Port Security Flashcards
Which feature describes MAC addresses that are dynamically learned or manually configured, stored in the address table, and added to the running configuration? A. sticky B. dynamic C. static D. secure
A. sticky
On which interface can port security be configured? A. static trunk ports B. destination port for SPAN C. EtherChannel port group D. dynamic access point
A. static trunk ports
After port security is deployed throughout an enterprise campus, the network team has been overwhelmed with port reset requests. They decide to configure the network to automate the process of re-enabling user ports. Which command accomplishes this task?
A. switch(config)# errdisable recovery interval 180
B. switch(config)# errdisable recovery cause psecure-violation
C. switch(config)# switchport port-security protect
D. switch(config)# switchport port-security aging type inactivity
E. switch(config)# errdisable recovery cause security-violation
B. switch(config)# errdisable recovery cause psecure-violation
Which option is a possible cause for an errdisabled interface? A. routing loop B. cable unplugged C. STP loop guard D. security violation
D. security violation
What is the default value for the errdisable recovery interval in a Cisco switch? A. 30 seconds B. 100 seconds C. 300 seconds D. 600 seconds
C. 300 seconds
Which statement about the MAC address sticky entries in the switch when the copy run start command is entered is true?
A. A sticky MAC address is retained when the switch reboots.
B. A sticky MAC address can be a unicast or multicast address.
C. A sticky MAC address is lost when the switch reboots.
D. A sticky MAC address ages out of the MAC address table after 600 seconds.
A. A sticky MAC address is retained when the switch reboots.
By default, what is the state of port security on a switch? A. disabled B. on C. off D. learning
A. disabled
In which two ways can a port respond to a port-security violation? (Choose two)
A. The port enters the err-disabled state.
B. The Security Violation counter is incremented and the port sends an SNMP trap.
C. The Security Violation counter is incremented and the port sends a critical syslog message to the console.
D. The port triggers an EEM script to notify support staff and continues to forward traffic normally.
E. The port immediately begins to drop all traffic.
F. The port enters the shutdown state.
A. The port enters the err-disabled state.
B. The Security Violation counter is incremented and the port sends an SNMP trap.
What are the possible results of port-security? (Choose two) A. error disable (shut down) B. send a trap C. port disabled D. loop inconsistent
A. error disable (shut down)
B. send a trap
A workstation technician moves a PC from one office desk to another. Before the move the PC has network connectivity. After the move as the PC plugged into the new network port, it loses network connectivity and the network switch port becomes err-disabled. Which option can cause the issue? A. wrong VLAN B. wrong switch port mode C. port security D. speed issue
C. port security
After you connected a host to switch port G0/1, the port is error disabled. Which command can you enter to determine the reason? A. show interfaces g0/1 status B. show log C. show run interface g0/1 D. show ip interface brief
B. show log
An enterprise network has port security sticky enabled on all access ports. A network administrator moves a PC from one office desk to another. After the PC is moved, the network administrator clears the port security on the new network switch port connecting to the PC, but the port keeps going back into err-disabled mode. Which two factors are possible causes of this issue? (Choose two)
A. Port security sticky exists on the new network switch port
B. Port security sticky is disabled on the new network switch port
C. Port security must be disabled on all access ports
D. Port security is still enabled on the older network switch port
E. Port security sticky is still enabled on the older network switch port
A. Port security sticky exists on the new network switch port
E. Port security sticky is still enabled on the older network switch port
When port security is configured on a switch, which violation mode is the default? A. logging B. shutdown C. no change D. error-disable
B. shutdown
Which configuration do you apply to an interface so that it uses port security to learn and commit the first MAC address?
A. Configure the switchport switch-port security violation restrict 1 command.
B. Enable the sticky MAC addresses feature.
C. Enable the static secure MAC addresses feature.
D. Configure the switch for port-security aging type inactivity command.
E. Configure the switchport port-security maximum 1 command.
F. Disable the sticky MAC addresses feature
B. Enable the sticky MAC addresses feature.
Just be aware the answer from the file said E was correct - its debated in the thread with more confidence in B - I tend to agree
Which two restrictions of the port security feature are true? (Choose two)
A. Static port MAC address assignments are not supported.
B. It is not supported on PVLAN ports.
C. It is not supported on EtherChannel port-channel interfaces.
D. A single device can learn a maximum of three sticky MAC addresses.
E. It is supported on destination SPAN ports.
A. Static port MAC address assignments are not supported.
C. It is not supported on EtherChannel port-channel interfaces.