在访问列表中,有一条规则如下:access-list 131 permit ip any 192.168.10.0 0.0.0.255 eq ftp 在该规则中,any的意思是表示:()
第1题:
● 以下 ACL 语句中,含义为“允许 172.168.0.0/24 网段所有 PC 访问 10.1.0.10 中的
FTP 服务”的是(42) 。
(42)
A. access-list 101 deny tcp 172.168.0.0 0.0.0.255 host 10.1.0.10 eq ftp
B. access-list 101 permit tcp 172.168.0.0 0.0.0.255 host 10.1.0.10 eq ftp
C. access-list 101 deny tcp host 10.1.0.10 172.168.0.0 0.0.0.255 eq ftp
D. access-list 101 permit tcp host 10.1.0.10 172.168.0.0 0.0.0.255 eq ftp
第2题:
A.检察源地址的所有bit位
B.检查目的地址的所有bit位
C.允许所有的源地址
D.允许255.255.255.2550.0.0.0
第3题:
(22)下面的访问控制列表中,( )禁止所有TELNET访问子网10.10.1.0/24。
A) access-list 15 deny udp any 10.10.1.0 255.255 255.0 eq 23
B) access-list 115 deny tcp any 10.10.1.0 0.0.0.255 eq 23
C) access-list 115 deny udp any 10.10.1.0 eq telnet
D) access-list 15 deny telnet any 10.10.1.0 0.0.0.255 eq 23
第4题:
On a newly installed router, the following access list is added to the HSSI interface for incoming traffic:Access-list 101 permit tcp any 10.18.10.0 0.0.0.255 eq tcpWhat is the effect of the "any" keyword in the above access list?()
A. check any of the bits in the source address
B. permit any wildcard mask for the address
C. accept any source address
D. check any bit in the destination address
E. permit 255.255.255.255 0.0.0.0
F. accept any destination
第5题:
请参见图示。公司的新安全策略允许来自工程部LAN的所有IP流量访问Internet,但对于来自营销部LAN的流量,则只允许其中的web流量访问Internet。为实施新的安全策略,可在营销部路由器的Serial0/1接口的出站方向上应用哪一ACL()
A.access-list 197 permit ip 192.0.2.0 0.0.0.255 any access-list 197 permit ip 198.18.112.0 0.0.0.255 any eq www
B.access-list 165 permit ip 192.0.2.0 0.0.0.255 any access-list 165 permit tcp 198.18.112.0 0.0.0.255 any eq www access-list 165 permit ip any any
C.access-list 137 permit ip 192.0.2.0 0.0.0.255 any access-list 137 permit tcp 198.18.112.0 0.0.0.255 any eq www
D.access-list 89 permit 192.0.2.0 0.0.0.255 any access-list 89 permit tcp 198.18.112.0 0.0.0.255 any eq www
第6题:
A.检察源地址的所有bit位
B.检查目的地址的所有bit位
C.拒绝所有的源地址
D.允许255.255.255.2550.0.0.0
第7题:
以下的访问控制列表中,(37)语句用于禁止所有Telnet访问子网192.168.10.0/24。
A.access-list 15 deny telnet any 192.168.10.0 0.0.0.255 eq 23
B.access-listl 15 deny udp any 192.168.10.0 eq telnet
C.access-list 1 15 deny tcp any 192.168.10.0 0.0.0.255 eq 23
D.access-list 15 deny udp any 192.168.10.0 255.255.255.0 eq 23
第8题:
定义一个用于封禁ICMP协议而只允许转发166.129.130.0/24子网的ICMP数据包的访问控制列表,Cisco路由器的正确配置是
A.access-list 198 permit icmp 166.129.130.0 255.255.255.0 any access-list 198 deny icmp any any access-list 198 permit ip any any
B.access-list 198 permit icmp 166.129.130.0 0.0.0.255 any access-list 198 deny icmp any any access-list 198 permit ip any any
C.access-list 99 permit icmp 166.129.130:0 0.0.0.255 any access-list 99 deny icnip any any access-list 99 permit ip any any
D.access-list 100 permit icmp 166.129.130.0 0.0.0.255 any access-list 100 permit ip any any access-list 100 deny icmp any any
第9题:
某台路由器上配置了如下一条访问列表
acl 4
rule deny source 202.38.0.0 0.0.255.255
rule permit source 202.38.160.1. 0.0.0.255
表示: ()
A、只禁止源地址为202.38.0.0 网段的所有访问;
B、只允许目的地址为202.38.0.0 网段的所有访问;
C、检查源IP 地址,禁止202.38.0.0 大网段的主机,但允许其中的202.38.160.0小网段上的主机;
D、检查目的IP 地址,禁止202.38.0.0 大网段的主机,但允许其中的202.38.160.0 小网段的主机;
第10题:
An access list has been designed to prevent HTTP traffic from the Accounting Department from reaching the HR server attached to the Holyoke router. Which of the following access lists will accomplish this task when grouped with the e0 interface on the Chicopee router()。
A. permit ip any any deny tcp 172.16.16.0 0.0.0.255 172.17.17.252 0.0.0.0 eq 80
B. permit ip any any deny tcp 172.17.17.252 0.0.0.0 172.16.16.0 0.0.0.255 eq 80
C. deny tcp 172.17.17.252 0.0.0.0 172.16.16.0 0.0.0.255 eq 80 permit ip any any
D. deny tcp 172.16.16.0 0.0.0.255 172.17.17.252 0.0.0.0 eq 80 permit ip any any