Understanding Cisco Cybersecurity Fundamentals (SECFND, legacy) — Question 31

Which TCP flag(s) must be set in a packet in order for the packet to match an ACL entry that contains the established keyword?

Answer options

• A. SYN only
• B. ACK only
• C. RST only
• D. SYN or ACK
• E. ACK or RST

Correct answer: E

Explanation

The correct answer is E because the established keyword in an ACL matches packets that are part of an existing connection, which can be indicated by the ACK or RST flags. Options A, B, C, and D are incorrect as they do not encompass the full range of flags that signify an established connection.