ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 200-105 All Questions

View all questions & answers for the 200-105 exam
Go to Exam

Exam 200-105 topic 1 question 353 discussion

Actual exam question from Cisco's 200-105
Question #: 353
Topic #: 1
[All 200-105 Questions]

Refer to the exhibit. Which of these correctly describes the results of port security violation of an unknown packet?

  • A. port enabled; unknown packets dropped; no SNMP or syslog messages
  • B. port enabled; unknown packets dropped; SNMP or syslog messages
  • C. port disabled; no SNMP or syslog messages
  • D. port disabled; SNMP or syslog messages
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
Configuring Port Security -
http://packetlife.net/blog/2010/may/3/port-security/
We can view the default port security configuration with show port-security:
http://www.ciscopress.com/articles/article.asp?p=1722561

Switchport Security Violations -
The second piece of switchport port-security that must be understood is a security violation including what it is what causes it and what the different violation modes that exist. A switchport violation occurs in one of two situations:
When the maximum number of secure MAC addresses has been reached (by default, the maximum number of secure MAC addresses per switchport is limited to
1)
An address learned or configured on one secure interface is seen on another secure interface in the same VLAN
The action that the device takes when one of these violations occurs can be configured:
Protect--This mode permits traffic from known MAC addresses to continue to be forwarded while dropping traffic from unknown MAC addresses when over the allowed MAC address limit. When configured with this mode, no notification action is taken when traffic is dropped.
Restrict--This mode permits traffic from known MAC addresses to continue to be forwarded while dropping traffic from unknown MAC addresses when over the allowed MAC address limit. When configured with this mode, a syslog message is logged, a Simple Network Management Protocol (SNMP) trap is sent, and a violation counter is incremented when traffic is dropped.
Shutdown--This mode is the default violation mode; when in this mode, the switch will automatically force the switchport into an error disabled (err-disable) state when a violation occurs. While in this state, the switchport forwards no traffic. The switchport can be brought out of this error disabled state by issuing the errdisable recovery cause CLI command or by disabling and re-enabling the switchport.
Shutdown VLAN--This mode mimics the behavior of the shutdown mode but limits the error disabled state the specific violating VLAN.
by mthabib at Aug. 30, 2019, 9:02 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
mthabib
5 years, 10 months ago
Shouldn't it be B. Maximum is set to 3, so after one violation port will still be up, packet will be dropped and syslog messages will be sent.
upvoted 1 times
JTA2020
5 years, 5 months ago
It's D because it only becomes a port-security violation if there are already 3 MAC addresses saved to the port and a fourth one tries to connect through it.
upvoted 3 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel