思科认证考试

Which feature would prevent guest users from gaining network access by unplugging an IP phone and connecting a laptop computer?()A、IPSec VPNB、SSL VPNC、port securityD、port security with statically configured MAC addressesE、private VLANs

题目

Which feature would prevent guest users from gaining network access by unplugging an IP phone and connecting a laptop computer?()

  • A、IPSec VPN
  • B、SSL VPN
  • C、port security
  • D、port security with statically configured MAC addresses
  • E、private VLANs
参考答案和解析
正确答案:D
如果没有搜索结果,请直接 联系老师 获取答案。
相似问题和答案

第1题:

Why would a network administrator configure port security on a switch?()

A. To prevent unauthorized Telnet access to a switch port.

B. To limit the number of Layer 2 broadcasts on a particular switch port.

C. To prevent unauthorized hosts from accessing the LAN.

D. To protect the IP and MAC address of the switch and associated ports.

E. To block unauthorized access to the switch management interfaces over common TCP ports.


参考答案:C

第2题:

A network administrator needs to configure port security on a switch.which two statements are true? ()

A.The network administrator can apply port security to dynamic access ports

B.The network administrator can configure static secure or sticky secure mac addresses in the voice vlan.

C.The sticky learning feature allows the addition of dynamically learned addresses to the running configuration.

D.The network administrator can apply port security to EtherChannels.

E.When dynamic mac address learning is enabled on an interface,the switch can learn new addresses,up to the maximum defined.


参考答案:C, E

第3题:

The network administrator has configured port security on a Ezonexam switch. Why would a network administrator configure port security on this Ezonexam device?

A.To prevent unauthorized hosts from getting access to the LAN

B.To limit the number of Layer 2 broadcasts on a particular switch port

C.To prevent unauthorized Telnet or SSH access to a switch port

D.To prevent the IP and MAC address of the switch and associated ports

E.None of the above


正确答案:A
解析:Explanation:
You can use the port security feature to restrict input to an interface by limiting and identifying MAC addresses of the stations allowed to access the port. When you assign secure MAC addresses to a secure port, the port does not forward packets with source addresses outside the group of defined addresses. If you limit the number of secure MAC addresses to one and assign a single secure MAC address, the workstation attached to that port is assured the full bandwidth of the port.

If a port is configured as a secure port and the maximum number of secure MAC addresses is reached, when the MAC address of a station attempting to access the port is different from any of the identified secure MAC addresses, a security violation occurs. Also, if a station with a secure MAC address configured or learned on one secure port attempts to access another secure port, a violation is flagged.

第4题:

Why would a network administrator configure port security on a switch?()

  • A、to prevent unauthorized Telnet access to a switch port
  • B、to limit the number of Layer 2 broadcasts on a particular switch port
  • C、to prevent unauthorized hosts from accessing the LAN
  • D、to protect the IP and MAC address of the switch and associated ports
  • E、to block unauthorized access to the switch management interfaces over common TCP ports

正确答案:C

第5题:

Why would a network administrator configure port security on a switch()。

A.to prevent unauthorized Telnet access to a switch port

B.to limit the number of Layer 2 broadcasts on a particular switch port

C.to prevent unauthorized hosts from accessing the LAN

D.to protect the IP and MAC address of the switch and associated ports

E.to block unauthorized access to the switch management interfaces over common TCP ports


参考答案:C

第6题:

What is valid reason for a switch to deny port access to new devices when port security is enabled?()

A. The denied MAC addresses have already been learned or confgured on another secure interface in the same VLAN.

B. The denied MAC address are statically configured on the port.

C. The minimum MAC threshold has been reached.

D. The absolute aging times for the denied MAC addresses have expired.


参考答案:B

第7题:

Refer to the exhibit. A junior network administrator was given the task of configuring port security on SwitchA to allow only PC_A to access the switched network through port fa0/1. If any other device is detected, the port is to drop frames from this device. The administrator configured the interface and tested it with successful pings from PC_A to RouterA, and then observes the output from these two show commands.Which two of these changes are necessary for SwitchA to meet the requirements? ()

A.Port security needs to be globally enabled.

B.Port security needs to be enabled on the interface.

C.Port security needs to be configured to shut down the interface in the event of a violation.

D.Port security needs to be configured to allow only one learned MAC address.

E.Port security interface counters need to be cleared before using the show command.

F.The port security configuration needs to be saved to NVRAM before it can become active.


参考答案:B, D

第8题:

A network administrator wants to control which user hosts can access the network based on their MAC address. What will prevent workstations with unauthorized MAC addresses from connecting to the network through a switch?

A. BPDU

B. Port security

C. RSTP

D. STP

E. VTP

F. Blocking mode


正确答案:B
B 解析:Explanation:
Understanding How Port Security Works:
You can use port security to block input to an Ethernet, Fast Ethernet, or Gigabit Ethernet port when the MAC address of the station attempting to access the port is different from any of the MAC addresses specified for that port. Alternatively, you can use port security to filter traffic destined to or received from a specific host based on the host MAC address.

When a secure port receives a packet, the source MAC address of the packet is compared to the list of secure source addresses that were manually configured or autoconfigured (learned) on the port. If a MAC address of a device attached to the port differs from the list of secure addresses, the port either shuts down permanently (default mode), shuts down for the time you have specified, or drops incoming packets from the insecure host.

The port's behavior. depends on how you configure it to respond to a security violation. If a security violation occurs, the Link LED for that port turns orange, and a link-down trap is sent to the Simple Network Management Protocol (SNMP) manager. An SNMP trap is not sent if you configure the port for restrictive violation mode. A trap is sent only if you configure the port to shut down during a security violation.

第9题:

Vlans have been enabled on an autonomous access point. in order for clients associating to vlans other than the native vlan to receive an ip address. Which of the following must be configured?()

  • A、access point ethernet port set to ssl trunking
  • B、switchport set to 802.1q trunking
  • C、switchport set to ssl trunking
  • D、access point ethernet port not set to 802.1q trunking

正确答案:B

第10题:

Which IOS security feature is configured by the ip inspect inspection-name {in | out} command?()

  • A、IPsec site-to-site VPN
  • B、Cisco AutoSecure
  • C、Cisco IOS Firewall
  • D、IPS

正确答案:C

更多相关问题
相关内容