Refer to the exhibit. Employees on 192.168.11.0/24 work on critically sensitive information and are not allowed access off their network. What is the best ACL type and placement to use in this situation?
- standard ACL inbound on R1 G0/1
- extended ACL inbound on R2 S0/0/0
- standard ACL inbound on R1 vty lines
- standard ACL inbound on R2 WAN interface connecting to the internet
| Explanation & Hint:
In the context of the given network where the employees on the network 192.168.11.0/24 should not have access off their network, using a standard ACL inbound on R1 G0/1 would be the best approach to restrict the traffic. Standard ACLs are typically applied closest to the destination, but in this case, it’s used to prevent a specific subnet from accessing any outside resources, so it makes sense to place it close to the source of the traffic you want to control. Standard ACL inbound on R1 G0/1 would be the correct choice to restrict all traffic from the 192.168.11.0/24 network from going to any destinations beyond the router R1. |