A standard ACL can permit or deny traffic based on the source addressAn extended ACL can permit or deny traffic based on both the source and destination address...Standard near the destination, Extended near the source.

If the root guard is enabled on the interface, it ensure that the port is designated port and if this port recieves the bpdu, it puts the port in root-inconsistent state which means listening state (no way to forward the traffic through it)...i donnt...