单选题下列高级ACL规则配置正确的有()。Arule permit ip icmp-type echoBrule permit ip source-port eq 1024Crule permit ip tos normal dscp efDrule permit udp time-range udp
单选题
下列高级ACL规则配置正确的有()。
A
rule permit ip icmp-type echo
B
rule permit ip source-port eq 1024
C
rule permit ip tos normal dscp ef
D
rule permit udp time-range udp
参考解析
解析:
暂无解析
相关考题:
拒绝转发所有IP地址进与出方向的、端口号为1434的UDP和端口号为4444的TCP数据包,下列正确的access-list配置是A)Router (config)#access-list 30 deny udp any any eq 1434Router (config)#access-list 30 deny tcp any any eq 4444Router (config)#access-list 30 permit ip any anyB)Router (config)#access-list 130 deny udp any any eq 1434Router (config)#access-list 130 deny tcp any any eq 4444Router (config)#access-list 130 permit ip any anyC)Router (config)#access-list 110 deny any any udp eq 1434Router (config)#access-list 110 deny any any tcp eq 4444Router (config)#access-list 110 permit ip any anyD)Router (config)#access-list 150 deny udp ep 1434 any anyRouter (config)#access-list 150 deny tcp ep 4444 any anyRouter (config)#access-list 150 permit ip any any
根据上述要求,在i层交换机sl上配置了两组ACL,请根据题目要求完成以下配置。access—list 10 permit ip host 10.10.30.1 anyaccess—list 10 permit ip host(6)anyaccess—list 12 permit ip any 158.124~0 0(7)access—list 12 permit ip any 158.153.208.0(8)aeeess—list 12 deny ip any any2.完成以下策略路由的配置。route—map test permit 10(9)ip address 10(10)ip next-hop(11)
请参见图示。公司的新安全策略允许来自工程部LAN的所有IP流量访问Internet,但对于来自营销部LAN的流量,则只允许其中的web流量访问Internet。为实施新的安全策略,可在营销部路由器的Serial0/1接口的出站方向上应用哪一ACL()A.access-list 197 permit ip 192.0.2.0 0.0.0.255 any access-list 197 permit ip 198.18.112.0 0.0.0.255 any eq wwwB.access-list 165 permit ip 192.0.2.0 0.0.0.255 any access-list 165 permit tcp 198.18.112.0 0.0.0.255 any eq www access-list 165 permit ip any anyC.access-list 137 permit ip 192.0.2.0 0.0.0.255 any access-list 137 permit tcp 198.18.112.0 0.0.0.255 any eq wwwD.access-list 89 permit 192.0.2.0 0.0.0.255 any access-list 89 permit tcp 198.18.112.0 0.0.0.255 any eq www
A network administrator is configuring ACLs on a cisco router,to allow traffic from hosts on networks 192.168.146.0,192.168.147.0,192.168.148.0and192.168.149.0 only.Which two ACL statements when combined are the best for accomplishing the task?()A. access-list 10 permit ip 192.168.147.0 0.0.0.255.255B. access-list 10 permit ip 192.168.149.0 0.0.0.255.255C. access-list 10 permit ip 192.168.146.0 0.0.0.0.255D. access-list 10 permit ip 192.168.146.0 0.0.0.1.255E. access-list 10 permit ip 192.168.148.0 0.0.0.1.255F. access-list 10 permit ip 192.168.146.0 255.255.255.0
