Trong ICND có câu hỏi về Access-list:
1. What general guideline should be followed when placing IP ACLs, at least according to the ICND course on which CCNA is based?
a. Perform all filtering on output if at all possible.
b. Put more-general statements early in the ACL.
c. Filter packets as close to the source as possible.
d. Order the ACL commands based on the source IP address, lowest to highest, to improve performance.
-> Đáp án trong sách là C.
Em nghĩ C chỉ đúng cho extend, thế còn b, và d mình thấy cũng đúng?
Còn trong ******** của www.celticrover.com có 1 câu:
2.Given the following criteria for granting access from a remote site to your LAN:
Restric access on interface E1
E1= 207.87.81.173
Deny access to Telnet, FTP, SNMP
Allow all other types of operations
Which line should come last in configuring the access list?
a, access-list 101
b, access-list 101 deny eo telnet ftp
c, access-list 101 allow all except ftp telnet
d, access-list 101 permit ip 0.0.0.0 255.255.255.255 any
e, access-list 101 deny ip 207.87.81.173 tcp aq 20 21 23
Đáp án là d? ( Mình không hiểu ).
Nhờ các bạn xem hộ cái?
Thanks!!!
1. What general guideline should be followed when placing IP ACLs, at least according to the ICND course on which CCNA is based?
a. Perform all filtering on output if at all possible.
b. Put more-general statements early in the ACL.
c. Filter packets as close to the source as possible.
d. Order the ACL commands based on the source IP address, lowest to highest, to improve performance.
-> Đáp án trong sách là C.
Em nghĩ C chỉ đúng cho extend, thế còn b, và d mình thấy cũng đúng?
Còn trong ******** của www.celticrover.com có 1 câu:
2.Given the following criteria for granting access from a remote site to your LAN:
Restric access on interface E1
E1= 207.87.81.173
Deny access to Telnet, FTP, SNMP
Allow all other types of operations
Which line should come last in configuring the access list?
a, access-list 101
b, access-list 101 deny eo telnet ftp
c, access-list 101 allow all except ftp telnet
d, access-list 101 permit ip 0.0.0.0 255.255.255.255 any
e, access-list 101 deny ip 207.87.81.173 tcp aq 20 21 23
Đáp án là d? ( Mình không hiểu ).
Nhờ các bạn xem hộ cái?
Thanks!!!
Comment