网友您好, 请在下方输入框内输入要搜索的题目:

题目内容 (请给出正确答案)

要限制源地址为10.0.0.16到10.0.0.31之间的网络主机访问目标地址,则访问列表ACL配置语句为: router(Config)#ip access-list 99 deny() router(Config)#ip access-list 99()any

参考答案

更多 “ 要限制源地址为10.0.0.16到10.0.0.31之间的网络主机访问目标地址,则访问列表ACL配置语句为: router(Config)#ip access-list 99 deny() router(Config)#ip access-list 99()any” 相关考题
考题 定义一个用于封禁ICMP协议而只允许转发166.129.130.0/24子网的ICMP数据包的访问控制列表,Cisco路由器的正确配置是( )。A) access-list 198 permit icmp 166.129.130.0 255.255.255.0 anyaccess-list 198 deny icmp any anyaccess-list 198 permit ip any anyB) access-list 198 permit icmp 166.129.130.0 0.0.0 255 anyaccess-list 198 deny icmp any anyaccess-list 198 permit ip any anyC) access-list 99 permit icmp 166.129.130.0 0.0.0 255 anyaccess-list 99 deny icmp any anyaccess-list 99 permit ip any anyD) access-list 100 permit icmp 166.129.130.0 0.0.0 255 anyaccess-list 100 pernut ip any anyaccess-list 100 deny icmp any any
查看答案
考题 在Cisco路由器上,用扩展访问控制列表封禁IP地址为211.102.33.24的主机,正确的配置语句是______。A.access-list 99 deny ip host 211.102.33.24 any access-list 99 deny ip any host 211.102.33.24 access-list 99 permit ip any anyB.access-list 100 permit ip any any access-list 100 deny ip host 211.102.33.24 any access-list 100 deny ip any host 211.102.33.24C.access-list 199 deny ip host 211.102-33.24 any access-list 199 deny ip any host 211.102.33.24 access-list 199 permit ip any anyD.access-list 166 deny ip host 211.102.33.24 any access-list 166 permit ip any any
查看答案
考题 拒绝转发所有IP地址进与出方向的、端口号为1434的UDP和端口号为4444的TCP数据包,下列正确的access-list配置是A)Router (config)#access-list 30 deny udp any any eq 1434Router (config)#access-list 30 deny tcp any any eq 4444Router (config)#access-list 30 permit ip any anyB)Router (config)#access-list 130 deny udp any any eq 1434Router (config)#access-list 130 deny tcp any any eq 4444Router (config)#access-list 130 permit ip any anyC)Router (config)#access-list 110 deny any any udp eq 1434Router (config)#access-list 110 deny any any tcp eq 4444Router (config)#access-list 110 permit ip any anyD)Router (config)#access-list 150 deny udp ep 1434 any anyRouter (config)#access-list 150 deny tcp ep 4444 any anyRouter (config)#access-list 150 permit ip any any
查看答案
考题 定义一个用于封禁ICMP协议而只允许转发166.129.130.0/24子网的ICMP数据包的访问控制列表,Cisco路由器的正确配置是A.access-list 198 permit icmp 166.129.130.0 255.255.255.0 any access-list 198 deny icmp any any access-list 198 permit ip any anyB.access-list 198 permit icmp 166.129.130.0 0.0.0.255 any access-list 198 deny icmp any any access-list 198 permit ip any anyC.access-list 99 permit icmp 166.129.130:0 0.0.0.255 any access-list 99 deny icnip any any access-list 99 permit ip any anyD.access-list 100 permit icmp 166.129.130.0 0.0.0.255 any access-list 100 permit ip any any access-list 100 deny icmp any any
查看答案
考题 Cisco路由器执行show access-list命令显示如下一组信息 Standard IP access list block deny 10.0.0.0, wildcardbits 0.255.255.255 log deny 172.16.0.0, wildcard bits 0.15.255.255 permit any 根据上述信息,正确的access-list配置是A.Router (config) #access-list standard block Router (config-std-nacl) #deny 10.0.0.0 255.0.0.0 log Router (config-std-nacl) #deny 172.16.0.0 255.240.0.0 Router (config-std-nacl) #permit anyB.Router (config) #ip access-list standard block Router (config-std-nacl) #permit any Router (config-std-nacl) #deny 10.0.0.0 0.255.255.255 log Router (config-std-nacl) #deny 172.16.0.0 0.15.255.255C.Router (config) #ip access-list standard block Router (config-std-nacl) #deny 10.0.0.0 255.0.0.0 log Router (config-std-nacl) #deny 172.16.0.0 255.240.0.0 Router (config-std-nacl) #permit anyD.Router (config) #ip access-list standard block Router (config-std-nacl) #deny 10.0.0.0 0.255.255.255 log Router (config-std-nacl) #deny 172.16.0.0 0.15.255.255 Router (config-std-nacl) #permit any
