某单位路由器防火墙作了如下配置:firewall enableacl 101rule permit ip source 202.38.0.00.0.0.255 destination 10.10.10.100.0.0.255rule deny tcp source 202.38.0.00.0.0.255 destination 10.10.10.100.0.0.255 destination-portgreater-than 1024rule deny ip source any destination any端口配置如下:interface Serial0ip address 202.38.111.25.255.255.255.0link-protocol pppfire wall packet-filter 101 ininterface Ethernet0Ip address 10.10.10.1255.255.255.0内部局域网主机均为10.10.10.0255.255.255.0网段,以下说法正确的是(本题假设其它网络均没有使用acl)()。A、外部主机202.38.0.50可以PING通任何内部主机B、内部主机10.10.10.5,可任意访问外部网络资源C、内部任意主机都可以与外部任意主机建立TCP连接D、外部202.38.5.0/24网段主机可以与此内部网主机TCP连接E、外部202.38.0.0/24网段主机不可以与此内部同主机建立目标端口号大于1024的TCP连接
某单位路由器防火墙作了如下配置:firewall enableacl 101rule permit ip source 202.38.0.00.0.0.255 destination 10.10.10.100.0.0.255rule deny tcp source 202.38.0.00.0.0.255 destination 10.10.10.100.0.0.255 destination-portgreater-than 1024rule deny ip source any destination any端口配置如下:interface Serial0ip address 202.38.111.25.255.255.255.0link-protocol pppfire wall packet-filter 101 ininterface Ethernet0Ip address 10.10.10.1255.255.255.0内部局域网主机均为10.10.10.0255.255.255.0网段,以下说法正确的是(本题假设其它网络均没有使用acl)()。
- A、外部主机202.38.0.50可以PING通任何内部主机
- B、内部主机10.10.10.5,可任意访问外部网络资源
- C、内部任意主机都可以与外部任意主机建立TCP连接
- D、外部202.38.5.0/24网段主机可以与此内部网主机TCP连接
- E、外部202.38.0.0/24网段主机不可以与此内部同主机建立目标端口号大于1024的TCP连接
相关考题:
A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST.However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone.Which configuration statement would correctly accomplish this task?()A. from-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }B. from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }C. from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }D. from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
In JUNOS software with enhanced services, which three packet elements are inspected to determineif a session already exists? ()(Choose three.) A. IP protocolB. IP time-to-liveC. source and destination IP addressD. source and destination MAC addressE. source and destination TCP/UDP port
Firewall filters can be used to accept, discard, or reject packets based on () A. protocol typeB. MAC addressC. TCP or UDP portD. source and destination IP address
What does a Layer 2 switch use to decide where to forward a received frame?() A. source MAC addressB. source IP addressC. source switch portD. destination IP addressE. destination port addressF. destination MAC address
On a newly installed router, the following access list is added to the HSSI interface for incoming traffic:Access-list 101 permit tcp any 10.18.10.0 0.0.0.255 eq tcpWhat is the effect of the any keyword in the above access list?()A. check any of the bits in the source addressB. permit any wildcard mask for the addressC. accept any source addressD. check any bit in the destination addressE. permit 255.255.255.255 0.0.0.0F. accept any destination
Your boss is learning a CCNA training course,refer to the exhibit.The access list has been configured on the S0/0 interface of router RTB in the outbound direction.Which two packets,if routed to the interface,will be denied?()access-list 101 denytcp192.168.15.320.0.0.15any eq telnetaccess-list 101 permitip any anyA.source ip address:192.168.15.5;destination port: 21B.source ip address:,192.168.15.37 destination port: 21C.source ip address:,192.168.15.41 destination port: 21D.source ip address:,192.168.15.36 destination port: 23E.source ip address:192.168.15.46;destination port: 23F.source ip address:,192.168.15.49 destination port: 23
What three pieces of information can be used in an extended access list to filter traffic (Choose three.)()。 A.protocolB.VLAN numberC.TCP or UDP port numbersD.source switch port numberE.source IP address and destination IP addressF.source MAC address and destination MAC address
根据下图,该access list被配置在路由器RTB的S0/0接口上的OUT方向,哪两个数据包会被DENY,如果被路由到该接口上的话?() A.source ip address:192.168.15.5 destination port:21B.source ip address:192.168.15.37 destination port:21C.ssource ip address192.168.15.41 destination port:21D.source ip address:192.168.15.36 destination port:23E.source ip address:192.168.15.46 destination port:23F.source ip address:192.168.15.49 destination port:23
某单位路由器防火墙作了如下配置:firewall enableacl 101rule permit ip source 202.38.0.00.0.0.255 destination 10.10.10.100.0.0.255rule deny tcp source 202.38.0.00.0.0.255 destination 10.10.10.100.0.0.255 destination-portgreater-than 1024rule deny ip source any destination any端口配置如下:interface Serial0ip address 202.38.111.25.255.255.255.0link-protocol pppfire wall packet-filter 101 ininterface Ethernet0Ip address 10.10.10.1255.255.255.0内部局域网主机均为10.10.10.0255.255.255.0网段,以下说法正确的是(本题假设其它网络均没有使用acl)()。A.外部主机202.38.0.50可以PING通任何内部主机B.内部主机10.10.10.5,可任意访问外部网络资源C.内部任意主机都可以与外部任意主机建立TCP连接D.外部202.38.5.0/24网段主机可以与此内部网主机TCP连接E.外部202.38.0.0/24网段主机不可以与此内部同主机建立目标端口号大于1024的TCP连接
下面的访问控制列表命令正确的是()。 A.acl1 rule deny source1.1.1.1B.acl1 rule permit anyC.acl1 permit 1.1.1.102.2.2.20.0.0.255D.acl99 rule deny tcp source any destination2.2.2.20.0.0.255
On a newly installed router, the following access list is added to the HSSI interface for incoming traffic:Access-list 101 permit tcp any 10.18.10.0 0.0.0.255 eq tcp What is the effect of the "any" keyword in the above access list?()A、check any of the bits in the source addressB、permit any wildcard mask for the addressC、accept any source addressD、check any bit in the destination addressE、permit 255.255.255.255 0.0.0.0F、accept any destination
What can be specified in IP VACLs?()A、Protocol and IP source onlyB、IP Source, IP Destination and portsC、IP Source OnlyD、IP Destination Only
Which of the following descriptions about IP spoofing is correct?()A、IP source address is forgedB、IP destination address is forgedC、IP TCP source port is forgedD、IP TCP destination port is forgedE、None of above
What is the result of entering the command port-channel load-balance src-dst-ip on an EtherChannel link? ()A、Packets are distributed across the ports in the channel based on both the source and destination MAC addresses.B、Packets are distributed across the ports in the channel based on both the source and destination IP addresses.C、Packets are balanced across the ports in the channel based first on the source MAC address, then on the destination MAC address, then on the IP address.D、Packets are distributed across the access ports in the channel based first on the source IP address and then the destination IP addresses.
