仅允许HTTP流量进入网络196.15.7.0,下面命令错误的是()。A、access-list 100 permit tcp any 196.15.7.0 0.0.0.255 eq wwwB、access-list 10 deny tcp any 196.15.7.0 eq wwwC、access-list 100 permit 196.15.7.0 0.0.0.255 eq wwwD、access-list 110 permit ip any 196.15.7.0 0.0.0.255E、access-

题目

仅允许HTTP流量进入网络196.15.7.0,下面命令错误的是()。

  • A、access-list 100 permit tcp any 196.15.7.0 0.0.0.255 eq www
  • B、access-list 10 deny tcp any 196.15.7.0 eq www
  • C、access-list 100 permit 196.15.7.0 0.0.0.255 eq www
  • D、access-list 110 permit ip any 196.15.7.0 0.0.0.255
  • E、access-list 110 permit www 196.15.7.0 0.0.0.255
相似考题

1.(22)下面的访问控制列表中,( )禁止所有TELNET访问子网10.10.1.0/24。A) access-list 15 deny udp any 10.10.1.0 255.255 255.0 eq 23B) access-list 115 deny tcp any 10.10.1.0 0.0.0.255 eq 23C) access-list 115 deny udp any 10.10.1.0 eq telnetD) access-list 15 deny telnet any 10.10.1.0 0.0.0.255 eq 23

2.定义一个用于封禁ICMP协议而只允许转发166.129.130.0/24子网的ICMP数据包的访问控制列表,Cisco路由器的正确配置是A.access-list 198 permit icmp 166.129.130.0 255.255.255.0 any access-list 198 deny icmp any any access-list 198 permit ip any anyB.access-list 198 permit icmp 166.129.130.0 0.0.0.255 any access-list 198 deny icmp any any access-list 198 permit ip any anyC.access-list 99 permit icmp 166.129.130:0 0.0.0.255 any access-list 99 deny icnip any any access-list 99 permit ip any anyD.access-list 100 permit icmp 166.129.130.0 0.0.0.255 any access-list 100 permit ip any any access-list 100 deny icmp any any

3.● 以下 ACL 语句中,含义为“允许 172.168.0.0/24 网段所有 PC 访问 10.1.0.10 中的FTP 服务”的是(42) 。(42)A. access-list 101 deny tcp 172.168.0.0 0.0.0.255 host 10.1.0.10 eq ftpB. access-list 101 permit tcp 172.168.0.0 0.0.0.255 host 10.1.0.10 eq ftpC. access-list 101 deny tcp host 10.1.0.10 172.168.0.0 0.0.0.255 eq ftpD. access-list 101 permit tcp host 10.1.0.10 172.168.0.0 0.0.0.255 eq ftp

4.拒绝转发所有IP地址进与出方向的、端口号为1434的UDP和端口号为4444的TCP数据包,下列正确的access-list配置是A)Router (config)#access-list 30 deny udp any any eq 1434Router (config)#access-list 30 deny tcp any any eq 4444Router (config)#access-list 30 permit ip any anyB)Router (config)#access-list 130 deny udp any any eq 1434Router (config)#access-list 130 deny tcp any any eq 4444Router (config)#access-list 130 permit ip any anyC)Router (config)#access-list 110 deny any any udp eq 1434Router (config)#access-list 110 deny any any tcp eq 4444Router (config)#access-list 110 permit ip any anyD)Router (config)#access-list 150 deny udp ep 1434 any anyRouter (config)#access-list 150 deny tcp ep 4444 any anyRouter (config)#access-list 150 permit ip any any

参考答案和解析
正确答案:B,C,D,E
更多“仅允许HTTP流量进入网络196.15.7.0,下面命令错误的是()。A、access-list 100 permit tcp any 196.15.7.0 0.0.0.255 eq wwwB、access-list 10 deny tcp any 196.15.7.0 eq wwwC、access-list 100 permit 196.15.7.0 0.0.0.255 eq wwwD、access-list 110 permit ip any 196.15.7.0 0.0.0.255E、access-”相关问题

