300-115題庫面的402題與472題

karta70417

QUESTION 402
Which two restrictions of the port security feature are true? (Choose two.)
& n7 F& w/ _- Q0 o8 MA. Static port MAC address assignments are not supported.
B. It is not supported on PVLAN ports.
C. It is not supported on EtherChannel port-channel interfaces.
D. A single device can learn a maximum of three sticky MAC addresses.
E. It is supported on destination SPAN ports.
6 p7 _( m/ @4 J/ A( Q) z
答案是A、C
; M2 c' o6 C( Z, _
QUESTION 472
) W+ @( p8 S; c8 C  QWhich two restrictions of the port security feature are true? (Choose two.)
A. It is not supported on destination SPAN ports.
  W/ L7 B  L! a$ DB. It is not supported on EtherChannel port-channel interfaces.
C. Static port MAC address assignments are not supported.
: k' V4 A$ P1 k- \! w1 J  kD. A single device can learn a maximum of three stick MAC addresses.
; @, F$ ]' g! cE. It is not supported on PVLAN ports
4 e1 r( g) s/ k0 _8 I. `2 |8 U

答案是A、C
1 A( p7 T, o' J+ \! R) k7 f

& `: E+ t8 ~8 Z兩個題目一樣，答案卻不一樣，哪個才是對的呢

6 f" d0 }* d; R& X

lan123210

還有586題目在vce測驗答案跟題庫不一樣
1 Z% A+ [/ ^9 s" a9 }6 FQUESTION 586
You want to correctly configure IP Source Guard on a switch. Which two tasks must you perform? (Choose
9 W$ t9 u: z& g4 `9 k5 J2 A9 Gtwo.)
A. Enable DHCP snooping on the switch.
B. Enable DHCP packet validation on the device.
7 h$ {7 \+ I& CC. Configure the DHCP snooping relay.
; }5 ]/ l3 \! J8 P& Z, d) [D. Enable DHCP option 82.
+ J  ^+ a; I7 p2 S6 p2 S, G# _E. Configure the ip verify source vlan dhcp-snooping command.
/ U! ~4 v1 x: I8 S8 R
答案A.E
VCE的答案卻是不一致的

jeff.huang

   QUESTION 402

jeff.huang

QUESTION 402
的答案A是否有誤,用下列指令可以添加靜態紀錄

Switch(config-if)#switchport port-security mac-address H.H.H

jeff.huang

QUESTION 402
的答案A是否有誤,用下列指令可以添加靜態紀錄

" j1 i7 K# Q; ~# t7 e8 i  k4 e8 c8 m# DSwitch(config-if)#switchport port-security mac-address H.H.H

alanlaoda

as135d

, X* a, H: p4 P( Y& u1 H爬爬文 有人將一些題目答案和內容訂正了
4 ^: P+ W3 x$ X2 G# v7 t' W472題答案是ABC
8 J% q8 V# h. }$ _0 j: V
有相似題 選項中是否有支援destination SPAN ports注意

& J  a( {' F6 J, a8 j正解釋不支援
* {# {: U+ h  T5 {" _
7 g) |; d" G+ y) z1 n5 m8 n7 f8 u402題 mac address的屬性沒有明確是static 靜態mac address都會有static 而且沒有aging time
2 }' S5 ]3 r8 i" ~2 X* S# j4 V
1 u1 g: Z; m; S  ^" g0 D請再確認吧 sh mac-address aging-time(指令好像是這樣)
. J# f7 ^& B+ [2 W5 @
586題
+ m9 J0 i) \$ b; W5 i5 K
% w( b: k9 W* e$ j4 s9 j( d* b參考這個
$ O4 y% K) ~0 C; u% ~, N3 v0 A

When IP Source Guard with source IP filtering is enabled on an untrusted interface, DHCP snooping must be enabled because it filters traffic based on IP information stored in the corresponding DHCP binding table entry.

來源 http://www.certprepare.com/dhcp-snooping

1 r% n/ w4 I; D/ @' F1 {

asas5656

7/27剛考完300-115, 順便幫忙解惑一下。
參照cisco文檔:https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/25ew/configuration/guide/conf/port_sec.html#wp1047714
* x% L: h# v' u' q' NDefault Port Security Configuration

Table 30-1 shows the default port security configuration for an interface.

[size=1.4]Table 30-1 Default Port Security Configuration

Feature

Default Setting

[size=1.4]Port security

[size=1.4]Disabled on a port

[size=1.4]Maximum number of secure MAC addresses

[size=1.4]1

) h1 Z+ g/ }; X7 T; j

[size=1.4]Violation mode

[size=1.4]Shutdown. The port shuts down when the maximum number of secure MAC addresses is exceeded, and an SNMP trap notification is sent.

  j7 S9 A5 j/ C2 b

[size=1.4]Aging

[size=1.4]Disabled

[size=1.4]Aging type

[size=1.4]Absolute

' M3 l) m6 C! u- e

[size=1.4]Static Aging

[size=1.4]Disabled

[size=1.4]Sticky

[size=1.4]Disabled

Port Security Guidelines and Restrictions

Follow these guidelines when configuring port security:

•A secure port cannot be a trunk port.

•A secure port cannot be a destination port for Switch Port Analyzer (SPAN).

•A secure port cannot belong to an EtherChannel port-channel interface.

•A secure port and static MAC address configuration are mutually exclusive.

QUESTION 402 (這題答案A.C沒有問題)
Which two restrictions of the port security feature are true? (Choose two.)
A. Static port MAC address assignments are not supported. (正確,secure port與MAC address configuration互斥)
( s7 _6 |" h, R: i. }B. It is not supported on PVLAN ports. (錯誤,支持PVLAN)
( }3 S  B& }0 P  C7 {, o4 i. u$ DC. It is not supported on EtherChannel port-channel interfaces. (正確)
, O6 g$ d1 X$ `# v8 V: z5 FD. A single device can learn a maximum of three sticky MAC addresses. (錯誤,default值為1)
E. It is supported on destination SPAN ports. (錯誤,不支持)

# O: f' P- H0 K( hQUESTION 472 (我認為A.B.C皆對，疑似A.B其一敘述中多了not)
! Y5 S9 ?/ S8 v- ~+ q3 u$ cWhich two restrictions of the port security feature are true? (Choose two.)
A. It is not supported on destination SPAN ports. (正確)
B. It is not supported on EtherChannel port-channel interfaces. (照答案AC來說疑似B選項多了not)
' S3 R( c  s2 V. w4 @" |C. Static port MAC address assignments are not supported. (正確,secure port與MAC address configuration互斥)
D. A single device can learn a maximum of three stick MAC addresses. (錯誤,default值為1)
, b) ?2 R9 s" R( K+ [E. It is not supported on PVLAN ports (錯誤,支持PVLAN)
: A2 f8 Y& E. P0 K5 a


6 g6 b: e  i$ c$ B4 S
5 M2 w" |  p( Y; }. O

curry66

lsj9003

谢谢分享。

hellben

gxgxgx

Troubleshoot

恭喜