Home > CCNA – Security Questions

CCNA – Security Questions

March 23rd, 2015 Go to comments

Question 1

Explanation

We only enable PortFast feature on access ports (ports connected to end stations). But if someone does not know he can accidentally plug that port to another switch and a loop may occur when BPDUs are being transmitted and received on these ports.

With BPDU Guard, when a PortFast receives a BPDU, it will be shut down to prevent a loop -> D is correct.

Question 2

Explanation

We can verify whether port security has been configured by using the “show running-config” or “show port-security interface ” for more detail. An example of the output of “show port-security interface ” command is shown below:

show_port-security_interface.jpg

Question 3

Explanation

The full syntax of the second command is:

switchport port-security mac-address sticky [MAC]

If we don’t specify the MAC address (like in this question) then the switch will dynamically learn the attached MAC Address and place it into your running-configuration -> B is correct.

Question 4

Explanation

Please read the explanation at http://www.9tut.net/icnd2/icnd2-operations

Question 5

Explanation

Port security is only used on access port (which connects to hosts) so we need to set that port to “access” mode, then we need to specify the maximum number of hosts which are allowed to connect to this port -> C is correct.

Note: If we want to allow a fixed MAC address to connect, use the “switchport port-security mac-address ” command.

Question 6

Explanation

As we see in the output, the “Port Security” is in “Disabled” state (line 2 in the output). To enable Port security feature, we must enable it on that interface first with the command:

SwitchA(config-if)#switchport port-security

-> B is correct.

Also from the output, we learn that the switch is allowing 2 devices to connect to it (switchport port-security maximum 2) but the question requires allowing only PC_A to access the network so we need to reduce the maximum number to 1 -> D is correct.

Question 7

Explanation

Follow these guidelines when configuring port security:
+ Port security can only be configured on static access ports, trunk ports, or 802.1Q tunnel ports. -> A is not correct.
+ A secure port cannot be a dynamic access port.
+ A secure port cannot be a destination port for Switched Port Analyzer (SPAN).
+ A secure port cannot belong to a Fast EtherChannel or Gigabit EtherChannel port group. -> D is not correct
+ You cannot configure static secure or sticky secure MAC addresses on a voice VLAN. -> B is not correct.
+ When you enable port security on an interface that is also configured with a voice VLAN, you must set the maximum allowed secure addresses on the port to at least two.
+ If any type of port security is enabled on the access VLAN, dynamic port security is automatically enabled on the voice VLAN.
+ When a voice VLAN is configured on a secure port that is also configured as a sticky secure port, all addresses seen on the voice VLAN are learned as dynamic secure addresses, and all addresses seen on the access VLAN (to which the port belongs) are learned as sticky secure addresses.
+ The switch does not support port security aging of sticky secure MAC addresses.
+ The protect and restrict options cannot be simultaneously enabled on an interface.

(Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3550/software/release/12-1_19_ea1/configuration/guide/3550scg/swtrafc.html#wp1038546)

Note: Dynamic access port or Dynamic port VLAN membership must be connected to an end station. This type of port can be configured with the “switchport access vlan dynamic” command in the interface configuration mode. Please read more about Dynamic access port here: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3550/software/release/12-1_19_ea1/configuration/guide/3550scg/swvlan.html#wp1103064

Question 8

Explanation

One of the most widely deployed network security technologies today is IPsec over VPNs. It provides high levels of security through encryption and authentication, protecting data from unauthorized access.

Comments (8) Comments
Comment pages
1 12 13 14 1768
  1. help me
    January 8th, 2018

    Can you send me the latest dump with 310q+20 to 6736paolo(at)gmail.com ?
    thanks

  2. Devanshu
    January 11th, 2018

    Hie there is anyone giving exam for CCSA Checkpoint please do contact me also we can help eachother out…

  3. Devanshu
    January 11th, 2018

    My mail is is devanshusolanki75 at gmail dot com

  4. BigRon
    January 13th, 2018

    First of all, this site has enabled me to become CCNA certified. I am A+, Network + and CCNA certified. I am scared because I have yet to fail a certification exam due to always over studying and making sure I understand in theory what I am doing. I am 53 years old, worked 23 years for the federal courts (small retirement coming soon), lost 3 houses, family, 100 grand in 401K savings, and the only hope I had left in my life was to rebuild or be standing on the corner with a sign. After I lost my job, my wife wanted a divorce, someone who I help get off welfare and start her own career. Today, my new wife and I make approx 170 grand a yr combined income and I do not have a degree (only certs), twice as much as me and my previous wife made. My question today is I have ordered the CCNA Security book, I have packet tracker and want to know any angles I need, including sims to pass this test. I want to always stay relevant.

  5. BigBilly
    January 13th, 2018

    First of all, this site has enabled me to become CCNA certified. I am A+, Network + and CCNA certified. I am scared because I have yet to fail a certification exam due to always over studying and making sure I understand in theory what I am doing. I am 53 years old, worked 23 years for the federal courts (small retirement coming soon), lost 3 houses, family, 100 grand in 401K savings, and the only hope I had left in my life was to rebuild or be standing on the corner with a sign. After I lost my job, my wife wanted a divorce, someone who I help get off welfare and start her own career. Today, my new wife and I make approx 170 grand a yr combined income and I do not have a degree (only certs), twice as much as me and my previous wife made. My question today is I have ordered the CCNA Security book, I have packet tracker and want to know any angles I need, including sims to pass this test. I want to always stay relevant.

  6. AtlantaBorn
    January 13th, 2018

    First of all, this site has enabled me to become CCNA certified. I am A+, Network + and CCNA certified. I am scared because I have yet to fail a certification exam due to always over studying and making sure I understand in theory what I am doing. I am 53 years old, worked 23 years for the federal courts (small retirement coming soon), lost 3 houses, family, 100 grand in 401K savings, and the only hope I had left in my life was to rebuild or be standing on the corner with a sign. After I lost my job, my wife wanted a divorce, someone who I help get off welfare and start her own career. Today, my new wife and I make approx 170 grand a yr combined income and I do not have a degree (only certs), twice as much as me and my previous wife made. My question today is I have ordered the CCNA Security book, I have packet tracker and want to know any angles I need, including sims to pass this test. I want to always stay relevant.

  7. Anonymous
    January 14th, 2018

    Hi Guys,
    I have got the latest CCNA Security 210-260 VCE Dump Files. Can you share the tool to view the VCE File and convert it into PDF.

  8. AtlantaBorn
    January 16th, 2018

    Hi AtlantaBorn,
    Take this advice from me, don’t use Packet Tracer for exam preparing. its limited and confuse. try to build a lap with the following:
    1- Use a good PC or Laptop with more than 8Gb ram, better is start with 16Gb.
    2- Install GNS3 and VMware with all appliances you need. such as ASAv and VMhost and Web_Java.
    3- build your 1st topology and start with (outside/inside/DMZ) network and go done to routers and switches and VM’s.
    4. practicing this you will have more and more experience and confident.

    vmware must be prepared with GNS3 vm, windows 7 and in short time you will need windows server vm and win10.

    GNS3 will give you all what you need to practise and be ready for real world.
    for ASAv cisco firewall check this out
    https://gns3.com/discussions/gns3-cisco-asa-and-asdm-config-4
    http://www.bernhard-ehlers.de/blog/2017/10/23/gns3-configure-asa-asdm.html

    Firewall is most important for CCNA security, so practice on it thru CLI and GUI.
    note: GNS3 some time take long time to prepared it but when you get it done you will be amaze.

Comment pages
1 12 13 14 1768
Add a Comment