  • 第1题:

    若要求路由器的某接口上只封禁ICMP协议,但允许159.67.183.0/24子网的ICMP数据包通过,那么使用的access-list命令是______。

    A.access-list 120 deny icmp 159.67.183.0 0.0.0.255 any access-list 120 permit ip any any

    B.access-list 10 permit icmp 159.67.183.0 0.0.0.255 any access-list 10 deny icmp any any access-list 10 permit ip any any

    C.access-list 99 permit icmp 159.67.183.0 0.0.0.255 any access-list 99 deny icmp any any

    D.access-list 110 permit icmp 159.67.183.0 0.0.0.255 any access-list 110 deny icmp any any access-list 110 permit ip any any


    正确答案:D
    解析:依题意,允许159.67.183.0/24子网的ICMP数据包通过该路由器的某接口,相应的配置语句是:access-list 110 permit icmp 159.67.183.0 0.0.0.255 any。
      注意到题目“在该路由器接口上只封禁ICMP协议”中“只”字的要求,需要先使用命令access-list 110 deny icmp any any,再使用命令access-list 110 permit ip any any才能完成这一要求。
      选项A中的“access-list 120 deny icmp 159.67.183.0 0.0.0.255 any”表示,禁止159.67.183.0/24子网的ICMP数据包通过,因此选项A不符合题意要求。
      选项B中的“10”和选项C中的“99”都是标准访问控制列表的表号,而标准访问控制列表的配置命令是access-list access-list-number {permit|deny} source-address wildcard-mask。而选项B和选项C的配置语句中包含了目的IP地址范围(any),不符合标准访问控制列表的语法格式,因此可排除选项B和选项C。

  • 第2题:

    Which one of the access control list statements below will deny all telnet connections to subnet 10.10.1.0/24?()

    A. access-list 15 deny telnet any 10.10.1.0 0.0.0.255 eq 23

    B. access-list 115 deny udp any 10.10.1.0 eq telnet

    C. access-list 15 deny tcp 10.10.1.0 255.255.255.0 eq telnet

    D. access-list 115 deny tcp any 10.10.1.0 0.0.0.255 eq 23

    E. access-list 15 deny udp any 10.10.1.0 255.255.255.0 eq 23


    参考答案:D

  • 第3题:

    A network administrator wants to add a line to an access list that will block only Telnet access by the hosts on subnet 192.168.1.128/28 to the server at 192.168.1.5. What command should be issued to accomplish this task?()

    A.access-list 101 deny tcp 192.168.1.128 0.0.0.15 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any

    B.access-list 101 deny tcp 192.168.1.128 0.0.0.240 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any

    C.access-list 1 deny tcp 192.168.1.128 0.0.0.255 192.168.1.5 0.0.0.0 eq 21 access-list 1 permit ip any any

    D.access-list 1 deny tcp 192.168.1.128 0.0.0.15 host 192.168.1.5 eq 23 access-list 1 permit ip any any


    参考答案:A

  • 第4题:

    Which one of the access control list statements below will deny all telnet connections to subnet 10.10.1.0/24?()

    • A、access-list 15 deny telnet any 10.10.1.0 0.0.0.255 eq 23
    • B、access-list 115 deny udp any 10.10.1.0 eq telnet
    • C、access-list 15 deny tcp 10.10.1.0 255.255.255.0 eq telnet
    • D、access-list 115 deny tcp any 10.10.1.0 0.0.0.255 eq 23
    • E、access-list 15 deny udp any 10.10.1.0 255.255.255.0 eq 23

    正确答案:D

  • 第5题:

    要创建一个扩展命名访问控制列表cisco,仅允许HTTP流量进入网络196.15.7.0/24,下面命令是错误的有()。

    • A、ip access-list extended cisco permit tcp any 196.15.7.0 0.0.0.255 eq www
    • B、ip access-list extended cisco deny tcp any 196.15.7.0 eq www
    • C、ip access-list extended cisco permit 196.15.7.0 0.0.0.255 eq www
    • D、ip access-list extended cisco permit ip any 196.15.7.0 0.0.0.255
    • E、ip access-list extended cisco permit www 196.15.7.0 0.0.0.255

