Port Security

Question 1

Which feature describes MAC addresses that are dynamically learned or manually configured, stored in the address table, and added to the running configuration?
A. sticky
B. dynamic
C. static
D. secure

Answer 1

A. sticky

Question 2

On which interface can port security be configured?
A. static trunk ports
B. destination port for SPAN
C. EtherChannel port group
D. dynamic access point

Answer 2

A. static trunk ports

Question 3

After port security is deployed throughout an enterprise campus, the network team has been overwhelmed with port reset requests. They decide to configure the network to automate the process of re-enabling user ports. Which command accomplishes this task?
A. switch(config)# errdisable recovery interval 180
B. switch(config)# errdisable recovery cause psecure-violation
C. switch(config)# switchport port-security protect
D. switch(config)# switchport port-security aging type inactivity
E. switch(config)# errdisable recovery cause security-violation

Answer 3

B. switch(config)# errdisable recovery cause psecure-violation

Question 4

Which option is a possible cause for an errdisabled interface?
A. routing loop
B. cable unplugged
C. STP loop guard
D. security violation

Answer 4

D. security violation

Question 5

What is the default value for the errdisable recovery interval in a Cisco switch?
A. 30 seconds
B. 100 seconds
C. 300 seconds
D. 600 seconds

Answer 5

C. 300 seconds

Question 6

Which statement about the MAC address sticky entries in the switch when the copy run start command is entered is true?
A. A sticky MAC address is retained when the switch reboots.
B. A sticky MAC address can be a unicast or multicast address.
C. A sticky MAC address is lost when the switch reboots.
D. A sticky MAC address ages out of the MAC address table after 600 seconds.

Answer 6

A. A sticky MAC address is retained when the switch reboots.

Question 7

By default, what is the state of port security on a switch?
A. disabled
B. on
C. off
D. learning

Answer 7

A. disabled

Question 8

In which two ways can a port respond to a port-security violation? (Choose two)
A. The port enters the err-disabled state.
B. The Security Violation counter is incremented and the port sends an SNMP trap.
C. The Security Violation counter is incremented and the port sends a critical syslog message to the console.
D. The port triggers an EEM script to notify support staff and continues to forward traffic normally.
E. The port immediately begins to drop all traffic.
F. The port enters the shutdown state.

Answer 8

A. The port enters the err-disabled state.

B. The Security Violation counter is incremented and the port sends an SNMP trap.

Question 9

What are the possible results of port-security? (Choose two)
A. error disable (shut down)
B. send a trap
C. port disabled
D. loop inconsistent

Answer 9

A. error disable (shut down)

B. send a trap

Question 10

A workstation technician moves a PC from one office desk to another. Before the move the PC has network connectivity. After the move as the PC plugged into the new network port, it loses network connectivity and the network switch port becomes err-disabled. Which option
can cause the issue?
A. wrong VLAN
B. wrong switch port mode
C. port security
D. speed issue

Answer 10

C. port security

Question 11

After you connected a host to switch port G0/1, the port is error disabled. Which command can you enter to determine the reason?
A. show interfaces g0/1 status
B. show log
C. show run interface g0/1
D. show ip interface brief

Answer 11

B. show log

Question 12

An enterprise network has port security sticky enabled on all access ports. A network administrator moves a PC from one office desk to another. After the PC is moved, the network administrator clears the port security on the new network switch port connecting to the PC, but the port keeps going back into err-disabled mode. Which two factors are possible causes of this issue? (Choose two)
A. Port security sticky exists on the new network switch port
B. Port security sticky is disabled on the new network switch port
C. Port security must be disabled on all access ports
D. Port security is still enabled on the older network switch port
E. Port security sticky is still enabled on the older network switch port

Answer 12

A. Port security sticky exists on the new network switch port
E. Port security sticky is still enabled on the older network switch port

Question 13

When port security is configured on a switch, which violation mode is the default?
A. logging
B. shutdown
C. no change
D. error-disable

Answer 13

B. shutdown

Question 14

Which configuration do you apply to an interface so that it uses port security to learn and commit the first MAC address?
A. Configure the switchport switch-port security violation restrict 1 command.
B. Enable the sticky MAC addresses feature.
C. Enable the static secure MAC addresses feature.
D. Configure the switch for port-security aging type inactivity command.
E. Configure the switchport port-security maximum 1 command.
F. Disable the sticky MAC addresses feature

Answer 14

B. Enable the sticky MAC addresses feature.

Just be aware the answer from the file said E was correct - its debated in the thread with more confidence in B - I tend to agree

Question 15

Which two restrictions of the port security feature are true? (Choose two)
A. Static port MAC address assignments are not supported.
B. It is not supported on PVLAN ports.
C. It is not supported on EtherChannel port-channel interfaces.
D. A single device can learn a maximum of three sticky MAC addresses.
E. It is supported on destination SPAN ports.

Answer 15

A. Static port MAC address assignments are not supported.

C. It is not supported on EtherChannel port-channel interfaces.

Question 16

A question related to security violation mode which drop unknown packets and then sends
trap?
A. inhibit
B. drop
C. restrict
D. shutdown
E. protect

Answer 16

C. restrict

Question 17

Which two circumstances can cause a port to errdisable? (Choose two)
A. It is connected to a host with an NIC that is unable to recognize
B. The switch incurred a port security violation
C. It detected a collision
D. It learned a new MAC address
E. It detected a peer with a matching duplex

Answer 17

B. The switch incurred a port security violation

D. It learned a new MAC address

Question 18

Which state by default for port security is set in a switch?
A. enable
B. disable
C. on
D. off

Answer 18

B. disable

Question 19

What happens to the sticky address after copy run start and reboot?
A. Sticky address are still in configuration.
B. Sticky address are not in configuration.
C. Sticky address can be unicast or multicast address.

Answer 19

A. Sticky address are still in configuration.

Question 20

Which two statements are true about port security? (Choose two)
A. It is used on EtherChannel bundle.
B. It must be used on the switch interface.
C. It can be configured for SPAN.
D. It is configured on an access port.

Answer 20

B. It must be used on the switch interface.

D. It is configured on an access port.

Question 21

Which two actions are possible when you are configuring port-security? (Choose two)
A. Port will be error disabled
B. Port will be shutdown
C. Port will drop traffic
D. Port will send logs

Answer 21

A. Port will be error disabled

C. Port will drop traffic

Question 22

Which command enables you to determine whether any interface on a device was shutdown as a result of a port security violation?
A. show port-security
B. show errdisable detect
C. show interface status err-disable
D. show port-security address

Answer 22

C. show interface status err-disabled