Question:
Which three statements describe ACL processing of packets? (Choose three.)
- An implicit deny any rejects any packet that does not match any ACE.
- A packet can either be rejected or forwarded as directed by the ACE that is matched.
- A packet that has been denied by one ACE can be permitted by a subsequent ACE.
- A packet that does not match the conditions of any ACE will be forwarded by default.
- Each statement is checked only until a match is detected or until the end of the ACE list.
- Each packet is compared to the conditions of every ACE in the ACL before a forwarding decision is made.
Explanation: When a packet comes into a router that has an ACL configured on the interface, the router compares the condition of each ACE to determine if the defined criteria has been met. If met, the router takes the action defined in the ACE (allows the packet through or discards it). If the defined criteria has not been met, the router proceeds to the next ACE. An implicit deny any statement is at the end of every standard ACL.
Exam with this question: CCNA 2 (v5.0.3 + v6.0) Chapter 7 Exam Answers
Exam with this question: CCNA 2 (v5.0.3 + v6.0) Chapter 9 Exam Answers
Exam with this question: CCNP Core Networking: Modules 25 - 26 Checkpoint Exam: Access Control and Infrastructure Security Exam
Exam with this question: Checkpoint Exam: ACLs and Firewalls Group Exam Answers
Exam with this question: CCNA 3 v7 Module 4 Quiz - ACL Concepts
Exam with this question: CCNA 2 v6 Chapter 7: Check Your Understanding
Exam with this question: CCNA 4 v6 Chapter 4: Check Your Understanding
Other case:
Which three statements describe ACL processing of packets? (Choose three.)
- Each packet is compared to the conditions of every statement in the ACL before a forwarding decision is made.
- A packet can either be rejected or forwarded as directed by the statement that is matched.
- A packet that does not match the conditions of any ACL statements will be forwarded by default.
- An implicit deny any rejects any packet that does not match any ACL statement.
- A packet that has been denied by one statement can be permitted by a subsequent statement.
- Each statement is checked only until a match is detected or until the end of the ACL statement list is reached.
Explanation: ACLs are processed in a top down manner. When an ACL is inspected, if the information in a packet header and an ACL statement match, the remaining statements are not examined, and the packet is either denied or permitted through as specified by the ACL. If a packet header does not match an ACL statement, the packet is tested against the next statement in the list. This matching process continues until the end of the list is reached. Every ACL has an implied deny at the end of the list. This implied deny statement is applied to all packets for which conditions did not test true.
Exam with this question: CCNP ENARSI 8 Modules 15 - 17 Checkpoint Exam: Conditional Forwarding and Route Redistribution Exam
Exam with this question: CCNA Exploration 4: EWAN Chapter 5 Exam
Please login or Register to submit your answer