- Which port security mode can assist with troubleshooting by keeping count of violations?
- A. access
- B. protect
- C. restrict*
- D. shutdown
- Which port security violation mode allows traffic from valid mac address to pass but block traffic from invalid MAC address?
Show (Hide) Explanation/ReferenceIn fact both “protect” and “restrict” mode allows traffic from passing with a valid MAC address so this question is not good. This is a quote from Cisco for these two modes:
- A. protect*
- B. shutdown
- C. shutdown vlan
- D. restrict
protect: drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value.
restrict: drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value and causes the SecurityViolation counter to increment.
- Which type of secure MAC address must be configured manually?
- A. dynamic
- B. bia
- C. static*
- D. sticky
- Which command can you enter in a network switch configuration so that learned MAC addresses are saved in configuration as they connect?
Show (Hide) Explanation/ReferenceThe full command should be “switchport port-security mac-address sticky” but we can abbreviate in Cisco command.
- A. Switch(config-if)#switch port-security
- B. Switch(config-if)#switch port-security mac-address sticky*
- C. Switch(config-if)#switch port-security maximum 10
- D. Switch(config-if)#switch mode access