网友您好, 请在下方输入框内输入要搜索的题目:
题目内容
(请给出正确答案)
单选题
下列高级ACL规则配置正确的有()。
A
rule permit ip icmp-type echo
B
rule permit ip source-port eq 1024
C
rule permit ip tos normal dscp ef
D
rule permit udp time-range udp
参考答案
参考解析
解析:
暂无解析
更多 “单选题下列高级ACL规则配置正确的有()。A rule permit ip icmp-type echoB rule permit ip source-port eq 1024C rule permit ip tos normal dscp efD rule permit udp time-range udp” 相关考题
考题
拒绝转发所有IP地址进与出方向的、端口号为1434的UDP和端口号为4444的TCP数据包,下列正确的access-list配置是A)Router (config)#access-list 30 deny udp any any eq 1434Router (config)#access-list 30 deny tcp any any eq 4444Router (config)#access-list 30 permit ip any anyB)Router (config)#access-list 130 deny udp any any eq 1434Router (config)#access-list 130 deny tcp any any eq 4444Router (config)#access-list 130 permit ip any anyC)Router (config)#access-list 110 deny any any udp eq 1434Router (config)#access-list 110 deny any any tcp eq 4444Router (config)#access-list 110 permit ip any anyD)Router (config)#access-list 150 deny udp ep 1434 any anyRouter (config)#access-list 150 deny tcp ep 4444 any anyRouter (config)#access-list 150 permit ip any any
考题
根据上述要求,在i层交换机sl上配置了两组ACL,请根据题目要求完成以下配置。access—list 10 permit ip host 10.10.30.1 anyaccess—list 10 permit ip host(6)anyaccess—list 12 permit ip any 158.124~0 0(7)access—list 12 permit ip any 158.153.208.0(8)aeeess—list 12 deny ip any any2.完成以下策略路由的配置。route—map test permit 10(9)ip address 10(10)ip next-hop(11)
考题
请参见图示。公司的新安全策略允许来自工程部LAN的所有IP流量访问Internet,但对于来自营销部LAN的流量,则只允许其中的web流量访问Internet。为实施新的安全策略,可在营销部路由器的Serial0/1接口的出站方向上应用哪一ACL()A.access-list 197 permit ip 192.0.2.0 0.0.0.255 any access-list 197 permit ip 198.18.112.0 0.0.0.255 any eq wwwB.access-list 165 permit ip 192.0.2.0 0.0.0.255 any access-list 165 permit tcp 198.18.112.0 0.0.0.255 any eq www access-list 165 permit ip any anyC.access-list 137 permit ip 192.0.2.0 0.0.0.255 any access-list 137 permit tcp 198.18.112.0 0.0.0.255 any eq wwwD.access-list 89 permit 192.0.2.0 0.0.0.255 any access-list 89 permit tcp 198.18.112.0 0.0.0.255 any eq www
考题
A network administrator is configuring ACLs on a cisco router,to allow traffic from hosts on networks 192.168.146.0,192.168.147.0,192.168.148.0and192.168.149.0 only.Which two ACL statements when combined are the best for accomplishing the task?()A. access-list 10 permit ip 192.168.147.0 0.0.0.255.255B. access-list 10 permit ip 192.168.149.0 0.0.0.255.255C. access-list 10 permit ip 192.168.146.0 0.0.0.0.255D. access-list 10 permit ip 192.168.146.0 0.0.0.1.255E. access-list 10 permit ip 192.168.148.0 0.0.0.1.255F. access-list 10 permit ip 192.168.146.0 255.255.255.0
