网友您好, 请在下方输入框内输入要搜索的题目:
题目内容
(请给出正确答案)
A Stateful firewall is MOST useful in protecting against which of the following network scans?()
A.PING
B.UDP
C.Xmas
D.ACK
参考答案
更多 “ A Stateful firewall is MOST useful in protecting against which of the following network scans?() A.PINGB.UDPC.XmasD.ACK ” 相关考题
考题
You’re going to have a quiz ( )by another two in the ( )month.
A. followed,followedB. followed,followingC. following,followedD. following,following
考题
We have lodged a claim () ABC & Co.() the quality of the goods shipped()m.v. “Peace”.A、against, for, byB、with, for, underC、on, against, as perD、to, for, per
考题
When paying cnline,you should pay attention to(75) your personal and financial InformationA.readingB.writingC.executingD.protecting
考题
When paying online,you should pay attention to ( ) your personal and financial information.A.reading
B.writing
C.executing
D.protecting
考题
We have already covered the topic of network addresses. The first(71) in a block (in classes A,B,and C) defines the network address. In classes A,B,and C,if the hostid is all ls, the address is called a direct broadcast address. It is used by a.() to send a packet to all hosts in a specific network. All hosts will accept a packet having this type of destination address. Note that this address can be used only as a (73)address in an lP packet. Note also that this special address also reduces the number of available hostid for each netid in classes A,B,and C.
In classes A,B,and C,an address with all Is for the netid and hostid (32 bits) defines a(74) address in the current network.A host that wants to send a message to every other host can use this address as a destination address in an IP packet. However,a router will block a packet having this type ofaddress to confine the broadcasting to the (75) network. Note that this address belongs to class E.A.router
B.switch
C.huB.
D.firewall
考题
某全国连锁企业的总部和分布在全国各地的30家分公司之间经常需要传输各种内部数据,因此公司决定在总部和各分公司之间建立VPN技术。具体拓扑如下:配置部分只显示了与总部与分公司1的配置。根据拓扑完成问题1-问题3。
[问题1](3分):在总部与分公司之间相连的VPN方式是(1),在IPsec工作模式中有传输模式和隧道模式,其中将源IP数据包整体封装后再进行传输的模式是(2).1备选答案:A.站点到站点 B.端到端C.端到站点[问题2](13分):请将相关配置补充完整。总部防火墙firewall1的部分配置如下。 (3)[FIREWALL1] interface(4)[FIREWALL1-GigabitEthernet1/0/2] ip address (5)[FIREWALL1-GigabitEthernet1/0/2] quit[FIREWALL1] interface GigabitEthernet 1/0/1[FIREWALL1-GigabitEthernet1/0/1] ip address 202.1.3.1 24[FIREWALL1-GigabitEthernet1/0/1] quit# 配置接口加入相应的安全区域。[FIREWALL1] firewall zone trust [FIREWALL1-zone-trust] add interface (6)[FIREWALL1-zone-trust] quit[FIREWALL1](7)[FIREWALL1-zone-untrust] add interface GigabitEthernet 1/0/1[FIREWALL1-zone-untrust] quit2. 配置安全策略,允许私网指定网段进行报文交互。# 配置Trust域与Untrust域的安全策略,允许封装前和解封后的报文能通过[FIREWALL1](8)[FIREWALL1-policy-security] rule name 1[FIREWALL1-policy-security-rule-1] source-zone (9)[FIREWALL1-policy-security-rule-1] destination-zone untrust[FIREWALL1-policy-security-rule-1] source-address (10)[FIREWALL1-policy-security-rule-1] destination-address 192.168.200.0 24[FIREWALL1-policy-security-rule-1] action (11)[FIREWALL1-policy-security-rule-1] quit…..