READ Free Dumps For Cisco- 100-101
| Question ID 6441 | An administrator has connected devices to a switch and, for security reasons, wants the dynamically learned MAC addresses from the address table added to the running configuration. What must be done to accomplish this?g
|
| Option A | Enable port security and use the keyword sticky
|
| Option B | Set the switchport mode to trunk and save the running configuration.
|
| Option C | Use the switchport protected command to have the MAC addresses added to the configuration
|
| Option D | Use the no switchport port-security command to allow MAC addresses to be added to the configuration.
|
| Correct Answer | a |
Explanation http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/port_sec.pdf One can configure MAC addresses to be sticky. These can be dynamically learned or manually configured, stored in the address table, and added to the running configuration. If these addresses are saved in the configuration file, the interface does not need to dynamically relearn them when the switch restarts, hence enabling security as desired. Port security with sticky MAC addresses provides many of the same benefits as port security with static MAC addresses, but sticky MAC addresses can be learned dynamically. Port security with sticky MAC addresses retains dynamically learned MAC addresses during a link-down condition. If you enter a write memory or copy running-config startup-config command, then port security with sticky MAC addresses saves dynamically learned MAC addresses in the startup-config file and the port does not have to learn addresses from ingress traffic after bootup or a restart.sg
| Question ID 6444 | A company has placed a networked PC in a lobby so guests can have access to the corporate directory. A security concern is that someone will disconnect the directory PC and re-connect their laptop computer and have access to the corporate network. Forthe port servicing the lobby, which three configuration steps should be performed on the switch to prevent this? (Choose three.)
|
| Option A | Enable port security.
|
| Option B | Create the port as a trunk port.g
|
| Option C | Create the port as an access port.
|
| Option D | Create the port as a protected port.
|
| Option E | Set the port security aging time to 0
|
| Option F | Statically assign the MAC address to the address table.sg
|
| Correct Answer | acf |
Explanation Explanation/Reference: If port security is enabled and the port is only designated as access port, and finally static MAC address is assigned, it ensures that even if a physical connection is done by taking out the directory PC and inserting personal laptop or device, the connection cannot be made to the corporate network, hence ensuring safety. http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/port_sec.html SUMMARY STEPS 1. config t 2. mac address-table static mac address vlan vlan-id {[drop | interface {type number | | port-channel number]} 3. exit 4. show mac address-table static 5. copy running-config startup-config