O'Reilly logo
  • Todd Sticht thinks this is interesting:

Answer C is correct. ACLs are processed from top down. The first ACL entry that a packet matches is acted on (permit or deny), and the rest of the ACL entries aren’t considered. The host at 10.1.2.3 can access TCP port 80 because of the first line of the ACL. Not all hosts on the 34.2.1.0/24 subnet are allowed HTTP access to the hosts on 5.5.5.0/24, because there is no permit statement for that and because there is an implicit deny all at the end of an ACL. The same is true about all hosts on 10.1.2.0/24 not being all able to send ICMP ping requests. The deny statement for host 34.2.1.99 prevents the last option (fourth provided possible answer) from being true.

From

Cover of Cisco CCENT ICND1 100-101 Exam Cram, Second Edition

Note

This is SOOOOOO BAD....Answer A is correct. It says HTTPS which is 443 and there IS a permit statement for that. Also, like you say, answer C is correct.