Home > CCNA – Security Questions

CCNA – Security Questions

March 23rd, 2015 Go to comments

Question 1


We only enable PortFast feature on access ports (ports connected to end stations). But if someone does not know he can accidentally plug that port to another switch and a loop may occur when BPDUs are being transmitted and received on these ports.

With BPDU Guard, when a PortFast receives a BPDU, it will be shut down to prevent a loop -> D is correct.

Question 2


We can verify whether port security has been configured by using the “show running-config” or “show port-security interface ” for more detail. An example of the output of “show port-security interface ” command is shown below:


Question 3


The full syntax of the second command is:

switchport port-security mac-address sticky [MAC]

If we don’t specify the MAC address (like in this question) then the switch will dynamically learn the attached MAC Address and place it into your running-configuration -> B is correct.

Question 4


Please read the explanation at http://www.9tut.net/icnd2/icnd2-operations

Question 5


Port security is only used on access port (which connects to hosts) so we need to set that port to “access” mode, then we need to specify the maximum number of hosts which are allowed to connect to this port -> C is correct.

Note: If we want to allow a fixed MAC address to connect, use the “switchport port-security mac-address ” command.

Question 6


As we see in the output, the “Port Security” is in “Disabled” state (line 2 in the output). To enable Port security feature, we must enable it on that interface first with the command:

SwitchA(config-if)#switchport port-security

-> B is correct.

Also from the output, we learn that the switch is allowing 2 devices to connect to it (switchport port-security maximum 2) but the question requires allowing only PC_A to access the network so we need to reduce the maximum number to 1 -> D is correct.

Question 7


Follow these guidelines when configuring port security:
+ Port security can only be configured on static access ports, trunk ports, or 802.1Q tunnel ports. -> A is not correct.
+ A secure port cannot be a dynamic access port.
+ A secure port cannot be a destination port for Switched Port Analyzer (SPAN).
+ A secure port cannot belong to a Fast EtherChannel or Gigabit EtherChannel port group. -> D is not correct
+ You cannot configure static secure or sticky secure MAC addresses on a voice VLAN. -> B is not correct.
+ When you enable port security on an interface that is also configured with a voice VLAN, you must set the maximum allowed secure addresses on the port to at least two.
+ If any type of port security is enabled on the access VLAN, dynamic port security is automatically enabled on the voice VLAN.
+ When a voice VLAN is configured on a secure port that is also configured as a sticky secure port, all addresses seen on the voice VLAN are learned as dynamic secure addresses, and all addresses seen on the access VLAN (to which the port belongs) are learned as sticky secure addresses.
+ The switch does not support port security aging of sticky secure MAC addresses.
+ The protect and restrict options cannot be simultaneously enabled on an interface.

(Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3550/software/release/12-1_19_ea1/configuration/guide/3550scg/swtrafc.html#wp1038546)

Note: Dynamic access port or Dynamic port VLAN membership must be connected to an end station. This type of port can be configured with the “switchport access vlan dynamic” command in the interface configuration mode. Please read more about Dynamic access port here: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3550/software/release/12-1_19_ea1/configuration/guide/3550scg/swvlan.html#wp1103064

Question 8


One of the most widely deployed network security technologies today is IPsec over VPNs. It provides high levels of security through encryption and authentication, protecting data from unauthorized access.

Comments (21) Comments
Comment pages
1 9 10 11 1768
  1. Alex32
    February 20th, 2017

    achaino_85 @ hotmai dot com

  2. Alex32
    February 20th, 2017

    achaino_85 @ hotmail dot com

  3. Leaked
    February 21st, 2017

    New Update, My student passed today. Latest 100% VALID CCNA Security 210-260 Exam Questions Dumps at below page including all labs in Packet Tracer format. Working VCE player also included in package
    INSTANT Download at below page:


  4. Mian
    February 23rd, 2017

    Anyone having CCNA security best tutorials from basic to advance level??

  5. Anonymous
    February 25th, 2017

    Hello, please sent me the latest ccna sec dumbs to
    Dumspirospero79 @ web. de

    Thank you.

  6. Ali Raza
    February 28th, 2017

    Please send me the latest CCNA Security 210-260 dumps at {email not allowed}

  7. Ali Raza
    February 28th, 2017

    Please send me the latest CCNA Security 210-260 dumps at (s.ali 312 @ hotmail . com)

  8. Moran
    March 1st, 2017

    Please send me the latest CCNA Security 210-260 dumps at (eng.mkhoja@ Hotmail . com) Thanks

  9. hello friends ,
    March 4th, 2017

    I am planning to write ccna security 210-260 on this week , any one have new dumps questions plz share with me ,
    My email : {email not allowed}

  10. hello friends ,
    March 4th, 2017

    {email not allowed}

  11. my regards
    March 7th, 2017

    Looking for 210-260 dump please email me : halekyish at gmail dot com

  12. latest dumps
    March 7th, 2017

    Hello Coldplay,
    Can you (or anyone) send me the latest CCNA Security 210-260 dumps at osaamaaa at hotmail dot com
    thanks in advance

  13. Anonymous
    March 9th, 2017

    Looking for 210-260 dump please email me : {email not allowed} or {email not allowed}

  14. Anonymous
    March 9th, 2017

    Looking for 210-260 dump please email me : sjunaidali83 at gmail dot com or sjunaid_ali83 at hotmail dot com

  15. Anonymous
    March 9th, 2017

    updated CCNA Security 210-260 Latest Dump 250 Question Required Please on sjunaid_ali83 @ hotmail.com

  16. KukaBoa
    March 13th, 2017

    Need the latest CCNA 310-260 urgently…Will be trying again in a few days. {email not allowed}

  17. AUSTIN@@@@@@@@@@@@@@@00003
    March 15th, 2017

    Please can someone give links l can use to practice some or all the configurations in CCNA SECURITY please l need to practice and know them for real please and please

  18. Anonymous
    March 15th, 2017

    Can someone please send me latest CCNA security dumps at {email not allowed}

  19. Anonymous
    March 15th, 2017

    Can someone please send me latest CCNA security dumps at ramandeepkaurcheema@gmaildotcom

  20. 200-260 dumps
    March 23rd, 2017

    dumps from https://www.examgood.com/210-260.html is perfect. PASS IT .

  21. Anonymous
    March 29th, 2017

    could you send me a copy of ccna security dump plz? mvp8044 @ gmail . com

Comment pages
1 9 10 11 1768