拒绝转发所有IP地址进与出方向的、端口号为1434的UDP和端口号为4444的TCP数据包,下列正确的access-list配置是A)Router (config)#access-list 30 deny udp any any eq 1434Router (config)#access-list 30 deny tcp any any eq 4444Router (config)#access-list 30 permit ip any anyB)Router (config)#access-list
题目
拒绝转发所有IP地址进与出方向的、端口号为1434的UDP和端口号为4444的TCP数据包,下列正确的access-list配置是
A)Router (config)#access-list 30 deny udp any any eq 1434
Router (config)#access-list 30 deny tcp any any eq 4444
Router (config)#access-list 30 permit ip any any
B)Router (config)#access-list 130 deny udp any any eq 1434
Router (config)#access-list 130 deny tcp any any eq 4444
Router (config)#access-list 130 permit ip any any
C)Router (config)#access-list 110 deny any any udp eq 1434
Router (config)#access-list 110 deny any any tcp eq 4444
Router (config)#access-list 110 permit ip any any
D)Router (config)#access-list 150 deny udp ep 1434 any any
Router (config)#access-list 150 deny tcp ep 4444 any any
Router (config)#access-list 150 permit ip any any
相似考题
参考答案和解析
A
解析:标准控制列表命令格式如下:
Router(config)#access-list access-list-number {permit or deny} protocol soure {soure-wildcard} log
注:access-list-number是访问控制列表号。permit是语句匹配时允许通过,deny是语句不匹配时,拒绝通过。soure是源IP地址,protocol 是值得数据包遵守的协议,也就是数据类型。soure-wildcard是通配符,log是可选项,生成有关分组匹配情况的日志消息,发到控制台。
题中
拒绝转发所有IP地址进与出方向的、端口号为1434的UDP数据包: deny udp any any eq 1434
拒绝转发所有IP地址进与出方向的、端口号为4444的TCP数据包: deny tcp any any eq 4444
允许其他端口和其他类型的数据包:permit ip any any
更多“拒绝转发所有IP地址进与出方向的、端口号为1434的UDP和端口号为4444的TCP数据包,下列正确的access-list配置是A)Router (config)#access-list 30 deny udp any any eq 1434Router (config)#access-list 30 deny tcp any any eq 4444Router (config)#access-list 30 permit ip any anyB)Router (config)#access-list ”相关问题
-
第1题:
封禁ICMP协议,只转发212.78.170.166/27所在子网的所有站点的ICMP数据包,正确的access-list配置是______。
A) Router(config)#access-list 110 permit icmp 212.78.170.166 0.0.0.0 any
Router(config)#access-list 110 deny icmp any any
Router(config)#access-list 110 permit ip any any
B) Router(config)#access-list 110 permit icmp 212.78.170.0 255.255.255.224 any
Router(config)#access-list 110 permit ip any any
Router(config)#access-list 110 deny icmp any any
C) Router(config)#access-list 110 perimt iemp 212.78.170.0 0.0.0.255 any
Router(config)#access-list 110 deny icmp any any
Router(config)#access-list 110 permit ip any any
D) Router(config)#access-list 110 permit icmp 212.78.170.160 0.0.0.31 any
Router(config)#access-list 110 deny icmp any any
Router(config)#access-list 110 permit ip any any
A.
B.
C.
D.
正确答案:D
-
第2题:
使用名字标识访问控制列表的配置方法,在Cisc0路由器的gO/3接口封禁端口号为1434的UDP数据包和端口号为4444的TCP数据包,正确的访问控制列表的配置是( )。
A.Router(eonfig)#ip access-list extended WINSQLRouter(config-ext-nacl)#deny any any udp eq 1434Router(config-ext-nacl)#deny any any tcp eq 4444Router(config-ext-nacl)#permit ip any anyRouter(config-ext-nacl)#exitRouter(config)#interface gO/3Router(eonfig-if)#ip access-group WINSQL inRouter(config-if)#ip access-group WINSQL out
B.Router(config)#ip access-list standard WINSQLRooter(config-std-nael)#deny udp any any eq 1434Router(config-std-nacl)#deny tcp any any eq4444Router(config-std-nacl)#permit ip any anyRouter(corffig-std-nacl)#exitRouter(config)#interface gO/3Router(config-if)#ip access-group WINSQL inRooter(config-if)#ip access-group WINSQL out
C.Router(config)#ip access-list extended WINSQLRooter(config-ext-nacl)#permit ip any atlyRooter(config-ext-nac|)#deny udp eq l 434 any anyRouter(config-ext-nacl)#deny tcp eq 4444any any Router(config-ext-nacl)#exitRooter(config)#interface gO/3Router(config-if)#ip access-group WINSQL out
D.Rooter(config)#ip access-list extended WINSQLRouter(config-ext-nacl)#deny udp any any eq 1434Router(config-ext-nac])#deny tcp any any eq4444Router(config-ext-nae])#permit ip any anyRouter(config-ext-nacl)#exitRouter(config)#interface gO/3Rooter(config-if)#ip access-group WINSQL inRouter(config-if)#ip access-group WINSQL out
正确答案:D
用名字标识访问控制列表的配置方法:全局配置模式:Router(config)#ipaccess-listextended<nalne>在扩展或标准访问控制模式下配置过滤准则:Router(config-ext-nacl)#permitIdenyprotocolsourcewild-card-maskdestinationwildcard-mask[operator][op-erand]拒绝转发端口号为1434的UDP数据包:denyudpanyanyeq1434拒绝转发端口号为4444的TCP数据包:denytcpanyanyeq4444允许其他端口和其他类型的数据包:permitipanyany退出全局配置模式:Router(eonfig-ext-nacl)#exit进入应用端口配置模:Router(config)#interfaces0/3允许其他IP数据包通过:Router(cortfig-if)#ipaccess-group<name>inIout。故D选项正确。 -
第3题:
A network administrator wants to add a line to an access list that will block only Telnet access by the hosts on subnet 192.168.1.128/28 to the server at 192.168.1.5. What command should be issued to accomplish this task?()
A.access-list 101 deny tcp 192.168.1.128 0.0.0.15 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any
B.access-list 101 deny tcp 192.168.1.128 0.0.0.240 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any
C.access-list 1 deny tcp 192.168.1.128 0.0.0.255 192.168.1.5 0.0.0.0 eq 21 access-list 1 permit ip any any
D.access-list 1 deny tcp 192.168.1.128 0.0.0.15 host 192.168.1.5 eq 23 access-list 1 permit ip any any
参考答案:A
-
第4题:
计费服务器的ip地址在192.168.1.0/24子网内,为了保证计费服务器的安全,不允许任何用户telnet到该服务器,则需要配置的访问列表条目为:()
- A、access-list 11 deny tcp 192.168.1.0 0.0.0.255 eq telnet/access-list 111 permit ip any any
- B、access-list 111 deny tcp any 192.168.1.0 eq telnet/access-list 111 permit ip any any
- C、access-list 111 deny udp 192.168.1.0 0.0.0.255 eq telnet/access-list 111 permit ip any any
- D、access-list 111 deny tcp any 192.168.1.0 0.0.0.255 eq telnet/access-list 111 permit ip any any
正确答案:D -
第5题:
下列语句中,()是标准ACL。
- A、access-list 50 deny 192.168.1.1 0.0.0.255
- B、access-list 110 deny ip any any
- C、access-list 2500 deny tcp any host 192.168.1.1 eq 22
- D、access-list 101 deny tcp any host 192.168.1.1
正确答案:A -
第6题:
On the Hong Kong router an access list is needed that will accomplish the following:1. Allow a Telnet connection to the HR Server through the Internet2. Allow internet HTTP traffic to access the webserver3. Block any other traffic from the internet to everything elseWhich of the following access list statements are capable of accomplishing thesethree goals?()
- A、access-list 101 permit tcp any 172.17.18.252 0.0.0.0 eq 80
- B、access-list 1 permit tcp any 172.17.17.252 0.0.0.0 eq 23
- C、access-list 101 permit tcp 172.17.17.252 0.0.0.0 any eq 23
- D、access-list 101 deny tcp any 172.17.17.252 0.0.0.0 eq 23
- E、access-list 101 deny tcp any 172.17.18.252 0.0.0.0 eq 80
