Understanding Cisco Cybersecurity Fundamentals (SECFND, legacy) — Question 63

Access control entries (ACE), which are part of an access control list (ACL), can classify packets by inspecting Layer 2 through Layer 4 headers for a number of parameters, including which of the following items?

Answer options

• A. Layer 2 protocol information such as EtherTypes
• B. Layer 3 protocol information such as ICMP, TCP, or UDP
• C. Layer 3 header information such as source and destination IP addresses
• D. Layer 4 header information such as source and destination TCP or UDP ports

Correct answer: A, B, C, D

Explanation

All options A, B, C, and D are correct as they represent valid types of information that ACE can utilize when classifying packets. Each layer provides critical data for packet analysis: Layer 2 focuses on protocol types, Layer 3 addresses ensure communication endpoints are identified, and Layer 4 ports facilitate specific application traffic handling. Therefore, each option correctly describes a parameter that can be inspected.