A network administrator configures the port security feature on a switch. The security policy specifies that each access port should allow up to two MAC addresses. When the maximum number of MAC addresses is reached, a frame with the unknown source MAC address is dropped and a notification is sent to the syslog server. Which security violation mode should be configured for each access port?

Question:
A network administrator configures the port security feature on a switch. The security policy specifies that each access port should allow up to two MAC addresses. When the maximum number of MAC addresses is reached, a frame with the unknown source MAC address is dropped and a notification is sent to the syslog server. Which security violation mode should be configured for each access port?

• shutdown
• restrict
• warning
• protect

Explanation: In port security implementation, an interface can be configured for one of three violation modes:
Protect – a port security violation causes the interface to drop packets with unknown source addresses and no notification is sent that a security violation has occurred.
Restrict – a port security violation causes the interface to drop packets with unknown source addresses and to send a notification that a security violation has occurred.
Shutdown – a port security violation causes the interface to immediately become error-disabled and turns off the port LED. No notification is sent that a security violation has occurred.

Exam with this question: CCNA 2 (v5.0.3 + v6.0) Chapter 5 Exam Answers
Exam with this question: Switching, Routing, and Wireless Essentials ( Version 7.00) - SRWE Final Exam
Exam with this question: CCNA 2 (v5.0.3 + v6.0) Chapter 2 Exam Answers
Exam with this question: CCNA 2 v6 Chapter 5: Check Your Understanding