请参见图示。公司的新安全策略允许来自工程部LAN的所有IP流量访问Internet,但对于来自营销部LAN的流量,则只允许其中的web流量访问Internet。为实施新的安全策略,可在营销部路由器的Serial0/1接口的出站方向上应用哪一ACL()A.access-list 197 permit ip 192.0.2.0 0.0.0.255 any access-list 197 permit ip 198.18.112.0 0.0.0.255 any eq wwwB.access-list 165 permit ip 192.0.2.0 0.0.0.255 any access-list 165 permit tcp 198.18.112.0 0.0.0.255 any eq www access-list 165 permit ip any anyC.access-list 137 permit ip 192.0.2.0 0.0.0.255 any access-list 137 permit tcp 198.18.112.0 0.0.0.255 any eq wwwD.access-list 89 permit 192.0.2.0 0.0.0.255 any access-list 89 permit tcp 198.18.112.0 0.0.0.255 any eq www

请参见图示。公司的新安全策略允许来自工程部LAN的所有IP流量访问Internet,但对于来自营销部LAN的流量,则只允许其中的web流量访问Internet。为实施新的安全策略,可在营销部路由器的Serial0/1接口的出站方向上应用哪一ACL()

A.access-list 197 permit ip 192.0.2.0 0.0.0.255 any access-list 197 permit ip 198.18.112.0 0.0.0.255 any eq www

B.access-list 165 permit ip 192.0.2.0 0.0.0.255 any access-list 165 permit tcp 198.18.112.0 0.0.0.255 any eq www access-list 165 permit ip any any

C.access-list 137 permit ip 192.0.2.0 0.0.0.255 any access-list 137 permit tcp 198.18.112.0 0.0.0.255 any eq www

D.access-list 89 permit 192.0.2.0 0.0.0.255 any access-list 89 permit tcp 198.18.112.0 0.0.0.255 any eq www


相关考题:

在Cisco路由器上,用扩展访问控制列表封禁IP地址为211.102.33.24的主机,正确的配置语句是______。A.access-list 99 deny ip host 211.102.33.24 any access-list 99 deny ip any host 211.102.33.24 access-list 99 permit ip any anyB.access-list 100 permit ip any any access-list 100 deny ip host 211.102.33.24 any access-list 100 deny ip any host 211.102.33.24C.access-list 199 deny ip host 211.102-33.24 any access-list 199 deny ip any host 211.102.33.24 access-list 199 permit ip any anyD.access-list 166 deny ip host 211.102.33.24 any access-list 166 permit ip any any

定义一个用于封禁ICMP协议而只允许转发166.129.130.0/24子网的ICMP数据包的访问控制列表,Cisco路由器的正确配置是A.access-list 198 permit icmp 166.129.130.0 255.255.255.0 any access-list 198 deny icmp any any access-list 198 permit ip any anyB.access-list 198 permit icmp 166.129.130.0 0.0.0.255 any access-list 198 deny icmp any any access-list 198 permit ip any anyC.access-list 99 permit icmp 166.129.130:0 0.0.0.255 any access-list 99 deny icnip any any access-list 99 permit ip any anyD.access-list 100 permit icmp 166.129.130.0 0.0.0.255 any access-list 100 permit ip any any access-list 100 deny icmp any any

在 Cisco 路由器匕用扩展访问控制列表封禁 1P 地址为 211.102.33.24 的主机,正确的配置语句是A )access-list 99 deny ip host 211.102.33.24 anyaccess-list 99 deny ip any host 211.102.33.24access-list 99 permit ip any anyB )access-list 100 permit ip any anyaccess-list 100 deny ip host 211.102.33.24 anyaccess-list 100 deny ip any host 211.102.33.24C )access-list 199 deny ip host 211.102.33.24 anyaccess-list 199 deny ip any host 211.102.33.24access-list 199 permit ip any anyD )access-list 166 deny ip host 211.102.33.24 anyaccess-list 166 permit ip any any

用扩展访问控制列表配置封禁ICMP协议,只允许l68.27.95.0/24子网的ICMP数据包通过路由器,正确的配置是(61) 。A.access-list 90 deny icmp l68.27.95.0 255.255.255.0 any access-list 90 deny icmp any anyaccess—list 90 permit ip any anyB.access-list l00 permit icmp l68.27.95.0 0.0.0.255 any access-list l00 permit ip any anyC.access—list l l o permit icmp l68.27.95.0 255.255.255.0 any access—list l lo deny icmp any anyD.access-list l20 permit icmp l68.27.95.0 0.0.0.255 any access—list l20 deny icmp any any access—list l20 permit ip any any

为了禁止网络210.93.105.0ftp到网络223.8.151.0,允许其他信息传输,则能实现该功能的选项是:()A.access-list 1 deny 210.93.105.0.0.0.0.0.0B.access-list 100 deny tcp 210.93.105.0 0.0.0.255 223.8.151.0 0.0.0.255 eq ftpC.access-list 100 permit ip any anyD.access-list 100 deny tcp 210.93.105.0 0.0.0.255 223.8.151.00.0.0.255 eq ftp access list 100 permit ip any any

要禁止内网中IP地址为198.168.46.8的PC访问外网,正确的ACL规则是(11)。A.access-list 1 permit ip 192.168.46.00.0.0.255 any access-list 1 deny ip host 198.168.46.8 anyB.access-list 1 permit ip host 198.168.46.8 any access-list 1 deny ip 192.168.46.00.0.0.255 anyC.access-list 1 deny ip 192.168.46.00.0.0.255 any access-list 1 permit ip host 198.168.46.8 anyD.access-list 1 deny ip host 198.168.46.8 any access-list 1 permitip 192.168.46.00.0.0.255 any

若要求路由器的某接口上只封禁ICMP协议,但允许159.67.183.0/24子网的ICMP数据包通过,那么使用的access-list命令是______。A.access-list 120 deny icmp 159.67.183.0 0.0.0.255 any access-list 120 permit ip any anyB.access-list 10 permit icmp 159.67.183.0 0.0.0.255 any access-list 10 deny icmp any any access-list 10 permit ip any anyC.access-list 99 permit icmp 159.67.183.0 0.0.0.255 any access-list 99 deny icmp any anyD.access-list 110 permit icmp 159.67.183.0 0.0.0.255 any access-list 110 deny icmp any any access-list 110 permit ip any any

定义一个用于封禁ICMP协议而只允许转发l66.129.130.0/24子网的ICMP数据包的访问控制列表,Cisc0路由器的正确配置是( )。A.access-list 198 permit icmp 166.129.130.0 255.255.255.0 anyaccess-list 198 deny iemp any anyaccess-list 198 permit ip any anyB.access-list 198 permit icmp 166.129.130.0 0.0.0.255 anyaccess-list 198 deny iemp any anyaccess-list 198 permit ip any anyC.access-list 99 permit icmp 166.129.130.0 0.0.0.255 anyaccess-list 99 deny iemp any anyaccess-list 99 permit ip any anyD.access-list 100 permit icmp 166.129.130.0 0.0.0.255 anyaccess-list 100 permit ip any anyaccess-list 100 deny icmp any any

Which item represents the standard IP ACL?() A.access-list 50 deny 192.168.1.1 0.0.0.255B.access-list 110 permit ip any anyC.access-list 2500 deny tcp any host 192.168.1.1 eq 22D.access-list 101 deny tcp any host 192.168.1.1

A network administrator wants to add a line to an access list that will block only Telnet access by the hosts on subnet 192.168.1.128/28 to the server at 192.168.1.5. What command should be issued to accomplish this task?()A.access-list 101 deny tcp 192.168.1.128 0.0.0.15 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any anyB.access-list 101 deny tcp 192.168.1.128 0.0.0.240 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any anyC.access-list 1 deny tcp 192.168.1.128 0.0.0.255 192.168.1.5 0.0.0.0 eq 21 access-list 1 permit ip any anyD.access-list 1 deny tcp 192.168.1.128 0.0.0.15 host 192.168.1.5 eq 23 access-list 1 permit ip any any

An access list has been designed to prevent HTTP traffic from the Accounting Department from reaching the HR server attached to the Holyoke router. Which of the following access lists will accomplish this task when grouped with the e0 interface on the Chicopee router()。A. permit ip any any deny tcp 172.16.16.0 0.0.0.255 172.17.17.252 0.0.0.0 eq 80B. permit ip any any deny tcp 172.17.17.252 0.0.0.0 172.16.16.0 0.0.0.255 eq 80C. deny tcp 172.17.17.252 0.0.0.0 172.16.16.0 0.0.0.255 eq 80 permit ip any anyD. deny tcp 172.16.16.0 0.0.0.255 172.17.17.252 0.0.0.0 eq 80 permit ip any any

计费服务器的ip地址在192.168.1.0/24子网内,为了保证计费服务器的安全,不允许任何用户telnet到该服务器,则需要配置的访问列表条目为:()A、access-list  11 deny  tcp 192.168.1.0   0.0.0.255 eq telnet/access-list 111 permit ip any anyB、access-list  111 deny  tcp any  192.168.1.0   eq telnet/access-list 111 permit ip any anyC、access-list  111 deny udp 192.168.1.0   0.0.0.255 eq telnet/access-list 111 permit ip any anyD、access-list  111 deny  tcp any  192.168.1.0   0.0.0.255 eq telnet/access-list 111 permit ip any any

要创建一个扩展命名访问控制列表cisco,仅允许HTTP流量进入网络196.15.7.0/24,下面命令是错误的有()。A、ip access-list extended cisco permit tcp any 196.15.7.0 0.0.0.255 eq wwwB、ip access-list extended cisco deny tcp any 196.15.7.0 eq wwwC、ip access-list extended cisco permit 196.15.7.0 0.0.0.255 eq wwwD、ip access-list extended cisco permit ip any 196.15.7.0 0.0.0.255E、ip access-list extended cisco permit www 196.15.7.0 0.0.0.255

仅允许HTTP流量进入网络196.15.7.0,下面命令错误的是()。A、access-list 100 permit tcp any 196.15.7.0 0.0.0.255 eq wwwB、access-list 10 deny tcp any 196.15.7.0 eq wwwC、access-list 100 permit 196.15.7.0 0.0.0.255 eq wwwD、access-list 110 permit ip any 196.15.7.0 0.0.0.255E、access-list 110 permit www 196.15.7.0 0.0.0.255

A network administrator wants to add a line to an access list that will block only Telnet access by the hosts on subnet 192.168.1.128/28 to the server at 192.168.1.5. What command should be issued to accomplish this task?()A、access-list 101 deny tcp 192.168.1.128 0.0.015 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any anyB、access-list 1 deny tcp 192.168.1.128 0.0.0.15 host 192.168.1.5 eq 23 access-list 1 permit ip any anyC、access-list 1 deny tcp 192.168.1.128 0.0.0.255 192.168.1.5 0.0.0.0 eq 21 access-list 1 permit ip any anyD、access-list 101 deny tcp 192.168.1.128 0.0.0.240 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any anyE、access-list 101 deny ip 192.168.1.128 0.0.0.240 192.158.1.5 0.0.0.0 eq 23 access-list 101 permit ip any anyF、access-list 101 deny ip 192.168.1.128 0.0.0.15 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any

在访问列表中,有一条规则如下:access-list  131  permit ip any  192.168.10.0 0.0.0.255 eq ftp 在该规则中,any的意思是表示:()A、检察源地址的所有bit位B、检查目的地址的所有bit位C、允许所有的源地址D、允许255.255.255.255  0.0.0.0

仅仅允许到主机1.1.1.1的SMTP邮件服务的命名访问控制列表语句是()。A、ip access-list standard cisco permit smtp host 1.1.1.1B、ip access-list extended cisco permit ip smtp host 1.1.1.1C、ip access-list standard cisco permit tcp any host 1.1.1.1 eq smtpD、ip access-list extended cisco permit tcp any host 1.1.1.1 eq smtp

哪个选项代表了标准的IP ACL?()A、 access-list 50 deny 192.168.1.1 0.0.0.255B、 access-list 110 permit ip any anyC、 access-list 2500 deny tcp any host 192.168.1.1 eq 22D、 access-list 101 deny tcp any host 192.168.1.1

Which item represents the standard IP ACL?()A、access-list 50 deny 192.168.1.1 0.0.0.255B、access-list 110 permit ip any anyC、access-list 2500 deny tcp any host 192.168.1.1 eq 22D、access-list 101 deny tcp any host 192.168.1.1

A network administrator wants to add a line to an access list that will block only Telnet access by the hosts on subnet 192.168.1.128/28 to the server at 192.168.1.5. What command should be issued to accomplish this task?()A、access-list 101 deny tcp 192.168.1.128 0.0.0.15 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any anyB、access-list 101 deny tcp 192.168.1.128 0.0.0.240 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any anyC、access-list 1 deny tcp 192.168.1.128 0.0.0.255 192.168.1.5 0.0.0.0 eq 21 access-list 1 permit ip any anyD、access-list 1 deny tcp 192.168.1.128 0.0.0.15 host 192.168.1.5 eq 23 access-list 1 permit ip any any

