Which of the following statements about access lists are true? (Choose three.)
A . Extended access lists should be placed as near as possible to the destination
B . Extended access lists should be placed as near as possible to the source
C . Standard access lists should be placed as near as possible to the destination
D . Standard access lists should be placed as near as possible to the source
E . Standard access lists filter on the source address
F . Standard access lists filter on the destination address
Answer: B,C,E
Explanation:
Source: http://www.ciscopress.com/articles/article.asp?p=1697887
Standard ACL
1) Able Restrict, deny & filter packets by Host Ip or subnet only.
2) Best Practice is put Std. ACL restriction near from Source Host/Subnet (Interface-In-bound).
3) No Protocol based restriction. (Only HOST IP).
Extended ACL
1) More flexible then Standard ACL.
2) You can filter packets by Host/Subnet as well as Protocol/TCPPort/UDPPort.
3) Best Practice is put restriction near form Destination Host/Subnet. (Interface-Outbound)
Leave a Reply