    正确答案:B,C,D,E

  • 第6题:

    A network administrator wants to add a line to an access list that will block only Telnet access by the hosts on subnet 192.168.1.128/28 to the server at 192.168.1.5. What command should be issued to accomplish this task?()

    • A、access-list 101 deny tcp 192.168.1.128 0.0.015 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any
    • B、access-list 1 deny tcp 192.168.1.128 0.0.0.15 host 192.168.1.5 eq 23 access-list 1 permit ip any any
    • C、access-list 1 deny tcp 192.168.1.128 0.0.0.255 192.168.1.5 0.0.0.0 eq 21 access-list 1 permit ip any any
    • D、access-list 101 deny tcp 192.168.1.128 0.0.0.240 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any
    • E、access-list 101 deny ip 192.168.1.128 0.0.0.240 192.158.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any
    • F、access-list 101 deny ip 192.168.1.128 0.0.0.15 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any

    正确答案:A

  • 第7题:

    Which of the following IOS commands can detect whether the SQL slammer virus propagates in yournetworks?()

    • A、access-list 100 permit any any udp eq 1434
    • B、access-list 100 permit any any udp eq 1434 log
    • C、access-list 110 permit any any udp eq 69
    • D、access-list 110 permit any any udp eq 69 log
    • E、None of above.

    正确答案:B

  • 第8题:

    Which item represents the standard IPACL?()

    • A、access-list 50 deny 192.168.1.10.0.0.255
    • B、access-list 110 permit ip any any
    • C、access-list 2500 deny tcp any host 192.168.1.1 eq22
    • D、access-list 101 deny tcp any host 192.168.1.1

    正确答案:A

  • 第9题:

    Which item represents the standard IP ACL?()

    • A、access-list 50 deny 192.168.1.1 0.0.0.255
    • B、access-list 110 permit ip any any
    • C、access-list 2500 deny tcp any host 192.168.1.1 eq 22
    • D、access-list 101 deny tcp any host 192.168.1.1

    正确答案:A

  • 第10题:

    单选题
    计费服务器的ip地址在192.168.1.0/24子网内,为了保证计费服务器的安全,不允许任何用户telnet到该服务器,则需要配置的访问列表条目为:()
    A

    access-list  11 deny  tcp 192.168.1.0   0.0.0.255 eq telnet/access-list 111 permit ip any any

    B

    access-list  111 deny  tcp any  192.168.1.0   eq telnet/access-list 111 permit ip any any

    C

    access-list  111 deny udp 192.168.1.0   0.0.0.255 eq telnet/access-list 111 permit ip any any

    D

    access-list  111 deny  tcp any  192.168.1.0   0.0.0.255 eq telnet/access-list 111 permit ip any any


    正确答案: D
    解析: 暂无解析

  • 第11题:

    单选题
    A network administrator wants to add a line to an access list that will block only Telnet access by the hosts on subnet 192.168.1.128/28 to the server at 192.168.1.5. What command should be issued to accomplish this task?()
    A

    access-list 101 deny tcp 192.168.1.128 0.0.015 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any

    B

    access-list 1 deny tcp 192.168.1.128 0.0.0.15 host 192.168.1.5 eq 23 access-list 1 permit ip any any

    C

    access-list 1 deny tcp 192.168.1.128 0.0.0.255 192.168.1.5 0.0.0.0 eq 21 access-list 1 permit ip any any

    D

    access-list 101 deny tcp 192.168.1.128 0.0.0.240 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any

    E

    access-list 101 deny ip 192.168.1.128 0.0.0.240 192.158.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any

    F

    access-list 101 deny ip 192.168.1.128 0.0.0.15 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any


    正确答案: A
    解析: 暂无解析

  • 第12题:

