定义一个用于封禁ICMP协议而只允许转发166.129.130.0／24子网的ICMP数据包的访问控制列表,Cis

13 查阅

定义一个用于封禁ICMP协议而只允许转发166.129.130.0/24子网的ICMP数据包的访问控制列表，Cisco路由器的正确配置是( )。

A) access-list 198 permit icmp 166.129.130.0 255.255.255.0 any

access-list 198 deny icmp any any

access-list 198 permit ip any any

B) access-list 198 permit icmp 166.129.130.0 0.0.0 255 any

access-list 198 deny icmp any any

access-list 198 permit ip any any

C) access-list 99 permit icmp 166.129.130.0 0.0.0 255 any

access-list 99 deny icmp any any

access-list 99 permit ip any any

D) access-list 100 permit icmp 166.129.130.0 0.0.0 255 any

access-list 100 pernut ip any any

access-list 100 deny icmp any any

参考答案:

B(22)B) 【解析】封禁ICMP协议属于配置扩展访问控制列表，所以表号范围为100—199或2000~2699，格式为：access-list access-list-number {permitldeny} protocol source wildcard-mask destination wildcard-mask [operator] [operand]。因为wildcard-mask为子网掩码的反码，所以根据以上描述，本题选项B)正确。

计算机四级