- Which port security mode can assist with troubleshooting by keeping count of violations?
- A. access
- B. protect
- C. restrict*
- D. shutdown
- Which port security violation mode allows traffic from valid mac address to pass but block traffic from invalid MAC address?
Show (Hide) Explanation/ReferenceIn fact both “protect” and “restrict” mode allows traffic from passing with a valid MAC address so this question is not good. This is a quote from Cisco for these two modes:
- A. protect*
- B. shutdown
- C. shutdown vlan
- D. restrict
protect: drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value.
restrict: drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value and causes the SecurityViolation counter to increment.
Therefore the only difference between these two modes is “restrict” mode causes the SecurityViolation counter to increment (only useful for statistics).
- Which type of secure MAC address must be configured manually?
- A. dynamic
- B. bia
- C. static*
- D. sticky
- Which command can you enter in a network switch configuration so that learned MAC addresses are saved in configuration as they connect?
Show (Hide) Explanation/ReferenceThe full command should be “switchport port-security mac-address sticky” but we can abbreviate in Cisco command.
- A. Switch(config-if)#switch port-security
- B. Switch(config-if)#switch port-security mac-address sticky*
- C. Switch(config-if)#switch port-security maximum 10
- D. Switch(config-if)#switch mode access