- F、access-list 101 permit tcp any 172.17.17.252 0.0.0.0 eq 23
正确答案:A,F -
第7题:
A network administrator wants to add a line to an access list that will block only Telnet access by the hosts on subnet 192.168.1.128/28 to the server at 192.168.1.5.What command should be issued to accomplish this task?()
- A、access-list 101 deny tcp192.168.1.1280.0.0.15192.168.1.50.0.0.0eq23 access-list 101 permit ip any any
- B、access-list 101 deny tcp192.168.1.1280.0.0.240192.168.1.50.0.0.0eq23 access-list101permit ip any any
- C、access-list 1 deny tcp192.168.1.1280.0.0.255192.168.1.50.0.0.0eq21 access-list1permit ip any any
- D、access-list 1 deny tcp192.168.1.1280.0.0.15host192.168.1.5eq23 access-list1permit ip any any
正确答案:A -
第8题:
要限制源地址为10.0.0.16到10.0.0.31之间的网络主机访问目标地址,则访问列表ACL配置语句为: router(Config)#ip access-list 99 deny() router(Config)#ip access-list 99()any
正确答案:10.0.0.15、0.0.0.31;permit -
第9题:
哪个选项代表了标准的IP ACL?()
- A、 access-list 50 deny 192.168.1.1 0.0.0.255
- B、 access-list 110 permit ip any any
- C、 access-list 2500 deny tcp any host 192.168.1.1 eq 22
- D、 access-list 101 deny tcp any host 192.168.1.1
正确答案:C -
第10题:
A network administrator wants to add a line to an access list that will block only Telnet access by the hosts on subnet 192.168.1.128/28 to the server at 192.168.1.5. What command should be issued to accomplish this task?()
- A、access-list 101 deny tcp 192.168.1.128 0.0.0.15 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any
- B、access-list 101 deny tcp 192.168.1.128 0.0.0.240 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any
- C、access-list 1 deny tcp 192.168.1.128 0.0.0.255 192.168.1.5 0.0.0.0 eq 21 access-list 1 permit ip any any
- D、access-list 1 deny tcp 192.168.1.128 0.0.0.15 host 192.168.1.5 eq 23 access-list 1 permit ip any any
正确答案:A -
第11题:
单选题哪个选项代表了标准的IP ACL?()Aaccess-list 50 deny 192.168.1.1 0.0.0.255
Baccess-list 110 permit ip any any
Caccess-list 2500 deny tcp any host 192.168.1.1 eq 22
Daccess-list 101 deny tcp any host 192.168.1.1
正确答案: D解析: 暂无解析 -
第12题:
单选题A network administrator wants to add a line to an access list that will block only Telnet access by the hosts on subnet 192.168.1.128/28 to the server at 192.168.1.5. What command should be issued to accomplish this task?()Aaccess-list 101 deny tcp 192.168.1.128 0.0.015 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any
Baccess-list 1 deny tcp 192.168.1.128 0.0.0.15 host 192.168.1.5 eq 23 access-list 1 permit ip any any
Caccess-list 1 deny tcp 192.168.1.128 0.0.0.255 192.168.1.5 0.0.0.0 eq 21 access-list 1 permit ip any any
Daccess-list 101 deny tcp 192.168.1.128 0.0.0.240 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any
Eaccess-list 101 deny ip 192.168.1.128 0.0.0.240 192.158.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any
Faccess-list 101 deny ip 192.168.1.128 0.0.0.15 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any
正确答案: A解析: 暂无解析 -
第13题:
Cisco路由器执行show access-list命令显示如下一组控制列表信息:
Standard IP acceSS list 30
deny 127.0.0.0,wildcard bits 0.255.255.255
deny 172.16.0.0,wiidcard bits 0.15.255.255
permft any
根据上述信息,正确的access-list配置是______。
A) Router(config)#access-list 30 deny 127.0.0.0 255.255.255.0
Router(config)#access-list 30 deny 172.16.0.0 255.240.0.0
Router(config)#access-list 30 permit any
B) Router(config-std-nacl)#access-list 30 deny 127.0.0.0 0.255.255.255
Router(config-std-nael)#access-list 30 deny 172.16.0.0 0.15.255.255
Router(config-std-nacl)#access-list 30 permit any
C) Router(config)#access-list 30 deny 127.0.0.0 0.255.255.255
Router(config)#access-list 30 deny 172.16.0.0 0.15.255.255
Router(config)#access-list 30 permit any
D) Router(config)#access-list 30 deny 127.0.0.0 0.255.255.255
Router(config)#access-list 30 permit any
Router(config)#access-list 30 deny 172.16.0.0 0.15.255.255
A.
B.
C.
D.