# 配置Local域与Untrust域的安全策略,允许IKE协商报文能正常通过FIREWALL1。[FIREWALL1-policy-security] rule name 3[FIREWALL1-policy-security-rule-3] source-zone local[FIREWALL1-policy-security-rule-3] destination-zone untrust[FIREWALL1-policy-security-rule-3] source-address 202.1.3.1 32[FIREWALL1-policy-security-rule-3] destination-address 202.1.5.1 32[FIREWALL1-policy-security-rule-3] action permit[FIREWALL1-policy-security-rule-3] quit…3. 配置IPSec隧道。# 配置访问控制列表,定义需要保护的数据流。[FIREWALL1] (12)[FIREWALL1-acl-adv-3000] rule permit (13)[FIREWALL1-acl-adv-3000] quit# 配置名称为tran1的IPSec安全提议。[FIREWALL1] ipsec proposal tran1[FIREWALL1-ipsec-proposal-tran1] encapsulation-mode (14)[FIREWALL1-ipsec-proposal-tran1] transform esp[FIREWALL1-ipsec-proposal-tran1] esp authentication-algorithm sha2-256[FIREWALL1-ipsec-proposal-tran1] esp encryption-algorithm aes[FIREWALL1-ipsec-proposal-tran1] quit# 配置序号为10的IKE安全提议。[FIREWALL1] (15)[FIREWALL1-ike-proposal-10] authentication-method pre-share[FIREWALL1-ike-proposal-10] authentication-algorithm sha2-256[FIREWALL1-ike-proposal-10] quit# 配置IKE用户信息表。[FIREWALL1] ike user-table 1[FIREWALL1-ike-user-table-1] user id-type ip 202.1.5.1 pre-shared-key Admin@gkys[FIREWALL1-ike-user-table-1] quit# 配置IKE Peer。[FIREWALL1] ike peer b[FIREWALL1-ike-peer-b] ike-proposal 10[FIREWALL1-ike-peer-b] user-table 1[FIREWALL1-ike-peer-b] quit# 配置名称为map_temp序号为1的IPSec安全策略模板。[FIREWALL1] ipsec policy-template map_temp 1[FIREWALL1-ipsec-policy-template-map_temp-1] security acl 3000[FIREWALL1-ipsec-policy-template-map_temp-1] proposal tran1[FIREWALL1-ipsec-policy-template-map_temp-1] ike-peer b[FIREWALL1-ipsec-policy-template-map_temp-1] reverse-route enable[FIREWALL1-ipsec-policy-template-map_temp-1] quit# 在IPSec安全策略map1中引用安全策略模板map_temp。[FIREWALL1] ipsec policy map1 10 isakmp template map_temp# 在接口GigabitEthernet 1/0/1上应用安全策略map1。[FIREWALL1] interface GigabitEthernet 1/0/1[FIREWALL1-GigabitEthernet1/0/1] ipsec policy map1[FIREWALL1-GigabitEthernet1/0/1] quit [问题3]IPsec中,通过一些协议的处理,可以有效的保护分组安全传输。其中能够确保数据完整性,但是不能确保数据机密性的是(17),而技能报数数据传输的机密性又能保证数据完整性的是(18)
考题
下面哪个命令是用于开放POP3协议所使用的端口()。A.firewall-cmd --permanent --add-port=110/tcpB.firewall-cmd --permanent --add-port=143/tcpC.firewall-cmd --permanent --add-port=25/tcpD.firewall-cmd --permanent --add-port=993/tcp
考题
在防火墙中永久开放FTP服务的命令是A.firewall-cmd --add-service=ftpB.firewall-cmd --permanent --add-service=ftpC.firewall-cmd --permanent --service=ftpD.firewall-cmd --permanent --add-service-ftp
考题
1、下面哪个命令是用于开放POP3协议所使用的端口()。A.firewall-cmd --permanent --add-port=110/tcpB.firewall-cmd --permanent --add-port=143/tcpC.firewall-cmd --permanent --add-port=25/tcpD.firewall-cmd --permanent --add-port=993/tcp
考题
重新加载防火墙的命令是()。A.firewall-cmd --startB.firewall-cmd --reloadC.firewall-start --reloadD.firewall-cmd --enable
热门标签
最新试卷
