Cisco CCNA mock exam questions sample test – Question 320

.Which Cisco IOS interface configuration command is used to configure the private VLAN edge ports on a Cisco Catalyst 2950 switch?

A. switchport protected
B. switchport port-security
C. switchport port-vlan-edge
D. switchport port-security violation

Correct Answer: A

Explanation:
The switchport protected interface configuration command is used to configure protected ports (private VLAN edge ports) on a Cisco Catalyst 2950 switch. A protected port cannot
directly communicate with any other protected port on the same switch. It is used in cases where an application requires that no traffic be directly passed from port to port on the same
switch. All traffic through the protected port must be transmitted via a Layer 3 device, such as a router.
The switchport port-security command enables basic switch port security. With this command, you can define a group of source MAC addresses (called an address table) that are
allowed to access the port. The switch will not forward any packets to the port with source addresses that do not match this group. This is one method a network administrator can use
to prevent unauthorized access to the LAN by only allowing company-known MAC addresses. Controlling which MAC addresses can access a port has the following advantages:
It can ensure full bandwidth on the port if the table is limited to a single source address.
It can make the port more secure by preventing access from unknown MAC addresses. It can also be used to prevent access on unused ports to prevent unauthorized hosts from
accessing the LAN.
The switchport port-security violation command further defines actions a switch can take on the interface in the event of a security violation by following the command with a choice
from the {shutdown | restrict | protect} options.
The switchport port-vlan-edge command is incorrect because this is not a valid Cisco command.
Objective:
Infrastructure Security
Sub-Objective:
Configure, verify, and troubleshoot port security