Cisco CCNA 200-301 Practice Question

The most effective solution is to use an extended access control list (ACL) applied inbound on the interface closest to the source network. Extended ACLs can filter traffic based on both source and destination IP addresses, which is necessary in this scenario to specifically block traffic from 192.168.1.0/24 to 10.0.0.0/8. Placing the ACL inbound near the source prevents unwanted traffic from entering the network, conserving bandwidth and enhancing security.

Using a standard ACL is not suitable here because standard ACLs filter traffic only based on source IP addresses and cannot specify a destination network. Applying an ACL outbound near the destination is less efficient, as it allows the unwanted traffic to traverse the network before being blocked, which can lead to unnecessary network load. Therefore, the best practice is to use an extended ACL applied inbound at the source.