CCNA 200-125 Exam: Port Security Questions 2 With Answers

  1. Which port security mode can assist with troubleshooting by keeping count of violations?
    • A. access
    • B. protect
    • C. restrict*
    • D. shutdown
  2. Which port security violation mode allows traffic from valid mac address to pass but block traffic from invalid MAC address?
    • A. protect*
    • B. shutdown
    • C. shutdown vlan
    • D. restrict

    Show (Hide) Explanation/Reference
    In fact both “protect” and “restrict” mode allows traffic from passing with a valid MAC address so this question is not good. This is a quote from Cisco for these two modes:

    protect: drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value.

    restrict: drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value and causes the SecurityViolation counter to increment.

    Reference: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/port_sec.pdf

    Therefore the only difference between these two modes is “restrict” mode causes the SecurityViolation counter to increment (only useful for statistics).

  3. Which type of secure MAC address must be configured manually?
    • A. dynamic
    • B. bia
    • C. static*
    • D. sticky
  4. Which command can you enter in a network switch configuration so that learned MAC addresses are saved in configuration as they connect?
    • A. Switch(config-if)#switch port-security
    • B. Switch(config-if)#switch port-security mac-address sticky*
    • C. Switch(config-if)#switch port-security maximum 10
    • D. Switch(config-if)#switch mode access

    Show (Hide) Explanation/Reference
    The full command should be “switchport port-security mac-address sticky” but we can abbreviate in Cisco command.

Related Articles

Leave a Reply

avatar