There are four different types of ACL that are taught in the CCNA: standard numbered, extended numbered, standard named, and extended named. The standard numbered ACLs use the range 1–99 and 1300–1999, and the extended numbered ACLs use the range from 100–199 and 2000–2699.

Named ACLs use names instead of numbers to identify the ACLs, making that answer incorrect. IOS has no "Broad ACL" feature, making that answer incorrect.

Types of IP ACLs Page number:1257

The easiest way to calculate wildcard masks when they are new is to subtract each of a subnet’s octets from 255. For this question the subnet mask is 255.255.248.0. The first two octets are easy as 255-255 = 0. The third octet would be 255 – 248 = 7 and the fourth octet would be 255 – 0 = 255. This results in a wildcard mask of 0.0.7.255.

Finding the Right Wildcard Mask to Match a Subnet Page number:1263

Of the four answers, only the correct answers shows syntax that IOS would accept as correct. The incorrect answers include mistakes such as: 

• Using the ip keyword with a standard ACL

• Placing the permit keyword before the ACL number (10)

Matching the Exact IP Address Page number:1260

When configuring a standard ACL (and any ACL type), the default action is to deny any unmatched traffic and to place it as close to the destination as possible. This second statement is a recommended best practice because standard ACLs are very broad (compared with extended ACLs) and can accidently filter out more than just the intended traffic.

Implementing Standard IP ACLs Page number:1264

Which source address in the answers would ACE access-list 1 permit 172.16.0.0 0.0.0.255 match?

The statement shown in the question would match the addresses from 172.16.0.0 through 172.16.0.255.

Which option would be the correct subnet specified with the ACL ACE access-list 1 permit 192.30.32.0 0.0.31.255?

For the purposes of the CCENT and CCNA exams, the address specified in the statement (in the question) is assumed to be the correct subnet number (thus the lowest available address in the matched IP range). That said, to convert a wildcard mask back to a subnet mask, use the following technique: Take 255 and subtract the wildcard mask octet value. The first and second wildcard octets is 0, 255 – 0 = 255. The third wildcard octet is 31, 255 – 31 = 224. The fourth wildcard octet is 255, 255-255 = 0. This gives you a subnet mask of 255.255.224.0. The range of addresses can be found by taking the wildcard mask and adding it to the original network number configured. This will give you the highest range address; 192 + 0 = 192, 30 + 0 = 30, 32 + 31 = 63, 0 + 255 = 255. This makes the lowest number in the range 192.30.32.0 and the highest number 192.30.63.255.

Reverse Engineering from ACL to Address Range Page number:1270

Based on the topology there are four different places that traffic could be filtered from LAN A to LAN B: inbound on R1’s Gi0/1 interface, outbound on R1’s Gi0/0 interface, inbound on R2’s Gi0/0 interface, and outbound on R2’s Gi0/1 interface.

ACL Location and Direction Page number:1255

The first ACL statement is using an incorrect wildcard mask. To correctly match the 192.168.56.192/26 network, the wildcard mask should have been 0.0.0.63, not 0.0.0.127. The second statement is correct, and the denial of the 192.168.0.0/18 network will be completed by the implicit denial at the end of the ACL.

Matching Logic and Command Syntax Page number:1260