ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 200-301 All Questions

View all questions & answers for the 200-301 exam
Go to Exam

Exam 200-301 topic 1 question 704 discussion

Actual exam question from Cisco's 200-301
Question #: 704
Topic #: 1
[All 200-301 Questions]

Which port security violation mode allows from valid MAC addresses to pass but blocks traffic from invalid MAC addresses?

  • A. restrict
  • B. shutdown
  • C. protect
  • D. shutdown VLAN
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Tylosh at Sept. 18, 2022, 8:15 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Tylosh
Highly Voted 2 years, 1 month ago
I don't think it's a good question , because “protect” and “restrict” also allows traffic from passing with a valid https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/port_sec.pdf
upvoted 18 times
lucasleeli
6 months, 1 week ago
Totally agree with you. Only main different is 'protect' no generate SNMP or Syslog message, whereas 'restrict' did.
upvoted 1 times
...
creaguy
2 years, 1 month ago
When configuring port security violation modes, note the following information: • protect—Drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value. • restrict—Drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value and causes the SecurityViolation counter to increment. • shutdown—Puts the interface into the error-disabled state immediately and sends an SNMP trap notification.
upvoted 2 times
rogi2023
1 year, 7 months ago
restrict also sends a SNMP trap. Tylosh is right both "“protect” and “restrict” also allows traffic from passing with a valid MAC... but as Bieley says: "Always apply the answer with the least privileges. So protect."
upvoted 1 times
...
BieLey
2 years ago
Always apply the answer with the least privileges. So protect.
upvoted 5 times
...
...
...
MinSun600
Most Recent 1 week, 4 days ago
Selected Answer: D
i believe when he mention blocked invalid mac address meant not increment the counter other than that either protect or restrict are blocking the invalid MAC address .
upvoted 1 times
...
[Removed]
7 months ago
Selected Answer: C
C is correct - protect: when the maximum number of secure MAC addresses has been reached, packets from devices with unknown source addresses are dropped until you remove the necessary number of secure MAC addresses from the table. In this mode, you are not notified when a security violation occurs. - restrict: is identical with protect mode, but notifies you when a security violation occurs. Specifically, a SNMP trap is sent, a syslog message is logged and the violation counter increments.
upvoted 1 times
...
NewJeans
1 year ago
Selected Answer: C
Bad question but nothing mentions about SecurityViolation Counter and SNMP trap.. so the answer is C.
upvoted 1 times
...
[Removed]
1 year, 1 month ago
It would be more accurate if there was a phrase like "only" in the question. So what a bad question is this :)
upvoted 2 times
...
VicM
1 year, 5 months ago
Protect – When a violation occurs in this mode, the switchport will permit traffic from known MAC addresses to continue sending traffic while dropping traffic from unknown MAC addresses. When using this mode, no notification message is sent when this violation occurs. https://www.pluralsight.com/blog/it-ops/switchport-security-concepts#:~:text=Protect%20%E2%80%93%20When%20a%20violation%20occurs,sent%20when%20this%20violation%20occurs.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago