单选题下列高级ACL规则配置正确的有()。A rule permit ip icmp-type echoB rule permit ip source-port eq 1024C rule permit ip tos normal dscp efD rule permit udp time-range udp
题目
rule permit ip icmp-type echo
rule permit ip source-port eq 1024
rule permit ip tos normal dscp ef
rule permit udp time-range udp
相似考题
更多“单选题下列高级ACL规则配置正确的有()。A rule permit ip icmp-type echoB rule permit ip source-port eq 1024C rule permit ip tos normal dscp efD rule permit udp time-range udp”相关问题
-
第1题:
A network administrator is configuring ACLs on a cisco router, to allow affic from hosts on networks 192.168.146.0,192.168.147.0,192.168.148.0 and 192.168.149.0 only.Which two ACL statements when combined are the best for accomplishing the task?()
A.access-list 10 permit ip 192.168.147.0 0.0.0.255.255
B.access-list 10 permit ip 192.168.149.0 0.0.0.255.255
C.access-list 10 permit ip 192.168.146.0 0.0.0.0.255
D.access-list 10 permit ip 192.168.146.0 0.0.1.255
E.access-list 10 permit ip 192.168.148.0 0.0.1.255
F.access-list 10 permit ip 192.168.146.0 255.255.255.0
参考答案:D, E
-
第2题:
下列选项中的哪些路由满足下面的ACL条件?()acl number 2001 Rule0permit source 10.1.1.00.0.254.255A.10.1.1.1/32
B.10.1.2.1/32
C.10.1.3.1/32
D.10.1.4.1/32
参考答案:A, C
-
第3题:
要创建一个扩展命名访问控制列表cisco,仅允许HTTP流量进入网络196.15.7.0/24,下面命令是错误的有()。
- A、ip access-list extended cisco permit tcp any 196.15.7.0 0.0.0.255 eq www
- B、ip access-list extended cisco deny tcp any 196.15.7.0 eq www
- C、ip access-list extended cisco permit 196.15.7.0 0.0.0.255 eq www
- D、ip access-list extended cisco permit ip any 196.15.7.0 0.0.0.255
- E、ip access-list extended cisco permit www 196.15.7.0 0.0.0.255
正确答案:B,C,D,E -
第4题:
Which of the following IOS commands can detect whether the SQL slammer virus propagates in yournetworks?()
- A、access-list 100 permit any any udp eq 1434
- B、access-list 100 permit any any udp eq 1434 log
- C、access-list 110 permit any any udp eq 69
- D、access-list 110 permit any any udp eq 69 log
- E、None of above.
正确答案:B -
第5题:
仅仅允许到主机1.1.1.1的SMTP邮件服务的命名访问控制列表语句是()。
- A、ip access-list standard cisco permit smtp host 1.1.1.1
- B、ip access-list extended cisco permit ip smtp host 1.1.1.1
- C、ip access-list standard cisco permit tcp any host 1.1.1.1 eq smtp
- D、ip access-list extended cisco permit tcp any host 1.1.1.1 eq smtp
正确答案:D -
第6题:
某公司的MSR路由器计划通过ISDN DCC拨号接入Internet,在路由器上有如下配置: [H3C] dialer-rule 1 ip deny [H3C] firewall default permit 在拨号接口下已经引用了此拨号访问控制列表dialer-rule 1,那么如下关于拨号的说法哪些是错误的?()
- A、任何IP数据包都不能触发拨号
- B、任何IP数据包都可以触发拨号
- C、TCP类型的数据包可以触发拨号
- D、UDP类型的数据包可以触发拨号
正确答案:B,C,D -
第7题:
在配置ISDN DCC的时候,客户在自己的MSR路由器上配置了如下的dialer-rule: [MSR] dialer-rule 1 acl 3000 那么关于此配置如下哪些说法正确?()
- A、只有匹配ACL 3000的数据包能触发拨号
- B、只有匹配ACL 3000的数据包会被路由器通过拨号链路发送
- C、没有定义permit或者deny,配置错误
- D、正确的配置应为:[MSR] dialer-rule 1 acl 3000 permit
正确答案:A -
第8题:
下列高级ACL规则配置正确的有()。
- A、rule permit ip icmp-type echo
- B、rule permit ip source-port eq 1024
- C、rule permit ip tos normal dscp ef
- D、rule permit udp time-range udp
正确答案:D -
第9题:
网络管理员是Cisco路由器上配置访问控制列表,允许来自只的网络192.168.146.0,192.168.147.0,192.168.148.0和192.168.149.0主机。哪个结合是最好的完成任务,当两个ACL语句?()
- A、 access-list 10 permit ip 192.168.147.0 0.0.0.255.255
- B、 access-list 10 permit ip 192.168.149.0 0.0.0.255.255
- C、 access-list 10 permit ip 192.168.146.0 0.0.0.0.255
- D、 access-list 10 permit ip 192.168.146.0 0.0.0.1.255
- E、 access-list 10 permit ip 192.168.148.0 0.0.0.1.255
- F、 access-list 10 permit ip 192.168.146.0 255.255.255.0
正确答案:D,E -
第10题:
单选题下面的访问控制列表命令正确的是()。Aacl1 rule deny source1.1.1.1
Bacl1 rule permit any
Cacl1 permit 1.1.1.102.2.2.20.0.0.255
Dacl99 rule deny tcp source any destination2.2.2.20.0.0.255
正确答案: A解析: 暂无解析 -
第11题:
单选题A network administrator wants to add a line to an access list that will block only Telnet access by the hosts on subnet 192.168.1.128/28 to the server at 192.168.1.5. What command should be issued to accomplish this task?()Aaccess-list 101 deny tcp 192.168.1.128 0.0.015 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any
Baccess-list 1 deny tcp 192.168.1.128 0.0.0.15 host 192.168.1.5 eq 23 access-list 1 permit ip any any
Caccess-list 1 deny tcp 192.168.1.128 0.0.0.255 192.168.1.5 0.0.0.0 eq 21 access-list 1 permit ip any any
Daccess-list 101 deny tcp 192.168.1.128 0.0.0.240 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any
Eaccess-list 101 deny ip 192.168.1.128 0.0.0.240 192.158.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any
Faccess-list 101 deny ip 192.168.1.128 0.0.0.15 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any
正确答案: A解析: 暂无解析 -
第12题:
单选题Which of the following IOS commands can detect whether the SQL slammer virus propagates in yournetworks?()Aaccess-list 100 permit any any udp eq 1434
Baccess-list 100 permit any any udp eq 1434 log
Caccess-list 110 permit any any udp eq 69
Daccess-list 110 permit any any udp eq 69 log
ENone of above.
正确答案: C解析: 暂无解析 -
第13题:
下面的访问控制列表命令正确的是()。A.acl1 rule deny source1.1.1.1
B.acl1 rule permit any
C.acl1 permit 1.1.1.102.2.2.20.0.0.255
D.acl99 rule deny tcp source any destination2.2.2.20.0.0.255
参考答案:A
-
第14题:
计费服务器的ip地址在192.168.1.0/24子网内,为了保证计费服务器的安全,不允许任何用户telnet到该服务器,则需要配置的访问列表条目为:()
- A、access-list 11 deny tcp 192.168.1.0 0.0.0.255 eq telnet/access-list 111 permit ip any any
- B、access-list 111 deny tcp any 192.168.1.0 eq telnet/access-list 111 permit ip any any
- C、access-list 111 deny udp 192.168.1.0 0.0.0.255 eq telnet/access-list 111 permit ip any any
- D、access-list 111 deny tcp any 192.168.1.0 0.0.0.255 eq telnet/access-list 111 permit ip any any
正确答案:D -
第15题:
在路由器MSR-1 上看到如下信息: [MSR-1]display acl 3000 Advanced ACL 3000, named -none-, 2 rules,ACL’s step is 5 rule 0 permit ip source 192.168.1.0 0.0.0.255 rule 10 deny ip (19 times matched) 该ACL 3000 已被应用在正确的接口以及方向上。据此可知()
- A、这是一个基本ACL(高级的)
- B、有数据包流匹配了规则rule 10
- C、至查看该信息时,还没有来自192.168.1.0/24网段的数据包匹配该ACL
- D、匹配规则rule 10的数据包可能是去往目的网段192.168.1.0/24的
正确答案:B,C,D -
第16题:
下面的访问控制列表命令正确的是()。
- A、acl1 rule deny source1.1.1.1
- B、acl1 rule permit any
- C、acl1 permit 1.1.1.102.2.2.20.0.0.255
- D、acl99 rule deny tcp source any destination2.2.2.20.0.0.255
正确答案:A -
第17题:
客户路由器的接口GigabitEthernet0/0 下连接了局域网主机HostA,其IP 地址为192.168.0.2/24;接口Serial6/0 接口连接远端,目前运行正常。现增加ACL 配置如下: firewall enable firewall default permit acl number 3003 rule 0 permit tcp rule 5 permit icmp acl number 2003 rule 0 deny source 192.168.0.0 0.0.0.255 interface GigabitEthernet0/0 firewall packet-filter 3003 inbound packet-filter 包过滤 firewall packet-filter 2003 outbound ip address 192.168.0.1 255.255.255.0 interface Serial6/0 link-protocol ppp ip address 6.6.6.2 255.255.255.0 假设其他相关配置都正确,那么()
- A、HostA不能ping通该路由器上的两个接口地址
- B、HostA不能ping通6.6.6.2,但是可以ping通192.168.0.1
- C、HostA不能ping通192.168.0.1,但是可以ping通6.6.6.2
- D、HostA可以Telnet到该路由器上
正确答案:C,D -
第18题:
在MSR路由器上配置了如下ACL: acl number 3999 rule permit tcp source 10.10.10.1 255.255.255.255 destination 20.20.20.1 0.0.0.0 time-range lucky 那么对于该ACL的理解正确的是()
- A、该rule只在lucky时间段内生效
- B、该rule只匹配来源于10.10.10.1的数据包
- C、该rule只匹配去往20.20.20.1的数据包
- D、该rule可以匹配来自于任意源网段的TCP数据包
- E、该rule可以匹配去往任意目的网段的TCP数据包
正确答案:A,C,D -
第19题:
在配置ISDNDCC的时候,客户在自己的MSR路由器上配置了如下的dialer-rule:[MSR]dialer-rule1acl3000那么关于此配置如下哪些说法正确?()
- A、只有匹配ACL3000的数据包能触发拨号
- B、只有匹配ACL3000的数据包会被路由器通过拨号链路发送
- C、没有定义permit或者deny,配置错误
- D、正确的配置应为:[MSR]dialer-rule1acl3000permit
正确答案:A -
第20题:
防火墙路由模式下,防火墙的接口地址为192.168.99.101,主机地址为192.168.99.102。以下配置中,能保证主机ping通防火墙接口地址的是()。
- A、# acl number 2005 rule 0 permit source192.168.99.1020 rule 1 deny source192.168.99.00.0.0.255#
- B、#acl number 2005 rule 0 deny source192.168.99.00.0.0.255 rule 1 permit source192.168.99.1020#
- C、#ac lnumber 2005 rule 0 deny source192.168.99.1020 rule 1 permit source192.168.99.00.0.0.255#
- D、#ac lnumber 2005 rule 0 permit source192.168.99.00.0.0.255 rule 1 deny source192.168.99.1020#
正确答案:A,C,D -
第21题:
单选题计费服务器的ip地址在192.168.1.0/24子网内,为了保证计费服务器的安全,不允许任何用户telnet到该服务器,则需要配置的访问列表条目为:()Aaccess-list 11 deny tcp 192.168.1.0 0.0.0.255 eq telnet/access-list 111 permit ip any any
Baccess-list 111 deny tcp any 192.168.1.0 eq telnet/access-list 111 permit ip any any
Caccess-list 111 deny udp 192.168.1.0 0.0.0.255 eq telnet/access-list 111 permit ip any any
Daccess-list 111 deny tcp any 192.168.1.0 0.0.0.255 eq telnet/access-list 111 permit ip any any
正确答案: D解析: 暂无解析 -
第22题:
多选题网络管理员是Cisco路由器上配置访问控制列表,允许来自只的网络192.168.146.0,192.168.147.0,192.168.148.0和192.168.149.0主机。哪个结合是最好的完成任务,当两个ACL语句?()Aaccess-list 10 permit ip 192.168.147.0 0.0.0.255.255
Baccess-list 10 permit ip 192.168.149.0 0.0.0.255.255
Caccess-list 10 permit ip 192.168.146.0 0.0.0.0.255
Daccess-list 10 permit ip 192.168.146.0 0.0.0.1.255
Eaccess-list 10 permit ip 192.168.148.0 0.0.0.1.255
Faccess-list 10 permit ip 192.168.146.0 255.255.255.0
正确答案: B,E解析: 暂无解析 -
第23题:
多选题A network administrator is configuring ACLs on a cisco router, to allow affic from hosts on networks 192.168.146.0,192.168.147.0,192.168.148.0 and 192.168.149.0 only.Which two ACL statements when combined are the best for accomplishing the task?()Aaccess-list 10 permit ip 192.168.147.0 0.0.0.255.255
Baccess-list 10 permit ip 192.168.149.0 0.0.0.255.255
Caccess-list 10 permit ip 192.168.146.0 0.0.0.0.255
Daccess-list 10 permit ip 192.168.146.0 0.0.1.255
Eaccess-list 10 permit ip 192.168.148.0 0.0.1.255
Faccess-list 10 permit ip 192.168.146.0 255.255.255.0
正确答案: E,D解析: 暂无解析