which two security statement are true?

Refer to the exhibit. The show port-security interface fa0/1 command was issued on switch
SW1. Given the output that was generated, which two security statement are true? (Choose
two.)

Refer to the exhibit. The show port-security interface fa0/1 command was issued on switch
SW1. Given the output that was generated, which two security statement are true? (Choose
two.)

A.
Interface FastEthernet 0/1 was configured with the switchport port-security aging
command.

B.
Interface FastEthernet 0/1 was configured with the switchport port-security protect
command.

C.
Interface FastEthernet 0/1 was configured with the switchport port-security violation
restrict command.

D.
When the number of secure IP addresses reaches 10, the interface will immediately shut
down.

E.
When the number of secure MAC addresses reaches 10, the interface will immediately
shut down and an SNMP trap notification will be sent.

Explanation:
Port security is a feature supported on Cisco Catalyst switches that restricts a switch port to
a specific set or number of MAC addresses. Those addresses can be learned dynamically or
configured statically. The port will then provide access to frames from only those addresses.
If, however, the number of addresses is limited to four but no specific MAC addresses are
configured, the port will allow any four MAC addresses to be learned dynamically, and port
access will be limited to those four dynamically learned addresses.
Port Security Implementation:

When Switch port security rules violate different action can be applied:
1. Protect: Frames from the nonallowed address are dropped, but there is no log of the
violation.
2. Restrict: Frames from the nonallowed address are dropped, a log message is created,
and a Simple Network Management Protocol (SNMP) trap is sent.
3. Shutdown: If any frames are seen from a nonallowed address, the interface is errdisabled,
a log entry is made, an SNMP trap is sent, and manual intervention or errdisable recovery
must be used to make the interface usable.
The port will not be shutdown, because it is in protect mode — not shutdown.



Leave a Reply 2

Your email address will not be published. Required fields are marked *


Shinryu

Shinryu

According to the given explanation the answer should be B and D

yo

yo

10 should be allowed…