| They have no potential impact on the data segment being monitored. | |
| They operate in promiscuous mode. | |
| They operate in inline mode. | |
| They are more vulnerable to evasion techniques than IDS. |
| Apply the ACL to the interface prior to configuring access control entries to ensure that controls are applied immediately upon configuration. | |
| ACLs filter all traffic through and sourced from the router. | |
| An "implicit deny" is applied to the start of the ACL entry by default. | |
| Only one ACL per protocol, per direction, and per interface is allowed. |
| The running Cisco IOS image is encrypted and then automatically backed up to a TFTP server. | |
| The show version command does not show the Cisco IOS image file location. | |
| When the router boots up, the Cisco IOS image is loaded from a secured FTP location. | |
| The Cisco IOS image file is not visible in the output from the show flash command. | |
| The running Cisco IOS image is encrypted and then automatically backed up to the NVRAM. |