Which statement about ACLs is true?
Click on the arrows to vote for the correct answer
A. B. C. D.A
Answer:
The correct statement about ACLs is "ACLs go bottom-up through the entries looking for a match."
Explanation:
An Access Control List (ACL) is a set of rules that determine whether or not a network packet is allowed to traverse a network device, such as a router or switch. ACLs are used to filter traffic based on various criteria such as source/destination IP address, protocol type, port number, etc.
Let's discuss the given options one by one:
A. "An ACL must have at least one permit action, else it just blocks all traffic." This statement is not true because an ACL can have either permit or deny statements or a combination of both.
B. "ACLs go bottom-up through the entries looking for a match." This statement is correct. When a packet arrives at a device, the device will start at the first entry in the ACL and compare the packet against the conditions specified in that entry. If there is a match, the device will perform the action specified in that entry (permit or deny) and stop processing the rest of the entries. If there is no match, the device will move on to the next entry in the ACL and repeat the process until there is a match or the end of the ACL is reached.
C. "An ACL has an implicit permit at the end of ACL." This statement is not true. If there is no match in the ACL, the packet is denied by default. There is no implicit permit at the end of the ACL.
D. "ACLs will check the packet against all entries looking for a match." This statement is partially true. ACLs will check the packet against each entry until there is a match or the end of the ACL is reached. Once a match is found, no further entries will be checked.
Therefore, the correct answer is B, "ACLs go bottom-up through the entries looking for a match."