看完上面的内容后,那么大家可以看以下几道关于CISCO访问控制列表的例题:
1、What are two reasons that a network administrator would use access lists? (Choose two.)
A:to control vty access into a router
B:to control broadcast traffic through a router
C:to filter traffic as it passes through a router
D:to filter traffic that originates from the router
E:to replace passwords as a line of defense against security incursions
Answers: A, C
注:该题主要考察CISCO考生对ACL作用的理解:网络管理员在网络中使用ACL的两个理由?
A选项指出了CISCO 访问列表的一个用法:通过VTY线路来访问路由器的访问控制;
ACL不能对穿越路由器的广播流量作出有效控制。
选项C也指明了ACL的另一个作用,那就是过滤穿越路由器的流量。这里要注意了,是“穿越”路由器的流量才能被ACL来作用,但是路器本身产生的流量,比如路由更新报文等,ACL是不会对它起任何作用的:因为ACL不能过滤由路由器本身产生的流量,那么D也是错误的;
2、For security reasons, the network administrator needs to prevent pings into the corporate networks from hosts outside the internetwork. Which protocol should be blocked with access control lists?
A: IP
B: ICMP
C: TCP
D: UDP
Answers: B
安全起见,网络管理员想要阻止来自Internet上的外部主机PING企业内部网络,哪种协议必须在访问列表中被阻塞掉?PING使用的是ICMP协议,在ACL中,我们可以自己来定义需要被允许或者拒绝某些协议的流量。该题选B
3、Refer to the exhibit. The access list has been configured on the S0/0 interface of router RTB in the outbound direction. Which two packets, if routed to the interface, will be denied? (Choose two.)
access-list 101 deny tcp 192.168.15.32 0.0.0.15 any eq telnet
access-list 101 permit ip any any
访问控制列表
A:source ip address: 192.168.15.5; destination port: 21
B:source ip address:, 192.168.15.37 destination port: 21
C:source ip address:, 192.168.15.41 destination port: 21
D:source ip address:, 192.168.15.36 destination port: 23
E:source ip address: 192.168.15.46; destination port: 23
Correct Answers: B, E
如图,在RTB上配置了访问列表,控制从S0/0口出去向外部的由192.168.15.32/29网段发起的telnet流量,其它流量允许通过。telnet使用23号端口,由此可以排除掉ABC三个选项。该题选择D,E.
京公网安备 11010802021500号