PrepAway - Latest Free Exam Questions & Answers

Which of the following statements are true regarding ACLs?

Which of the following statements are true regarding ACLs? (Select 3 choices.)

PrepAway - Latest Free Exam Questions & Answers

A.
If a packet is permitted by one entry, it cannot be denied by a more specific entry later in the ACL.

B.
If a packet is denied by one entry, it cannot be permitted by a more specific entry later in the ACL.

C.
If a packet does not match any entries in the ACL, it is permitted.

D.
If a packet does not match any entries in the ACL, it is denied.

E.
An ACL cannot contain two conflicting entries that refer to the same source address.

F.
An ACL cannot contain two conflicting entries that refer to the same destination address.

Explanation:
If a packet is permitted by one access control entry (ACE), it cannot be denied by a more specific entry later in
the access control list (ACL). Likewise, if a packet is denied by an ACE, it cannot be permitted by a more
specific entry later in the ACL. In addition, if a packet does not match any entries in the ACL, it is denied. ACLs
are processed in a sequential manner, from the first entry in the list to the last entry. Because ACLs are
processed from top to bottom, correct sequencing is critical to ensuring proper filtering. More specific entries
should be located higher in an ACL so that they are processed before less specific entries. This helps ensure
that statements located higher in an ACL do not negate the intended impact of statements located lower in the
ACL.
An ACL can contain multiple entries that conflict. For example, you could inadvertently have one entry that
permits traffic from a specific source or destination IP address and have another entry that denies traffic from
the same source or destination IP address. You should use caution when editing ACL entries. New entries are
added to the end of an ACL by default and do not override conflicting entries. Because new statements added
to an existing ACL are appended to the end of the existing ACL, it might be necessary to recreate the ACL if
you need to make significant changes to an ACL or add a statement that should appear at or near the top of the
ACL.

Cisco: Configuring IP Access Lists: Process ACLs

One Comment on “Which of the following statements are true regarding ACLs?


Leave a Reply