Cisco Certified Network Associate (CCNA) 2026 – 400 Free Practice Questions to Pass the Exam

The choice that best applies policies through Access Control Lists (ACLs) and has inspect statements is the Cisco IOS Firewalls. Cisco IOS Firewalls are configured directly in the IOS software of the router and utilize standard and extended ACLs to permit or deny traffic based on defined criteria. This firewall type allows for the inspection of traffic flows to ensure that only legitimate traffic is allowed while keeping unauthorized access at bay.

The use of inspect statements is a key feature in Cisco IOS Firewalls, as they manipulate how traffic is handled across TCP connections. When traffic is allowed by an ACL, the inspect statement can dynamically create temporary openings in the ACL for return traffic, facilitating stateful inspection. This approach is essential for enabling return traffic in protocols that do not inherently provide this capability, ensuring a more secure and manageable environment.

In contrast, while Cisco ASA Firewalls and the Cisco Firewall Services Module also utilize ACLs and inspect statements, Cisco IOS Firewalls are specifically integrated within the router’s operating system. Cisco Cloud Firewalls, on the other hand, represent a more modern cloud-based approach and operate in a different context, making them less relevant to the question regarding the traditional use of ACLs and inspect statements.