Home > CCNA – Security Questions

CCNA – Security Questions

March 23rd, 2015 Go to comments

Question 1

Explanation

We only enable PortFast feature on access ports (ports connected to end stations). But if someone does not know he can accidentally plug that port to another switch and a loop may occur when BPDUs are being transmitted and received on these ports.

With BPDU Guard, when a PortFast receives a BPDU, it will be shut down to prevent a loop -> D is correct.

Question 2

Explanation

We can verify whether port security has been configured by using the “show running-config” or “show port-security interface ” for more detail. An example of the output of “show port-security interface ” command is shown below:

show_port-security_interface.jpg

Question 3

Explanation

The full syntax of the second command is:

switchport port-security mac-address sticky [MAC]

If we don’t specify the MAC address (like in this question) then the switch will dynamically learn the attached MAC Address and place it into your running-configuration -> B is correct.

Question 4

Explanation

Please read the explanation at http://www.9tut.net/icnd2/icnd2-operations

Question 5

Explanation

Port security is only used on access port (which connects to hosts) so we need to set that port to “access” mode, then we need to specify the maximum number of hosts which are allowed to connect to this port -> C is correct.

Note: If we want to allow a fixed MAC address to connect, use the “switchport port-security mac-address ” command.

Question 6

Explanation

As we see in the output, the “Port Security” is in “Disabled” state (line 2 in the output). To enable Port security feature, we must enable it on that interface first with the command:

SwitchA(config-if)#switchport port-security

-> B is correct.

Also from the output, we learn that the switch is allowing 2 devices to connect to it (switchport port-security maximum 2) but the question requires allowing only PC_A to access the network so we need to reduce the maximum number to 1 -> D is correct.

Question 7

Explanation

Follow these guidelines when configuring port security:
+ Port security can only be configured on static access ports, trunk ports, or 802.1Q tunnel ports. -> A is not correct.
+ A secure port cannot be a dynamic access port.
+ A secure port cannot be a destination port for Switched Port Analyzer (SPAN).
+ A secure port cannot belong to a Fast EtherChannel or Gigabit EtherChannel port group. -> D is not correct
+ You cannot configure static secure or sticky secure MAC addresses on a voice VLAN. -> B is not correct.
+ When you enable port security on an interface that is also configured with a voice VLAN, you must set the maximum allowed secure addresses on the port to at least two.
+ If any type of port security is enabled on the access VLAN, dynamic port security is automatically enabled on the voice VLAN.
+ When a voice VLAN is configured on a secure port that is also configured as a sticky secure port, all addresses seen on the voice VLAN are learned as dynamic secure addresses, and all addresses seen on the access VLAN (to which the port belongs) are learned as sticky secure addresses.
+ The switch does not support port security aging of sticky secure MAC addresses.
+ The protect and restrict options cannot be simultaneously enabled on an interface.

(Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3550/software/release/12-1_19_ea1/configuration/guide/3550scg/swtrafc.html#wp1038546)

Note: Dynamic access port or Dynamic port VLAN membership must be connected to an end station. This type of port can be configured with the “switchport access vlan dynamic” command in the interface configuration mode. Please read more about Dynamic access port here: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3550/software/release/12-1_19_ea1/configuration/guide/3550scg/swvlan.html#wp1103064

Question 8

Explanation

One of the most widely deployed network security technologies today is IPsec over VPNs. It provides high levels of security through encryption and authentication, protecting data from unauthorized access.

Comments (21) Comments
Comment pages
1 12 13 14 1768
  1. Devanshu
    January 11th, 2018

    Hie there is anyone giving exam for CCSA Checkpoint please do contact me also we can help eachother out…

  2. Devanshu
    January 11th, 2018

    My mail is is devanshusolanki75 at gmail dot com

  3. BigRon
    January 13th, 2018

    First of all, this site has enabled me to become CCNA certified. I am A+, Network + and CCNA certified. I am scared because I have yet to fail a certification exam due to always over studying and making sure I understand in theory what I am doing. I am 53 years old, worked 23 years for the federal courts (small retirement coming soon), lost 3 houses, family, 100 grand in 401K savings, and the only hope I had left in my life was to rebuild or be standing on the corner with a sign. After I lost my job, my wife wanted a divorce, someone who I help get off welfare and start her own career. Today, my new wife and I make approx 170 grand a yr combined income and I do not have a degree (only certs), twice as much as me and my previous wife made. My question today is I have ordered the CCNA Security book, I have packet tracker and want to know any angles I need, including sims to pass this test. I want to always stay relevant.

  4. BigBilly
    January 13th, 2018

    First of all, this site has enabled me to become CCNA certified. I am A+, Network + and CCNA certified. I am scared because I have yet to fail a certification exam due to always over studying and making sure I understand in theory what I am doing. I am 53 years old, worked 23 years for the federal courts (small retirement coming soon), lost 3 houses, family, 100 grand in 401K savings, and the only hope I had left in my life was to rebuild or be standing on the corner with a sign. After I lost my job, my wife wanted a divorce, someone who I help get off welfare and start her own career. Today, my new wife and I make approx 170 grand a yr combined income and I do not have a degree (only certs), twice as much as me and my previous wife made. My question today is I have ordered the CCNA Security book, I have packet tracker and want to know any angles I need, including sims to pass this test. I want to always stay relevant.