下面能够表示"禁止从129.9.0.0网段中的主机建立与202.38.16.0网段内的主机的WWW端口的连接"的访问控制列表是()。A、acl101 rule deny tcp source129.9.0.00.0.255.255 destination 202.38.16.00.0.0.255 destination-port equal wwwB、acl101 rule deny tcp source129.9.0.00.0.255.255 destination 202.38.16.00.0.0.255 destination-port equal 80C、acl100 rule deny udp source129.9.0.00.0.255.255 destination 202.38.16.00.0.0.255 destination-port equal wwwD、acl99 rule deny udp source129.9.0.00.0.255.255 destination 202.38.16.00.0.0.255 destination-port equal www
下面的访问控制列表命令正确的是()。A、acl1 rule deny source1.1.1.1B、acl1 rule permit anyC、acl1 permit 1.1.1.102.2.2.20.0.0.255D、acl99 rule deny tcp source any destination2.2.2.20.0.0.255
A standard IP access list is applied to an Ethernet interface of a router. What does this standard access list filter on?()A、The source and destination addressesB、The destination port numberC、The destination addressD、The source addressE、All of the above
A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST. However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone. Which configuration statement would correctly accomplish this task?()A、from-zone UNTRUST to-zone TRUST { policy DenyServer { match { source-address any; destination-address any; application any; } then { deny; } } } from-zone TRUST to-zone UNTRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }B、from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then {deny; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }C、from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match { source-address the10net; destination-address Server; application junos-ftp; } then { permit; } } }D、from-zone TRUST to-zone UNTRUST { policy DenyServer { match { source-address Server; destination-address any; application any; } then { permit; } } } from-zone UNTRUST to-zone TRUST { policy AllowTelnetin { match {source-address the10net; destination-address Server; application junos-telnet; } then { permit; } } }
What does a Layer 2 switch use to decide where to forward a received frame?()A、source MAC addressB、source IP addressC、source switch portD、destination IP addressE、destination port addressF、destination MAC address
What three pieces of information can be used in an extended access list to filter traffic (Choose three.)()。A、protocolB、VLAN numberC、TCP or UDP port numbersD、source switch port numberE、source IP address and destination IP addressF、source MAC address and destination MAC address
What is the effect of the following access list condition access-list 101 permit ip 10.25.30.0 0.0.0.255 any()。A、permit all packets matching the first three octets of the source address to all destinationsB、permit all packets matching the last octet of the destination address and accept all source addressesC、permit all packets from the third subnet of the network address to all destinationsD、permit all packets matching the host bits in the source address to all destinationsE、permit all packets to destinations matching the first three octets in the destination address
In JUNOS Software, which three packet elements can be inspected to determine if asession already exists?()A、IP protocolB、IP time-to-liveC、source and destination IP addressD、source and destination MAC addressE、source and destination TCP/UDP port
You have a firewall filter containing two terms applied in an inbound direction on a customer interface. You would like this filter to protect your network from a spoofed denial of service attack. What match criterion should be used in the first term of the filter?()A、Source TCP portB、Source IP addressC、Destination TCP portD、Destination IP address
Firewall filters can be used to accept, discard, or reject packets based on ()A、protocol typeB、MAC addressC、TCP or UDP portD、source and destination IP address
In JUNOS software with enhanced services, which three packet elements are inspected to determineif a session already exists? ()(Choose three.)A、IP protocolB、IP time-to-liveC、source and destination IP addressD、source and destination MAC addressE、source and destination TCP/UDP port
单选题What can be specified in IP VACLs?()AProtocol and IP source onlyBIP Source, IP Destination and portsCIP Source OnlyDIP Destination Only
单选题在华为路由器上配置远程端口镜像功能,实现将远程端口镜像出去的报文,可以通过三层IP网络传送到监控设备,其命令是:()AMirror-sever destination-ip 10.1.0.1 source-ip 192.168.1.1BMonitor-sever destination-ip 10.1.0.1 source-ip 192.168.1.1CObserve-sever destination-ip 10.1.0.1 source-ip 192.168.1.1Dsever destination-ip 10.1.0.1 source-ip 192.168.1.1
单选题Which of the following descriptions about IP spoofing is correct?()AIP source address is forgedBIP destination address is forgedCIP TCP source port is forgedDIP TCP destination port is forgedENone of above