Appendix  ■   Answers to Practice Test Questions  107

Appendix 

  Answers to Practice Test Questions

enabled. All of the other options are incorrect.

allows the configured number of source MAC addresses to be switched into the port and 

onto the switch processor. All of the other options are incorrect.

 109.  C.  Configuring port security helps a network administrator prevent unauthorized access 

by MAC address. VLANs can be allowed or disallowed only on a trunk link and not on 

an access link. ACLs can be used to allow or disallow IP addresses. Port security cannot 

be used to prevent unauthorized access by users.

environment. It does not require any more memory since the results are pulled from the 

MAC address table. Port security can work in mobile environments, but depending on the 

configuration, it may become an administrative burden. Port security does not require a 

higher amount of memory. Port security can be configured so that admin intervention to 

reset an err-disabled port is not required.

need to allow the port to have two MAC addresses, one for the phone to communicate 

and the other for the computer to communicate on the port. All of the other options are 

incorrect.

disabled shutdown. Administratively shut down ports can only be configured by an 

administrator. You can configure port security to restrict access to a MAC address with 

and without logging.

Trunking Protocol (DTP) mode. You must configure the port as an access port first, then 

turn off DTP with the command 

switchport nonnegotiate. You can then configure 

switch port security. The commands 

no switchport dynamic and switchport port-

security are incorrect. The commands switchport mode access and switchport 

port-security are incorrect. The commands switchport mode access, no dynamic, 

and 

switchport port-security are incorrect.

switchport port-security maximum 2 will configure the port with 

a maximum of two MAC addresses that shall pass through the port. The command 

switchport maximum 2 is incorrect. The command port-security maximum 2 is 

incorrect. The command 

switchport port-security limit 2 is incorrect.

switchport port-security violation restrict will set 

the violation mode to restrict. This will drop frames over the maximum number of 

learned MAC addresses and will log security violations to the counters. The command 

switchport port-security violation shutdown is incorrect; this is the default mode 

in which it will enter an err-disabled state upon a violation. The command 

switchport 

port-security restrict is incorrect as it is missing the violation argument. The 

command 

switchport port-security violation protect is incorrect because it will 

not increment the security-violation count while it is dropping frames.

Chapter 5: Security Fundamentals (Domain 5) 

Download 8,04 Mb.

Do'stlaringiz bilan baham: