New CCNA – Security Questions
Question 1
Which Cisco Catalyst feature automatically disables the port in an operational PortFast upon receipt of a BPDU?
A. BackboneFast
B. UplinkFast
C. Root Guard
D. BPDU Guard
E. BPDU Filter
Answer: D
Explanation
We only enable PortFast feature on access ports (ports connected to end stations). But if someone does not know he can accidentally plug that port to another switch and a loop may occur when BPDUs are being transmitted and received on these ports.
With BPDU Guard, when a PortFast receives a BPDU, it will be shut down to prevent a loop -> D is correct.
Question 2
Which two commands correctly verily whether port security has been configured on port FastEthernet 0/12 on a switch? (Choose two)
A. SW1# show switchport port-security interface FastEthernet 0/12
B. SW1# show switchport port-secure interface FastEthernet 0/12
C. SW1# show port-security interface FastEthernet 0/12
D. SW1# show running-config
Answer: C D
Explanation
We can verify whether port security has been configured by using the “show running-config” or “show port-security interface ” for more detail. An example of the output of “show port-security interface ” command is shown below:
Question 3
Select the action that results from executing these commands:
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security mac-address sticky
A. A dynamically learned MAC address is saved in the startup-configuration file.
B. A dynamically learned MAC address is saved in the running-configuration file.
C. A dynamically learned MAC address is saved in the VLAN database.
D. Statically configured MAC addresses are saved in the startup-configuration file if frames from that address are received.
E. Statically configured MAC addresses are saved in the running-configuration file if frames from that address are received.
Answer: B
Explanation
The full syntax of the second command is:
switchport port-security mac-address sticky [MAC]
If we don’t specify the MAC address (like in this question) then the switch will dynamically learn the attached MAC Address and place it into your running-configuration -> B is correct.
Question 4
Refer to the exhibit. The following commands are executed on interface fa0/1 of 2950Switch.
2950Switch(config-if)#switchport port-security
2950Switch(config-if)#switchport port-security mac-address sticky
2950Switch(config-if)#switchport port-security maximum 1
The Ethernet frame that is shown arrives on interface fa0/1. What two functions will occur when this frame is received by 2950Switch? (Choose two)
A. The MAC address table will now have an additional entry of fa0/1 FFFF.FFFF.FFFF.
B. Only host A will be allowed to transmit frames on fa0/1.
C. This frame will be discarded when it is received by 2950Switch.
D. All frames arriving on 2950Switch with a destination of 0000.00aa.aaaa will be forwarded out fa0/1.
E. Hosts B and C may forward frames out fa0/1 but frames arriving from other switches will not be forwarded out fa0/1.
F. Only frames from source 0000.00bb.bbbb, the first learned MAC address of 2950Switch, will be forwarded out fa0/1.
Answer: B D
Explanation
Please read the explanation at http://www.9tut.net/icnd2/icnd2-operations
Question 5
Which set of commands is recommended to prevent the use of a hub in the access layer?
A.
switch(config-if)#switchport mode trunk
switch(config-if)#switchport port-security maximum 1
B.
switch(config-if)#switchport mode trunk
switch(config-if)#switchport port-security mac-address 1
C.
switch(config-if)#switchport mode access
switch(config-if)#switchport port-security maximum 1
D.
switch(config-if)#switchport mode access
switch(config-if)#switchport port-security mac-address 1
Answer: C
Explanation
Port security is only used on access port (which connects to hosts) so we need to set that port to “access” mode, then we need to specify the maximum number of hosts which are allowed to connect to this port -> C is correct.
Note: If we want to allow a fixed MAC address to connect, use the “switchport port-security mac-address ” command.
Question 6
Refer to the exhibit. A junior network administrator was given the task of configuring port security on SwitchA to allow only PC_A to access the switched network through port fa0/1. If any other device is detected, the port is to drop frames from this device. The administrator configured the interface and tested it with successful pings from PC_A to RouterA, and then observes the output from these two show commands.
Which two of these changes are necessary for SwitchA to meet the requirements? (Choose two)
A. Port security needs to be globally enabled.
B. Port security needs to be enabled on the interface.
C. Port security needs to be configured to shut down the interface in the event of a violation.
D. Port security needs to be configured to allow only one learned MAC address.
E. Port security interface counters need to be cleared before using the show command.
F. The port security configuration needs to be saved to NVRAM before it can become active.
Answer: B D
Explanation
As we see in the output, the “Port Security” is in “Disabled” state (line 2 in the output). To enable Port security feature, we must enable it on that interface first with the command:
SwitchA(config-if)#switchport port-security
-> B is correct.
Also from the output, we learn that the switch is allowing 2 devices to connect to it (switchport port-security maximum 2) but the question requires allowing only PC_A to access the network so we need to reduce the maximum number to 1 -> D is correct.
Question 7
A network administrator needs to configure port security on a switch. Which two statements are true? (Choose two)
A. The network administrator can apply port security to dynamic access ports
B. The network administrator can configure static secure or sticky secure mac addresses in the voice vlan.
C. The sticky learning feature allows the addition of dynamically learned addresses to the running configuration.
D. The network administrator can apply port security to EtherChannels.
E. When dynamic mac address learning is enabled on an interface, the switch can learn new addresses up to the maximum defined.
Answer: C E
Explanation
Follow these guidelines when configuring port security:
+ Port security can only be configured on static access ports, trunk ports, or 802.1Q tunnel ports. -> A is not correct.
+ A secure port cannot be a dynamic access port.
+ A secure port cannot be a destination port for Switched Port Analyzer (SPAN).
+ A secure port cannot belong to a Fast EtherChannel or Gigabit EtherChannel port group. -> D is not correct
+ You cannot configure static secure or sticky secure MAC addresses on a voice VLAN. -> B is not correct.
+ When you enable port security on an interface that is also configured with a voice VLAN, you must set the maximum allowed secure addresses on the port to at least two.
+ If any type of port security is enabled on the access VLAN, dynamic port security is automatically enabled on the voice VLAN.
+ When a voice VLAN is configured on a secure port that is also configured as a sticky secure port, all addresses seen on the voice VLAN are learned as dynamic secure addresses, and all addresses seen on the access VLAN (to which the port belongs) are learned as sticky secure addresses.
+ The switch does not support port security aging of sticky secure MAC addresses.
+ The protect and restrict options cannot be simultaneously enabled on an interface.
Note: Dynamic access port or Dynamic port VLAN membership must be connected to an end station. This type of port can be configured with the “switchport access vlan dynamic” command in the interface configuration mode. Please read more about Dynamic access port here: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3550/software/release/12-1_19_ea1/configuration/guide/3550scg/swvlan.html#wp1103064
Question 8
Which protocol is an open standard protocol framework that is commonly used in VPNs to provide secure end-to-end connections?
A. PPTP
B. IPsec
C. RSA
D. L2TP
Answer: B
Explanation
One of the most widely deployed network security technologies today is IPsec over VPNs. It provides high levels of security through encryption and authentication, protecting data from unauthorized access.
Hello Guys I hope you will be fine there.Now New CCNA (200-120) and CCNA security (640-554) Vouchers on special discount of 58% for World wide, with six months expiry date till you purchase. Each voucher cost 70USD.
Details Required For CCNA Voucher For Discount Processing:
1-Full Name. 1st Name & Last Name (as you want to appear on certificate & documents)
2-Country.
3-City.
4-State.
5-Pin Code (or Area Code)
6-Residential Address (or where you can collect your Certificate or further correspondence
can be received)
7-Date of birth
Add me on Skype through this information which is written below:
Skype Name: rockon660
you can also email me at this email address which is written below:
madeelqaiser@gmail.com
If you have any Questions feel free to contact me.
Thanks,
Best regards,
Adeel
show the Cisco web site link about discount
download latest dumps from
9
t
u
t
.
c
o
m
x
a
.
c
o
m
Just failed my CCNA yesterday got a 821 missed by a question…the labs were spot on…I got 100% on my labs….about 25% of the questions were not in any of the practice exams…
Can we know those 25%?
Sorry to know that you didn’t pass. I’m planning to take it next Monday.
I PASSED yesterday, thanks to 9tut…..got a 920……woooohhoooo, study up!!!!
download free latest dumps from
9tut.webs,com
(replace comma with dot)
download latest dumps from
9
t
u
t
.
w
e
b
s
.
c
o
m
does anyone have the ccna security questions, please help, the labs 2
Am preparing for my Ccna exam..anyone with any tips or help topojons@yahoo.com
Hi, can anyone ps email me info on how to get the latest VCE 3.4.2 crack version or the version that can open recent dumps.
My email address is: mehdi01912330796@gmail.com
Thanks.
hi friend i am writing my ccna exam on tuesday please tell me how may sims are comming in exam
hi Abdullah,
Kindly check out below link of latest VCE 3.4.2 crack version. Go to that link,download & install it. Before installing software read & follow instructions. Good day!!!
http://www.torrenttree.com/avanset-visual-certexam-suite-3.4.2-crack
Regards,
Brahmanand
thank you very much, Brahmanand!!!
your link it’s good and it’s working. a lot does’nt.
most welcome doomer..!!! :-)
download dumps from
9
t
u
t
.
w
e
b
s
.
c
o
m
Q3 was in today’s exam.
hi … i am writing my ccna exam on monday please could u sent me the latest dumps that u people got.. mohsinfida489@yahoo.com
Guys all the routers on gns3 am using doesn’t have SDM I checked by show flash, which way can I install SDM on gns3 gns3 router
Hi, am writing my ccna exam tomorrow, could anyone plz send me latest dumps for practice plzzzzzzzzzzzzzzzzzzzzzzzz, my email id : vinnuvinutha@gmail.com
guys seriously all questns for 200-120 r comin frm these dumps am gonna tak exam believing on ths dumps plz sum1 give me confirmation 19th is my exam date….
Q#7: The correct answer is B,C.
Mac-address sticky depends on the platform
Sticky is possible:
switch 2960: http://www.cisco.com….html#wp1155336
Sticky is not possible:
switch 3550: http://www.cisco.com….html#wp1030825
switch 2950: http://www.cisco.com….html#wp1030825
Sticky is possible: switch 2960
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12-2_25_see/configuration/guide/scg_1/swtrafc.html#wp1155336
Sticky is not possible:
switch 3550: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3550/software/release/12-2_44_se/configuration/guide/3550SCG/swvoip.html#wp1030825
switch 2950:
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2950/software/release/12-1_19_ea1/configuration/guide/2950scg/swvoip.html#wp1030825
The VCE link from Brahmanand is BAD. The download does include NSISdl.dll and no VCE.
# 3 seen and done. Thanks 9tut
Hi, am writing my ccna exam tomorrow, could anyone plz send me latest dumps for practice plzzzzzzzzzzzzzzzzzzzzzzzz, my email id
gamdabo@gmail.com
HI any one help me where i can get CNAA security dump showing each chapter and final exams
GUY AND CHRISTINE STILL VALID TODAY I PASSED
PASSING SCORE 898 I GOT 979
@Anony
Hi any update about exams
What total time of doing exams and how many questions
what is passing score…825 or 898?
i’m a little complicated for this section
crushed exams a few hours ago. great site !!!!!
What is the valid URL for CHRISTINE and GUY
Passing score is an 825. Labs were ACL 1 and 2, and EIGRP.
Passed the test on 6/24!!!!!!!!!!! Thanks 9tut.
i failed :-( :-(……
@John, do not give up! If you learn the concepts and not just memorize, you will pass BUT it takes practicing. Also, you need to do study before 9tut (cisco official cert guide) so you will have the understandings
Q4 was in the today exam
Question 3 was in the exam recently
Q3 & Q1 is ne my previous exam. I just passed this exam with full marks. Now i start preparing ccna data center exam through ccnapass4sure.com…..
http://free.yudu.com/item/details/2169611/CCNA-Data-Center-Cisco-Questions-Answers
Hi friends I am take ccna exam plz idea share How to score?
Hi 9tut,
What is the right answers for question 7 ? B, C or C, E ?
What are dumps?
HI Allen,
Dumps are noting but a collection of previous set of CCNA certification exam papers.
@SAM,,,,,, its CE for Q7
Thanks Mirza.
hi guys. im planning to take the exam by end of month. Hoping you can share your dumps please. i wanna study more. . :) ezrahjames@yahoo.com
I passed ccna on 29 th sep.Scored 978!!!
All Q came fom 9tut and bain dumps, Watson.Except Following this Multiple Q asked based on given LAB scenario.1 fom Eigrp and Ospf…Practice all adjacency troubleshooting commands and concepts,.All the best
Excuse me ! I don’t know about vpn. Can you show about vpn used and configuration.
thank you
Good website . I like