An administrator wants to prevent traffic from the 192.168.1.0/24 network from reaching the 10.0.0.0/8 network, while allowing all other traffic. What is the most effective way to achieve this goal using access control lists?
Use an extended ACL applied outbound on the interface closest to the destination network.
Use a standard ACL applied outbound on the interface closest to the destination network.
Use a standard ACL applied inbound on the interface closest to the source network.
Use an extended ACL applied inbound on the interface closest to the source network.
The most effective solution is to use an extended access control list (ACL) applied inbound on the interface closest to the source network. Extended ACLs can filter traffic based on both source and destination IP addresses, which is necessary in this scenario to specifically block traffic from 192.168.1.0/24 to 10.0.0.0/8. Placing the ACL inbound near the source prevents unwanted traffic from entering the network, conserving bandwidth and enhancing security.
Using a standard ACL is not suitable here because standard ACLs filter traffic only based on source IP addresses and cannot specify a destination network. Applying an ACL outbound near the destination is less efficient, as it allows the unwanted traffic to traverse the network before being blocked, which can lead to unnecessary network load. Therefore, the best practice is to use an extended ACL applied inbound at the source.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is an extended ACL better than a standard ACL in this scenario?
Open an interactive chat with Bash
Why should the ACL be applied inbound on the interface closest to the source?
Open an interactive chat with Bash
What are the key differences between inbound and outbound ACLs?
Open an interactive chat with Bash
Cisco CCNA 200-301
Security Fundamentals
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .