以下的访问控制列表中,()禁止所有Telnet访问子网10.10.1.0/24。A、access-list 15deny telnet any 10.10.1.0  0.0.0.255 eq 23B、access-listl  l5 denyu卸any l0.10.1.0 eq telnetC、access-list 115deny tcp any 10.10.1.0  0.0.0.255 eq 23D、access-list 15deny udp any 10.10.1.0  255.255.255.0

题目

以下的访问控制列表中,()禁止所有Telnet访问子网10.10.1.0/24。

  • A、access-list 15deny telnet any 10.10.1.0  0.0.0.255 eq 23
  • B、access-listl  l5 denyu卸any l0.10.1.0 eq telnet
  • C、access-list 115deny tcp any 10.10.1.0  0.0.0.255 eq 23
  • D、access-list 15deny udp any 10.10.1.0  255.255.255.0 eq 23
相似考题

1.(22)下面的访问控制列表中,( )禁止所有TELNET访问子网10.10.1.0/24。A) access-list 15 deny udp any 10.10.1.0 255.255 255.0 eq 23B) access-list 115 deny tcp any 10.10.1.0 0.0.0.255 eq 23C) access-list 115 deny udp any 10.10.1.0 eq telnetD) access-list 15 deny telnet any 10.10.1.0 0.0.0.255 eq 23

2.定义一个用于封禁ICMP协议而只允许转发166.129.130.0/24子网的ICMP数据包的访问控制列表,Cisco路由器的正确配置是A.access-list 198 permit icmp 166.129.130.0 255.255.255.0 any access-list 198 deny icmp any any access-list 198 permit ip any anyB.access-list 198 permit icmp 166.129.130.0 0.0.0.255 any access-list 198 deny icmp any any access-list 198 permit ip any anyC.access-list 99 permit icmp 166.129.130:0 0.0.0.255 any access-list 99 deny icnip any any access-list 99 permit ip any anyD.access-list 100 permit icmp 166.129.130.0 0.0.0.255 any access-list 100 permit ip any any access-list 100 deny icmp any any

3.以下的访问控制列表中,——禁止所有Telnet访问子网17.5.1.0/24。A.access—list 15 deny udp any 17.5.1.0 255.255.255.0 eq 23B.access—list 15 deny telnet any 17.5.1.0 255.255.255.0 eq 23C.access—list 15 deny tcp any 17.5.1.0 255.255.255.0 eq 23D.access—listl 15 deny any 17.5.1.O 255.255.255.0 eq telnet

4.拒绝转发所有IP地址进与出方向的、端口号为1434的UDP和端口号为4444的TCP数据包,下列正确的access-list配置是A)Router (config)#access-list 30 deny udp any any eq 1434Router (config)#access-list 30 deny tcp any any eq 4444Router (config)#access-list 30 permit ip any anyB)Router (config)#access-list 130 deny udp any any eq 1434Router (config)#access-list 130 deny tcp any any eq 4444Router (config)#access-list 130 permit ip any anyC)Router (config)#access-list 110 deny any any udp eq 1434Router (config)#access-list 110 deny any any tcp eq 4444Router (config)#access-list 110 permit ip any anyD)Router (config)#access-list 150 deny udp ep 1434 any anyRouter (config)#access-list 150 deny tcp ep 4444 any anyRouter (config)#access-list 150 permit ip any any

更多“以下的访问控制列表中,()禁止所有Telnet访问子网10.10.1.0/24。A、access-list 15deny telnet any 10.10.1.0  0.0.0.255 eq 23B、access-listl  l5 denyu卸any l0.10.1.0 eq telnetC、access-list 115deny tcp any 10.10.1.0  0.0.0.255 eq 23D、access-list 15deny udp any 10.10.1.0  255.255.255.0”相关问题

  • 第1题:

    以下的访问控制列表中,()禁止所有Telnet访问子网10.10.1.0/24。

    A.access-list15denytelnetany10.10.1.00.0.0.255eq23

    B.access-listll5denyu卸anyl0.10.1.0eqtelnet

    C.access-list115denytcpany10.10.1.00.0.0.255eq23

    D.access-list15denyudpany10.10.1.0255.255.255.0eq23


    参考答案:C

  • 第2题:

    以下的访问控制列表中,(51)禁止所有Telnet访问子网10.10.1.0/24。

    A.access-list 15 deny telnet any 10.10.1.0 0.0.0.255 eq 23

    B.access-list 115 deny udp any 10.10.1.0 eq telnet

    C.access-list 115 deny top any 10.10.1.0 0.0.0.255 eq 23

    D.access-list 15 deny udp any 10.10.1.0 255.255.255.0 eq 23


    正确答案:C
    解析:根据对数据包的检查过程,ACL分为两种。
      . 标准ACL:只检查网络层协议数据单元,根据源地址来过滤数据包,标准ACL的编号为1~99,执行过程如下图所示。
     
      . 扩展ACL:根据网络层的源地址和目标地址、以及传输层信息(协议,端口号等)检查数据包,比标准ACL更灵活。例如,可以允许FTP访问通过,而不允许Telnet通过。扩展ACL的编号为100~199,其执行过程下图所示。
     
      答案C是一条扩展ACL语句,由于Telnet的UDP端口号是23,按照ACL的语法,这条语句禁止 Telnet 访问子网10.10.1.0/24。注意,在ACL语句中使用了反掩码 255.255.255.0。

  • 第3题:

    请参见图示。公司的新安全策略允许来自工程部LAN的所有IP流量访问Internet,但对于来自营销部LAN的流量,则只允许其中的web流量访问Internet。为实施新的安全策略,可在营销部路由器的Serial0/1接口的出站方向上应用哪一ACL()

    A.access-list 197 permit ip 192.0.2.0 0.0.0.255 any access-list 197 permit ip 198.18.112.0 0.0.0.255 any eq www

    B.access-list 165 permit ip 192.0.2.0 0.0.0.255 any access-list 165 permit tcp 198.18.112.0 0.0.0.255 any eq www access-list 165 permit ip any any

    C.access-list 137 permit ip 192.0.2.0 0.0.0.255 any access-list 137 permit tcp 198.18.112.0 0.0.0.255 any eq www

    D.access-list 89 permit 192.0.2.0 0.0.0.255 any access-list 89 permit tcp 198.18.112.0 0.0.0.255 any eq www


    正确答案:C

  • 第4题:

    Which one of the access control list statements below will deny all telnet connections to subnet 10.10.1.0/24?()

    A. access-list 15 deny telnet any 10.10.1.0 0.0.0.255 eq 23

    B. access-list 115 deny udp any 10.10.1.0 eq telnet

    C. access-list 15 deny tcp 10.10.1.0 255.255.255.0 eq telnet

    D. access-list 115 deny tcp any 10.10.1.0 0.0.0.255 eq 23

    E. access-list 15 deny udp any 10.10.1.0 255.255.255.0 eq 23


    参考答案:D

  • 第5题:

    A network administrator wants to add a line to an access list that will block only Telnet access by the hosts on subnet 192.168.1.128/28 to the server at 192.168.1.5. What command should be issued to accomplish this task?()

    A.access-list 101 deny tcp 192.168.1.128 0.0.0.15 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any

    B.access-list 101 deny tcp 192.168.1.128 0.0.0.240 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any

    C.access-list 1 deny tcp 192.168.1.128 0.0.0.255 192.168.1.5 0.0.0.0 eq 21 access-list 1 permit ip any any

    D.access-list 1 deny tcp 192.168.1.128 0.0.0.15 host 192.168.1.5 eq 23 access-list 1 permit ip any any


    参考答案:A

  • 第6题:

    计费服务器的ip地址在192.168.1.0/24子网内,为了保证计费服务器的安全,不允许任何用户telnet到该服务器,则需要配置的访问列表条目为:()

    • A、access-list  11 deny  tcp 192.168.1.0   0.0.0.255 eq telnet/access-list 111 permit ip any any
    • B、access-list  111 deny  tcp any  192.168.1.0   eq telnet/access-list 111 permit ip any any
    • C、access-list  111 deny udp 192.168.1.0   0.0.0.255 eq telnet/access-list 111 permit ip any any
    • D、access-list  111 deny  tcp any  192.168.1.0   0.0.0.255 eq telnet/access-list 111 permit ip any any

    正确答案:D

  • 第7题:

    仅允许HTTP流量进入网络196.15.7.0,下面命令错误的是()。

    • A、access-list 100 permit tcp any 196.15.7.0 0.0.0.255 eq www
    • B、access-list 10 deny tcp any 196.15.7.0 eq www
    • C、access-list 100 permit 196.15.7.0 0.0.0.255 eq www
    • D、access-list 110 permit ip any 196.15.7.0 0.0.0.255
    • E、access-list 110 permit www 196.15.7.0 0.0.0.255

    正确答案:B,C,D,E

  • 第8题:

    On the Hong Kong router an access list is needed that will accomplish the following:1. Allow a Telnet connection to the HR Server through the Internet2. Allow internet HTTP traffic to access the webserver3. Block any other traffic from the internet to everything elseWhich of the following access list statements are capable of accomplishing thesethree goals?()

    • A、access-list 101 permit tcp any 172.17.18.252 0.0.0.0 eq 80
    • B、access-list 1 permit tcp any 172.17.17.252 0.0.0.0 eq 23
    • C、access-list 101 permit tcp 172.17.17.252 0.0.0.0 any eq 23
    • D、access-list 101 deny tcp any 172.17.17.252 0.0.0.0 eq 23
    • E、access-list 101 deny tcp any 172.17.18.252 0.0.0.0 eq 80
    • F、access-list 101 permit tcp any 172.17.17.252 0.0.0.0 eq 23

    正确答案:A,F

  • 第9题:

    哪个选项代表了标准的IP ACL?()

    • A、 access-list 50 deny 192.168.1.1 0.0.0.255
    • B、 access-list 110 permit ip any any
    • C、 access-list 2500 deny tcp any host 192.168.1.1 eq 22
    • D、 access-list 101 deny tcp any host 192.168.1.1

    正确答案:C

  • 第10题:

    A network administrator wants to add a line to an access list that will block only Telnet access by the hosts on subnet 192.168.1.128/28 to the server at 192.168.1.5. What command should be issued to accomplish this task?()

    • A、access-list 101 deny tcp 192.168.1.128 0.0.0.15 192.168.1.5 0.0.0.0 eq 23  access-list 101 permit ip any any
    • B、access-list 101 deny tcp 192.168.1.128 0.0.0.240 192.168.1.5 0.0.0.0 eq 23  access-list 101 permit ip any any
    • C、access-list 1 deny tcp 192.168.1.128 0.0.0.255 192.168.1.5 0.0.0.0 eq 21  access-list 1 permit ip any any
    • D、access-list 1 deny tcp 192.168.1.128 0.0.0.15 host 192.168.1.5 eq 23  access-list 1 permit ip any any

    正确答案:A

  • 第11题:

    单选题
    A network administrator wants to add a line to an access list that will block only Telnet access by the hosts on subnet 192.168.1.128/28 to the server at 192.168.1.5. What command should be issued to accomplish this task?()
    A

    access-list 101 deny tcp 192.168.1.128 0.0.015 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any

    B

    access-list 1 deny tcp 192.168.1.128 0.0.0.15 host 192.168.1.5 eq 23 access-list 1 permit ip any any

    C

    access-list 1 deny tcp 192.168.1.128 0.0.0.255 192.168.1.5 0.0.0.0 eq 21 access-list 1 permit ip any any

    D

    access-list 101 deny tcp 192.168.1.128 0.0.0.240 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any

    E

    access-list 101 deny ip 192.168.1.128 0.0.0.240 192.158.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any

    F

    access-list 101 deny ip 192.168.1.128 0.0.0.15 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any


    正确答案: A
    解析: 暂无解析

  • 第12题:

    单选题
    Which one of the access control list statements below will deny all telnet connections to subnet 10.10.1.0/24?()
    A

    access-list 15 deny telnet any 10.10.1.0 0.0.0.255 eq 23

    B

    access-list 115 deny udp any 10.10.1.0 eq telnet

    C

    access-list 15 deny tcp 10.10.1.0 255.255.255.0 eq telnet

    D

    access-list 115 deny tcp any 10.10.1.0 0.0.0.255 eq 23

    E

    access-list 15 deny udp any 10.10.1.0 255.255.255.0 eq 23


    正确答案: D
    解析: 暂无解析

  • 第13题:

    以下的访问控制列表中,(37)语句用于禁止所有Telnet访问子网192.168.10.0/24。

    A.access-list 15 deny telnet any 192.168.10.0 0.0.0.255 eq 23

    B.access-listl 15 deny udp any 192.168.10.0 eq telnet

    C.access-list 1 15 deny tcp any 192.168.10.0 0.0.0.255 eq 23

    D.access-list 15 deny udp any 192.168.10.0 255.255.255.0 eq 23


    正确答案:C
    解析:这是一条扩展ACL语句,注意语句中要使用反向掩码。另外telnet使用的是TCP23端口。因此,禁止所有Telnet访问子网192.168.10.0/24的配置命令是access-list115denytcpany192.168.10.00.0.0.255eq23。

  • 第14题:

    以下的访问控制列表中,(54)语句用于禁止所有对子网192.168.10.0/24的Telnet访问。

    A.access-list 15 deny telnet any 192.168.10.00.0.0.255 eq 23

    B.access-listl 15 deny udp any 192.168.10.0eq telnet

    C.access-list 1 15 deny tcp any 192.168.10.00.0.0.255eq23

    D.access-list 15 deny udp any 192.168.10.0255.255.255.0 eq 23


    正确答案:C
    解析:这是一条扩展ACL语句,注意语句中要使用反向掩码。另外Telnet使用的是TCP23端口。因此,禁止所有对子网192.168.10.0/24的Telnet访问的配置命令是选项C的access-list115denytcpany192.168.10.00.0.0.255eq23。

  • 第15题:

    利用扩展ACL禁止用户通过telnet访问子网202.112.111.0/24的命令是 (48) 。

    A.access-list 10 deny telnet any 202.112.110.0 0.0.0.255 eq 23

    B.access-list 110 deny udp any 202.112.110.0 eq telnet

    C.access-list 110 deny tcp any 202.112.110.0 0.0.0.255 eq23

    D.access-list 10 deny tcp any 202.112.110.0 255.255.255.0 eq23


    正确答案:C
    本题考查ACL配置命令的使用。首先,利用扩展ACL可排除A和D选项;其次B选项中使用了UDP.Telnet是基于TCP协议的,所以B选项错误。

  • 第16题:

    On the Hong Kong router an access list is needed that will accomplish the following:1. Allow a Telnet connection to the HR Server through the Internet2. Allow internet HTTP traffic to access the webserver3. Block any other traffic from the internet to everything elseWhich of the following access list statements are capable of accomplishing thesethree goals?()

    A. access-list 101 permit tcp any 172.17.18.252 0.0.0.0 eq 80

    B. access-list 1 permit tcp any 172.17.17.252 0.0.0.0 eq 23

    C. access-list 101 permit tcp 172.17.17.252 0.0.0.0 any eq 23

    D. access-list 101 deny tcp any 172.17.17.252 0.0.0.0 eq 23

    E. access-list 101 deny tcp any 172.17.18.252 0.0.0.0 eq 80

    F. access-list 101 permit tcp any 172.17.17.252 0.0.0.0 eq 23


    参考答案:A, F

  • 第17题:

    Which one of the access control list statements below will deny all telnet connections to subnet 10.10.1.0/24?()

    • A、access-list 15 deny telnet any 10.10.1.0 0.0.0.255 eq 23
    • B、access-list 115 deny udp any 10.10.1.0 eq telnet
    • C、access-list 15 deny tcp 10.10.1.0 255.255.255.0 eq telnet
    • D、access-list 115 deny tcp any 10.10.1.0 0.0.0.255 eq 23
    • E、access-list 15 deny udp any 10.10.1.0 255.255.255.0 eq 23

    正确答案:D

  • 第18题:

    要创建一个扩展命名访问控制列表cisco,仅允许HTTP流量进入网络196.15.7.0/24,下面命令是错误的有()。

    • A、ip access-list extended cisco permit tcp any 196.15.7.0 0.0.0.255 eq www
    • B、ip access-list extended cisco deny tcp any 196.15.7.0 eq www
    • C、ip access-list extended cisco permit 196.15.7.0 0.0.0.255 eq www
    • D、ip access-list extended cisco permit ip any 196.15.7.0 0.0.0.255
    • E、ip access-list extended cisco permit www 196.15.7.0 0.0.0.255

    正确答案:B,C,D,E

  • 第19题:

    A network administrator wants to add a line to an access list that will block only Telnet access by the hosts on subnet 192.168.1.128/28 to the server at 192.168.1.5. What command should be issued to accomplish this task?()

    • A、access-list 101 deny tcp 192.168.1.128 0.0.015 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any
    • B、access-list 1 deny tcp 192.168.1.128 0.0.0.15 host 192.168.1.5 eq 23 access-list 1 permit ip any any
    • C、access-list 1 deny tcp 192.168.1.128 0.0.0.255 192.168.1.5 0.0.0.0 eq 21 access-list 1 permit ip any any
    • D、access-list 101 deny tcp 192.168.1.128 0.0.0.240 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any
    • E、access-list 101 deny ip 192.168.1.128 0.0.0.240 192.158.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any
    • F、access-list 101 deny ip 192.168.1.128 0.0.0.15 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any

    正确答案:A

  • 第20题:

    Which of the following IOS commands can detect whether the SQL slammer virus propagates in yournetworks?()

    • A、access-list 100 permit any any udp eq 1434
    • B、access-list 100 permit any any udp eq 1434 log
    • C、access-list 110 permit any any udp eq 69
    • D、access-list 110 permit any any udp eq 69 log
    • E、None of above.

    正确答案:B

  • 第21题:

    Which item represents the standard IP ACL?()

    • A、access-list 50 deny 192.168.1.1 0.0.0.255
    • B、access-list 110 permit ip any any
    • C、access-list 2500 deny tcp any host 192.168.1.1 eq 22
    • D、access-list 101 deny tcp any host 192.168.1.1

    正确答案:A

  • 第22题:

    单选题
    计费服务器的ip地址在192.168.1.0/24子网内,为了保证计费服务器的安全,不允许任何用户telnet到该服务器,则需要配置的访问列表条目为:()
    A

    access-list  11 deny  tcp 192.168.1.0   0.0.0.255 eq telnet/access-list 111 permit ip any any

    B

    access-list  111 deny  tcp any  192.168.1.0   eq telnet/access-list 111 permit ip any any

    C

    access-list  111 deny udp 192.168.1.0   0.0.0.255 eq telnet/access-list 111 permit ip any any

    D

    access-list  111 deny  tcp any  192.168.1.0   0.0.0.255 eq telnet/access-list 111 permit ip any any


    正确答案: D
    解析: 暂无解析

  • 第23题:

    单选题
    以下的访问控制列表中,()禁止所有Telnet访问子网10.10.1.0/24。
    A

    access-list 15deny telnet any 10.10.1.0  0.0.0.255 eq 23

    B

    access-listl  l5 denyu卸any l0.10.1.0 eq telnet

    C

    access-list 115deny tcp any 10.10.1.0  0.0.0.255 eq 23

    D

    access-list 15deny udp any 10.10.1.0  255.255.255.0 eq 23


    正确答案: A
    解析: 暂无解析

相关内容