    多选题
    要创建一个扩展命名访问控制列表cisco,仅允许HTTP流量进入网络196.15.7.0/24,下面命令是错误的有()。
    A

    ip access-list extended cisco permit tcp any 196.15.7.0 0.0.0.255 eq www

    B

    ip access-list extended cisco deny tcp any 196.15.7.0 eq www

    C

    ip access-list extended cisco permit 196.15.7.0 0.0.0.255 eq www

    D

    ip access-list extended cisco permit ip any 196.15.7.0 0.0.0.255

    E

    ip access-list extended cisco permit www 196.15.7.0 0.0.0.255


    正确答案: E,D
    解析: 暂无解析

  • 第13题:

    请参见图示。公司的新安全策略允许来自工程部LAN的所有IP流量访问Internet,但对于来自营销部LAN的流量,则只允许其中的web流量访问Internet。为实施新的安全策略,可在营销部路由器的Serial0/1接口的出站方向上应用哪一ACL()

    A.access-list 197 permit ip 192.0.2.0 0.0.0.255 any access-list 197 permit ip 198.18.112.0 0.0.0.255 any eq www

    B.access-list 165 permit ip 192.0.2.0 0.0.0.255 any access-list 165 permit tcp 198.18.112.0 0.0.0.255 any eq www access-list 165 permit ip any any

    C.access-list 137 permit ip 192.0.2.0 0.0.0.255 any access-list 137 permit tcp 198.18.112.0 0.0.0.255 any eq www

    D.access-list 89 permit 192.0.2.0 0.0.0.255 any access-list 89 permit tcp 198.18.112.0 0.0.0.255 any eq www


    正确答案:C

  • 第14题:

    On the Hong Kong router an access list is needed that will accomplish the following:1. Allow a Telnet connection to the HR Server through the Internet2. Allow internet HTTP traffic to access the webserver3. Block any other traffic from the internet to everything elseWhich of the following access list statements are capable of accomplishing thesethree goals?()

    A. access-list 101 permit tcp any 172.17.18.252 0.0.0.0 eq 80

    B. access-list 1 permit tcp any 172.17.17.252 0.0.0.0 eq 23

    C. access-list 101 permit tcp 172.17.17.252 0.0.0.0 any eq 23

    D. access-list 101 deny tcp any 172.17.17.252 0.0.0.0 eq 23

    E. access-list 101 deny tcp any 172.17.18.252 0.0.0.0 eq 80

    F. access-list 101 permit tcp any 172.17.17.252 0.0.0.0 eq 23


    参考答案:A, F

  • 第15题:

    下面 ACL 语句中,准备表达“允许访问服务器 202.110.10.1 的 WWW 服务”的是()。




    A. access-list 101 permit any 202.110.10.1
    B. access-list 101 permit tcp any host 202.110.10.1 eq www
    C. access-list 101 deny any 202.110.10.1
    D. access-list 101 deny tcp any host 202.110.10.1 eq www

    答案:B
    解析:

  • 第16题:

    计费服务器的ip地址在192.168.1.0/24子网内,为了保证计费服务器的安全,不允许任何用户telnet到该服务器,则需要配置的访问列表条目为:()

    • A、access-list  11 deny  tcp 192.168.1.0   0.0.0.255 eq telnet/access-list 111 permit ip any any
    • B、access-list  111 deny  tcp any  192.168.1.0   eq telnet/access-list 111 permit ip any any
    • C、access-list  111 deny udp 192.168.1.0   0.0.0.255 eq telnet/access-list 111 permit ip any any
    • D、access-list  111 deny  tcp any  192.168.1.0   0.0.0.255 eq telnet/access-list 111 permit ip any any

    正确答案:D

  • 第17题:

    仅仅允许到主机1.1.1.1的SMTP邮件服务的命令是()。

    • A、access-list 10 permit smtp host 1.1.1.1
    • B、access-list 110 permit ip smtp host 1.1.1.1
    • C、access-list 10 permit tcp any host 1.1.1.1 eq smtp
    • D、access-list 110 permit tcp any host 1.1.1.1 eq smtp