单选题计费服务器的ip地址在192.168.1.0/24子网内,为了保证计费服务器的安全,不允许任何用户telnet到该服务器,则需要配置的访问列表条目为:()Aaccess-list  11 deny  tcp 192.168.1.0   0.0.0.255 eq telnet/access-list 111 permit ip any anyBaccess-list  111 deny  tcp any  192.168.1.0   eq telnet/access-list 111 permit ip any anyCaccess-list  111 deny udp 192.168.1.0   0.0.0.255 eq telnet/access-list 111 permit ip any anyDaccess-list  111 deny  tcp any  192.168.1.0   0.0.0.255 eq telnet/access-list 111 permit ip any any

单选题哪个选项代表了标准的IP ACL?()A access-list 50 deny 192.168.1.1 0.0.0.255B access-list 110 permit ip any anyC access-list 2500 deny tcp any host 192.168.1.1 eq 22D access-list 101 deny tcp any host 192.168.1.1

单选题A network administrator wants to add a line to an access list that will block only Telnet access by the hosts on subnet 192.168.1.128/28 to the server at 192.168.1.5. What command should be issued to accomplish this task?()Aaccess-list 101 deny tcp 192.168.1.128 0.0.015 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any anyBaccess-list 1 deny tcp 192.168.1.128 0.0.0.15 host 192.168.1.5 eq 23 access-list 1 permit ip any anyCaccess-list 1 deny tcp 192.168.1.128 0.0.0.255 192.168.1.5 0.0.0.0 eq 21 access-list 1 permit ip any anyDaccess-list 101 deny tcp 192.168.1.128 0.0.0.240 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any anyEaccess-list 101 deny ip 192.168.1.128 0.0.0.240 192.158.1.5 0.0.0.0 eq 23 access-list 101 permit ip any anyFaccess-list 101 deny ip 192.168.1.128 0.0.0.15 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any

多选题仅允许HTTP流量进入网络196.15.7.0,下面命令错误的是()。Aaccess-list 100 permit tcp any 196.15.7.0 0.0.0.255 eq wwwBaccess-list 10 deny tcp any 196.15.7.0 eq wwwCaccess-list 100 permit 196.15.7.0 0.0.0.255 eq wwwDaccess-list 110 permit ip any 196.15.7.0 0.0.0.255Eaccess-list 110 permit www 196.15.7.0 0.0.0.255

单选题An access list has been designed to prevent HTTP traffic from the Accounting Department from reaching the HR server attached to the Holyoke router. Which of the following access lists will accomplish this task when grouped with the e0 interface on the Chicopee router()。Apermit ip any any deny tcp 172.16.16.0 0.0.0.255 172.17.17.252 0.0.0.0 eq 80Bpermit ip any any deny tcp 172.17.17.252 0.0.0.0 172.16.16.0 0.0.0.255 eq 80Cdeny tcp 172.17.17.252 0.0.0.0 172.16.16.0 0.0.0.255 eq 80 permit ip any anyDdeny tcp 172.16.16.0 0.0.0.255 172.17.17.252 0.0.0.0 eq 80 permit ip any any

单选题A network administrator wants to add a line to an access list that will block only Telnet access by the hosts on subnet 192.168.1.128/28 to the server at 192.168.1.5. What command should be issued to accomplish this task?()Aaccess-list 101 deny tcp 192.168.1.128 0.0.0.15 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any anyBaccess-list 101 deny tcp 192.168.1.128 0.0.0.240 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any anyCaccess-list 1 deny tcp 192.168.1.128 0.0.0.255 192.168.1.5 0.0.0.0 eq 21 access-list 1 permit ip any anyDaccess-list 1 deny tcp 192.168.1.128 0.0.0.15 host 192.168.1.5 eq 23 access-list 1 permit ip any any

多选题要创建一个扩展命名访问控制列表cisco,仅允许HTTP流量进入网络196.15.7.0/24,下面命令是错误的有()。Aip access-list extended cisco permit tcp any 196.15.7.0 0.0.0.255 eq wwwBip access-list extended cisco deny tcp any 196.15.7.0 eq wwwCip access-list extended cisco permit 196.15.7.0 0.0.0.255 eq wwwDip access-list extended cisco permit ip any 196.15.7.0 0.0.0.255Eip access-list extended cisco permit www 196.15.7.0 0.0.0.255