Exam 350-601 topic 1 question 404 discussion

C and D - wrong Adress B - there is no point of implementing "port-security activate vsan vsan-id no-auto-learn" as it is implemented before, beside it should be "no-auto-learn" not "no auto-learn" So after elimination process we have A on the table

pending database is not empty in B

if you activate port security, follow up by disabling auto-learning, and finally commit the changes in the pending database, then the net result of your actions is the same as entering a port-security activate vsan vsan-id no-auto-learn command.

A seems to be missing the "no auto-learn". Or should we consider the exhibit as what was previously configured and we just need to complete it?

as per the pdf its b https://www.cisco.com/en/US/docs/storage/san_switches/mds9000/sw/rel_1_x/1_2_2a/san-os/configuration/guide/SecuPort.pdf#page2

This question has no correct answer and one of the requirements is Auto learning must be disabled and the correct command is port-security activate vsan 10 no-auto-learn. B is closest to the truth, maybe there was a typographical error.

It has to be the "B" option. Commit command is used when you are using "auto-learning configuration", that is not allowed here. C and D cannot be an option because have bad addresses

I also Choose B

I think "C" is right : I know PO 5 is wrong (misspilled word), but you see the link and the Tip We recommend that you issue the port-security database copy vsan command after disabling auto-learning. This action will ensure that the configuration database is in sync with the active database. If distribution is enabled, this command creates a temporary copy (and consequently a fabric lock) of the configuration database. If you lock the fabric, you need to commit the changes to the configuration databases in all the switches. https://www.cisco.com/c/en/us/td/docs/switches/datacenter/mds9000/sw/8_x/config/security/cisco_mds9000_security_config_guide_8x/configuring_port_security.html#task_1002579

C and D has wrong WWN. B is OK.Distribution is not required, so not A.

Answer is B, the following link explain it step by step: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli_rel_4_0_1a/CLIConfigurationGuide/psec.html#92130

https://www.cisco.com/en/US/docs/storage/san_switches/mds9000/sw/rel_3_x/configuration/guides/cli_3_2/psec.html#wp1298070

The correct command set that satisfies the given requirements is option A. Option B does not include the "port-security database" command to define the port security database for the specific VSAN 10. Option C has the incorrect NWWN address specified and the "port-security database diff active" command is not needed. Option D has the incorrect interface type specified for the NWWN, it should be "san-port-channel 2" instead of "port-channel 5", and the "port-security database diff active" command is not needed.

How can be C if WWN does not match and port.channel id either, correct it's B.