    正确答案:D

  • 第18题:

    On the Hong Kong router an access list is needed that will accomplish the following:1. Allow a Telnet connection to the HR Server through the Internet2. Allow internet HTTP traffic to access the webserver3. Block any other traffic from the internet to everything elseWhich of the following access list statements are capable of accomplishing thesethree goals?()

    • A、access-list 101 permit tcp any 172.17.18.252 0.0.0.0 eq 80
    • B、access-list 1 permit tcp any 172.17.17.252 0.0.0.0 eq 23
    • C、access-list 101 permit tcp 172.17.17.252 0.0.0.0 any eq 23
    • D、access-list 101 deny tcp any 172.17.17.252 0.0.0.0 eq 23
    • E、access-list 101 deny tcp any 172.17.18.252 0.0.0.0 eq 80
    • F、access-list 101 permit tcp any 172.17.17.252 0.0.0.0 eq 23

    正确答案:A,F

  • 第19题:

    A network administrator wants to add a line to an access list that will block only Telnet access by the hosts on subnet 192.168.1.128/28 to the server at 192.168.1.5.What command should be issued to accomplish this task?()

    • A、access-list 101 deny tcp192.168.1.1280.0.0.15192.168.1.50.0.0.0eq23 access-list 101 permit ip any any
    • B、access-list 101 deny tcp192.168.1.1280.0.0.240192.168.1.50.0.0.0eq23 access-list101permit ip any any
    • C、access-list 1 deny tcp192.168.1.1280.0.0.255192.168.1.50.0.0.0eq21 access-list1permit ip any any
    • D、access-list 1 deny tcp192.168.1.1280.0.0.15host192.168.1.5eq23 access-list1permit ip any any

    正确答案:A

  • 第20题:

    哪个选项代表了标准的IP ACL?()

    • A、 access-list 50 deny 192.168.1.1 0.0.0.255
    • B、 access-list 110 permit ip any any
    • C、 access-list 2500 deny tcp any host 192.168.1.1 eq 22
    • D、 access-list 101 deny tcp any host 192.168.1.1

    正确答案:C

  • 第21题:

    A network administrator wants to add a line to an access list that will block only Telnet access by the hosts on subnet 192.168.1.128/28 to the server at 192.168.1.5. What command should be issued to accomplish this task?()

    • A、access-list 101 deny tcp 192.168.1.128 0.0.0.15 192.168.1.5 0.0.0.0 eq 23  access-list 101 permit ip any any
    • B、access-list 101 deny tcp 192.168.1.128 0.0.0.240 192.168.1.5 0.0.0.0 eq 23  access-list 101 permit ip any any
    • C、access-list 1 deny tcp 192.168.1.128 0.0.0.255 192.168.1.5 0.0.0.0 eq 21  access-list 1 permit ip any any
    • D、access-list 1 deny tcp 192.168.1.128 0.0.0.15 host 192.168.1.5 eq 23  access-list 1 permit ip any any

    正确答案:A

  • 第22题:

    单选题
    哪个选项代表了标准的IP ACL?()
    A

     access-list 50 deny 192.168.1.1 0.0.0.255

    B

     access-list 110 permit ip any any

    C

     access-list 2500 deny tcp any host 192.168.1.1 eq 22

    D

     access-list 101 deny tcp any host 192.168.1.1


    正确答案: D
    解析: 暂无解析

  • 第23题:

    多选题
    仅允许HTTP流量进入网络196.15.7.0,下面命令错误的是()。
    A

    access-list 100 permit tcp any 196.15.7.0 0.0.0.255 eq www

    B

    access-list 10 deny tcp any 196.15.7.0 eq www

    C

    access-list 100 permit 196.15.7.0 0.0.0.255 eq www

    D

    access-list 110 permit ip any 196.15.7.0 0.0.0.255

    E

    access-list 110 permit www 196.15.7.0 0.0.0.255


    正确答案: C,B
    解析: 暂无解析

相关内容