itgle.com
更多“List information for any meetings you are going to attend(). ”相关问题
  • 第1题:

    ACL默认执行顺序是(5),在配置时要遵循(6)原则、最靠近受控对象原则、以及默认丢弃原则。

    (5)、(6)备选项

    (A)最大特权(B)最小特权(C)随机选取

    (D)自左到右(E)自上而下(F)自下而上

    =2.要禁止内网中IP地址为192.168.46.8的PC机访问外网,正确的ACL规则是(7).

    (A)access-list 1 permit ip 192.168.46.00.0.0.255 any

    access-list 1 deny ip host 192.168.46.8 any

    (B)access-list 1 permit ip host 192.168.46.8 any

    access-list 1 deny ip 192.168.46.00.0.0.255 any

    (C)access-list 1 deny ip 192.168.46.00.0.0.255 any

    access-list 1 permit ip host 192.168.46.8 any

    (D)access-list 1 deny ip host 192.16.46.8 any

    access-list 1 permit ip 192.168.46.00.0.0.255


    正确答案:(5)(E)自上而下 (6)(B)最小特权 (7)(D)access-list 1 deny ip host 198.168.46.8 any access-list 1 permit ip 192.168.46.00.0.0.255 any
    (5)(E)自上而下 (6)(B)最小特权 (7)(D)access-list 1 deny ip host 198.168.46.8 any access-list 1 permit ip 192.168.46.00.0.0.255 any 解析:本题考查的是。
    1.ACL默认的执行次序是自上而下,另外ACL在执行时应注意以下原则:
    (1)最小特权原则
    只给受控对象完成任务所必须的最小的权限。也就是说被控制的总规则是各个规则的交集,只满足部分条件的是不容许通过规则的。
    (2)最靠近受控对象原则
    所有的网层访问权限控制。也就是说在检查规则时是采用自上而下在ACL中一条条检测的,只要发现符合条件了就立刻转发,而不继续检测下面的ACL语句。
    (3)默认丢弃原则
    在CISCO路由交换设备中默认最后一句为ACL中加入了DENY ANY ANY,也就是丢弃所有不符合条件的数据包。这一点要特别注意,虽然我们可以修改这个默认,但未改前一定要引起重视
    2.ACL在执行时,默认的执行次序是自上而下。另外,在匹配规则时,数据包如果与前面的规则已匹配,就会按照此规则执行,而不再匹配下面与该数据包相关的规则。
    要禁止内网中IP地址为192.168.46.8的PC机访问外网。需要先禁止192.168.46.8数据包,再放行192.168.46.0网段数据包,注意次序。

  • 第2题:

    标准IP访问控制列表的基本格式为access-list[1ist number][permit|deny][host/any][sourceaddress][wild-card-mask][log],请填写其参数描述。

    a、list number…………………………………… ______

    b、permit/deny………………………………… ______

    c、source address……………………………… ______

    d、host/any…………………………………… ______

    e、windcad-mask……………………………… ______


    正确答案:表号范围 允许或拒绝 源地址 主机匹配 通配符屏蔽码
    表号范围 允许或拒绝 源地址 主机匹配 通配符屏蔽码

  • 第3题:

    What is the effect of the following access list condition access-list 101 permit ip 10.25.30.0 0.0.0.255 any()。

    A.permit all packets matching the first three octets of the source address to all destinations

    B.permit all packets matching the last octet of the destination address and accept all source addresses

    C.permit all packets from the third subnet of the network address to all destinations

    D.permit all packets matching the host bits in the source address to all destinations

    E.permit all packets to destinations matching the first three octets in the destination address


    参考答案:A

  • 第4题:

    如图4-1所示,要求在防火墙上通过ACL配置,允许在inside区域除工作站PC1外的所有主机都能访问Internet,请补充完成ACL规则200。

    access-list 200 (9) host 192.168.46.10 any

    access-list 200 (10) 192.168.46.0 0.0.0.255 any


    正确答案:deny permit
    deny permit 解析:两条ACL语句应该为允许192.168.46.0子网的所有数据包通过,但拒绝192.168.46.10的数据包,所以(9)为deny,(10)为permit。

  • 第5题:

    Whatistheeffectofthefollowingaccesslistcondition?access-list101permitip10.25.30.00.0.0.255any()。

    A.permitallpacketsmatchingthefirstthreeoctetsofthesourceaddresstoalldestinations

    B.permitallpacketsmatchingthelastoctetofthedestinationaddressandacceptallsourceaddresses

    C.permitallpacketsfromthethirdsubnetofthenetworkaddresstoalldestinations

    D.permitallpacketsmatchingthehostbitsinthesourceaddresstoalldestinations

    E.permitallpacketstodestinationsmatchingthefirstthreeoctetsinthedestinationaddress


    参考答案:A

  • 第6题:

    以下对于列表的相关操作中哪些项有正确的输出结果?

    A.>>> language = list('PHP'); >>> language[1:] = 'ython'; >>> print(language) ['P', 'y', 't', 'h', 'o', 'n']#B.>>> print(list('Life is short, you need Python.').count('is')) 1#C.>>> x = [2, 3, 0, 4, 1] >>> x.sort() >>> print(x) [0, 1, 2, 3, 4]#D.>>> words = ['Life', 'is', 'short', 'you', 'need', 'Python'] >>> words.index('you') 4
    >>> language = list('PHP'); >>> language[1:] = 'ython'; >>> print language ['P', 'y', 't', 'h', 'o', 'n'];>>> x = [2, 3, 0, 4, 1]>>> x.sort()>>> print x[0, 1, 2, 3, 4]