A network administrator is configuring ACLs on a cisco router, to allow affic from hosts on networks 192.168.146.0,192.168.147.0,192.168.148.0 and 192.168.149.0 only.Which two ACL statements when combined are the best for accomplishing the task?()A.access-list 10 permit ip 192.168.147.0 0.0.0.255.255B.access-list 10 permit ip 192.168.149.0 0.0.0.255.255C.access-list 10 permit ip 192.168.146.0 0.0.0.0.255D.access-list 10 permit ip 192.168.146.0 0.0.1.255E.access-list 10 permit ip 192.168.148.0 0.0.1.255F.access-list 10 permit ip 192.168.146.0 255.255.255.0
下面的访问控制列表命令正确的是()。 A.acl1 rule deny source1.1.1.1B.acl1 rule permit anyC.acl1 permit 1.1.1.102.2.2.20.0.0.255D.acl99 rule deny tcp source any destination2.2.2.20.0.0.255
下列选项中的哪些路由满足下面的ACL条件?()acl number 2001 Rule0permit source 10.1.1.00.0.254.255 A.10.1.1.1/32B.10.1.2.1/32C.10.1.3.1/32D.10.1.4.1/32
计费服务器的ip地址在192.168.1.0/24子网内,为了保证计费服务器的安全,不允许任何用户telnet到该服务器,则需要配置的访问列表条目为:()A、access-list 11 deny tcp 192.168.1.0 0.0.0.255 eq telnet/access-list 111 permit ip any anyB、access-list 111 deny tcp any 192.168.1.0 eq telnet/access-list 111 permit ip any anyC、access-list 111 deny udp 192.168.1.0 0.0.0.255 eq telnet/access-list 111 permit ip any anyD、access-list 111 deny tcp any 192.168.1.0 0.0.0.255 eq telnet/access-list 111 permit ip any any
要创建一个扩展命名访问控制列表cisco,仅允许HTTP流量进入网络196.15.7.0/24,下面命令是错误的有()。A、ip access-list extended cisco permit tcp any 196.15.7.0 0.0.0.255 eq wwwB、ip access-list extended cisco deny tcp any 196.15.7.0 eq wwwC、ip access-list extended cisco permit 196.15.7.0 0.0.0.255 eq wwwD、ip access-list extended cisco permit ip any 196.15.7.0 0.0.0.255E、ip access-list extended cisco permit www 196.15.7.0 0.0.0.255
在路由器MSR-1 上看到如下信息: [MSR-1]display acl 3000 Advanced ACL 3000, named -none-, 2 rules,ACL’s step is 5 rule 0 permit ip source 192.168.1.0 0.0.0.255 rule 10 deny ip (19 times matched) 该ACL 3000 已被应用在正确的接口以及方向上。据此可知()A、这是一个基本ACL(高级的)B、有数据包流匹配了规则rule 10C、至查看该信息时,还没有来自192.168.1.0/24网段的数据包匹配该ACLD、匹配规则rule 10的数据包可能是去往目的网段192.168.1.0/24的
Which of the following IOS commands can detect whether the SQL slammer virus propagates in yournetworks?()A、access-list 100 permit any any udp eq 1434B、access-list 100 permit any any udp eq 1434 logC、access-list 110 permit any any udp eq 69D、access-list 110 permit any any udp eq 69 logE、None of above.
