有关下列扩展 ACL 的说法中哪两项正确? (选择两项。) access-list 101 deny tcp 172.16.3.0 0.0.0.255 any eq 20 access-list 101 deny tcp 172.16.3.0 0.0.0.255 any eq 21 access-list 101 permit ip any anyA.拒绝从网络 172.16.3.0/24 始发的所有 FTP 流量B.会拒绝发往网络 172.16.3.0/24 的所有 FTP 流量C.会拒绝从网络 172.16.3.0/24 始发的所有 Telnet 流量D.会允许从网络 172.16.3.0 始发的 Web 流量

有关下列扩展 ACL 的说法中哪两项正确? (选择两项。) access-list 101 deny tcp 172.16.3.0 0.0.0.255 any eq 20 access-list 101 deny tcp 172.16.3.0 0.0.0.255 any eq 21 access-list 101 permit ip any any

A.拒绝从网络 172.16.3.0/24 始发的所有 FTP 流量

B.会拒绝发往网络 172.16.3.0/24 的所有 FTP 流量

C.会拒绝从网络 172.16.3.0/24 始发的所有 Telnet 流量

D.会允许从网络 172.16.3.0 始发的 Web 流量

参考答案和解析
扩展 ACL 会检查源地址和目的地址;可通过添加对端口号的检查进一步定义 ACL

相关考题:

(22)下面的访问控制列表中,()禁止所有TELNET访问子网10.10.1.0/24。A)access-list 15 deny udp any 10.10.1.0 255.255 255.0 eq 23B) access-list 115 deny tcp any 10.10.1.0 0.0.0.255 eq 23C)access-list 115 deny udp any 10.10.1.0 eq telnetD)access-list 15 deny telnet any 10.10.1.0 0.0.0.255 eq 23
查看答案
拒绝转发所有IP地址进与出方向的、端口号为1434的UDP和端口号为4444的TCP数据包,下列正确的access-list配置是A)Router (config)#access-list 30 deny udp any any eq 1434Router (config)#access-list 30 deny tcp any any eq 4444Router (config)#access-list 30 permit ip any anyB)Router (config)#access-list 130 deny udp any any eq 1434Router (config)#access-list 130 deny tcp any any eq 4444Router (config)#access-list 130 permit ip any anyC)Router (config)#access-list 110 deny any any udp eq 1434Router (config)#access-list 110 deny any any tcp eq 4444Router (config)#access-list 110 permit ip any anyD)Router (config)#access-list 150 deny udp ep 1434 any anyRouter (config)#access-list 150 deny tcp ep 4444 any anyRouter (config)#access-list 150 permit ip any any
查看答案
● 以下 ACL 语句中,含义为“允许 172.168.0.0/24 网段所有 PC 访问 10.1.0.10 中的FTP 服务”的是(42) 。(42)A. access-list 101 deny tcp 172.168.0.0 0.0.0.255 host 10.1.0.10 eq ftpB. access-list 101 permit tcp 172.168.0.0 0.0.0.255 host 10.1.0.10 eq ftpC. access-list 101 deny tcp host 10.1.0.10 172.168.0.0 0.0.0.255 eq ftpD. access-list 101 permit tcp host 10.1.0.10 172.168.0.0 0.0.0.255 eq ftp
查看答案
Which one of the access control list statements below will deny all telnet connections to subnet 10.10.1.0/24?() A. access-list 15 deny telnet any 10.10.1.0 0.0.0.255 eq 23B. access-list 115 deny udp any 10.10.1.0 eq telnetC. access-list 15 deny tcp 10.10.1.0 255.255.255.0 eq telnetD. access-list 115 deny tcp any 10.10.1.0 0.0.0.255 eq 23E. access-list 15 deny udp any 10.10.1.0 255.255.255.0 eq 23
查看答案
On the Hong Kong router an access list is needed that will accomplish the following:1. Allow a Telnet connection to the HR Server through the Internet2. Allow internet HTTP traffic to access the webserver3. Block any other traffic from the internet to everything elseWhich of the following access list statements are capable of accomplishing thesethree goals?()A. access-list 101 permit tcp any 172.17.18.252 0.0.0.0 eq 80B. access-list 1 permit tcp any 172.17.17.252 0.0.0.0 eq 23C. access-list 101 permit tcp 172.17.17.252 0.0.0.0 any eq 23D. access-list 101 deny tcp any 172.17.17.252 0.0.0.0 eq 23E. access-list 101 deny tcp any 172.17.18.252 0.0.0.0 eq 80F. access-list 101 permit tcp any 172.17.17.252 0.0.0.0 eq 23
查看答案
下面 ACL 语句中,准备表达“允许访问服务器 202.110.10.1 的 WWW 服务”的是()。 A. access-list 101 permit any 202.110.10.1B. access-list 101 permit tcp any host 202.110.10.1 eq wwwC. access-list 101 deny any 202.110.10.1D. access-list 101 deny tcp any host 202.110.10.1 eq www
查看答案
Which one of the access control list statements below will deny all telnet connections to subnet 10.10.1.0/24?()A、access-list 15 deny telnet any 10.10.1.0 0.0.0.255 eq 23B、access-list 115 deny udp any 10.10.1.0 eq telnetC、access-list 15 deny tcp 10.10.1.0 255.255.255.0 eq telnetD、access-list 115 deny tcp any 10.10.1.0 0.0.0.255 eq 23E、access-list 15 deny udp any 10.10.1.0 255.255.255.0 eq 23
查看答案
计费服务器的ip地址在192.168.1.0/24子网内,为了保证计费服务器的安全,不允许任何用户telnet到该服务器,则需要配置的访问列表条目为:()A、access-list  11 deny  tcp 192.168.1.0   0.0.0.255 eq telnet/access-list 111 permit ip any anyB、access-list  111 deny  tcp any  192.168.1.0   eq telnet/access-list 111 permit ip any anyC、access-list  111 deny udp 192.168.1.0   0.0.0.255 eq telnet/access-list 111 permit ip any anyD、access-list  111 deny  tcp any  192.168.1.0   0.0.0.255 eq telnet/access-list 111 permit ip any any
查看答案
要创建一个扩展命名访问控制列表cisco,仅允许HTTP流量进入网络196.15.7.0/24,下面命令是错误的有()。A、ip access-list extended cisco permit tcp any 196.15.7.0 0.0.0.255 eq wwwB、ip access-list extended cisco deny tcp any 196.15.7.0 eq wwwC、ip access-list extended cisco permit 196.15.7.0 0.0.0.255 eq wwwD、ip access-list extended cisco permit ip any 196.15.7.0 0.0.0.255E、ip access-list extended cisco permit www 196.15.7.0 0.0.0.255
查看答案
仅允许HTTP流量进入网络196.15.7.0,下面命令错误的是()。A、access-list 100 permit tcp any 196.15.7.0 0.0.0.255 eq wwwB、access-list 10 deny tcp any 196.15.7.0 eq wwwC、access-list 100 permit 196.15.7.0 0.0.0.255 eq wwwD、access-list 110 permit ip any 196.15.7.0 0.0.0.255E、access-list 110 permit www 196.15.7.0 0.0.0.255
查看答案
下列语句中,()是标准ACL。A、access-list 50 deny 192.168.1.1 0.0.0.255B、access-list 110 deny ip any anyC、access-list 2500 deny tcp any host 192.168.1.1 eq 22D、access-list 101 deny tcp any host 192.168.1.1
查看答案
A network administrator wants to add a line to an access list that will block only Telnet access by the hosts on subnet 192.168.1.128/28 to the server at 192.168.1.5. What command should be issued to accomplish this task?()A、access-list 101 deny tcp 192.168.1.128 0.0.015 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any anyB、access-list 1 deny tcp 192.168.1.128 0.0.0.15 host 192.168.1.5 eq 23 access-list 1 permit ip any anyC、access-list 1 deny tcp 192.168.1.128 0.0.0.255 192.168.1.5 0.0.0.0 eq 21 access-list 1 permit ip any anyD、access-list 101 deny tcp 192.168.1.128 0.0.0.240 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any anyE、access-list 101 deny ip 192.168.1.128 0.0.0.240 192.158.1.5 0.0.0.0 eq 23 access-list 101 permit ip any anyF、access-list 101 deny ip 192.168.1.128 0.0.0.15 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any
查看答案
On the Hong Kong router an access list is needed that will accomplish the following:1. Allow a Telnet connection to the HR Server through the Internet2. Allow internet HTTP traffic to access the webserver3. Block any other traffic from the internet to everything elseWhich of the following access list statements are capable of accomplishing thesethree goals?()A、access-list 101 permit tcp any 172.17.18.252 0.0.0.0 eq 80B、access-list 1 permit tcp any 172.17.17.252 0.0.0.0 eq 23C、access-list 101 permit tcp 172.17.17.252 0.0.0.0 any eq 23D、access-list 101 deny tcp any 172.17.17.252 0.0.0.0 eq 23E、access-list 101 deny tcp any 172.17.18.252 0.0.0.0 eq 80F、access-list 101 permit tcp any 172.17.17.252 0.0.0.0 eq 23
查看答案
A network administrator wants to add a line to an access list that will block only Telnet access by the hosts on subnet 192.168.1.128/28 to the server at 192.168.1.5.What command should be issued to accomplish this task?()A、access-list 101 deny tcp192.168.1.1280.0.0.15192.168.1.50.0.0.0eq23 access-list 101 permit ip any anyB、access-list 101 deny tcp192.168.1.1280.0.0.240192.168.1.50.0.0.0eq23 access-list101permit ip any anyC、access-list 1 deny tcp192.168.1.1280.0.0.255192.168.1.50.0.0.0eq21 access-list1permit ip any anyD、access-list 1 deny tcp192.168.1.1280.0.0.15host192.168.1.5eq23 access-list1permit ip any any
查看答案
Which item represents the standard IPACL?()A、access-list 50 deny 192.168.1.10.0.0.255B、access-list 110 permit ip any anyC、access-list 2500 deny tcp any host 192.168.1.1 eq22D、access-list 101 deny tcp any host 192.168.1.1
查看答案
以下那一条语句是标准ACL()A、access-list 50 deny 192.168.1.1 0.0.0.255B、access-list 110 deny ip any anyC、access-list 2500 deny tcp any host 192.168.1.1 eq 22D、access-liet 101 deny tcp any host 192.168.1.1
查看答案
下列哪一条命令可以阻塞一网段的RIP广播报文?()A、access-list 101 deny tcp any 255.255.255.255B、access-list 101 deny udp any any eq 520C、access-list 101 deny udp any any eq 53D、access-list 10 deny udp any 255.255.255.255
查看答案
哪个选项代表了标准的IP ACL?()A、 access-list 50 deny 192.168.1.1 0.0.0.255B、 access-list 110 permit ip any anyC、 access-list 2500 deny tcp any host 192.168.1.1 eq 22D、 access-list 101 deny tcp any host 192.168.1.1
查看答案
Which item represents the standard IP ACL?()A、access-list 50 deny 192.168.1.1 0.0.0.255B、access-list 110 permit ip any anyC、access-list 2500 deny tcp any host 192.168.1.1 eq 22D、access-list 101 deny tcp any host 192.168.1.1
查看答案
Which item represents the standard IP ACL?()A、access-list 50 deny 192.168.1.10.0.0.255B、access-list 110 permitip any anyC、access-list 2500 deny tcp any host 192.168.1.1eq22D、access-list 101 deny tcp any host 192.168.1.1
查看答案
A network administrator wants to add a line to an access list that will block only Telnet access by the hosts on subnet 192.168.1.128/28 to the server at 192.168.1.5. What command should be issued to accomplish this task?()A、access-list 101 deny tcp 192.168.1.128 0.0.0.15 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any anyB、access-list 101 deny tcp 192.168.1.128 0.0.0.240 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any anyC、access-list 1 deny tcp 192.168.1.128 0.0.0.255 192.168.1.5 0.0.0.0 eq 21 access-list 1 permit ip any anyD、access-list 1 deny tcp 192.168.1.128 0.0.0.15 host 192.168.1.5 eq 23 access-list 1 permit ip any any
查看答案
下面ACL语句中,表达“禁止外网和内网之间互相ping”的是 () 。 A、access-list 101 permit any anyB、access-list 101 permit icmp any anyC、access-list 101 deny any anyD、access-list 101 deny icmp any any
查看答案
单选题哪个选项代表了标准的IP ACL?()A access-list 50 deny 192.168.1.1 0.0.0.255B access-list 110 permit ip any anyC access-list 2500 deny tcp any host 192.168.1.1 eq 22D access-list 101 deny tcp any host 192.168.1.1
查看答案
单选题计费服务器的ip地址在192.168.1.0/24子网内,为了保证计费服务器的安全,不允许任何用户telnet到该服务器,则需要配置的访问列表条目为:()Aaccess-list  11 deny  tcp 192.168.1.0   0.0.0.255 eq telnet/access-list 111 permit ip any anyBaccess-list  111 deny  tcp any  192.168.1.0   eq telnet/access-list 111 permit ip any anyCaccess-list  111 deny udp 192.168.1.0   0.0.0.255 eq telnet/access-list 111 permit ip any anyDaccess-list  111 deny  tcp any  192.168.1.0   0.0.0.255 eq telnet/access-list 111 permit ip any any
查看答案
单选题A network administrator wants to add a line to an access list that will block only Telnet access by the hosts on subnet 192.168.1.128/28 to the server at 192.168.1.5.What command should be issued to accomplish this task?()Aaccess-list 101 deny tcp192.168.1.1280.0.0.15192.168.1.50.0.0.0eq23 access-list 101 permit ip any anyBaccess-list 101 deny tcp192.168.1.1280.0.0.240192.168.1.50.0.0.0eq23 access-list101permit ip any anyCaccess-list 1 deny tcp192.168.1.1280.0.0.255192.168.1.50.0.0.0eq21 access-list1permit ip any anyDaccess-list 1 deny tcp192.168.1.1280.0.0.15host192.168.1.5eq23 access-list1permit ip any any
查看答案
单选题A network administrator wants to add a line to an access list that will block only Telnet access by the hosts on subnet 192.168.1.128/28 to the server at 192.168.1.5. What command should be issued to accomplish this task?()Aaccess-list 101 deny tcp 192.168.1.128 0.0.0.15 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any anyBaccess-list 101 deny tcp 192.168.1.128 0.0.0.240 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any anyCaccess-list 1 deny tcp 192.168.1.128 0.0.0.255 192.168.1.5 0.0.0.0 eq 21 access-list 1 permit ip any anyDaccess-list 1 deny tcp 192.168.1.128 0.0.0.15 host 192.168.1.5 eq 23 access-list 1 permit ip any any
查看答案
单选题A network administrator wants to add a line to an access list that will block only Telnet access by the hosts on subnet 192.168.1.128/28 to the server at 192.168.1.5. What command should be issued to accomplish this task?()Aaccess-list 101 deny tcp 192.168.1.128 0.0.015 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any anyBaccess-list 1 deny tcp 192.168.1.128 0.0.0.15 host 192.168.1.5 eq 23 access-list 1 permit ip any anyCaccess-list 1 deny tcp 192.168.1.128 0.0.0.255 192.168.1.5 0.0.0.0 eq 21 access-list 1 permit ip any anyDaccess-list 101 deny tcp 192.168.1.128 0.0.0.240 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any anyEaccess-list 101 deny ip 192.168.1.128 0.0.0.240 192.158.1.5 0.0.0.0 eq 23 access-list 101 permit ip any anyFaccess-list 101 deny ip 192.168.1.128 0.0.0.15 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any
查看答案
多选题要创建一个扩展命名访问控制列表cisco,仅允许HTTP流量进入网络196.15.7.0/24,下面命令是错误的有()。Aip access-list extended cisco permit tcp any 196.15.7.0 0.0.0.255 eq wwwBip access-list extended cisco deny tcp any 196.15.7.0 eq wwwCip access-list extended cisco permit 196.15.7.0 0.0.0.255 eq wwwDip access-list extended cisco permit ip any 196.15.7.0 0.0.0.255Eip access-list extended cisco permit www 196.15.7.0 0.0.0.255
查看答案
热门标签