查看答案
考题 用标准访问控制列表配置212.33.127.0/24子网主机登录到路由表,虚拟的配置是A.Router(config)#access-list 10 permit 212.33.127.0 255.255.255.0 Router(config)#line vty 0 5 Router(config-line)#access-class 10 inB.Router(config)#access-list 20 permit 212.33.127.0 0.0.0.255 Router(config)#line vty 0 5 Router(config-line)#access-class 20 inC.Router(config)#access-list 99 permit 212.33.127.0 0.0.0.255 Router(config)#line vty 0 5 Router(config-line)#access-class 99 inD.Router(config)#access-list 100 permit 212.33.127.0 0.0.0.255 Router(config)#line vty 0 5 Router(config-line)#access-class 100 in
查看答案
考题 ● 将ACL应用到路由器接口的命令是 (43) 。(43)A. Router(config-if)#ip access-group 10 outB. Router(config-if)#apply access-list 10 outC. Router(config-if)#fixup access-list 10 outD. Router(config-if)#route access-group 10 out
查看答案
考题 在 Cisco 路由器匕用扩展访问控制列表封禁 1P 地址为 211.102.33.24 的主机,正确的配置语句是A )access-list 99 deny ip host 211.102.33.24 anyaccess-list 99 deny ip any host 211.102.33.24access-list 99 permit ip any anyB )access-list 100 permit ip any anyaccess-list 100 deny ip host 211.102.33.24 anyaccess-list 100 deny ip any host 211.102.33.24C )access-list 199 deny ip host 211.102.33.24 anyaccess-list 199 deny ip any host 211.102.33.24access-list 199 permit ip any anyD )access-list 166 deny ip host 211.102.33.24 anyaccess-list 166 permit ip any any
查看答案
考题 用标准访问控制列表配置只允许212.33.127.0/24子网主机登录到路由表,正确的配置是______。A.Router(config) #access-list 10 permit 212.33.127.0 255.255.255.0 Router(config) #line vty 0 5 Router(config-line) #access-class 10 inB.Router(config) #access-list 20 permit 212.33.127.0 0.0.0.255 Router(config) #line vty 0 5 Router(config-line) #access-class 20 outC.Router(config) #access-list 99 permit 212.33.127.0 0.0.0.255 Router(config) #line vty 0 5 Router(config-line) #access-class 99 inD.Router(config) #access-list 100 permit 212.33.127.0 0.0.0.255 Router(config) #line vty 0 5 Router(config-line) #access-class 100 in
查看答案
考题 要禁止内网中IP地址为198.168.46.8的PC访问外网,正确的ACL规则是(11)。A.access-list 1 permit ip 192.168.46.00.0.0.255 any access-list 1 deny ip host 198.168.46.8 anyB.access-list 1 permit ip host 198.168.46.8 any access-list 1 deny ip 192.168.46.00.0.0.255 anyC.access-list 1 deny ip 192.168.46.00.0.0.255 any access-list 1 permit ip host 198.168.46.8 anyD.access-list 1 deny ip host 198.168.46.8 any access-list 1 permitip 192.168.46.00.0.0.255 any
查看答案
考题 封禁ICMP协议,只转发212.78.170.166/27所在子网的所有站点的ICMP数据包,正确的access-list配置是______。A) Router(config)#access-list 110 permit icmp 212.78.170.166 0.0.0.0 anyRouter(config)#access-list 110 deny icmp any anyRouter(config)#access-list 110 permit ip any anyB) Router(config)#access-list 110 permit icmp 212.78.170.0 255.255.255.224 anyRouter(config)#access-list 110 permit ip any anyRouter(config)#access-list 110 deny icmp any anyC) Router(config)#access-list 110 perimt iemp 212.78.170.0 0.0.0.255 anyRouter(config)#access-list 110 deny icmp any anyRouter(config)#access-list 110 permit ip any anyD) Router(config)#access-list 110 permit icmp 212.78.170.160 0.0.0.31 anyRouter(config)#access-list 110 deny icmp any anyRouter(config)#access-list 110 permit ip any anyA.B.C.D.
查看答案
考题 Cisco路由器执行show access-list命令显示如下一组控制列表信息:Standard IP acceSS list 30deny 127.0.0.0,wildcard bits 0.255.255.255deny 172.16.0.0,wiidcard bits 0.15.255.255permft any根据上述信息,正确的access-list配置是______。A) Router(config)#access-list 30 deny 127.0.0.0 255.255.255.0Router(config)#access-list 30 deny 172.16.0.0 255.240.0.0Router(config)#access-list 30 permit anyB) Router(config-std-nacl)#access-list 30 deny 127.0.0.0 0.255.255.255Router(config-std-nael)#access-list 30 deny 172.16.0.0 0.15.255.255Router(config-std-nacl)#access-list 30 permit anyC) Router(config)#access-list 30 deny 127.0.0.0 0.255.255.255Router(config)#access-list 30 deny 172.16.0.0 0.15.255.255Router(config)#access-list 30 permit anyD) Router(config)#access-list 30 deny 127.0.0.0 0.255.255.255Router(config)#access-list 30 permit anyRouter(config)#access-list 30 deny 172.16.0.0 0.15.255.255A.B.C.D.
查看答案
考题 访问控制表是防火墙实现安全管理的重要手段。完成下列访问控制列表(access-control-list)的配置内容,使内部所有主机不能访问外部IP地址段为202.117.12.0/24Web服务器。Firewall(config)access-list 100 deny tcp (11) 202.197.12.0 255.255.255.0 eq (12)(11)
查看答案
考题 请参照图5-1,在路由器上完成销售部网段NAT的部分配置。……Router(config)ip nat pool xiaoshou 61.246.100.99 61.246.100.99 netmask(7)!设置地址池!Router(config)access-list 2 permit(8)(9)!定义访问控制列表!Router(config)ip nat inside source list 2 pool xiaoshou!使用访问控制列表完成地址映射
查看答案
考题 【问题3】 (4分)补充完成下面的ACL语句,禁止内网用户192.168.1.254访问公司Web服务器和外网。Router(config)#access-list l deny (6)Router(config)#access-Iist l permit anyRouter(config)#interface ethernet 0/1Router(config-if)#ip access-group 1 (7)
查看答案
考题 【问题4】(3分)请说明下面这组ACL语句的功能。Router(config)#access-list 101 permit tcp any host 10.10.1.10 eq wwwRouter(config)#interface ethernet 0/0Router(config-if)#ip access-group 101 0ut
查看答案
考题 使用名字标识访问控制列表的配置方法,在Cisc0路由器的gO/3接口封禁端口号为1434的UDP数据包和端口号为4444的TCP数据包,正确的访问控制列表的配置是( )。A.Router(eonfig)#ip access-list extended WINSQLRouter(config-ext-nacl)#deny any any udp eq 1434Router(config-ext-nacl)#deny any any tcp eq 4444Router(config-ext-nacl)#permit ip any anyRouter(config-ext-nacl)#exitRouter(config)#interface gO/3Router(eonfig-if)#ip access-group WINSQL inRouter(config-if)#ip access-group WINSQL outB.Router(config)#ip access-list standard WINSQLRooter(config-std-nael)#deny udp any any eq 1434Router(config-std-nacl)#deny tcp any any eq4444Router(config-std-nacl)#permit ip any anyRouter(corffig-std-nacl)#exitRouter(config)#interface gO/3Router(config-if)#ip access-group WINSQL inRooter(config-if)#ip access-group WINSQL outC.Router(config)#ip access-list extended WINSQLRooter(config-ext-nacl)#permit ip any atlyRooter(config-ext-nac|)#deny udp eq l 434 any anyRouter(config-ext-nacl)#deny tcp eq 4444any any Router(config-ext-nacl)#exitRooter(config)#interface gO/3Router(config-if)#ip access-group WINSQL outD.Rooter(config)#ip access-list extended WINSQLRouter(config-ext-nacl)#deny udp any any eq 1434Router(config-ext-nac])#deny tcp any any eq4444Router(config-ext-nae])#permit ip any anyRouter(config-ext-nacl)#exitRouter(config)#interface gO/3Rooter(config-if)#ip access-group WINSQL inRouter(config-if)#ip access-group WINSQL out
查看答案
考题 阅读以下说明,回答问题1至问题3,将解答填入答题纸对应的解答栏内。 【说明】 某学校的网络拓扑结构图如图2-1所示。【问题1】(每空1分,共7分) 常用的 IP 访问控制列表有两种,它们是编号为(1)和 1300~1399 的标准访问控制列表和编为(2)和 2000~2699 的扩展访问控制列表、其中,标准访问控制列表是根据 IP 报的(3)来对 IP 报文进行过滤,扩展访问控制列表是根据 IP 报文的(4)、(5)、上层协议和时间等来对 IP 报文进行过滤。一般地,标准访问控制列表放置在靠近(6)的位置,扩展访问控制列表放置在靠近(7)的位置。 【问题2】(每空1分,共10分) 为保障安全,使用ACL对网络中的访问进行控制。访问控制的要求如下: (1)家属区不能访问财务服务器,但可以访问互联网; (2)学生宿舍区不能访问财务服务器,且在每天晚上18:00~24:00禁止访问互联网; (3)办公区可以访问财务服务器和互联网; (4)教学区禁止访问财务服务器,且每天8:00~18:00禁止访问互联网。 1.使用ACL对财务服务器进行访问控制,请将下面配置补充完整。 R1(config)access-list 1 (8) (9) 0.0.0.255 R1(config)access-Iist 1 deny 172.16.10.0 0.0.0.255 R1(config)access-list 1 deny 172.16.20.0 0.0.0.255 R1(config)access-Iist 1 deny (10) 0.0.0.255 Rl(config)mterface (11) R1(config-if)ip access-group 1 (12) 2.使用ACL对Internt进行访问控制,请将下面配置补充完整。 Route-Switch(config)time-range jxq ∥定义教学区时间范围 Route-Switch(config-tune-range) periodic daily (13) Route-Switch(config)time-range xsssq //定义学生宿舍区时间范围 Route-Switch(config-time-range)periodic (14) 18:00 t0 24:00 Route-Switch(config-time-range)exit Route-Switch(config)access-list 100 permit ip 172.16.10.0 0.0.0.255 any Route-Switch(config)access-list 100 permit ip 172.16.40.0 0.0.0.255 any Route-Switch(config)access-list 100 deny ip (15) 0.0.0.255 time-range jxq Route-Switch(corffig)access-list 100 deny ip (16) 0.0.0.255 time-range xsssq Route-Switch (config)interface (17) Route-Switch(config-if)ip access-group 100out 【问题3】(每空1分,共3分) 网络在运行过程中发现,家属区网络经常受到学生宿舍区网络的DDoS攻击,现对家属区网络和学生宿舍区网络之间的流量进行过滤,要求家属区网络可访问学生宿舍区网络,但学生宿舍区网络禁止访问家属区网络。 采用自反访问列表实现访问控制,请解释配置代码。 Route-Switch(config)ip access-hst extended infilter Route-Switch(config-ext-nacl)permit ip any 172.16.20.0 0.0.0.255 refiect jsq (18) Route-Switch(config-ext-nacl)exit Route-Switch(config)ip access-list extended outfilter Route-Switch(config-ext-nacl) evaluate jsq (19) Route-Switch(config-ext-nacl)exit Route-Switch(config)interface fastethernet 0/1 Route-Switch(config-if)ip access-group infilter in Route-Switch(config-if)ip access-group outfilter out //(20)
查看答案
考题 试题五(共15分)阅读以下说明,回答问题1至问题3,将解答填入答题纸对应的解答栏内。【说明】某单位网络的拓扑结构示意图如图5-1所示。该网络采用RIP协议,要求在R2上使用访问控制列表禁止网络192.168.20.0/24 上的主机访问网络192.168.10.0/24,在R3上使用访问控制列表禁止网络192.168.20.0/24上的主机访问 10.10.10.0/24上的Web服务,但允许其访问其他服务器。【问题1】(8分)下面是路由器Rl的部分配置,请根据题目要求,完成下列配置。......R1(config) interace Seria10R1config-if)ip address (1) (2)R1(config)ip routingR1(config) (3) (进入RIP协议配置子模式)R1 (config-router) (4) (声明网络192.168.1.0/24)【问题2】(3分)下面是路由器R2的部分配置,请根据题目要求,完成下列配置。R2 configtR2(config) access-list 50 deny 192.168.20.0 0.0.0.255R2(config) access-list 50 permit anyR2(config)interface (5)R2(config-if) ip access-group (6)_ ___(7)【问题3】(4分)1.下面是路由器R3的部分配置,请根据题目要求,完成下列配置。R3(confg) access-list 110 deny (8) 192.168.20.0 0.0.0.255 10.10.10.00.0.0.255 eq (9)R3(config) access-list 110 permit ip any any2.上述两条语句次序是否可以调整?简单说明理由。
查看答案
考题 该网络的Internet接入如图12-11所示:根据图12-11,解释以下配置命令,填写空格(9)~(12):1.Router(config) interface s0/02.router(config-if) ip address 61.235.1.1 255.255.255.252(9)3.router(config) ip route 0.0.0.0 0.0.0.0 s0/0(10)4.router(config) ip route 192.168.0.0 255.255.255.0 f0/0(11)5.router(config) access-list 100 deny any any eq telnet(12)
查看答案
考题 Which command is required to apply an access list on a virtual terminal line of a router?() A. Router(config-line)# access-class 10 inB. Router(config-if)# ip access-class 23 outC. Router(config-line)# access-group 15 outD. Router(config-if)# ip access-group 110 inE. Router(config-line)# access-list 150 inF. Router(config-if)# ip access-list 128 out
查看答案
考题 Which of the following access list statements would deny traffic from a specifichost?() A. Router(config)# access-list 1 deny 172.31.212.74 anyB. Router(config)# access-list 1 deny 10.6.111.48 hostC. Router(config)# access-list 1 deny 172.16.4.13 0.0.0.0D. Router(config)# access-list 1 deny 192.168.14.132 255.255.255.0E. Router(config)# access-list 1 deny 192.168.166.127 255.255.255.255
查看答案
考题 只封禁一台地址为193.62.40.230主机的access-list的正确配置是A.access-list 110 permit ip any any access-list 110 deny ip host 193.62.40.230 any access-list 110 deny ip any host 193.62.40.230B.access-list 110 deny ip host 193.62.40.230any access-list 110 deny ip any host 193.62.40.230 access-list 110 permit ip any anyC.access-list 110 deny ip host 193.62.40.230 any access-list 110 deny ip any host 193.62.40.230D.access-list 110 deny ip host 193.62.40.230 any access-list 110 permit ip any any access-list 110 deny ip any host 193.62.40.230
查看答案
考题 计费服务器的ip地址在192.168.1.0/24子网内,为了保证计费服务器的安全,不允许任何用户telnet到该服务器,则需要配置的访问列表条目为:()A、access-list  11 deny  tcp 192.168.1.0   0.0.0.255 eq telnet/access-list 111 permit ip any anyB、access-list  111 deny  tcp any  192.168.1.0   eq telnet/access-list 111 permit ip any anyC、access-list  111 deny udp 192.168.1.0   0.0.0.255 eq telnet/access-list 111 permit ip any anyD、access-list  111 deny  tcp any  192.168.1.0   0.0.0.255 eq telnet/access-list 111 permit ip any any
查看答案
考题 Which of the following access list statements would deny traffic from a specifichost?()A、Router(config)# access-list 1 deny 172.31.212.74 anyB、Router(config)# access-list 1 deny 10.6.111.48 hostC、Router(config)# access-list 1 deny 172.16.4.13 0.0.0.0D、Router(config)# access-list 1 deny 192.168.14.132 255.255.255.0E、Router(config)# access-list 1 deny 192.168.166.127 255.255.255.255
查看答案
考题 Which command is required to apply an access list on a virtual terminal line of a router?()A、Router(config-line)# access-class 10 inB、Router(config-if)# ip access-class 23 outC、Router(config-line)# access-group 15 outD、Router(config-if)# ip access-group 110 inE、Router(config-line)# access-list 150 inF、Router(config-if)# ip access-list 128 out
查看答案
考题 填空题要限制源地址为10.0.0.16到10.0.0.31之间的网络主机访问目标地址,则访问列表ACL配置语句为: router(Config)#ip access-list 99 deny() router(Config)#ip access-list 99()any
查看答案
热门标签
最新试卷