Please forgive the diagram i am about to draw:
[ network 1 172.16.60.0 /24 ] --------------- serial 1/0 [ router 1 ] serial 0/1 --------------- [ internet ]
In the very crude diagram above, I was given the following access list to apply:
access-list 75 deny 172.16.60.0 0.0.0.255
access-list 75 permit any
The goal is to keep Network 1 from accessing the internet.
I would apply this access list on serial interface 0/1 in the outbound direction. The practice test I got this from states that it should be placed on the serial 1/0 interface in the outbound direction, which doesnt make any sense, because standard ACLs will filter based upon SOURCE, so traffic would hit the serial 1/0 interface and since its going IN (to the router serial 1/0 interface) wouldnt be filtered, and would still be allowed to go out to the internet.
Please assist cause Im going to lose my mind shortly.
While applying it on the Serial 0/1 in the outbound direction will also work (as you stated, the router will check the source address irrespective of if the traffic is in the incoming direction or outgoing direction), it is better to apply the same on the Serial 1/0 interface in the incoming direction because you want to drop the traffic closer to the source. It does not make any sense for the router to process the traffic and send it to the outside interface just to be dropped on that interface.
interface serial 1/0
ip access-group 75 in
hope this helps.