[&] What is the default behavior of a Port-Security violation? (Select the best answer) - A port goes into the errdisable state and any new devices that attempt to connect to that port are unable to do so - The switch catches on fire and sends shrapnel into your face - A port goes into the errdisable state and any devices connected to that port lose network connectivity -- Correct - A port goes into the Admin Down state and any devices connected to that port lose network connectivity [&] Which of the following commands will prevent the Port-Security feature from disabling a secure port that has been up for more than 60-minutes? (Select the best answer) - No special configuration is necessary as Port-Security does not monitor the uptime of an interface. -- Correct - Switch(config-if)#switchport port-security uptime unlimited - Switch(config-if)#switchport port-security uptime null - Switch(config-if)#switchport port-security uptime ignore [&] If not manually defined, on a switchport configured with the Port-Security feature, the default violation mode is called \_\_\_\_\_\_\_\_ which means \_\_\_\_\_\_\_\_\_\_ **(select the best answer)**. - Shutdown, place the port that experienced the violation into the err-disabled state. -- Correct - Shutdown, administratively disable the port that experienced the violation. - Protect, silently discard any frame that causes a violation. - Protect, silently discard any frame that causes a violation and increment the "Security Violation" counter. - Restrict, silently discard any frame that causes a violation and increment the "Security Violation" counter. - Restrict, silently discard any frame that causes a violation. [&] With regards to the Port-Security feature that can be configured on a switchport, which of the following are true **(select two answers)**? - The violation mode of "Restrict" simply silently discards any frame that causes a violation but does not increment the "Security Violation" counter. - The violation mode of "Protect" silently discards any frame that causes a violation and increments the "Security Violation" counter. - The violation mode of "Restrict" silently discards any frame that causes a violation and increments the "Security Violation" counter. -- Correct - The violation mode of "Protect" simply silently discards any frame that causes a violation but does not increment the "Security Violation" counter. -- Correct [&] Your desire is that when a violation occurs on a port secured by Port-Security, that the offending frame be dropped, authorized frames should remain unaffected by the violation, and violation counters should increase, keeping a record of the violation. Which of the following commands will accomplish this? (Select the best answer) - Switch(config-if)#switchport port-security violation protect - Switch(config-if)#switchport port-security violation restrict -- Correct - Switch(config-if)#switchport port-security violation shutdown - Switch(config-if)#switchport port-security violation notify [&] A network administrator notices that a switchport has been configured with the command, `switchport port-security`. There are no other Port-Security-related configuration commands on that port. Based on this observation, which of the following statements are true? (**Select the best answer**) - The interface will be allowed to dynamically learn only a single MAC address. -- Correct - The Port-Security feature has only been partially configured. It requires further configuration to become active and affect MAC-address learning on this port. - The interface will be allowed to dynamically learn an unlimited quantity of MAC addresses. - The interface will not be allowed to dynamically learn any MAC addresses. [&] Which of the following commands will allow the Port-Security feature to learn two MAC addresses on a secure port? (Select the best answer) - No special configuration is necessary as Port-Security does not limit MAC learning - Switch(config)#switchport port-security maximum 2 - Switch(config-if)#port-security macs 2 - Switch(config-if)#switchport port-security maximum 2 -- Correct [&] Which of the following is true about the Cisco Port-Security feature, if it is enabled with only a single command? (Select the best answer) - If an interface remains up for more than 60-minutes, a violation will occur - If more than two MAC addresses are learned on an interface, a violation will occur. - If an interface flaps more than twice in 60-seconds, a violation will occur - If more than one MAC address is learned on an interface, a violation will occur. -- Correct