Port Security Flashcards

1
Q
Which feature describes MAC addresses that are dynamically learned or manually configured, stored in the address table, and added to the running configuration?
A. sticky
B. dynamic
C. static
D. secure
A

A. sticky

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
On which interface can port security be configured?
A. static trunk ports
B. destination port for SPAN
C. EtherChannel port group
D. dynamic access point
A

A. static trunk ports

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

After port security is deployed throughout an enterprise campus, the network team has been overwhelmed with port reset requests. They decide to configure the network to automate the process of re-enabling user ports. Which command accomplishes this task?
A. switch(config)# errdisable recovery interval 180
B. switch(config)# errdisable recovery cause psecure-violation
C. switch(config)# switchport port-security protect
D. switch(config)# switchport port-security aging type inactivity
E. switch(config)# errdisable recovery cause security-violation

A

B. switch(config)# errdisable recovery cause psecure-violation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
Which option is a possible cause for an errdisabled interface?
A. routing loop
B. cable unplugged
C. STP loop guard
D. security violation
A

D. security violation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
What is the default value for the errdisable recovery interval in a Cisco switch?
A. 30 seconds
B. 100 seconds
C. 300 seconds
D. 600 seconds
A

C. 300 seconds

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which statement about the MAC address sticky entries in the switch when the copy run start command is entered is true?
A. A sticky MAC address is retained when the switch reboots.
B. A sticky MAC address can be a unicast or multicast address.
C. A sticky MAC address is lost when the switch reboots.
D. A sticky MAC address ages out of the MAC address table after 600 seconds.

A

A. A sticky MAC address is retained when the switch reboots.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
By default, what is the state of port security on a switch?
A. disabled
B. on
C. off
D. learning
A

A. disabled

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

In which two ways can a port respond to a port-security violation? (Choose two)
A. The port enters the err-disabled state.
B. The Security Violation counter is incremented and the port sends an SNMP trap.
C. The Security Violation counter is incremented and the port sends a critical syslog message to the console.
D. The port triggers an EEM script to notify support staff and continues to forward traffic normally.
E. The port immediately begins to drop all traffic.
F. The port enters the shutdown state.

A

A. The port enters the err-disabled state.

B. The Security Violation counter is incremented and the port sends an SNMP trap.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
What are the possible results of port-security? (Choose two)
A. error disable (shut down)
B. send a trap
C. port disabled
D. loop inconsistent
A

A. error disable (shut down)

B. send a trap

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
A workstation technician moves a PC from one office desk to another. Before the move the PC has network connectivity. After the move as the PC plugged into the new network port, it loses network connectivity and the network switch port becomes err-disabled. Which option
can cause the issue?
A. wrong VLAN
B. wrong switch port mode
C. port security
D. speed issue
A

C. port security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
After you connected a host to switch port G0/1, the port is error disabled. Which command can you enter to determine the reason?
A. show interfaces g0/1 status
B. show log
C. show run interface g0/1
D. show ip interface brief
A

B. show log

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

An enterprise network has port security sticky enabled on all access ports. A network administrator moves a PC from one office desk to another. After the PC is moved, the network administrator clears the port security on the new network switch port connecting to the PC, but the port keeps going back into err-disabled mode. Which two factors are possible causes of this issue? (Choose two)
A. Port security sticky exists on the new network switch port
B. Port security sticky is disabled on the new network switch port
C. Port security must be disabled on all access ports
D. Port security is still enabled on the older network switch port
E. Port security sticky is still enabled on the older network switch port

A

A. Port security sticky exists on the new network switch port
E. Port security sticky is still enabled on the older network switch port

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
When port security is configured on a switch, which violation mode is the default?
A. logging
B. shutdown
C. no change
D. error-disable
A

B. shutdown

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which configuration do you apply to an interface so that it uses port security to learn and commit the first MAC address?
A. Configure the switchport switch-port security violation restrict 1 command.
B. Enable the sticky MAC addresses feature.
C. Enable the static secure MAC addresses feature.
D. Configure the switch for port-security aging type inactivity command.
E. Configure the switchport port-security maximum 1 command.
F. Disable the sticky MAC addresses feature

A

B. Enable the sticky MAC addresses feature.

Just be aware the answer from the file said E was correct - its debated in the thread with more confidence in B - I tend to agree

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which two restrictions of the port security feature are true? (Choose two)
A. Static port MAC address assignments are not supported.
B. It is not supported on PVLAN ports.
C. It is not supported on EtherChannel port-channel interfaces.
D. A single device can learn a maximum of three sticky MAC addresses.
E. It is supported on destination SPAN ports.

A

A. Static port MAC address assignments are not supported.

C. It is not supported on EtherChannel port-channel interfaces.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
A question related to security violation mode which drop unknown packets and then sends
trap?
A. inhibit
B. drop
C. restrict
D. shutdown
E. protect
A

C. restrict

17
Q

Which two circumstances can cause a port to errdisable? (Choose two)
A. It is connected to a host with an NIC that is unable to recognize
B. The switch incurred a port security violation
C. It detected a collision
D. It learned a new MAC address
E. It detected a peer with a matching duplex

A

B. The switch incurred a port security violation

D. It learned a new MAC address

18
Q
Which state by default for port security is set in a switch?
A. enable
B. disable
C. on
D. off
A

B. disable

19
Q

What happens to the sticky address after copy run start and reboot?
A. Sticky address are still in configuration.
B. Sticky address are not in configuration.
C. Sticky address can be unicast or multicast address.

A

A. Sticky address are still in configuration.

20
Q

Which two statements are true about port security? (Choose two)
A. It is used on EtherChannel bundle.
B. It must be used on the switch interface.
C. It can be configured for SPAN.
D. It is configured on an access port.

A

B. It must be used on the switch interface.

D. It is configured on an access port.

21
Q
Which two actions are possible when you are configuring port-security? (Choose two)
A. Port will be error disabled
B. Port will be shutdown
C. Port will drop traffic
D. Port will send logs
A

A. Port will be error disabled

C. Port will drop traffic

22
Q
Which command enables you to determine whether any interface on a device was shutdown as a result of a port security violation?
A. show port-security
B. show errdisable detect
C. show interface status err-disable
D. show port-security address
A

C. show interface status err-disabled