在路由器上配置一个标准的访问列表,只允许所有源自C类地址:192.168.1.0的IP数据包通过,那么wildcard access-list mask将采用以下哪个是正确的?()
第1题:
下列关于访问控制列表以及访问列表配置文件命令的说法中,正确的是哪些()。
A.访问列表有两类:IP标准列表,IP扩展列表
B.标准访问列表根据数据包的源地址来判断是允许或者拒绝数据包
C.normal/special字段表示该规则是在普通时间段中有效还是在特殊时间段有效,缺省是在普通时间段内有效
D.扩展访问列表使用除源地址以外更多的信息描述数据包匹配规则
第2题:
用扩展访问控制列表配置封禁ICMP协议,只允许l68.27.95.0/24子网的ICMP数据包通过路由器,正确的配置是(61) 。
A.access-list 90 deny icmp l68.27.95.0 255.255.255.0 any access-list 90 deny icmp any anyaccess—list 90 permit ip any any
B.access-list l00 permit icmp l68.27.95.0 0.0.0.255 any access-list l00 permit ip any any
C.access—list l l o permit icmp l68.27.95.0 255.255.255.0 any access—list l lo deny icmp any any
D.access-list l20 permit icmp l68.27.95.0 0.0.0.255 any access—list l20 deny icmp any any access—list l20 permit ip any any
第3题:
定义一个用于封禁ICMP协议而只允许转发166.129.130.0/24子网的ICMP数据包的访问控制列表,Cisco路由器的正确配置是
A.access-list 198 permit icmp 166.129.130.0 255.255.255.0 any access-list 198 deny icmp any any access-list 198 permit ip any any
B.access-list 198 permit icmp 166.129.130.0 0.0.0.255 any access-list 198 deny icmp any any access-list 198 permit ip any any
C.access-list 99 permit icmp 166.129.130:0 0.0.0.255 any access-list 99 deny icnip any any access-list 99 permit ip any any
D.access-list 100 permit icmp 166.129.130.0 0.0.0.255 any access-list 100 permit ip any any access-list 100 deny icmp any any
第4题:
标准IP访问控制列表的基本格式为access-list[list number] [permit | deny] [host/any] [sourceaddress] [wildcard-mask][log],请填写其参数描述。
a. list number .......................................... [11]
b. permit/deny ....................................... [12]
c. s
第5题:
A.255.255.0.0
B.255.255.255.0
C.0.0.255.255
D.0.0.0.255
第6题:
( 22 )用 标准 访问控制列表禁止非法地址 192.168.0.0/16 的数据包进出路由器的正确配置是
A ) access-list 110 deny 192.168.0.0 0.0.255.255
access-list 110 permit any
B ) access-list 10 deny 192.168.0.0 255.255.0.0
access-list 10 permit any
C ) access-list 50 permit any
access-list 50 deny 192.168.0.0 0.0.255.255
D ) access-list 99 deny 192.168.0.0 0.0.255.255
access-list 99 permit an
第7题:
若要求路由器的某接口上只封禁ICMP协议,但允许159.67.183.0/24子网的ICMP数据包通过,那么使用的access-list命令是______。
A.access-list 120 deny icmp 159.67.183.0 0.0.0.255 any access-list 120 permit ip any any
B.access-list 10 permit icmp 159.67.183.0 0.0.0.255 any access-list 10 deny icmp any any access-list 10 permit ip any any
C.access-list 99 permit icmp 159.67.183.0 0.0.0.255 any access-list 99 deny icmp any any
D.access-list 110 permit icmp 159.67.183.0 0.0.0.255 any access-list 110 deny icmp any any access-list 110 permit ip any any
第8题:
A、255.255.0.0
B、255.255.255.0
C、0.0.255.255
D、0.255.255.255
第9题:
A.255.255.0.0
B.255.255.255.0
C.0.0.255.255
D.0.255.255.255
第10题:
请参见图示。公司的新安全策略允许来自工程部LAN的所有IP流量访问Internet,但对于来自营销部LAN的流量,则只允许其中的web流量访问Internet。为实施新的安全策略,可在营销部路由器的Serial0/1接口的出站方向上应用哪一ACL()
A.access-list 197 permit ip 192.0.2.0 0.0.0.255 any access-list 197 permit ip 198.18.112.0 0.0.0.255 any eq www
B.access-list 165 permit ip 192.0.2.0 0.0.0.255 any access-list 165 permit tcp 198.18.112.0 0.0.0.255 any eq www access-list 165 permit ip any any
C.access-list 137 permit ip 192.0.2.0 0.0.0.255 any access-list 137 permit tcp 198.18.112.0 0.0.0.255 any eq www
D.access-list 89 permit 192.0.2.0 0.0.0.255 any access-list 89 permit tcp 198.18.112.0 0.0.0.255 any eq www