考题
A network administrator is configuring ACLs on a cisco router, to allow affic from hosts on networks 192.168.146.0,192.168.147.0,192.168.148.0 and 192.168.149.0 only.Which two ACL statements when combined are the best for accomplishing the task?()A.access-list 10 permit ip 192.168.147.0 0.0.0.255.255B.access-list 10 permit ip 192.168.149.0 0.0.0.255.255C.access-list 10 permit ip 192.168.146.0 0.0.0.0.255D.access-list 10 permit ip 192.168.146.0 0.0.1.255E.access-list 10 permit ip 192.168.148.0 0.0.1.255F.access-list 10 permit ip 192.168.146.0 255.255.255.0
考题
下面的访问控制列表命令正确的是()。
A.acl1 rule deny source1.1.1.1B.acl1 rule permit anyC.acl1 permit 1.1.1.102.2.2.20.0.0.255D.acl99 rule deny tcp source any destination2.2.2.20.0.0.255
考题
下列选项中的哪些路由满足下面的ACL条件?()acl number 2001 Rule0permit source 10.1.1.00.0.254.255
A.10.1.1.1/32B.10.1.2.1/32C.10.1.3.1/32D.10.1.4.1/32
考题
计费服务器的ip地址在192.168.1.0/24子网内,为了保证计费服务器的安全,不允许任何用户telnet到该服务器,则需要配置的访问列表条目为:()A、access-list 11 deny tcp 192.168.1.0 0.0.0.255 eq telnet/access-list 111 permit ip any anyB、access-list 111 deny tcp any 192.168.1.0 eq telnet/access-list 111 permit ip any anyC、access-list 111 deny udp 192.168.1.0 0.0.0.255 eq telnet/access-list 111 permit ip any anyD、access-list 111 deny tcp any 192.168.1.0 0.0.0.255 eq telnet/access-list 111 permit ip any any
考题
要创建一个扩展命名访问控制列表cisco,仅允许HTTP流量进入网络196.15.7.0/24,下面命令是错误的有()。A、ip access-list extended cisco permit tcp any 196.15.7.0 0.0.0.255 eq wwwB、ip access-list extended cisco deny tcp any 196.15.7.0 eq wwwC、ip access-list extended cisco permit 196.15.7.0 0.0.0.255 eq wwwD、ip access-list extended cisco permit ip any 196.15.7.0 0.0.0.255E、ip access-list extended cisco permit www 196.15.7.0 0.0.0.255
考题
在路由器MSR-1 上看到如下信息: [MSR-1]display acl 3000 Advanced ACL 3000, named -none-, 2 rules,ACL’s step is 5 rule 0 permit ip source 192.168.1.0 0.0.0.255 rule 10 deny ip (19 times matched) 该ACL 3000 已被应用在正确的接口以及方向上。据此可知()A、这是一个基本ACL(高级的)B、有数据包流匹配了规则rule 10C、至查看该信息时,还没有来自192.168.1.0/24网段的数据包匹配该ACLD、匹配规则rule 10的数据包可能是去往目的网段192.168.1.0/24的
考题
Which of the following IOS commands can detect whether the SQL slammer virus propagates in yournetworks?()A、access-list 100 permit any any udp eq 1434B、access-list 100 permit any any udp eq 1434 logC、access-list 110 permit any any udp eq 69D、access-list 110 permit any any udp eq 69 logE、None of above.
