Home > CCNA – Security Questions

CCNA – Security Questions

March 23rd, 2015 Go to comments

Question 1

Explanation

We only enable PortFast feature on access ports (ports connected to end stations). But if someone does not know he can accidentally plug that port to another switch and a loop may occur when BPDUs are being transmitted and received on these ports.

With BPDU Guard, when a PortFast receives a BPDU, it will be shut down to prevent a loop -> D is correct.

Question 2

Explanation

We can verify whether port security has been configured by using the “show running-config” or “show port-security interface ” for more detail. An example of the output of “show port-security interface ” command is shown below:

show_port-security_interface.jpg

Question 3

Explanation

The full syntax of the second command is:

switchport port-security mac-address sticky [MAC]

If we don’t specify the MAC address (like in this question) then the switch will dynamically learn the attached MAC Address and place it into your running-configuration -> B is correct.

Question 4

Explanation

Please read the explanation at http://www.9tut.net/icnd2/icnd2-operations

Question 5

Explanation

Port security is only used on access port (which connects to hosts) so we need to set that port to “access” mode, then we need to specify the maximum number of hosts which are allowed to connect to this port -> C is correct.

Note: If we want to allow a fixed MAC address to connect, use the “switchport port-security mac-address ” command.

Question 6

Explanation

As we see in the output, the “Port Security” is in “Disabled” state (line 2 in the output). To enable Port security feature, we must enable it on that interface first with the command:

SwitchA(config-if)#switchport port-security

-> B is correct.

Also from the output, we learn that the switch is allowing 2 devices to connect to it (switchport port-security maximum 2) but the question requires allowing only PC_A to access the network so we need to reduce the maximum number to 1 -> D is correct.

Question 7

Explanation

Follow these guidelines when configuring port security:
+ Port security can only be configured on static access ports, trunk ports, or 802.1Q tunnel ports. -> A is not correct.
+ A secure port cannot be a dynamic access port.
+ A secure port cannot be a destination port for Switched Port Analyzer (SPAN).
+ A secure port cannot belong to a Fast EtherChannel or Gigabit EtherChannel port group. -> D is not correct
+ You cannot configure static secure or sticky secure MAC addresses on a voice VLAN. -> B is not correct.
+ When you enable port security on an interface that is also configured with a voice VLAN, you must set the maximum allowed secure addresses on the port to at least two.
+ If any type of port security is enabled on the access VLAN, dynamic port security is automatically enabled on the voice VLAN.
+ When a voice VLAN is configured on a secure port that is also configured as a sticky secure port, all addresses seen on the voice VLAN are learned as dynamic secure addresses, and all addresses seen on the access VLAN (to which the port belongs) are learned as sticky secure addresses.
+ The switch does not support port security aging of sticky secure MAC addresses.
+ The protect and restrict options cannot be simultaneously enabled on an interface.

(Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3550/software/release/12-1_19_ea1/configuration/guide/3550scg/swtrafc.html#wp1038546)

Note: Dynamic access port or Dynamic port VLAN membership must be connected to an end station. This type of port can be configured with the “switchport access vlan dynamic” command in the interface configuration mode. Please read more about Dynamic access port here: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3550/software/release/12-1_19_ea1/configuration/guide/3550scg/swvlan.html#wp1103064

Question 8

Explanation

One of the most widely deployed network security technologies today is IPsec over VPNs. It provides high levels of security through encryption and authentication, protecting data from unauthorized access.

Comments (26) Comments
Comment pages
1 14 15 16 1768
  1. East Coast
    November 10th, 2018

    Can someone please tell me where i can find the latest and most accurate questions and answers? I am finding dicrepancies with several answers in VCE and PDF files. I am taking the test on 11/2. I can be reached at ecoastnj17 at gmail

  2. mohammed elrefaei
    November 11th, 2018

    Hi, can someone send me the newest CCNA Sec dumps? mtawfeeq990 at gmail

  3. Ignitius
    November 13th, 2018

    hi ,

    Please send me CCNA Sec DUMPS on {email not allowed}

    re

  4. Jay
    November 19th, 2018

    Please send me CCNA Sec Dumps …….. kizemejay_@_gmail_com

  5. Ntbkp
    November 19th, 2018

    Hi all, please send me CCNA Security 210-260 dumps to ntbkp dot 27 at gmail dot com

  6. JackFromStateFarm
    November 21st, 2018

    Hello All, Could someone send me the CCNA Security 210-260 dumps to [ one of a kind 8219 @ gmail .com ] ?

