200-301 - Security Fundamentals - Section 5.6
Configure and verify standard and extended IPv4 access control lists for traffic filtering.
Build standard ACLs that match on source address only and extended ACLs that match source, destination, protocol, and port, and place each where it does the intended job - standard near the destination, extended near the source. Recognise that ACLs are processed top-down with first-match wins, that an implicit deny any ends every list, and that wildcard masks (not subnet masks) define the address range.
Standard ACLExtended ACLWildcard maskImplicit denyACL placement
More in this domain
Back to all Security Fundamentals objectives, or the 200-301 cert hub.
Examworthy is not affiliated with or endorsed by Cisco. Original, blueprint-aligned practice material only.