Implementing Cisco Network Security (IINS, legacy) — Question 109

Which option is a key difference between Cisco IOS interface ACL configurations and Cisco ASA appliance interface ACL configurations?

Answer options

• A. The Cisco IOS interface ACL has an implicit permit-all rule at the end of each interface ACL.
• B. Cisco IOS supports interface ACL and also global ACL. Global ACL is applied to all interfaces.
• C. The Cisco ASA appliance interface ACL configurations use netmasks instead of wildcard masks.
• D. The Cisco ASA appliance interface ACL also applies to traffic directed to the IP addresses of the Cisco ASA appliance interfaces.
• E. The Cisco ASA appliance does not support standard ACL. The Cisco ASA appliance only support extended ACL.

Correct answer: C

Explanation

The correct answer is C because Cisco ASA appliance interface ACL configurations specifically use netmasks instead of wildcard masks, which is a unique characteristic of ASA. Option A is incorrect as Cisco IOS interface ACL does not have a permit-all rule; option B is misleading because global ACLs are not applicable in the same way on ASA; option D is true but does not highlight the key difference; option E is inaccurate as the ASA does support standard ACL.