Courseiva

200-301 · topic practice

ACL practice questions

Use this page to practise 200-301 ACL practice questions. The goal is not to memorise dumps, but to understand the concept, review the explanation and improve your exam readiness.

20 questionsDomain: ACL
Practice 10 questionsBrowse domain →

What the exam tests

What to know about ACL

ACL questions usually test top-down rule processing, source and destination matching, protocol or port logic, and where the ACL should be applied.

Standard versus extended ACL behaviour.

Top-down processing and the implicit deny rule.

Source, destination, protocol and port matching.

Inbound versus outbound ACL placement.

Practice set

ACL questions

20 questions · select your answer, then reveal the explanation

Question 1hardmultiple choice
Full question →

A router interface applies this ACL inbound:

10 deny tcp any any eq 80

20 permit ip any any

A user reports that web browsing to a server by IP address fails, but ping works. Which statement best explains the behavior?

Full question →
Question 2mediummultiple choice
Full question →

Which ACL type can filter using source and destination IP addresses as well as TCP or UDP port numbers?

Full question →
Question 3mediummultiple choice
Full question →

A network engineer successfully logs in to a router, but cannot enter configuration mode because the command is rejected by policy. Which AAA function is controlling this behavior?

Full question →
Question 4hardmultiple choice
Full question →

An ACL permits only tcp 10.10.10.0/24 host 192.0.2.10 eq 443 and has no other permit entries. What happens to an ICMP echo request from 10.10.10.5 to 192.0.2.10?

Full question →
Question 5mediummultiple choice
Full question →

As a general rule, where should an extended ACL be placed?

Full question →
Question 6hardmultiple choice
Full question →

A switch displays the following output:

Switch# show interfaces trunk

Port Mode Encapsulation Status Native vlan Gi1/0/24 on 802.1q trunking 99

Port Vlans allowed on trunk Gi1/0/24 10,20,30

Port Vlans active in management domain Gi1/0/24 10,20,30,40

Users in VLAN 40 cannot reach resources across this trunk.

What is the most likely reason?

Full question →
Question 7hardmultiple choice
Full question →

A switch has DHCP snooping enabled and Dynamic ARP Inspection enabled on VLAN 30. A printer with a static IP on VLAN 30 cannot communicate because its ARP packets are being dropped.

What is the best fix?

Full question →
Question 8mediummatching
Full question →

Match the security feature to its main purpose.

Answer choices are not available in this preview. Open the full question page for the complete review.
Full question →
Question 9mediummultiple choice
Full question →

What is the main purpose of an allowlist-based firewall policy compared with a denylist-based one?

Full question →
Question 10mediummultiple choice
Full question →

Users in 10.10.10.0/24 must be prevented from reaching the web server at 172.16.1.10 over HTTP, but all other traffic should be allowed. Which ACL entry should appear first in the ACL?

Full question →
Question 11mediummultiple choice
Full question →

Users on the inside network can browse the web, but return traffic is failing for some sessions. Based on the configuration, which change is required to make PAT work correctly?

Full question →
Question 12mediummatching
Full question →

Match each AAA component or related term to its most accurate meaning.

Answer choices are not available in this preview. Open the full question page for the complete review.
Full question →
Question 13mediummultiple choice
Full question →

What is the main reason extended ACLs are often placed closer to the source of the traffic being filtered?

Full question →
Question 14hardmultiple choice
Full question →

A router is configured with PAT for inside users. Which symptom most strongly suggests the NAT inside/outside roles are reversed on the interfaces?

Full question →
Question 15hardmultiple choice
Full question →

PCs in VLAN 30 on SwitchA cannot reach PCs in VLAN 30 on SwitchB. VLAN 30 exists on both switches and all other VLANs work across the same link. Based on the exhibit, what is the most likely cause?

Full question →
Question 16mediummatching
Full question →

Match each switchport or VLAN term to its most accurate meaning.

Answer choices are not available in this preview. Open the full question page for the complete review.
Full question →
Question 17hardmultiple choice
Full question →

A router allows SSH management from anywhere on the internal network. A new policy requires that only the management subnet 10.50.50.0/24 be allowed to initiate SSH to the device. Which approach best enforces that requirement?

Full question →
Question 18hardmultiple choice
Full question →

An administrator wants to prevent a specific subnet from using Telnet to reach network devices, while still allowing SSH from that same subnet. What is the strongest reason a standard ACL is not enough by itself?

Full question →
Question 19hardmultiple choice
Full question →

Based on the exhibit, which ACL entry should be placed first to block HTTP from 10.10.10.0/24 to the web server while allowing all other traffic?

Full question →
Question 20hardmultiple choice
Full question →

Based on the exhibit, why is the ACL not meeting the requirement to block only HTTPS traffic to the server?

Full question →
Continue with 20-question session →

Watch out for

Common ACL exam traps

  • ACLs are processed from top to bottom; the first match wins.
  • There is an implicit deny at the end of most ACLs.
  • Standard ACLs match source only, while extended ACLs can match protocol, source, destination and ports.
  • Applying an ACL in the wrong direction can make a correct ACL look broken.

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Sign up freeLog in

Focused ACL sessions

Start a ACL only practice session

Every question in these sessions is drawn from the ACL domain — nothing else.

10 questions20 questions30 questions50 questions
Browse all ACL questions →Mixed 200-301 session

Related practice questions

Related 200-301 topic practice pages

Move into related areas when this topic feels solid.

CCNA subnetting practice questions

Practise IPv4 subnetting, CIDR, masks, host ranges and subnet selection.

CCNA OSPF practice questions

Practise OSPF neighbours, router IDs, metrics, areas and routing-table interpretation.

CCNA VLAN practice questions

Practise VLANs, access ports, trunks, allowed VLANs and switching scenarios.

CCNA STP practice questions

Practise spanning tree, root bridge election, port roles and STP troubleshooting.

CCNA EtherChannel practice questions

Practise LACP, PAgP, port-channel behaviour and bundle requirements.

CCNA ACL practice questions

Practise standard and extended ACLs, permit/deny logic and traffic filtering.

CCNA NAT practice questions

Practise static NAT, dynamic NAT, PAT and inside/outside address translation.

CCNA DHCP practice questions

Practise DHCP scopes, relay, leases and troubleshooting.

CCNA show ip route practice questions

Practise routing-table output, longest-prefix match, AD and route selection.

CCNA show interfaces trunk practice questions

Practise trunk verification and VLAN forwarding across switches.

CCNA wireless security practice questions

Practise WLAN security, authentication and wireless architecture concepts.

CCNA IPv6 practice questions

Practise IPv6 addressing, routes, neighbour discovery and common IPv6 exam traps.

Frequently asked questions

What does the 200-301 exam test about ACL?
ACL questions usually test top-down rule processing, source and destination matching, protocol or port logic, and where the ACL should be applied.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just ACL questions in a focused session?
Yes — the session launcher on this page draws every question from the ACL domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other 200-301 topics?
Use the topic links above to move to related areas, or go back to the 200-301 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the 200-301 exam covers. They are not copied from any real exam or dump site.