CCNA: Cisco Certified Network Associate — Question 78
While examining excessive traffic on the network, it is noted that all incoming packets on an interface appear to be allowed even though an IPv4 ACL is applied to the interface. Which two misconfigurations cause this behavior? (Choose two.)
Answer options
- A. The ACL is empty
- B. A matching permit statement is too broadly defined
- C. The packets fail to match any permit statement
- D. A matching deny statement is too high in the access list
- E. A matching permit statement is too high in the access list
Correct answer: B, E
Explanation
Option B is correct because if a permit statement is too broadly defined, it can allow more traffic than intended. Option E is also correct as having a matching permit statement positioned too high in the access list means that it will take precedence over other rules, allowing all traffic before it is evaluated against more specific rules. The other options do not directly explain why all packets are allowed in this scenario.