An engineer must block all traffic from a router to its directly connected subnet 209.165.200.0/24. The engineer applies access control list EGRESS in the outbound direction on the GigabitEthernet0/0 interface of the router. However, the router can still ping hosts on the 209.165.200.0/24 subnet.

Extended IP access list EGRESS 10 permit ip 10.0.0.0 0.0.0.255 any ! <Output Omitted> ! interface GigabitEthernet0/0 ip address 209.165.200.225 255.255.255.0 ip access-group EGRESS out duplex auto speed auto media-type rj45 !

Which explanation of this behavior is true?

A.	Access control lists that are applied outbound to a router interface do not affect traffic that is sourced from the router.
B.	After an access control list is applied to an interface, that interface must be shut and no shut for the access control list to take effect.
C.	Only standard access control lists can block traffic from a source IP address.
D.	The access control list must contain an explicit deny to block traffic from the router.