QUESTION 161
Refer to the exhibit. The following commands are executed on interface fa0/1 of 2950Switch.
2950Switch(config-if)#switchport port-security
2950Switch(config-if)#switchport port-security mac-address sticky
2950Switch(config-if)#switchport port-security maximum 1
The Ethernet frame that is shown arrives on interface fa0/1. What two functions will occur when this frame is
received by 2950Switch? (Choose two)
A. The MAC address table will now have an additional entry of fa0/1 FFFF.FFFF.FFFF.
B. Only host A will be allowed to transmit frames on fa0/1.
C. This frame will be discarded when it is received by 2950Switch.
D. All frames arriving on 2950Switch with a destination of 0000.00aa.aaaa will be forwarded out fa0/1.
E. Hosts B and C may forward frames out fa0/1 but frames arriving from other switches will not be forwarded
out fa0/1.
F. Only frames from source 0000.00bb.bbbb, the first learned MAC address of 2950Switch, will be forwarded
out fa0/1.
Correct Answer: BD
QUESTION 162
Which set of commands is recommended to prevent the use of a hub in the access layer?
A. switch(config-if)#switchport mode trunk
switch(config-if)#switchport port-security maximum 1
B. switch(config-if)#switchport mode trunk
switch(config-if)#switchport port-security mac-address 1
C. switch(config-if)#switchport mode access
switch(config-if)#switchport port-security maximum 1
D. switch(config-if)#switchport mode access
switch(config-if)#switchport port-security mac-address 1
Correct Answer: C
QUESTION 163
Refer to the exhibit. A junior network administrator was given the task of configuring port security on SwitchA to
allow only PC_A to access the switched network through port fa0/1. If any other device is detected, the port is
to drop frames from this device. The administrator configured the interface and tested it with successful pings
from PC_A to RouterA, and then observes the output from these two show commands.
Which two of these changes are necessary for SwitchA to meet the requirements? (Choose two)
A. Port security needs to be globally enabled.
B. Port security needs to be enabled on the interface.
C. Port security needs to be configured to shut down the interface in the event of a violation.
D. Port security needs to be configured to allow only one learned MAC address.
E. Port security interface counters need to be cleared before using the show command
F. The port security configuration needs to be saved to NVRAM before it can become active.
Correct Answer: BD
QUESTION 164
A network administrator needs to configure port security on a switch. Which two statements are true? (Choose
two)
A. The network administrator can apply port security to dynamic access ports
B. The network administrator can configure static secure or sticky secure mac addresses in the voice vlan.
C. The sticky learning feature allows the addition of dynamically learned addresses to the running
configuration.
D. The network administrator can apply port security to EtherChannels.
E. When dynamic mac address learning is enabled on an interface, the switch can learn new addresses up to
the maximum defined.
Correct Answer: CE
QUESTION 165
Which protocol is an open standard protocol framework that is commonly used in VPNs to provide secure endto-end
connections?
A. PPTP
B. IPsec
C. RSA
D. L2TP
Correct Answer: B
QUESTION 166
Which command would you use on a Cisco router to verify the Layer 3 path to a host?
A. traced address
B. traceroute address
C. telnet address
D. ssh address
Correct Answer: B
QUESTION 168
What are three reasons that an organization with multiple branch offices and roaming users might implement a
Cisco VPN solution instead of point-to-point WAN links? (Choose three)
A. reduced cost
B. better throughput
C. broadband incompatibility
D. increased security
E. scalability
F. reduced latency
Correct Answer: ADE