Where should standard and extended access-control lists be placed in a router and why?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for your Network Implementation Exam. Master routing, switching, and wireless protocols through interactive quizzes. Learn with multiple-choice questions, hints, and in-depth explanations. Enhance your skills for a successful network implementation career!

Multiple Choice

Where should standard and extended access-control lists be placed in a router and why?

Explanation:
Standard ACLs filter only by source address, so they work best when applied as close to the source as possible. Dropping traffic at the source reduces unnecessary load on the rest of the network and prevents undesired hosts from consuming links further along. Extended ACLs check more than just the source—they can use destination, protocol, and port information—so applying them near the destination allows you to enforce precise access to a specific resource. This way, only the intended traffic reaches that resource, while broader traffic from other sources can be handled earlier with standard ACLs. For example, you might place a standard ACL on the interface facing a source network to block or permit those hosts, and place an extended ACL on the interface near the destination server to allow only specific services (like SSH/HTTPS) to that server.

Standard ACLs filter only by source address, so they work best when applied as close to the source as possible. Dropping traffic at the source reduces unnecessary load on the rest of the network and prevents undesired hosts from consuming links further along. Extended ACLs check more than just the source—they can use destination, protocol, and port information—so applying them near the destination allows you to enforce precise access to a specific resource. This way, only the intended traffic reaches that resource, while broader traffic from other sources can be handled earlier with standard ACLs. For example, you might place a standard ACL on the interface facing a source network to block or permit those hosts, and place an extended ACL on the interface near the destination server to allow only specific services (like SSH/HTTPS) to that server.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy