loraine Vanlier

what is a va loan Kennesaw

http://www.zkRCZC3urT.com/zkRCZC3urT

Just some IT guy

Lake

First of all, there is NO such thing called implicit allow. It takes away choice A and B.

https://supportforums.cisco.com/discussion/11605981/implicit-permit-acl

I search around and I did not see any information regarding Implicit deny as the first rule. So, I would go to the standard (Correct Answer: D, Implicit deny as the last rule).

http://sy0201.blogspot.com/2009/11/practice-question-implicit-deny.html

Dugan Nash

Block IP addresses X, Y, and Z.
Allow everything else.

Although “implicit allow” is a strange term, A seems to be the best answer.

Black

I think explicit allow all at the end of the ACL is what we should be looking for, but it is not there.

Black

I mean this should be another careless typing result.

Paul S

What makes this a really stupid question is that implicit deny is never a rule. It is implicit, meaning that it is not written and exists at the end of the existing rule set. For this question, implicit deny does nothing. Implicit deny as the first rule means no communications. Implicit deny as the last rule means that unless you have explicit allow statements, everything is denied. The problem is “while allowing all other communications”. The correct answer would be creating a list of blocked IP at the top of the ACL and then creating an explicit allow at the end.
Oh–just to add to my irritation, firewalls have rules. Routers have ACLS.

Clindamycin

Right it is not written but for old routers you should specify otherwise it will remain open for all other ports

Clindamycin

Implicit deny indicates that unless something (such as traffic on a network) is explicitly allowed, it is denied. It isn’t used to deny all traffic, but instead used to deny all traffic that isn’t explicitly granted or allowed.

But in this question it’s exactly the opposite
they want to block some eye IP’s and allow other IPs
that means this should be allow at the end of the rules after specifying the IP’s that should be blocked

So its A
By the way, the rule called Permit All NOT implicit Allow