Which statement about simple ACLs with TTL is true?

• A. They expire after the TTL period.
• B. They are saved with the configuration.
• C. They can be modified after creation.
• D. They can match any protocol.

Answer: (A)

What’s being tested here is that TTL adds a time limit to ACL entries. When you create a simple ACL with a TTL, the rule is active only for the duration specified by that TTL. Once that period ends, the entry expires and stops affecting traffic. This self-erasing behavior is exactly why the statement that they expire after the TTL period is true—TTL governs the lifespan of the rule, not what it can match or how it’s stored. TTL doesn’t change which protocols the ACL can match; it only controls how long the rule exists. Because TTL-based rules are typically temporary and not meant to be permanent fixtures, they aren’t inherently guaranteed to be saved with persistent configuration, and the ability to modify them after creation depends on the specific device, whereas the expiration behavior remains the defining characteristic.