正确答案:C
-
第14题:
Which one of the access control list statements below will deny all telnet connections to subnet 10.10.1.0/24?()A. access-list 15 deny telnet any 10.10.1.0 0.0.0.255 eq 23
B. access-list 115 deny udp any 10.10.1.0 eq telnet
C. access-list 15 deny tcp 10.10.1.0 255.255.255.0 eq telnet
D. access-list 115 deny tcp any 10.10.1.0 0.0.0.255 eq 23
E. access-list 15 deny udp any 10.10.1.0 255.255.255.0 eq 23
参考答案:D
-
第15题:
Which one of the access control list statements below will deny all telnet connections to subnet 10.10.1.0/24?()
- A、access-list 15 deny telnet any 10.10.1.0 0.0.0.255 eq 23
- B、access-list 115 deny udp any 10.10.1.0 eq telnet
- C、access-list 15 deny tcp 10.10.1.0 255.255.255.0 eq telnet
- D、access-list 115 deny tcp any 10.10.1.0 0.0.0.255 eq 23
- E、access-list 15 deny udp any 10.10.1.0 255.255.255.0 eq 23
正确答案:D -
第16题:
仅允许HTTP流量进入网络196.15.7.0,下面命令错误的是()。
- A、access-list 100 permit tcp any 196.15.7.0 0.0.0.255 eq www
- B、access-list 10 deny tcp any 196.15.7.0 eq www
- C、access-list 100 permit 196.15.7.0 0.0.0.255 eq www
- D、access-list 110 permit ip any 196.15.7.0 0.0.0.255
- E、access-list 110 permit www 196.15.7.0 0.0.0.255
正确答案:B,C,D,E -
第17题:
A network administrator wants to add a line to an access list that will block only Telnet access by the hosts on subnet 192.168.1.128/28 to the server at 192.168.1.5. What command should be issued to accomplish this task?()
- A、access-list 101 deny tcp 192.168.1.128 0.0.015 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any
- B、access-list 1 deny tcp 192.168.1.128 0.0.0.15 host 192.168.1.5 eq 23 access-list 1 permit ip any any
- C、access-list 1 deny tcp 192.168.1.128 0.0.0.255 192.168.1.5 0.0.0.0 eq 21 access-list 1 permit ip any any
- D、access-list 101 deny tcp 192.168.1.128 0.0.0.240 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any
- E、access-list 101 deny ip 192.168.1.128 0.0.0.240 192.158.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any
- F、access-list 101 deny ip 192.168.1.128 0.0.0.15 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any
正确答案:A -
第18题:
Which of the following IOS commands can detect whether the SQL slammer virus propagates in yournetworks?()
- A、access-list 100 permit any any udp eq 1434
- B、access-list 100 permit any any udp eq 1434 log
- C、access-list 110 permit any any udp eq 69
- D、access-list 110 permit any any udp eq 69 log
- E、None of above.
正确答案:B -
第19题:
Which item represents the standard IPACL?()
- A、access-list 50 deny 192.168.1.10.0.0.255
- B、access-list 110 permit ip any any
- C、access-list 2500 deny tcp any host 192.168.1.1 eq22
- D、access-list 101 deny tcp any host 192.168.1.1
正确答案:A -
第20题:
下列哪一条命令可以阻塞一网段的RIP广播报文?()
- A、access-list 101 deny tcp any 255.255.255.255
- B、access-list 101 deny udp any any eq 520
- C、access-list 101 deny udp any any eq 53
- D、access-list 10 deny udp any 255.255.255.255
正确答案:B -
第21题:
Which item represents the standard IP ACL?()
- A、access-list 50 deny 192.168.1.1 0.0.0.255
- B、access-list 110 permit ip any any
- C、access-list 2500 deny tcp any host 192.168.1.1 eq 22
- D、access-list 101 deny tcp any host 192.168.1.1
正确答案:A -
第22题:
单选题计费服务器的ip地址在192.168.1.0/24子网内,为了保证计费服务器的安全,不允许任何用户telnet到该服务器,则需要配置的访问列表条目为:()Aaccess-list 11 deny tcp 192.168.1.0 0.0.0.255 eq telnet/access-list 111 permit ip any any
Baccess-list 111 deny tcp any 192.168.1.0 eq telnet/access-list 111 permit ip any any
Caccess-list 111 deny udp 192.168.1.0 0.0.0.255 eq telnet/access-list 111 permit ip any any
Daccess-list 111 deny tcp any 192.168.1.0 0.0.0.255 eq telnet/access-list 111 permit ip any any
正确答案: D解析: 暂无解析 -
第23题:
填空题要限制源地址为10.0.0.16到10.0.0.31之间的网络主机访问目标地址,则访问列表ACL配置语句为: router(Config)#ip access-list 99 deny() router(Config)#ip access-list 99()any正确答案: 10.0.0.15、0.0.0.31,permit解析: 暂无解析