考题
下面的访问控制列表命令正确的是()。A、acl1 rule deny source1.1.1.1B、acl1 rule permit anyC、acl1 permit 1.1.1.102.2.2.20.0.0.255D、acl99 rule deny tcp source any destination2.2.2.20.0.0.255
考题
仅仅允许到主机1.1.1.1的SMTP邮件服务的命名访问控制列表语句是()。A、ip access-list standard cisco permit smtp host 1.1.1.1B、ip access-list extended cisco permit ip smtp host 1.1.1.1C、ip access-list standard cisco permit tcp any host 1.1.1.1 eq smtpD、ip access-list extended cisco permit tcp any host 1.1.1.1 eq smtp
考题
客户路由器的接口GigabitEthernet0/0 下连接了局域网主机HostA,其IP 地址为192.168.0.2/24;接口Serial6/0 接口连接远端,目前运行正常。现增加ACL 配置如下: firewall enable firewall default permit acl number 3003 rule 0 permit tcp rule 5 permit icmp acl number 2003 rule 0 deny source 192.168.0.0 0.0.0.255 interface GigabitEthernet0/0 firewall packet-filter 3003 inbound packet-filter 包过滤 firewall packet-filter 2003 outbound ip address 192.168.0.1 255.255.255.0 interface Serial6/0 link-protocol ppp ip address 6.6.6.2 255.255.255.0 假设其他相关配置都正确,那么()A、HostA不能ping通该路由器上的两个接口地址B、HostA不能ping通6.6.6.2,但是可以ping通192.168.0.1C、HostA不能ping通192.168.0.1,但是可以ping通6.6.6.2D、HostA可以Telnet到该路由器上
考题
某公司的MSR路由器计划通过ISDN DCC拨号接入Internet,在路由器上有如下配置: [H3C] dialer-rule 1 ip deny [H3C] firewall default permit 在拨号接口下已经引用了此拨号访问控制列表dialer-rule 1,那么如下关于拨号的说法哪些是错误的?()A、任何IP数据包都不能触发拨号B、任何IP数据包都可以触发拨号C、TCP类型的数据包可以触发拨号D、UDP类型的数据包可以触发拨号
考题
在MSR路由器上配置了如下ACL: acl number 3999 rule permit tcp source 10.10.10.1 255.255.255.255 destination 20.20.20.1 0.0.0.0 time-range lucky 那么对于该ACL的理解正确的是()A、该rule只在lucky时间段内生效B、该rule只匹配来源于10.10.10.1的数据包C、该rule只匹配去往20.20.20.1的数据包D、该rule可以匹配来自于任意源网段的TCP数据包E、该rule可以匹配去往任意目的网段的TCP数据包
考题
在配置ISDN DCC的时候,客户在自己的MSR路由器上配置了如下的dialer-rule: [MSR] dialer-rule 1 acl 3000 那么关于此配置如下哪些说法正确?()A、只有匹配ACL 3000的数据包能触发拨号B、只有匹配ACL 3000的数据包会被路由器通过拨号链路发送C、没有定义permit或者deny,配置错误D、正确的配置应为:[MSR] dialer-rule 1 acl 3000 permit
考题
在配置ISDNDCC的时候,客户在自己的MSR路由器上配置了如下的dialer-rule:[MSR]dialer-rule1acl3000那么关于此配置如下哪些说法正确?()A、只有匹配ACL3000的数据包能触发拨号B、只有匹配ACL3000的数据包会被路由器通过拨号链路发送C、没有定义permit或者deny,配置错误D、正确的配置应为:[MSR]dialer-rule1acl3000permit
考题
下列高级ACL规则配置正确的有()。A、rule permit ip icmp-type echoB、rule permit ip source-port eq 1024C、rule permit ip tos normal dscp efD、rule permit udp time-range udp
考题
防火墙路由模式下,防火墙的接口地址为192.168.99.101,主机地址为192.168.99.102。以下配置中,能保证主机ping通防火墙接口地址的是()。A、# acl number 2005 rule 0 permit source192.168.99.1020 rule 1 deny source192.168.99.00.0.0.255#B、#acl number 2005 rule 0 deny source192.168.99.00.0.0.255 rule 1 permit source192.168.99.1020#C、#ac lnumber 2005 rule0 deny source192.168.99.1020 rule 1permit source192.168.99.00.0.0.255#D、#ac lnumber 2005 rule 0 permit source192.168.99.00.0.0.255 rule 1 deny source192.168.99.1020#
考题
网络管理员是Cisco路由器上配置访问控制列表,允许来自只的网络192.168.146.0,192.168.147.0,192.168.148.0和192.168.149.0主机。哪个结合是最好的完成任务,当两个ACL语句?()A、 access-list 10 permit ip 192.168.147.0 0.0.0.255.255B、 access-list 10 permit ip 192.168.149.0 0.0.0.255.255C、 access-list 10 permit ip 192.168.146.0 0.0.0.0.255D、 access-list 10 permit ip 192.168.146.0 0.0.0.1.255E、 access-list 10 permit ip 192.168.148.0 0.0.0.1.255F、 access-list 10 permit ip 192.168.146.0 255.255.255.0
