Which statement best describes an access control list used by border routers?

An access control list (ACL) used by border routers is a set of rules that dictates which traffic is allowed or denied passage based on configured criteria. When stating that it denies all traffic by default and lists exceptions, it reflects the most common and secure approach to implementing ACLs for border routers.

By default denying traffic means that any packet trying to pass through the router will be rejected unless there is a specific rule in the ACL that allows it. This approach enhances security by only permitting traffic that is explicitly defined, thus minimizing the risk of unauthorized access or malicious activities coming from the outside world. It also helps in applying the principle of least privilege, where only necessary communications are allowed, making it harder for attackers to penetrate networks.

The other options do not accurately describe the typical function of ACLs. Allowing all traffic by default would create significant security risks, and logging all packets or encrypting outgoing traffic go beyond the primary role of an ACL in enhancing network security. Instead, these functions can be executed by other security measures or devices alongside ACLs.