Which two commands should be used to write a standard ACL that denies traffic from the 172.16.0.0/16 network but permits all other traffic?

To construct a standard Access Control List (ACL) that denies traffic from the 172.16.0.0/16 network while permitting all other traffic, the commands used must align with the purpose of controlling access based on source IP addresses.

The correct choice specifies an ACL that first denies any packets originating from the 172.16.0.0 network, using the wildcard mask of 0.0.255.255, which effectively covers the entire /16 subnet (172.16.0.0 to 172.16.255.255). The wildcard mask indicates which bits of the address should be checked for matching (in this case, the first two octets) and which can vary (the last two octets).

Following this denying entry, the command to permit any other traffic is essential. This ensures that all other IP traffic is allowed through, maintaining system functionality while enforcing the specified restrictions.

This approach is consistent with how ACLs operate; they check each packet against the list in sequential order, applying the first match found. Therefore, by denying traffic from the specified network first and then permitting all others, the ACL behaves as intended to meet the requirements of the question.