CCNA – Security Questions Quiz

Reviewed by Editorial Team
The ProProfs editorial team is comprised of experienced subject matter experts. They've collectively created over 10,000 quizzes and lessons, serving over 100 million users. Our team includes in-house content moderators and subject matter experts, as well as a global network of rigorously trained contributors. All adhere to our comprehensive editorial guidelines, ensuring the delivery of high-quality content.
Learn about Our Editorial Process
| By Rap
R
Rap
Community Contributor
Quizzes Created: 12 | Total Attempts: 46,441
| Attempts: 798 | Questions: 8
Please wait...
Question 1 / 8
0 %
0/100
Score 0/100
1. Which protocol is an open standard protocol framework that is commonly used in VPNs to provide secure end-to-end connections?

Explanation

One of the most widely deployed network security technologies today is IPsec over VPNs. It provides high levels of security through encryption and authentication, protecting data from unauthorized access.

Submit
Please wait...
About This Quiz
CCNA  Security Questions Quiz - Quiz

These days, there is nothing more important in the entire field of networking than security, and as such you need to be immensely aware of all the security... see moreprotocols needed to be undertaken when working in the field. Do you know all about how to keep data secure? Let’s find out. see less

2. Which Cisco Catalyst feature automatically disables the port in an operational PortFast upon receipt of a BPDU?

Explanation

We only enable PortFast feature on access ports (ports connected to end stations). But if someone does not know he can accidentally plug that port to another switch and a loop may occur when BPDUs are being transmitted and received on these ports.

With BPDU Guard, when a PortFast receives a BPDU, it will be shut down to prevent a loop -> D is correct.

Submit
3. Select the action that results from executing these commands: Switch(config-if)# switchport port-security Switch(config-if)# switchport port-security mac-address sticky

Explanation

The full syntax of the second command is:

switchport port-security mac-address sticky [MAC]

If we don’t specify the MAC address (like in this question) then the switch will dynamically learn the attached MAC Address and place it into your running-configuration -> B is correct.

Submit
4. Which set of commands is recommended to prevent the use of a hub in the access layer?

Explanation

Port security is only used on access port (which connects to hosts) so we need to set that port to “access” mode, then we need to specify the maximum number of hosts which are allowed to connect to this port -> C is correct.

Note: If we want to allow a fixed MAC address to connect, use the “switchport port-security mac-address ” command.

Submit
5. Refer to the exhibit. A junior network administrator was given the task of configuring port security on SwitchA to allow only PC_A to access the switched network through port fa0/1. If any other device is detected, the port is to drop frames from this device. The administrator configured the interface and tested it with successful pings from PC_A to RouterA, and then observes the output from these two show commands.Which two of these changes are necessary for SwitchA to meet the requirements? (Choose two)

Explanation

As we see in the output, the “Port Security” is in “Disabled” state (line 2 in the output). To enable Port security feature, we must enable it on that interface first with the command:

SwitchA(config-if)#switchport port-security

-> B is correct.

Also from the output, we learn that the switch is allowing 2 devices to connect to it (switchport port-security maximum 2) but the question requires allowing only PC_A to access the network so we need to reduce the maximum number to 1 -> D is correct.

Submit
6. Which two commands correctly verily whether port security has been configured on port FastEthernet 0/12 on a switch? (Choose two)

Explanation

We can verify whether port security has been configured by using the “show running-config” or “show port-security interface ” for more detail. An example of the output of “show port-security interface ” command is shown below:

Submit
7. A network administrator needs to configure port security on a switch. Which two statements are true? (Choose two)

Explanation

Follow these guidelines when configuring port security:
+ Port security can only be configured on static access ports, trunk ports, or 802.1Q tunnel ports. -> A is not correct.
+ A secure port cannot be a dynamic access port.
+ A secure port cannot be a destination port for Switched Port Analyzer (SPAN).
+ A secure port cannot belong to a Fast EtherChannel or Gigabit EtherChannel port group. -> D is not correct
+ You cannot configure static secure or sticky secure MAC addresses on a voice VLAN. -> B is not correct.
+ When you enable port security on an interface that is also configured with a voice VLAN, you must set the maximum allowed secure addresses on the port to at least two.
+ If any type of port security is enabled on the access VLAN, dynamic port security is automatically enabled on the voice VLAN.
+ When a voice VLAN is configured on a secure port that is also configured as a sticky secure port, all addresses seen on the voice VLAN are learned as dynamic secure addresses, and all addresses seen on the access VLAN (to which the port belongs) are learned as sticky secure addresses.
+ The switch does not support port security aging of sticky secure MAC addresses.
+ The protect and restrict options cannot be simultaneously enabled on an interface.

(Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3550/software/release/12-1_19_ea1/configuration/guide/3550scg/swtrafc.html#wp1038546)

Note: Dynamic access port or Dynamic port VLAN membership must be connected to an end station. This type of port can be configured with the “switchport access vlan dynamic” command in the interface configuration mode. Please read more about Dynamic access port here: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3550/software/release/12-1_19_ea1/configuration/guide/3550scg/swvlan.html#wp1103064

Submit
8. Refer to the exhibit. The following commands are executed on interface fa0/1 of 2950Switch. 2950Switch(config-if)#switchport port-security2950Switch(config-if)#switchport port-security mac-address sticky2950Switch(config-if)#switchport port-security maximum 1 The Ethernet frame that is shown arrives on interface fa0/1. What two functions will occur when this frame is received by 2950Switch? (Choose two)

Explanation

Please read the explanation at http://www.9tut.net/icnd2/icnd2-operations

Submit
View My Results

Quiz Review Timeline (Updated): Mar 21, 2023 +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Mar 21, 2023
    Quiz Edited by
    ProProfs Editorial Team
  • Mar 24, 2015
    Quiz Created by
    Rap
Cancel
  • All
    All (8)
  • Unanswered
    Unanswered ()
  • Answered
    Answered ()
Which protocol is an open standard protocol framework that is commonly...
Which Cisco Catalyst feature automatically disables the port in an...
Select the action that results from executing these commands:...
Which set of commands is recommended to prevent the use of a hub in...
Refer to the exhibit. A junior network administrator was given the...
Which two commands correctly verily whether port security has been...
A network administrator needs to configure port security on a switch....
Refer to the exhibit. The following commands are executed on interface...
Alert!

Advertisement