  5. AtlantaBorn
    January 13th, 2018

    First of all, this site has enabled me to become CCNA certified. I am A+, Network + and CCNA certified. I am scared because I have yet to fail a certification exam due to always over studying and making sure I understand in theory what I am doing. I am 53 years old, worked 23 years for the federal courts (small retirement coming soon), lost 3 houses, family, 100 grand in 401K savings, and the only hope I had left in my life was to rebuild or be standing on the corner with a sign. After I lost my job, my wife wanted a divorce, someone who I help get off welfare and start her own career. Today, my new wife and I make approx 170 grand a yr combined income and I do not have a degree (only certs), twice as much as me and my previous wife made. My question today is I have ordered the CCNA Security book, I have packet tracker and want to know any angles I need, including sims to pass this test. I want to always stay relevant.

  6. Anonymous
    January 14th, 2018

    Hi Guys,
    I have got the latest CCNA Security 210-260 VCE Dump Files. Can you share the tool to view the VCE File and convert it into PDF.

  7. AtlantaBorn
    January 16th, 2018

    Hi AtlantaBorn,
    Take this advice from me, don’t use Packet Tracer for exam preparing. its limited and confuse. try to build a lap with the following:
    1- Use a good PC or Laptop with more than 8Gb ram, better is start with 16Gb.
    2- Install GNS3 and VMware with all appliances you need. such as ASAv and VMhost and Web_Java.
    3- build your 1st topology and start with (outside/inside/DMZ) network and go done to routers and switches and VM’s.
    4. practicing this you will have more and more experience and confident.

    vmware must be prepared with GNS3 vm, windows 7 and in short time you will need windows server vm and win10.

    GNS3 will give you all what you need to practise and be ready for real world.
    for ASAv cisco firewall check this out
    https://gns3.com/discussions/gns3-cisco-asa-and-asdm-config-4
    http://www.bernhard-ehlers.de/blog/2017/10/23/gns3-configure-asa-asdm.html

    Firewall is most important for CCNA security, so practice on it thru CLI and GUI.
    note: GNS3 some time take long time to prepared it but when you get it done you will be amaze.

  8. Anonymous
    January 19th, 2018

    Anyone with the latest CCNA Security 210-260 VCE Dump Files or PDF. Please share them with me on tonykarera @ gmail . com

  9. Akhi
    January 27th, 2018

    Hello All,

    Please help me to download the latest dump for CCNA security. If anyone of you has the latest dump please email me at {email not allowed})

  10. Akhi
    January 27th, 2018

    Please help me to download the latest dump for CCNA security. If anyone of you has the latest dump please email me at mcaakhi @ gm ail . co m

  11. Osilama
    February 2nd, 2018

    Good Moerning. Can I please have the latest CCNA Security Dumps sent to me. My email is aliuosilama @ gmail . com (remove the spaces). Thanks

  12. Anonymous
    February 5th, 2018

    can someone send me the newest dump randogs170 (@) yahoo . com

  13. CCNA Seeker
    February 7th, 2018

    Hello Guys, anyone have the CCNA security 210-260 IINS VCE Dump Files or PDF please chare. My eail is chrskantai at gmail dot com.

  14. Ahne
    February 7th, 2018

    Hi can anyone share please share latest security

    unga.bunga3196 (at) yahoo(dot)com

  15. Ombiaz
    February 12th, 2018

    Does anyone have the latest 210-260 dumps they could send me, please? {email not allowed}

  16. Ombiaz
    February 12th, 2018

    Does anyone have the latest 210-260 dumps they could send me please? Ombiaz2001 (@) yahoo.com

  17. Zacksnyder
    February 14th, 2018

    These guys have helped me pass the Cisco 300-206 Dumps PDF Implementing Cisco Edge Network Security Solutions exam in the first attempt. It was very hard for me to manage preparations along with my job and my new baby, which is why I was not at all fully prepared for the exam. Thanks to God Almighty that I passed the exam with an amazing 85% score on my first attempt. Once again, thank you very much guys, it couldn’t have been possible without your help.

  18. Gabriel
    February 19th, 2018

    Hi there!!!
    Thanks is advance.
    Can anyone please email me the latest PDF dumps?
    Thanks a lot

    gabrielkratosmiami (at) gmail (dot) com

  19. Anonymous
    February 19th, 2018

    Anyone with the latest CCNA Security 210-260 VCE Dump Files or PDF. Please share them with me on gabrielkratosmiami (at) gmail (dot) com

  20. Herry Potter
    February 20th, 2018

    Do you intend to take Cisco 300-206 Braindumps exam? Realbraindumps would be your best option to ensure you get Implementing Cisco Edge Network Security Solutions Certification easily. We have Best 300-206 Dumps Questions Answers to assist you in passing your exam successfully in first attempt. We also offer Free trial and Demo for our 300-206 Real Braindumps. They are all guaranteed by Famous Expert Professionals.

  21. Vlad
    February 21st, 2018

    Hi,
    Can enyone send me a book for CNA Security Study Guide: Exam 210-260 in PDF on mail pavlovic_vlado81@ y a h o o. com

    Thanks

Comment pages
1 12 13 14 1768
Add a Comment