Th efollowing access list below was applied outbound on the E0 interface connected to the 192.169.1.8/29LAN: access-list 135 deny tcp 192.169.1.80.0.0.7 eq 20 any access-list 135 deny tcp 192.169.1.80.0.0.7 e q21 any How will the above access lists affec
题目
Th efollowing access list below was applied outbound on the E0 interface connected to the 192.169.1.8/29LAN: access-list 135 deny tcp 192.169.1.80.0.0.7 eq 20 any access-list 135 deny tcp 192.169.1.80.0.0.7 e q21 any How will the above access lists affect traffic?()
- A、FTP traffic from 192.169.1.22 wil lbe denied
- B、Not raffic,except for FTP traffic wil lbe allowed to exit E0
- C、FTP traffic from 192.169.1.9 to any host will be denied
- D、All traffic exiting E0 will be denied
- E、All FTP traffic to network 192.169.1.9/29 will be denied
相似考题
更多“Th efollowing access list below”相关问题
-
第1题:
要禁止内网中IP地址为198.168.46.8的PC访问外网,正确的ACL规则是(11)。
A.access-list 1 permit ip 192.168.46.00.0.0.255 any access-list 1 deny ip host 198.168.46.8 any
B.access-list 1 permit ip host 198.168.46.8 any access-list 1 deny ip 192.168.46.00.0.0.255 any
C.access-list 1 deny ip 192.168.46.00.0.0.255 any access-list 1 permit ip host 198.168.46.8 any
D.access-list 1 deny ip host 198.168.46.8 any access-list 1 permitip 192.168.46.00.0.0.255 any
正确答案:D
D 解析:这是一道要求掌握标准访问控制列表的具体应用的理解题。本题的解答思路如下。
最简单的访问控制列表就是标准访问控制列表。它是通过使用IP包中的源IP地址进行过滤,使用访问控制列表号1~99宋创建相应的ACL。其具体的语法格式如下:
例如,access-list 1 deny ip host 198.168.46.8 any配置语句可将所有来自198.168.46.8地址的数据包丢弃。对于标准访问控制列表而言,可以省略默认的关键词host。换言之,语句access-list 1 deny ip host 198.168.46.8 any与语句access-list 1deny中198.168.46.8 any是等价的。
当然也可以用网段来表示ip地址>,以实现对某个网段的数据包的过滤。例如,access-list 1 permit ip 192.168.46.00.0.0.255 any配置语句,允许所有来自198.168.46.0/24网段内所有计算机的数据包通过防火墙。其中,0.0.0.255是子网掩码255.255.255.0的反向掩码。 -
第2题:
封禁ICMP协议,只转发212.78.170.166/27所在子网的所有站点的ICMP数据包,正确的access-list配置是______。
A) Router(config)#access-list 110 permit icmp 212.78.170.166 0.0.0.0 any
Router(config)#access-list 110 deny icmp any any
Router(config)#access-list 110 permit ip any any
B) Router(config)#access-list 110 permit icmp 212.78.170.0 255.255.255.224 any
Router(config)#access-list 110 permit ip any any
Router(config)#access-list 110 deny icmp any any
C) Router(config)#access-list 110 perimt iemp 212.78.170.0 0.0.0.255 any
Router(config)#access-list 110 deny icmp any any
Router(config)#access-list 110 permit ip any any
D) Router(config)#access-list 110 permit icmp 212.78.170.160 0.0.0.31 any
Router(config)#access-list 110 deny icmp any any
Router(config)#access-list 110 permit ip any any
A.
B.
C.
D.
正确答案:D
-
第3题:
下列语句中,()是标准acl。A.access-list2500denytcpanyhosteq22
B.access-list101denytcpanyhost
C.access-list50deny55
D.access-list110denyipanyany
参考答案:C
-
第4题:
Which of the following access list statements would deny traffic from a specifichost?()A. Router(config)# access-list 1 deny 172.31.212.74 any
B. Router(config)# access-list 1 deny 10.6.111.48 host
C. Router(config)# access-list 1 deny 172.16.4.13 0.0.0.0
D. Router(config)# access-list 1 deny 192.168.14.132 255.255.255.0
E. Router(config)# access-list 1 deny 192.168.166.127 255.255.255.255
参考答案:C
-
第5题:
Studythisexhibitcarefully.WhatinformationcanbederivedfromtheSDMfirewallconfigurationdisplayed?()
A.Access-list101wasconfiguredforthetrustedinterface,andaccess-list100wasconfiguredfortheuntrustedinterface
B.Access-list100wasconfiguredforthetrustedinterface,andaccess-list101wasconfiguredfortheuntrustedinterface
C.Access-list100wasconfiguredfortheinbounddirection,andaccess-list101wasconfiguredfortheoutbounddirectiononthetrustedinterface
D.Access-list100wasconfiguredfortheinbounddirection,andaccess-list101wasconfiguredfortheoutbounddirectionontheuntrustedinterface
参考答案:B
-
第6题:
WhichitemrepresentsthestandardIPACL?()A.access-list50deny192.168.1.10.0.0.255
B.access-list110permitipanyany
C.access-list2500denytcpanyhost192.168.1.1eq22
D.access-list101denytcpanyhost192.168.1.1
参考答案:A
-
第7题:
An access list was written with the four statements shown in the graphic.Which single access list statement will combine all four of these statements into a single statement that will have exactly the same effect?()
A.access-list10 permit 172.29.16.00.0.0.255
B.access-list10 permit 172.29.16.00.0.1.255
C.access-list10 permit 172.29.16.00.0.3.255
D.access-list10 permit 172.29.16.00.0.15.255
E.access-list10 permit 172.29.0.00.0.255.255
参考答案:C
-
第8题:
用标准访问控制列表禁止非法地址192.168.0.0/16的数据包进出路由器的正确配置是______。
A.access-list 110 deny 192.168.0.0 0.0.255.255 access-list 110 permit any
B.access-list 10 deny 192.168.0.0 255.255.0.0 access-list 10 permit any
C.access-list 50 permit any access-list 50 deny 192.168.0.0 0.0.255.255
D.access-list 99 deny 192.168.0.0 0.0.255.255 access-list 99 permit any
正确答案:D
解析:访问控制列表(ACL)的表号(Name)和名字(Number)都是用来标识或引用访问控制列表的。名字用字符串标识,表号用数字表示。标准ACL的表号范围是1~99、1300~1999;扩展ACL的表号范围是100~199、2000~2699。因此,选项A中ACL表号(110)不能满足题意要求。
在路由器全局配置模式下,使用命令access-list access-1ist-number {permit | deny) source wildcard-mask配置标准ACL。其中,访问控制列表通配符(Wildcard-Mask)是子网掩码的反码。本试题中,地址块“192.168.0.0/16”的“/16”是子网掩码255.255.0.0的简化表达形式,其对应的ACL通配符为0.0.255.255。因此选项B的配置语句不符合该命令的语法格式。
ACL默认执行顺序是自上而下的。在配置ACL列表时,要遵循最小特权原则、最靠近受控对象原则,以及默认丢弃原则。其中,最小特权原则是指只给受控对象完成任务所必需的最小的权限,即被控制的总规则是各个规则的交集,只满足部分条件的是不容许通过规则的;最靠近受控对象原则是对所有的网络层访问权限进行控制,也就是说在检查规则时是采用自上而下在ACL中一条条检测的,只要发现符合条件就立刻转发,而不继续检测下面的ACL语句;默认丢弃原则是指在路由交换设备中,默认最后一条ACL语句为deny any any,即丢弃所有不符合条件的数据包。
对于选项C,将“access-list 50 permit any”置于ACL规则的最前面,表示允许所有的数据包进出路由器,则其后的deny语句将不起作用,即不能按照预期的应用需求正确地控制数据包的接收与拒绝。
因此,在Cisco路由器上,用标准访问控制列表禁止非法地址192.168.0.0/16的数据包进出路由器,可能的一种配置语句,如下所示:
Router (conflg)# access-list 99 deny 192.168.0.0 0.0.255.255
Router (conflg)# access-list 99 permit any -
第9题:
下列选项中哪一条可以准确的匹配并代替以下四条访问控制列表() (1):access-list 10 permit172.29.16.00.0.0.255 (2):access-list 10 permit172.29.17.00.0.0.255 (3):access-lis t10 permit172.29.18.00.0.0.255 (4):access-list 10 permit172.29.19.00.0.0.255
- A、access-list 10 permit 172.29.16.00.0.0.255
- B、access-list 10 permit 172.29.16.00.0.1.255
- C、access-list 10 permit 172.29.16.00.0.3.255
- D、access-list 10 permit 172.29.16.00.0.15.255
- E、access-list 10 permit 172.29.16.0255.255.252.0
正确答案:C -
第10题:
A network administrator wants to add a line to an access list that will block only Telnet access by the hosts on subnet 192.168.1.128/28 to the server at 192.168.1.5.What command should be issued to accomplish this task?()
- A、access-list 101 deny tcp192.168.1.1280.0.0.15192.168.1.50.0.0.0eq23 access-list 101 permit ip any any
- B、access-list 101 deny tcp192.168.1.1280.0.0.240192.168.1.50.0.0.0eq23 access-list101permit ip any any
- C、access-list 1 deny tcp192.168.1.1280.0.0.255192.168.1.50.0.0.0eq21 access-list1permit ip any any
- D、access-list 1 deny tcp192.168.1.1280.0.0.15host192.168.1.5eq23 access-list1permit ip any any
正确答案:A -
第11题:
A network administrator wants to add a line to an access list that will block only Telnet access by the hosts on subnet 192.168.1.128/28 to the server at 192.168.1.5. What command should be issued to accomplish this task?()
- A、access-list 101 deny tcp 192.168.1.128 0.0.0.15 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any
- B、access-list 101 deny tcp 192.168.1.128 0.0.0.240 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any
- C、access-list 1 deny tcp 192.168.1.128 0.0.0.255 192.168.1.5 0.0.0.0 eq 21 access-list 1 permit ip any any
- D、access-list 1 deny tcp 192.168.1.128 0.0.0.15 host 192.168.1.5 eq 23 access-list 1 permit ip any any
正确答案:A -
第12题:
单选题The following access list below was applied outbound on the E0 interface connected to the 192.169.1.8/29 LAN: access-list 135 deny tcp 192.169.1.8 0.0.0.7 eq 20 any access-list 135 deny tcp 192.169.1.8 0.0.0.7 eq 21 any How will the above access lists affect traffic? ()AFTP traffic from 192.169.1.22 will be denied
BNo traffic, except for FTP traffic will be allowed to exit E0
CFTP traffic from 192.169.1.9 to any host will be denied
DAll traffic exiting E0 will be denied
EAll FTP traffic to network 192.169.1.9/29 will be denied
正确答案: D解析: 暂无解析 -
第13题:
若要求路由器的某接口上只封禁ICMP协议,但允许159.67.183.0/24子网的ICMP数据包通过,那么使用的access-list命令是______。
A.access-list 120 deny icmp 159.67.183.0 0.0.0.255 any access-list 120 permit ip any any
B.access-list 10 permit icmp 159.67.183.0 0.0.0.255 any access-list 10 deny icmp any any access-list 10 permit ip any any
C.access-list 99 permit icmp 159.67.183.0 0.0.0.255 any access-list 99 deny icmp any any
D.access-list 110 permit icmp 159.67.183.0 0.0.0.255 any access-list 110 deny icmp any any access-list 110 permit ip any any
正确答案:D
解析:依题意,允许159.67.183.0/24子网的ICMP数据包通过该路由器的某接口,相应的配置语句是:access-list 110 permit icmp 159.67.183.0 0.0.0.255 any。
注意到题目“在该路由器接口上只封禁ICMP协议”中“只”字的要求,需要先使用命令access-list 110 deny icmp any any,再使用命令access-list 110 permit ip any any才能完成这一要求。
选项A中的“access-list 120 deny icmp 159.67.183.0 0.0.0.255 any”表示,禁止159.67.183.0/24子网的ICMP数据包通过,因此选项A不符合题意要求。
选项B中的“10”和选项C中的“99”都是标准访问控制列表的表号,而标准访问控制列表的配置命令是access-list access-list-number {permit|deny} source-address wildcard-mask。而选项B和选项C的配置语句中包含了目的IP地址范围(any),不符合标准访问控制列表的语法格式,因此可排除选项B和选项C。
-
第14题:
Cisco路由器执行show access-list命令显示如下一组控制列表信息:
Standard IP acceSS list 30
deny 127.0.0.0,wildcard bits 0.255.255.255
deny 172.16.0.0,wiidcard bits 0.15.255.255
permft any
根据上述信息,正确的access-list配置是______。
A) Router(config)#access-list 30 deny 127.0.0.0 255.255.255.0
Router(config)#access-list 30 deny 172.16.0.0 255.240.0.0
Router(config)#access-list 30 permit any
B) Router(config-std-nacl)#access-list 30 deny 127.0.0.0 0.255.255.255
Router(config-std-nael)#access-list 30 deny 172.16.0.0 0.15.255.255
Router(config-std-nacl)#access-list 30 permit any
C) Router(config)#access-list 30 deny 127.0.0.0 0.255.255.255
Router(config)#access-list 30 deny 172.16.0.0 0.15.255.255
Router(config)#access-list 30 permit any
D) Router(config)#access-list 30 deny 127.0.0.0 0.255.255.255
Router(config)#access-list 30 permit any
Router(config)#access-list 30 deny 172.16.0.0 0.15.255.255
A.