考题
单选题计费服务器的ip地址在192.168.1.0/24子网内,为了保证计费服务器的安全,不允许任何用户telnet到该服务器,则需要配置的访问列表条目为:()A
access-list 11 deny tcp 192.168.1.0 0.0.0.255 eq telnet/access-list 111 permit ip any anyB
access-list 111 deny tcp any 192.168.1.0 eq telnet/access-list 111 permit ip any anyC
access-list 111 deny udp 192.168.1.0 0.0.0.255 eq telnet/access-list 111 permit ip any anyD
access-list 111 deny tcp any 192.168.1.0 0.0.0.255 eq telnet/access-list 111 permit ip any any
考题
单选题下面的访问控制列表命令正确的是()。A
acl1 rule deny source1.1.1.1B
acl1 rule permit anyC
acl1 permit 1.1.1.102.2.2.20.0.0.255D
acl99 rule deny tcp source any destination2.2.2.20.0.0.255
考题
多选题网络管理员是Cisco路由器上配置访问控制列表,允许来自只的网络192.168.146.0,192.168.147.0,192.168.148.0和192.168.149.0主机。哪个结合是最好的完成任务,当两个ACL语句?()Aaccess-list 10 permit ip 192.168.147.0 0.0.0.255.255Baccess-list 10 permit ip 192.168.149.0 0.0.0.255.255Caccess-list 10 permit ip 192.168.146.0 0.0.0.0.255Daccess-list 10 permit ip 192.168.146.0 0.0.0.1.255Eaccess-list 10 permit ip 192.168.148.0 0.0.0.1.255Faccess-list 10 permit ip 192.168.146.0 255.255.255.0
考题
单选题A network administrator wants to add a line to an access list that will block only Telnet access by the hosts on subnet 192.168.1.128/28 to the server at 192.168.1.5. What command should be issued to accomplish this task?()A
access-list 101 deny tcp 192.168.1.128 0.0.015 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any anyB
access-list 1 deny tcp 192.168.1.128 0.0.0.15 host 192.168.1.5 eq 23 access-list 1 permit ip any anyC
access-list 1 deny tcp 192.168.1.128 0.0.0.255 192.168.1.5 0.0.0.0 eq 21 access-list 1 permit ip any anyD
access-list 101 deny tcp 192.168.1.128 0.0.0.240 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any anyE
access-list 101 deny ip 192.168.1.128 0.0.0.240 192.158.1.5 0.0.0.0 eq 23 access-list 101 permit ip any anyF
access-list 101 deny ip 192.168.1.128 0.0.0.15 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any
考题
多选题A network administrator is configuring ACLs on a cisco router, to allow affic from hosts on networks 192.168.146.0,192.168.147.0,192.168.148.0 and 192.168.149.0 only.Which two ACL statements when combined are the best for accomplishing the task?()Aaccess-list 10 permit ip 192.168.147.0 0.0.0.255.255Baccess-list 10 permit ip 192.168.149.0 0.0.0.255.255Caccess-list 10 permit ip 192.168.146.0 0.0.0.0.255Daccess-list 10 permit ip 192.168.146.0 0.0.1.255Eaccess-list 10 permit ip 192.168.148.0 0.0.1.255Faccess-list 10 permit ip 192.168.146.0 255.255.255.0
考题
单选题Which of the following IOS commands can detect whether the SQL slammer virus propagates in yournetworks?()A
access-list 100 permit any any udp eq 1434B
access-list 100 permit any any udp eq 1434 logC
access-list 110 permit any any udp eq 69D
access-list 110 permit any any udp eq 69 logE
None of above.
热门标签
最新试卷