QUESTION 41
Which command shows if an access list is assigned to an interface? A. show ip interface [interface] access-lists B. show ip access-lists interface [interface] C. show ip interface [interface] D. show ip access-lists [interface] |
問題41
哪個命令可以顯示一個端口上的訪問控制列表? A. show ip interface [interface] access-lists B. show ip access-lists interface [interface] C. show ip interface [interface] D. show ip access-lists [interface] |
答:C
|
QUESTION 336
In which solution is a router ACL used? A. protecting a server frome unauthorized acces B. controlling path selection,based on the route metric C. reducing router CPU utilization D. filterring packets that are passing through a router |
問題336
何種解決方案適用於路由器ACL? A. 保護的服務器弗羅姆的未經授權的存取 B. 控制路徑選擇,根據路由度量值 C. 降低路由器的CPU利用率 D. filterring通過一個路由器的數據包, |
答:D
ACL應用在路由器,提供包過濾的功能 |
QUESTION 382
Which statement about access lists that are applied to an interface is true? A. you can apply multiple access lists with the same protocol or in different… B. you can config one access list,per direction,per layer 3 protocol C. you can place as many access lists as you want on any interface D. you can apply only one access list on any interface |
問題382
關於訪問控制列表的敘述, 何者可以應用於接口? A. 你可以申請多個訪問列表相同的協議,或在不同的... B. 你可以配置一個訪問列表,每個方向上,每一層的協議 C. 你可以把盡可能多的訪問列表,你想要的任何接口上的 D. 你可以在任何介面上只能應用一個訪問列表 |
答:B
一個端口可以配置In out兩個ACL,正確答案為B |
QUESTION 383
Which item represents the standard IP ACL? A. access-list 50 deny 192.168.1.1 0.0.0.255 B. access-list 110 permit ip any any C. access-list 2500 deny tcp any host 192.168.1.1 eq 22 D. access- list 101 deny tcp any host 192.168.1.1 |
問題383
哪一項可以表示標準的IP ACL? A. access-list 50 deny 192.168.1.1 0.0.0.255 B. access-list 110 permit ip any any C. access-list 2500 deny tcp any host 192.168.1.1 eq 22 D. access- list 101 deny tcp any host 192.168.1.1 |
答:A
標準ACL範圍1-99 |
QUESTION 387
Which can be done to secure the virtual terminal interfaces on a router?(choose two) A. Administratively shut down the interfaces. B. Physically secure the interfaces. C. Configure a virtual terminal password and login process. D. Enter an access list and apply it to the terminal interfaces using the access-class command. E. Create an access list and apply it to the terminal interfaces using the access-group command. |
問題387
下列哪些選項, 可使用於確保虛擬終端接口上的路由器(選擇兩項) A. 在行政關閉的接口。 B.物理上是安全的接口。 C. 配置虛擬終端的密碼和登錄過程。 D. 輸入一個訪問列表,並將其應用到終端接口訪問類的命令。 E. 創建一個訪問列表,並將其應用到終端接口的訪問組命令。 |
答:CD
這是一種浪費,行政關閉該接口。此外,有人仍然可以通過其它接口進行訪問的虛擬終端接口 - > A是不正確的。 我們不能物理安全的虛擬接口,因為它是“虛擬” - > B是不正確的。 最簡單的方法,以確保虛擬終端接口配置的用戶名和密碼,以防止未經授權的登錄 - > C是正確的。 要應用訪問列表到一個虛擬的終端接口,我們必須使用“access-class”命令。 “access-group”命令只使用一個物理接口應用訪問列表 - > E是不正確的,D是正確的。 |
QUESTION 391
Refer to the graphic. It has been decided that PC1 should be denied access to Server. Which of the following commands are required to prevent only PC1 from accessing Server1 while allowing all other traffic to flow normally? (Choose two) A. Router (config)# interface fa0/0 Router(config-if)# ip access-group 101 out B. Router(config)# interface fa0/0 Router(config-if)# ip access-group 101 in C. Router(config)# access-list 101 deny ip host 172.16.161.150 host 172.16.162.163 Router(config)# access-list 101 permit ip any any D. Router(config)# access-list 101 deny ip 172.16.161.150 0.0. 0.255 172.16.162.163 0.0.0.0 Router(config)# access-list 101 permit ip any any. |
問題391
服務器請參閱圖示。若決定PC1被拒絕存取至服務器。需要下列的指令, 以防止PC1存取至Server1,以讓所有其他流量的正常流動?(選擇兩項) A. Router (config)# interface fa0/0 Router(config-if)# ip access-group 101 out B. Router(config)# interface fa0/0 Router(config-if)# ip access-group 101 in C. Router(config)# access-list 101 deny ip host 172.16.161.150 host 172.16.162.163 Router(config)# access-list 101 permit ip any any D. Router(config)# access-list 101 deny ip 172.16.161.150 0.0. 0.255 172.16.162.163 0.0.0.0 Router(config)# access-list 101 permit ip any any. |