B.
C.
D.
正确答案:C
-
第15题:
只封禁一台地址为192.168.1.230主机的access-list正确配置是 (5) 。 A.access-list 110 permit中anyany access-list 110 deny中host 192.168.1.230 any access-list 110 deny ip anyhost 192.168.1.230
B.access-list 110 deny中host 192.168.1.230 any access-list 110 deny中any host 192.168.1.230 access-list 110 permit ip anyany
C.access-list 110 deny ip host 192.168.1.230 any access-list 110 deny ip any host 192.168.1.230
D.access-list 110 deny ip host 192.168.1.230 any access-list 110 permit ip anyany access-list 110 deny ip any host 192.168.1.230
正确答案:(5) B
(5) B 解析:访问控制列表(ACL)用于过滤流入和流出路由器接口的数据包。它是一种基于接口的控制列表,可根据网络管理员制定的访问控制准则来控制接口对数据包的接收和拒绝,从而提高网络的安全性。
IP访问控制列表是一个连续的列表,至少由一个“permit(允许)”语句和一个或多个“deny(拒绝)”语句组成。ACL列表用名字(name)或表号(number)标识和引用。配置IP访问控制列表的首要任务就是使用命令“access-list”定义一个访问控制列表。在配置过滤规则时,需要注意的是ACL语句的顺序。因为路由器接口执行哪一条ACL是按照配置的访问控制列表中的条件语句(准则),从第1条开始按顺序执行的。数据包只有在跟前一个判断条件不匹配时,才能跟交给ACL的下一个条件语句进行比较。可见,ACL语句的先后顺序非常重要。例如,只封禁一台地址为192.168.1.230的主机的access-list正确配置示例如下:
access-list 110 deny ip host 192.168.1.230 any
access-list 110 deny ip any host192.168.1.230
access-list 110 permit ip any any
如果将“access-list 110 permit ip any any”放在ACL规则的最前面(见选项A),则其后两条deny语句将不起作用,即不能按照预期的应用需求正确地控制数据包的接收与拒绝。
选项C的ACL规则中,缺少“permit(允许)”语句,它将封禁全网所有的通信。
选项D的ACL规则将封禁地址为192.168.1.230的主机对外的单向通信,允许其他主机或路由器访问 192.168.1.230的主机。 -
第16题:
Which one of the access control list statements below will deny all telnet connections to subnet 10.10.1.0/24?()A. access-list 15 deny telnet any 10.10.1.0 0.0.0.255 eq 23
B. access-list 115 deny udp any 10.10.1.0 eq telnet
C. access-list 15 deny tcp 10.10.1.0 255.255.255.0 eq telnet
D. access-list 115 deny tcp any 10.10.1.0 0.0.0.255 eq 23
E. access-list 15 deny udp any 10.10.1.0 255.255.255.0 eq 23
参考答案:D
-
第17题:
哪个选项代表了标准的IPACL?()A.access-list50deny192.168.1.10.0.0.255
B.access-list110permitipanyany
C.access-list2500denytcpanyhost192.168.1.1eq22
D.access-list101denytcpanyhost192.168.1.1
参考答案:C
-
第18题:
Th efollowing access list below was applied outbound on the E0 interface connected to the 192.169.1.8/29LAN:access-list 135 deny tcp 192.169.1.80.0.0.7 eq 20 anyaccess-list 135 deny tcp 192.169.1.80.0.0.7 e q21 anyHow will the above access lists affect traffic?()
A.FTP traffic from 192.169.1.22 wil lbe denied
B.Not raffic,except for FTP traffic wil lbe allowed to exit E0
C.FTP traffic from 192.169.1.9 to any host will be denied
D.All traffic exiting E0 will be denied
E.All FTP traffic to network 192.169.1.9/29 will be denied
参考答案:D
-
第19题:
Which single access list statement will combine all four of these statements into a single statement that will have exactly the same effect()。A.access-list 10 permit 172.29.16.0 0.0.0.255
B.access-list 10 permit 172.29.16.0 0.0.1.255
C.access-list 10 permit 172.29.16.0 0.0.3.255
D.access-list 10 permit 172.29.16.0 0.0.15.255
E.access-list 10 permit 172.29.0.0 0.0.255.255
参考答案:C
-
第20题:
Which one of the access control list statements below will deny all telnet connections to subnet 10.10.1.0/24?()
- A、access-list 15 deny telnet any 10.10.1.0 0.0.0.255 eq 23
- B、access-list 115 deny udp any 10.10.1.0 eq telnet
- C、access-list 15 deny tcp 10.10.1.0 255.255.255.0 eq telnet
- D、access-list 115 deny tcp any 10.10.1.0 0.0.0.255 eq 23
- E、access-list 15 deny udp any 10.10.1.0 255.255.255.0 eq 23
正确答案:D -
第21题:
A network administrator wants to add a line to an access list that will block only Telnet access by the hosts on subnet 192.168.1.128/28 to the server at 192.168.1.5. What command should be issued to accomplish this task?()
- A、access-list 101 deny tcp 192.168.1.128 0.0.015 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any
- B、access-list 1 deny tcp 192.168.1.128 0.0.0.15 host 192.168.1.5 eq 23 access-list 1 permit ip any any
- C、access-list 1 deny tcp 192.168.1.128 0.0.0.255 192.168.1.5 0.0.0.0 eq 21 access-list 1 permit ip any any
- D、access-list 101 deny tcp 192.168.1.128 0.0.0.240 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any
- E、access-list 101 deny ip 192.168.1.128 0.0.0.240 192.158.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any
- F、access-list 101 deny ip 192.168.1.128 0.0.0.15 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any
正确答案:A -
第22题:
Which single access list statement will combine all four of these statements into a single statement that will have exactly the same effect()。
- A、access-list 10 permit 172.29.16.0 0.0.0.255
- B、access-list 10 permit 172.29.16.0 0.0.1.255
- C、access-list 10 permit 172.29.16.0 0.0.3.255
- D、access-list 10 permit 172.29.16.0 0.0.15.255
- E、access-list 10 permit 172.29.0.0 0.0.255.255
正确答案:C -
第23题:
单选题Which one of the access control list statements below will deny all telnet connections to subnet 10.10.1.0/24?()Aaccess-list 15 deny telnet any 10.10.1.0 0.0.0.255 eq 23
Baccess-list 115 deny udp any 10.10.1.0 eq telnet
Caccess-list 15 deny tcp 10.10.1.0 255.255.255.0 eq telnet
Daccess-list 115 deny tcp any 10.10.1.0 0.0.0.255 eq 23
Eaccess-list 15 deny udp any 10.10.1.0 255.255.255.0 eq 23
正确答案: A解析: 暂无解析 -
第24题:
单选题Th efollowing access list below was applied outbound on the E0 interface connected to the 192.169.1.8/29LAN: access-list 135 deny tcp 192.169.1.80.0.0.7 eq 20 any access-list 135 deny tcp 192.169.1.80.0.0.7 e q21 any How will the above access lists affect traffic?()AFTP traffic from 192.169.1.22 wil lbe denied
BNot raffic,except for FTP traffic wil lbe allowed to exit E0
CFTP traffic from 192.169.1.9 to any host will be denied
DAll traffic exiting E0 will be denied
EAll FTP traffic to network 192.169.1.9/29 will be denied
正确答案: D解析: 暂无解析