CompTIA Security Plus Mock Test Q928

Which of the following is best practice to put at the end of an ACL?

A. Implicit deny
B. Time of day restrictions
C. Implicit allow
D. SNMP string

Correct Answer: A
Section: Access Control and Identity Management

An implicit deny clause is implied at the end of each ACL. This implies that if you aren’t specifically granted access or privileges for a resource, you’re denied access by default. The
implicit deny clause is set by the system.

Incorrect Answers:
B: Time of day restrictions limit when users can access specific systems based on the time of day or week. They do not appear at the end of an ACL.
C: Implicit allow does not appear at the end of an ACL.
D: An SNMP string is similar to a user id or password that permits access to a router’s or other device’s statistics. They do not appear at the end of an ACL.

Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 26, 280