下面的访问控制列表命令正确的是()。A、acl1 rule deny source1.1.1.1B、acl1 rule permit anyC、acl1 permit 1.1.1.102.2.2.20.0.0.255D、acl99 rule deny tcp source any destination2.2.2.20.0.0.255
仅仅允许到主机1.1.1.1的SMTP邮件服务的命名访问控制列表语句是()。A、ip access-list standard cisco permit smtp host 1.1.1.1B、ip access-list extended cisco permit ip smtp host 1.1.1.1C、ip access-list standard cisco permit tcp any host 1.1.1.1 eq smtpD、ip access-list extended cisco permit tcp any host 1.1.1.1 eq smtp
客户路由器的接口GigabitEthernet0/0 下连接了局域网主机HostA,其IP 地址为192.168.0.2/24;接口Serial6/0 接口连接远端,目前运行正常。现增加ACL 配置如下: firewall enable firewall default permit acl number 3003 rule 0 permit tcp rule 5 permit icmp acl number 2003 rule 0 deny source 192.168.0.0 0.0.0.255 interface GigabitEthernet0/0 firewall packet-filter 3003 inbound packet-filter 包过滤 firewall packet-filter 2003 outbound ip address 192.168.0.1 255.255.255.0 interface Serial6/0 link-protocol ppp ip address 6.6.6.2 255.255.255.0 假设其他相关配置都正确,那么()A、HostA不能ping通该路由器上的两个接口地址B、HostA不能ping通6.6.6.2,但是可以ping通192.168.0.1C、HostA不能ping通192.168.0.1,但是可以ping通6.6.6.2D、HostA可以Telnet到该路由器上
某公司的MSR路由器计划通过ISDN DCC拨号接入Internet,在路由器上有如下配置: [H3C] dialer-rule 1 ip deny [H3C] firewall default permit 在拨号接口下已经引用了此拨号访问控制列表dialer-rule 1,那么如下关于拨号的说法哪些是错误的?()A、任何IP数据包都不能触发拨号B、任何IP数据包都可以触发拨号C、TCP类型的数据包可以触发拨号D、UDP类型的数据包可以触发拨号
在MSR路由器上配置了如下ACL: acl number 3999 rule permit tcp source 10.10.10.1 255.255.255.255 destination 20.20.20.1 0.0.0.0 time-range lucky 那么对于该ACL的理解正确的是()A、该rule只在lucky时间段内生效B、该rule只匹配来源于10.10.10.1的数据包C、该rule只匹配去往20.20.20.1的数据包D、该rule可以匹配来自于任意源网段的TCP数据包E、该rule可以匹配去往任意目的网段的TCP数据包
在配置ISDN DCC的时候,客户在自己的MSR路由器上配置了如下的dialer-rule: [MSR] dialer-rule 1 acl 3000 那么关于此配置如下哪些说法正确?()A、只有匹配ACL 3000的数据包能触发拨号B、只有匹配ACL 3000的数据包会被路由器通过拨号链路发送C、没有定义permit或者deny,配置错误D、正确的配置应为:[MSR] dialer-rule 1 acl 3000 permit
在配置ISDNDCC的时候,客户在自己的MSR路由器上配置了如下的dialer-rule:[MSR]dialer-rule1acl3000那么关于此配置如下哪些说法正确?()A、只有匹配ACL3000的数据包能触发拨号B、只有匹配ACL3000的数据包会被路由器通过拨号链路发送C、没有定义permit或者deny,配置错误D、正确的配置应为:[MSR]dialer-rule1acl3000permit
下列高级ACL规则配置正确的有()。A、rule permit ip icmp-type echoB、rule permit ip source-port eq 1024C、rule permit ip tos normal dscp efD、rule permit udp time-range udp
防火墙路由模式下,防火墙的接口地址为192.168.99.101,主机地址为192.168.99.102。以下配置中,能保证主机ping通防火墙接口地址的是()。A、# acl number 2005 rule 0 permit source192.168.99.1020 rule 1 deny source192.168.99.00.0.0.255#B、#acl number 2005 rule 0 deny source192.168.99.00.0.0.255 rule 1 permit source192.168.99.1020#C、#ac lnumber 2005 rule0 deny source192.168.99.1020 rule 1permit source192.168.99.00.0.0.255#D、#ac lnumber 2005 rule 0 permit source192.168.99.00.0.0.255 rule 1 deny source192.168.99.1020#
网络管理员是Cisco路由器上配置访问控制列表,允许来自只的网络192.168.146.0,192.168.147.0,192.168.148.0和192.168.149.0主机。哪个结合是最好的完成任务,当两个ACL语句?()A、 access-list 10 permit ip 192.168.147.0 0.0.0.255.255B、 access-list 10 permit ip 192.168.149.0 0.0.0.255.255C、 access-list 10 permit ip 192.168.146.0 0.0.0.0.255D、 access-list 10 permit ip 192.168.146.0 0.0.0.1.255E、 access-list 10 permit ip 192.168.148.0 0.0.0.1.255F、 access-list 10 permit ip 192.168.146.0 255.255.255.0