  7. Samir
    November 21st, 2018

    Hello, can someone please send the 210-260 Q&A to samir210260 at yopmail dot com ? thanks

  8. emmily
    November 23rd, 2018

    @sonrhai you can get the updated 210-260 exam questions from braindumpscerts i have recently cleared my 210-260 exam.

  9. energy
    December 3rd, 2018

    Please can someone send me CCNA sec Dumps to {email not allowed}.

    Thanks

  10. RoDzz
    December 6th, 2018

    Hey! Can someone send me recent dumps for CCNA Sec?

    racbrandao (at) gmail (dot) com

    racbrandao @ gmail . com

    THANK YOU SO MUCH!!!!

  11. BowHunt64
    December 18th, 2018

    How do you get to the 9tut CCNA Security pre,mium site and to add a subscription to it.

  12. Anonymous
    December 26th, 2018

    Hi, anyone have ccnp security exam paper dumps

  13. Mario
    December 28th, 2018

    CCNA Security Dumps ” Anubis ” are still Valid.
    I got 98x/1000.
    Got LAb, simulation, most of them were Multiple choice and other questions too.
    Overall testing experience was so easy. One will have to read all dumps.

    Thank you all and thank you Anubis.
    Re posting.. With the hope I can contribute back to this community- A small leaf of a tree if not flower.

    https:*//*www.*dropbox.com*/sh/4m0vlqryzrbn2td/AACFp1_C4Pj5ADVHFqvMIG25a?dl=0&preview=1-Anubis_210-260_v06.pdf

    Remove ==> *

    Again thanks to you all my brothers and sisters.

    I would leave with one advice to the community-

    ” If you find FREE on a FREE website, is a good.. Take it. (look for comments if you want)
    If one is asking Money on a FREE site, it’s a TRAP ! STOP there !
    If you find some one is asking money on a Money site is a good one.
    If you find Money on a FREE site, is a TRAP ! STOP there !”

    Thanks :)

  14. piotto777
    December 31st, 2018

    Hello All, Could someone please send me the CCNA Security 210-260 dumps to piotto777 at. gmail

  15. Adnan Hanif
    January 3rd, 2019

    i need it for my self :-)

  16. Anonymous
    January 3rd, 2019

    can i trust that side as no rating is there for any item /seller

  17. Hasan Imam
    January 9th, 2019

    Hi to all..

    Can any one please let me know which Labs are common in CCNA Security Exam..

    Which Labs to prepare

  18. Ngoc
    January 14th, 2019

    Could anyone send CCNA Sec 210-260 dump to me :
    ngoctelecomx@gmail. com
    Thank
    VDN

  19. Diannecl
    January 14th, 2019

    Can someone please send me the CCNA Security Dumps to {email not allowed}. I have my test in two weeks.

  20. Diannecl
    January 14th, 2019

    Could anyone please send me the CCNA Sec 210-260 dump to me :
    diannecl at gmail. com. I would REALLY, REALLY Appreciate it

    Thank you!

  21. Bobby fisther
    January 14th, 2019

    Could someone please send me the CCNA Sec 210-260 dump to me :
    stllking at gmail. com
    thanks in advance

  22. PurpleBlood
    January 18th, 2019

    Does Anyone needs latest security dumps?

    m a i l m e:- s h a h . r i n a m at y m a i l . c o m

  23. Anonymous
    January 18th, 2019

    Could someone please send me the updated CCNA Sec 210-260 to: {email not allowed}
    Thanks.

  24. Anonymous
    January 18th, 2019

    uld someone please send me the updated CCNA Sec 210-260
    to: asababasaku328 at gmail
    Thanks

    Comment pages

  25. David Ruffin
    January 18th, 2019

    Could someone please send me the CCNA Sec 210-260 dump to me :
    stllking at gmail. com
    thanks in advance

  26. BISWAJIT
    January 18th, 2019

    Hi is there anyone who can send me ccna security dumps
    {email not allowed}

Comment pages
1 14 15 16 1768
Add a Comment