According to Cisco best practices, which three protocols should the default ACL allow on an access port to
enable wired BYOD devices to supply valid credentials and connect to the network? (Choose three.)

A.
BOOTP

B.
TFTP

C.
DNS

D.
MAB

E.
HTTP

F.
802.1x

Explanation:
BD
ACLs are the primary method through which policy enforcement is done at access layer switches for wired
devices within the campus.
ACL-DEFAULT—This ACL is configured on the access layer switch and used as a default ACL on the port. Its
purpose is to prevent un-authorized access.
An example of a default ACL on a campus access layer switch is shown below:
Extended IP access list ACL-DEFAULT10 permit udp any eq bootpc any eq bootps log (2604 matches)
20 permit udp any host 10.230.1.45 eq domain
30 permit icmp any any
40 permit udp any any eq tftp
50 deny ip any any log (40 matches)
As seen from the output above, ACL-DEFAULT allows DHCP, DNS, ICMP, and TFTP traffic and denies
everything else.
Source: http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/
BYOD_Design_Guide/BYOD_Wired.html
MAB is an access control technique that Cisco provides and it is called MAC Authentication Bypass.