单选题计费服务器的ip地址在192.168.1.0/24子网内,为了保证计费服务器的安全,不允许任何用户telnet到该服务器,则需要配置的访问列表条目为:()Aaccess-list 11 deny tcp 192.168.1.0 0.0.0.255 eq telnet/access-list 111 permit ip any anyBaccess-list 111 deny tcp any 192.168.1.0 eq telnet/access-list 111 permit ip any anyCaccess-list 111 deny udp 192.168.1.0 0.0.0.255 eq telnet/access-list 111 permit ip any anyDaccess-list 111 deny tcp any 192.168.1.0 0.0.0.255 eq telnet/access-list 111 permit ip any any
单选题下面的访问控制列表命令正确的是()。Aacl1 rule deny source1.1.1.1Bacl1 rule permit anyCacl1 permit 1.1.1.102.2.2.20.0.0.255Dacl99 rule deny tcp source any destination2.2.2.20.0.0.255
单选题下列高级ACL规则配置正确的有()。Arule permit ip icmp-type echoBrule permit ip source-port eq 1024Crule permit ip tos normal dscp efDrule permit udp time-range udp
多选题网络管理员是Cisco路由器上配置访问控制列表,允许来自只的网络192.168.146.0,192.168.147.0,192.168.148.0和192.168.149.0主机。哪个结合是最好的完成任务,当两个ACL语句?()Aaccess-list 10 permit ip 192.168.147.0 0.0.0.255.255Baccess-list 10 permit ip 192.168.149.0 0.0.0.255.255Caccess-list 10 permit ip 192.168.146.0 0.0.0.0.255Daccess-list 10 permit ip 192.168.146.0 0.0.0.1.255Eaccess-list 10 permit ip 192.168.148.0 0.0.0.1.255Faccess-list 10 permit ip 192.168.146.0 255.255.255.0
单选题A network administrator wants to add a line to an access list that will block only Telnet access by the hosts on subnet 192.168.1.128/28 to the server at 192.168.1.5. What command should be issued to accomplish this task?()Aaccess-list 101 deny tcp 192.168.1.128 0.0.015 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any anyBaccess-list 1 deny tcp 192.168.1.128 0.0.0.15 host 192.168.1.5 eq 23 access-list 1 permit ip any anyCaccess-list 1 deny tcp 192.168.1.128 0.0.0.255 192.168.1.5 0.0.0.0 eq 21 access-list 1 permit ip any anyDaccess-list 101 deny tcp 192.168.1.128 0.0.0.240 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any anyEaccess-list 101 deny ip 192.168.1.128 0.0.0.240 192.158.1.5 0.0.0.0 eq 23 access-list 101 permit ip any anyFaccess-list 101 deny ip 192.168.1.128 0.0.0.15 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any
多选题A network administrator is configuring ACLs on a cisco router, to allow affic from hosts on networks 192.168.146.0,192.168.147.0,192.168.148.0 and 192.168.149.0 only.Which two ACL statements when combined are the best for accomplishing the task?()Aaccess-list 10 permit ip 192.168.147.0 0.0.0.255.255Baccess-list 10 permit ip 192.168.149.0 0.0.0.255.255Caccess-list 10 permit ip 192.168.146.0 0.0.0.0.255Daccess-list 10 permit ip 192.168.146.0 0.0.1.255Eaccess-list 10 permit ip 192.168.148.0 0.0.1.255Faccess-list 10 permit ip 192.168.146.0 255.255.255.0
单选题Which of the following IOS commands can detect whether the SQL slammer virus propagates in yournetworks?()Aaccess-list 100 permit any any udp eq 1434Baccess-list 100 permit any any udp eq 1434 logCaccess-list 110 permit any any udp eq 69Daccess-list 110 permit any any udp eq 69 logENone of above.