Why would a network administrator configure port security on a switch?()A. To prevent unauthorized Telnet access to a switch port.B. To limit the number of Layer 2 broadcasts on a particular switch port.C. To prevent unauthorized hosts from accessing the

第1题：

Why would a network administrator configure port security on a switch?（）

• A、To prevent unauthorized Telnet access to a switch port.
• B、To limit the number of Layer 2 broadcasts on a particular switch port.
• C、To prevent unauthorized hosts from accessing the LAN.
• D、To protect the IP and MAC address of the switch and associated ports.
• E、To block unauthorized access to the switch management interfaces over common TCP ports.

第2题：

The network security policy requires that only one host be permitted to attach dynamically to each switch interfacE.If that policy is violated, the interface should shut down. Which two commands must the network administrator configure on the 2950 Catalyst switch to meet this policy? （）

• A、Switch1(config-if)# switchport port-security maximum 1
• B、Switch1(config)# mac-address-table secure
• C、Switch1(config)# access-list 10 permit ip host
• D、Switch1(config-if)# switchport port-security violation shutdown
• E、Switch1(config-if)# ip access-group 10

第3题：

A network administrator needs to configure port security on a switch.which two statements are true？（）

• A、The network administrator can apply port security to dynamic access ports
• B、The network administrator can configure static secure or sticky secure mac addresses in the voice vlan.
• C、The sticky learning feature allows the addition of dynamically learned addresses to the runningconfiguration.
• D、The network administrator can apply port security to EtherChannels.
• E、When dynamic mac address learning is enabled on an interface，the switch can learn new addresses，up to the maximum defined.

第4题：

A network administrator needs to configure port security on a switch.which two statements are true?（）

• A、The network administrator can apply port security to dynamic access ports
• B、The network administrator can configure static secure or sticky secure mac addresses in the voice vlan.
• C、The sticky learning feature allows the addition of dynamically learned addresses to the running configuration.
• D、The network administrator can apply port security to EtherChannels.
• E、When dynamic mac address learning is enabled on an interface,the switch can learn new addresses,up to the maximum defined.

第5题：

A network administrator must configure 200 switch ports to accept traffic from only the currently attached host devices.What would be the most efficient way to configure MAC-level security on all these ports？ （）

• A、Visually verify the MAC addresses and then telnet to the switches to enter the switchport-port security mac-address command.
• B、Have end users e-mail their MAC addresses. Telnet to the switch to enter the switchport-port security mac-address command.
• C、Use the switchport port-security MAC address sticky command on all the switch ports that have end devices connected to them.
• D、Use show mac-address-table to determine the addresses that are associated with each port and then enter the commands on each switch for MAC address port-security.

第6题：

The network security policy requires that only one host be permitted to attach dynamically to each switch interface. If that policy is violated, the interface should shut down. Which two commands must the network administrator configure on the 2950 Catalyst switch to meet this policy?（）

• A、TestKing1(config-if)# switchport port-security maximum 1
• B、TestKing1(config)# mac-address-table secure
• C、TestKing1(config)# access-list 10 permit ip host
• D、TestKing1(config-if)# switchport port-security violation shutdown
• E、TestKing1(config-if)# ip access-group 10

第7题：

You need to configure port security on switch R1.  Which two statements are true about this  technology？ （）

• A、 Port security can be configured for ports supporting VoIP.
• B、 With port security configured， four MAC addresses are allowed by default.
• C、 The network administrator must manually enter the MAC address for each device in order for  the switch to allow connectivity.
• D、  Withsecurity configured， only one MAC addresses is allowed by default.  
• E、 Port security cannot be configured for ports supporting VoIP.

第8题：

An administrator replaces the network card in a web server. After replacing the network card some users can access the server but others cannot. Which of the following is the FIRST thing the administrator should check?（）

• A、Default gateway
• B、The ports on the switch
• C、Port security on the server's switch port
• D、Ethernet cable

第9题：

第10题：

第11题：

第12题：

第13题：

Why would a network administrator configure port security on a switch?（）

• A、to prevent unauthorized Telnet access to a switch port
• B、to limit the number of Layer 2 broadcasts on a particular switch port
• C、to prevent unauthorized hosts from accessing the LAN
• D、to protect the IP and MAC address of the switch and associated ports
• E、to block unauthorized access to the switch management interfaces over common TCP ports

第14题：

When using Cisco Network Assistant to configure a WS-CE500-24LC switch， which three are available choices in the port settings window？（）

• A、Duplex mode selections
• B、Auto MDIX selections
• C、Status Selections
• D、Group mode selections
• E、Port security selections

第15题：

The network security policy requires that only one host be permitted to attach dynamically to each switch interface. If that policy is violated, the interface should shut down. Which two commands must the network administrator configure on the 2950 Catalyst switch to meet this policy (Choose two.)（）。

• A、Switch1(config-if)# switchport port-security maximum 1
• B、Switch1(config)# mac-address-table secure
• C、Switch1(config)# access-list 10 permit ip host
• D、Switch1(config-if)# switchport port-security violation shutdown
• E、Switch1(config-if)# ip access-group 10

第16题：

A network administrator wants to ensure that only the server can connect to port Fa0/1 on a Catalyst switch. The server is plugged into the switch Fa0/1 port and the network administrator is about to bring the server online. What can the administrator do to ensure that only the MAC address of the server is allowed by switch port Fa0/1?（）

• A、Configure port Fa0/1 to accept connections only from the static IP address of the server.
• B、Employ a proprietary connector type on Fa0/1 that is incompatible with other host connectors.
• C、Configure the MAC address of the server as a static entry associated with port Fa0/1.
• D、Bind the IP address of the server to its MAC address on the switch to prevent other hosts from spoofing the server IP address.
• E、Configure port security on Fa0/1 to reject traffic with a source MAC address other than that of the server.
• F、Configure an access list on the switch to deny server traffic from entering any port other than Fa0/1.

第17题：

A network administrator must configure 200 switch ports to accept traffic from only the currently attached host devices. What would be the most efficient way to configure MAC-level security on all these ports?（）

• A、Visually verify the MAC addresses and then telnet to the switches to enter the switchport-port security mac-address command
• B、Have end users e-mail their MAC addresses. Telnet to the switch to enter the switchport-port security mac-address command
• C、Use the switchport port-security MAC address sticky command on all the switch ports that have end devices connected to them
• D、Use show mac-address-table to determine the addresses that are associated with each port and then enter the commands on each switch for MAC address port-security

第18题：

The network security policy requires that only one host be permitted to attach dynamically to each switch interface. If that policy is violated, the interface should shut down. Which two commands must the network administrator configure on the 2950 Catalyst switch to meet this policy?（）

• A、Switch1(config-if)# switchport port-security maximum 1
• B、Switch1(config)# mac-address-table secure
• C、Switch1(config)# access-list 10 permit ip host
• D、Switch1(config-if)# switchport p ort-security violation shutdown
• E、Switch1(config-if)# ip access-group 10

第19题：

An administrator replaces the network card in a web server. After replacing the network card some users can access the server but others cannot.  Which of the following is the FIRST thing the administrator should check？（）

• A、 Default gateway
• B、 The ports on the switch
• C、 Port security on the servers switch port
• D、 Ethernet cable

第20题：

Multiple users call from the same location saying that they have no network connectivity. The administrator is unable to ping the main switch at that IDF. Which of the following configuration management documents would the administrator MOST likely consult to troubleshoot the issue?（）

• A、Baseline configuration
• B、Security policy
• C、Performance and transaction logs
• D、Physical network diagram

第21题：

第22题：

第23题：

第24题：