Question 489 of 500
Network SecuritymediumMultiple ChoiceObjective-mapped

Quick Answer

The correct answer is that the HTTP request is blocked, but other traffic from the client is allowed. This result occurs because the extended ACL is applied inbound on the client’s interface and explicitly permits TCP traffic from the client to the server on port 80 (HTTP), while a subsequent implicit deny statement blocks all other IP traffic. However, the exhibit shows the ACL is misconfigured or applied in reverse order, causing the HTTP permit rule to be bypassed, so the HTTP request is denied, but any non-HTTP traffic from the client—such as DNS or ICMP—is still permitted by the explicit permit statement. On the ISC2 Certified in Cybersecurity CC exam, this tests your ability to read ACL sequence and direction: a common trap is assuming the first matching rule is the only one that matters, but the implicit deny at the end blocks everything not explicitly allowed. Remember the mnemonic “First match wins, but implicit deny is last” to avoid misreading ACL behavior.

ISC2 CC Network Security Practice Question

This CC practice question tests your understanding of network security. Read the scenario carefully and evaluate each option against the stated constraints before committing to an answer. After answering, compare your reasoning against the explanation and wrong-answer breakdown below. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.

Exhibit

Refer to the exhibit.

Router# show running-config | section interface GigabitEthernet0/1
interface GigabitEthernet0/1
 ip address 192.168.1.1 255.255.255.0
 ip access-group BLOCK_HTTP in
!
ip access-list extended BLOCK_HTTP
 deny tcp any any eq 80
 permit ip any any

A client at 192.168.1.100 attempts to access a web server at 10.0.0.1. The router's interface IP is 192.168.1.1.

Based on the exhibit, what is the most likely result of the client's HTTP request?

Clue words in this question

Noticing these words before you look at the options changes how you read each choice.

  • Clue: "most likely"

    Why it matters: Probability qualifier — the question wants the most probable cause or outcome, not a guaranteed one. Eliminate low-probability options.

Question 1mediummultiple choice
Full question →

Exhibit

Refer to the exhibit.

Router# show running-config | section interface GigabitEthernet0/1
interface GigabitEthernet0/1
 ip address 192.168.1.1 255.255.255.0
 ip access-group BLOCK_HTTP in
!
ip access-list extended BLOCK_HTTP
 deny tcp any any eq 80
 permit ip any any

A client at 192.168.1.100 attempts to access a web server at 10.0.0.1. The router's interface IP is 192.168.1.1.

Answer choices

Why each option matters

Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.

Correct answer & explanation

The HTTP request is blocked, but other traffic from the client is allowed.

The exhibit shows an extended ACL applied inbound on the client's interface that permits TCP traffic from the client to the server on port 80 (HTTP) but denies all other IP traffic from the client. Therefore, the HTTP request is permitted, but any other traffic from the client (e.g., DNS, ICMP) is blocked. Option D correctly states that the HTTP request is blocked, but other traffic is allowed, which matches the ACL behavior.

Key principle: Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Answer analysis

Option-by-option breakdown

For each option: why learners choose it and why it is or isn't the right answer here.

  • The HTTP request is permitted because the ACL is applied to the wrong interface.

    Why it's wrong here

    The ACL is correctly applied inbound on the client's subnet interface; it will filter traffic coming from clients.

  • The HTTP request is permitted because the ACL only blocks traffic from the router's own IP.

    Why it's wrong here

    The ACL does not filter based on source IP; it blocks TCP port 80 from any source.

  • The HTTP request is blocked, and all other traffic from the client is also blocked.

    Why it's wrong here

    The permit ip any any allows all other traffic.

  • The HTTP request is blocked, but other traffic from the client is allowed.

    Why this is correct

    The ACL denies TCP port 80, then permits all other IP traffic.

    Clue confirmation

    The clue word "most likely" in the question point toward this answer.

    Related concept

    Read the scenario before looking for a memorised answer.

Common exam traps

Common exam trap: answer the scenario, not the keyword

ISC2 often tests the misconception that an ACL blocking all traffic from a client means no traffic is allowed, but here the ACL explicitly permits HTTP while denying other traffic, so candidates may incorrectly choose Option C thinking all traffic is blocked.

Detailed technical explanation

How to think about this question

Extended ACLs evaluate packets in sequential order; once a match is found, no further lines are processed. The implicit deny all at the end of the ACL ensures that any traffic not explicitly permitted (e.g., DNS, ICMP) is dropped. In real-world scenarios, failing to permit necessary protocols like DNS or ARP can cause connectivity issues, even if the primary application (HTTP) is allowed.

KKey Concepts to Remember

  • Read the scenario before looking for a memorised answer.
  • Find the constraint that changes the correct option.
  • Eliminate answers that are true in general but not in this case.

TExam Day Tips

  • Watch for words such as best, first, most likely and least administrative effort.
  • Review why wrong options are wrong, not only why the correct option is correct.

Key takeaway

Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Real-world example

How this comes up in practice

A security analyst at a medium-sized enterprise encounters this scenario during an investigation or architecture review. The correct answer reflects best practice for the specific threat or control described. Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option. Security exam questions test whether you can match controls to threats in context — not just recall definitions.

What to study next

Got this wrong? Here's your next step.

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

Related practice questions

Related CC practice-question pages

Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.

Practice this exam

Start a free CC practice session

Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.

FAQ

Questions learners often ask

What does this CC question test?

Network Security — This question tests Network Security — Read the scenario before looking for a memorised answer..

What is the correct answer to this question?

The correct answer is: The HTTP request is blocked, but other traffic from the client is allowed. — The exhibit shows an extended ACL applied inbound on the client's interface that permits TCP traffic from the client to the server on port 80 (HTTP) but denies all other IP traffic from the client. Therefore, the HTTP request is permitted, but any other traffic from the client (e.g., DNS, ICMP) is blocked. Option D correctly states that the HTTP request is blocked, but other traffic is allowed, which matches the ACL behavior.

What should I do if I get this CC question wrong?

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

Are there clue words in this question I should notice?

Yes — watch for: "most likely". Probability qualifier — the question wants the most probable cause or outcome, not a guaranteed one. Eliminate low-probability options.

What is the key concept behind this question?

Read the scenario before looking for a memorised answer.

About these practice questions

Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →

How Courseiva writes practice questions · Editorial policy

Same concept, more angles

2 more ways this is tested on CC

These questions test the same concept from different angles. Work through them to make sure you can recognise it however the exam phrases it.

Variation 1. Refer to the exhibit. Based on the exhibit, why was the packet denied?

easy
  • A.Source IP is internal
  • B.The packet was blocked by an outbound access list
  • C.Destination IP is external
  • D.The packet was blocked by an inbound access list

Why D: The exhibit shows an inbound access list applied to the interface, and the packet is denied because its source IP matches a deny entry in that inbound ACL. Inbound access lists filter traffic before it is processed by the router, so the packet is dropped upon arrival. The correct answer is D because the packet was blocked by an inbound access list, as indicated by the ACL configuration and the deny action.

Variation 2. Refer to the exhibit. Based on the exhibit, which traffic will be permitted?

medium
  • A.All traffic from 192.168.1.100
  • B.All traffic from 10.0.1.0/24
  • C.SSH traffic from any source to 192.168.1.100
  • D.HTTP traffic from any source to 192.168.1.100

Why D: The exhibit shows an access control list (ACL) that permits TCP traffic from any source to destination host 192.168.1.100 on port 80 (HTTP). The ACL entry is `permit tcp any host 192.168.1.100 eq 80`, which matches only HTTP traffic. Therefore, only HTTP traffic from any source to 192.168.1.100 is permitted.

Last reviewed: Jun 30, 2026

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

This CC practice question is part of Courseiva's free ISC2 certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the CC exam.