Suggested Answer:Explanation🗳️
Remember the three Ps Per protocol, Per direction, and Per interface One ACL per protocol- To control traffic flow on an interface an ACL must be defined for each protocol enabled on the interface (example IP, IPX, AppleTalk) One ACL per direction- ACLs control traffic in one direction at one time on an interface. You must create two separate ACLs to control traffic in both inbound and outbound connections. One ACL per interface- ACLs control traffic for an interface such as Fast Ethernet.
Dynamic ACLs - Dynamic or lock-and-key ACLs are available for Internet Protocol traffic only. Dynamic ACLs starts with the application of an extended ACL to block traffic through the router. Common reasons to use Dynamic ACLs are: When you want a specific remote user or group of remote users to access a host within your network. Connecting to the outside of your network (Internet) Lock-and-key authenticates the user and then permits limited access through your firewall router. You want a subset of hosts on a local network to access a host from a remote network that is protected by a firewall. Lock-and-key requires users to authenticate through an AAA, TACACS server or other security server before it allows access.
Reflexive ACLs - Reflexive ACLs allow IP packets to be filtered based on upper-layer session information. Generally are used to allow outbound traffic and to limit inbound traffic by using sessions that originate inside the router. When a router sees a new outbound connection it adds an entry to a temporary ACL to allow replies back into the network. Reflexive ACLs can be defined only with an extended named IP ACL. They cannot be defined with numbered or standard named ACLs or with other protocols.
Time-Based ACLs - Time-Based ACLs are like extended ACLs in function, but they allow access control based on time. To use time-based ACLs you create a time range that defines specific times of the day and days of the week. You use the time range with a name and then refer to it by a function. The time range relies on the router system clock. This feature works with NTP (Network Time Protocol) synchronization, but the router clock can also be used.
Numbered ACL - You can assign a number based on whether your ACL is standard or extended 1 to 99 and 1300 to 1999 are Standard IP ACL 100 to 199 and 2000 to 2699 are Extended IP ACL You cannot add or delete entries within the ACL (You have to totally delete the ACL in order to edit it)
Named ACL - You can assign names to the ACL instead of numbers. Names can contain alphanumeric characters Recommended to type the name in all CAPITAL LETTERS Names cannot contain spaces or punctuation and must begin with an alphabetic character You can add or delete entries within the ACL You can specify whether the ACL is standard or extended
I think C is the best answer
Reflexive Access Lists
Reflexive access lists provide filtering on upper-layer IP protocol sessions. They contain temporary entries that are automatically created when a new IP session begins. They are nested within extended, named IP access lists that are applied to an interface. Reflexive access lists are typically configured on border routers, which pass traffic between an internal and external network. These are often firewall routers. Reflexive access lists do not end with an implicit deny statement because they are nested within an access list and the subsequent statements need to be examined.
cisco.com/en/US/docs/ios-xml/ios/sec_data_acl/configuration/15-1s/sec-access-list-ov.html
Answer should be Reflexive ACL - it even says it in the explanation.
upvoted 1 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
CraigB83
4 years, 1 month agoBastex
5 years, 2 months agorouteweaver
5 years, 6 months agojames
5 years, 6 months ago