What is valid reason for a switch to deny port access to new devices when port security is enabled?()A. The denied MAC addresses have already been learned or confgured on another secure interface in the same VLAN.B. The denied MAC address are statically c

第1题：

Why would a network administrator configure port security on a switch?（）

• A、To prevent unauthorized Telnet access to a switch port.
• B、To limit the number of Layer 2 broadcasts on a particular switch port.
• C、To prevent unauthorized hosts from accessing the LAN.
• D、To protect the IP and MAC address of the switch and associated ports.
• E、To block unauthorized access to the switch management interfaces over common TCP ports.

第2题：

Which three of these pre-requisite for resetting a Catalyst Express 500 switch when Cisco Network Assistant is unavailable？（）

• A、At Least one enabled switch port that is unconnected to any device
• B、A PC pre-configured with a specific IP Address and Mask
• C、A PC or laptop with Windows 2000 or Windows XP installed and a web browser that has Java Script enabled
• D、Physical Access to Switch
• E、A Switch with no connected devices

第3题：

Two access points running the core feature set are connected to the same switch and are providingguest services. If PSPF is enabled， what must be enabled on the switch to prevent clients fromseeing one another’s data？（）

• A、port-based RADIUS
• B、802.1q trunking
• C、inline power
• D、protected port

第4题：

The voice VLAN feature has been enabled on a new Company Catalyst switch port.  What is the  effect of this？ （）

• A、The CoS is trusted for 802.1P or 802.1Q tagged traffic.
• B、PortFast is disabled on the port.
• C、Port Security is automatically enabled on a voice VLAN port.
• D、Untagged traffic is sent according to the default CoS priority of the port.
• E、None of the other alternatives apply

第5题：

A network administrator needs to configure port security on a switch.which two statements are true?（）

• A、The network administrator can apply port security to dynamic access ports
• B、The network administrator can configure static secure or sticky secure mac addresses in the voice vlan.
• C、The sticky learning feature allows the addition of dynamically learned addresses to the running configuration.
• D、The network administrator can apply port security to EtherChannels.
• E、When dynamic mac address learning is enabled on an interface,the switch can learn new addresses,up to the maximum defined.

第6题：

A network administrator must configure 200 switch ports to accept traffic from only the currently attached host devices.What would be the most efficient way to configure MAC-level security on all these ports？ （）

• A、Visually verify the MAC addresses and then telnet to the switches to enter the switchport-port security mac-address command.
• B、Have end users e-mail their MAC addresses. Telnet to the switch to enter the switchport-port security mac-address command.
• C、Use the switchport port-security MAC address sticky command on all the switch ports that have end devices connected to them.
• D、Use show mac-address-table to determine the addresses that are associated with each port and then enter the commands on each switch for MAC address port-security.

第7题：

When configuring port security on a Cisco Catalyst switch port， what is the default action taken by the switch if a violation occurs？ （）

• A、protect （drop packets with unknown source addresses）
• B、restrict （increment SecurityViolation counter）
• C、shut down （access or trunk port）
• D、transition （the access port to a trunking port）

第8题：

第9题：

第10题：

第11题：

第12题：

第13题：

A lightweight access point has been connected to a Catalyst 3550 24-PWR switch， and on power-up the access point fails. What is the problem with the switch？（）

• A、The power supply has inadequate wattage.
• B、Power is incorrectly configured on the port.
• C、It does not support 802.3af Poe.
• D、Power is not enabled on the port.

第14题：

A new Catalyst switch is connected to an existing switch using a crossover cable. As a result of this, what would the switch port link lights display?（）

• A、The switch port link lights will be off on both switches indicating the ports are not connected.
• B、The switch port link light will be off on one switch indicating that STP has disabled the port.
• C、The switch port link lights will flash amber indicating an error.
• D、The switch port link lights will be green indicating normal operation.

第15题：

You work as a network Technician. A new workstation has consistently been unable to obtain anIP address from the DHCP server when the workstation boots. Older workstations function normally， and the new workstation obtains an address when manually forced to renew its address.  What should be configured on the switch to allow the workstation to obtain an IP address at boot？（）

• A、UplinkFast on the switch port connected to the server
• B、BackboneFast on the switch port connected to the server
• C、PortFast on the switch port connected to the workstation
• D、trunking on the switch

第16题：

A network administrator needs to configure port security on a switch.which two statements are true？（）

• A、The network administrator can apply port security to dynamic access ports
• B、The network administrator can configure static secure or sticky secure mac addresses in the voice vlan.
• C、The sticky learning feature allows the addition of dynamically learned addresses to the runningconfiguration.
• D、The network administrator can apply port security to EtherChannels.
• E、When dynamic mac address learning is enabled on an interface，the switch can learn new addresses，up to the maximum defined.

第17题：

What is valid reason for a switch to deny port access to new devices when port security is enabled?（）

• A、The denied MAC addresses have already been learned or confgured on another secure interface in the same VLAN.
• B、The denied MAC address are statically configured on the port.
• C、The minimum MAC threshold has been reached.
• D、The absolute aging times for the denied MAC addresses have expired.

第18题：

A network administrator must configure 200 switch ports to accept traffic from only the currently attached host devices. What would be the most efficient way to configure MAC-level security on all these ports?（）

• A、Visually verify the MAC addresses and then telnet to the switches to enter the switchport-port security mac-address command
• B、Have end users e-mail their MAC addresses. Telnet to the switch to enter the switchport-port security mac-address command
• C、Use the switchport port-security MAC address sticky command on all the switch ports that have end devices connected to them
• D、Use show mac-address-table to determine the addresses that are associated with each port and then enter the commands on each switch for MAC address port-security

第19题：

A Company switch was configured as shown below：  switchport mode access  switchport port-security   switchport port-security maximum 2 switchport port-security mac-address 0002.0002.0002   switchport port-security violation shutdown   Given the configuration output shown above，  what happens when a host with the MAC address of  0003.0003.0003 is directly connected to the switch port？ （）

• A、 The host will be allowed to connect.
• B、 The port will shut down.
• C、 The host can only connect through a hub/switch where 0002.0002.0002 is already connected.  
• D、 The host will be refused access.
• E、 None of the other alternatives apply

第20题：

第21题：

第22题：

第23题：