答:BC
|
QUESTION 392
An access list was written with the four statements shown in the graphic. Which single access list statement will combine all four of these statements into a single statement that will have exactly the same effect? A. access-list 10 permit 172.29.16.0 0.0. 0.255 B. access-list 10 permit 172.29.16.0 0.0.1.255 C. access-list 10 permit 172.29.16.0 0.0.3.255 D. access-list 10 permit 172.29.16.0 0.0.15.255 E. access-list 10 permit 172.29.0.0 0.0.255.255 |
問題392
如圖中所示, 有四個關於訪問控制列表的述敘。哪一個關於訪問控制列的敘述將所有四項敘述結合為一項, 並有相同的效果? A. access-list 10 permit 172.29.16.0 0.0. 0.255 B. access-list 10 permit 172.29.16.0 0.0.1.255 C. access-list 10 permit 172.29.16.0 0.0.3.255 D. access-list 10 permit 172.29.16.0 0.0.15.255 E. access-list 10 permit 172.29.0.0 0.0.255.255 |
答:C
|
QUESTION 393
A network administrator wants to add a line to an access list that will block only Telnet access by the hosts on subnet 192.168.1.128/28 to the server at 192.168.1.5. What command should be issued to accomplish this task? A. access - list 101 deny tcp 192.168.1.128 0.0.0.15 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any B. access-list 101 deny tcp 192.168.1.128 0.0.0.240 192.168.1.5 0.0.0.0 eq 23 access- list 101 permit ip any any C. access-list 1 deny tcp 192.168.1.128 0.0.0.255 192.168.1.5 0.0.0.0 eq 21 access-list 1 permit ip any any D. access-list 1 deny tcp 192.168.1.128 0.0.0.15 host 192.168.1.5 eq 23 access-list 1 permit ip any any |
問題393
網絡管理員想要添加一行字至訪問控制列表, 以阻止Telnet在子網路192.168.1.128/28以該主機訪問, 至服務器192.168.1.5。應該發出什麼命令, 來完成這個任務? A. access - list 101 deny tcp 192.168.1.128 0.0.0.15 192.168.1.5 0.0.0.0 eq 23 access-list 101 permit ip any any B. access-list 101 deny tcp 192.168.1.128 0.0.0.240 192.168.1.5 0.0.0.0 eq 23 access- list 101 permit ip any any C. access-list 1 deny tcp 192.168.1.128 0.0.0.255 192.168.1.5 0.0.0.0 eq 21 access-list 1 permit ip any any D. access-list 1 deny tcp 192.168.1.128 0.0.0.15 host 192.168.1.5 eq 23 access-list 1 permit ip any any |
答:A
|
QUESTION 394
As a network administrator, you have been instructed to prevent all traffic originating on the LAN from entering the R2 router. Which the following command would implement the access list on the interface of the R2 router? A. access-list 101 in B. access -list 101 out C. ip access-group 101 in D. ip access-group 101 out. |
問題394
網絡管理員已經指示, 以避免所有在區域網路上的流量進入路由器R2。下面在路由器R2上的指令, 何者可以執行於訪問控制列表的接口? A. access-list 101 in B. access -list 101 out C. ip access-group 101 in D. ip access-group 101 out |
答:C
|
QUESTION 395
The following access list below was applied outbound on the E0 interface connected to the 192.169.1.8/29 LAN: access-list 135 deny tcp 192.169.1.8 0.0.0.7 eq 20 any access-list 135 deny tcp 192.169.1.8 0.0.0.7 eq 21 any How will the above access lists affect traffic? A. FTP traffic from 192.169.1.22 will be denied B. No traffic, except for FTP traffic will be allowed to exit E0 C. FTP traffic from 192.169.1.9 to any host will be denied D. All traffic exiting E0 will be denied E. All FTP traffic to network 192.169.1.9/29 will be denied |
問題395
下列的訪問控制列表用於向外連接的E0接口, 到192.169.1.8/29 區域網路: access-list 135 deny tcp 192.169.1.8 0.0.0.7 eq 20 any access-list 135 deny tcp 192.169.1.8 0.0.0.7 eq 21 any 上述訪問控制列表是如何影響流量的? A. FTP的流量,將被拒絕從192.169.1.22 B. 沒有交通,除了FTP的流量將被允許退出E0 C. 從192.169.1.9到任何主機的FTP流量將被拒絕 D. 所有流量都將被拒絕退出E0 E. 網絡192.169.1.9/29的所有FTP流量,將被拒絕 |
答:D
|