nerdexam
Cisco

350-401 · Question #637

Which type of ACL can be applied only to Layer 2 pods?

The correct answer is A. port ACLs. The question asks to identify an Access Control List (ACL) type specifically designed for application at Layer 2 interfaces.

Submitted by deeparc· Mar 6, 2026Security

Question

Which type of ACL can be applied only to Layer 2 pods?

Options

  • Aport ACLs
  • Breflexive ACLs
  • Creflexive ACLs
  • Ddynamic ACLs
  • EVLAN ACLs

How the community answered

(49 responses)
  • A
    94% (46)
  • B
    4% (2)
  • C
    2% (1)

Why each option

The question asks to identify an Access Control List (ACL) type specifically designed for application at Layer 2 interfaces.

Aport ACLsCorrect

Port ACLs (PACLs) are specifically designed to filter traffic at Layer 2 interfaces (physical switch ports) before any Layer 3 routing or VLAN processing occurs, applying policies directly to individual switch ports.

Breflexive ACLs

Reflexive ACLs are used in Layer 3 contexts to permit return traffic for specific outbound sessions, creating temporary entries in the access list.

Creflexive ACLs

This is a duplicate of B, and thus also incorrect.

Ddynamic ACLs

Dynamic ACLs are used for remote access where users authenticate to a server to temporarily open a firewall port, which is a Layer 3 security feature.

EVLAN ACLs

VLAN ACLs (VACLs) are applied to VLANs and operate on traffic bridged within or routed between VLANs, typically after Layer 2 processing but not directly at the physical port like PACLs.

Concept tested: Port Access Control Lists (PACLs)

Source: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960x/software/15-2_6_e/config_guide/b_2960x_15_2_6_e_config_guide/b_2960x_15_2_6_e_config_guide_chapter_0100.html

Topics

#port ACL#Layer 2#ACL types#VLAN ACL

Community Discussion

No community discussion yet for this question.

Full 350-401 Practice