While examining excessive traffic on the network, it is noted that all incoming packets on an interface appear to be allowed even though an IPv4 ACL is applied to the interface.
Which two misconfigurations cause this behavior? (Choose two)
A.
The packets fail to match any permit statement
B.
A matching permit statement is too high in the access test
C.
A matching permit statement is too broadly defined
D.
The ACL is empty
E.
A matching deny statement is too high in the access list
Answer B,C is correct: B. A matching permit statement is too high in the access test; C. A matching permit statement is too broadly defined. The answer follows directly from normal Cisco device behavior and the wording of the scenario. Cisco CCNA 200-301 v1.1 includes this under Security Fundamentals, where the exam expects engineers to recognize the device behavior that actually produces the required outcome. The question is best solved by reading the operational clue rather than choosing a familiar acronym. The other choices are either adjacent technologies, wrong-layer functions, or settings that would not produce the stated result. In a production network, the wrong choice would normally create an outage, leave a management or security gap, or send troubleshooting toward the wrong subsystem. The selected answer is the one that matches the control-plane, data-plane, wireless, security, services, or automation mechanism described in the question. That is why it remains the verified answer for this item.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit