ss.xz 发表于 2013-3-12 23:25:56

題庫[136][2012.11.11版] 题库 136题 valid reason for a switch to deny port access

本帖最后由 ss.xz 于 2013-3-20 08:57 编辑

2012.11.11 版的答案是B
網路上還是有分兩派說法 想請問一下 考過滿分的人有沒有遇到這題
這題您是選 A還是B呢
謝謝!!!

或是有人可以解釋A為什麼是錯誤的
不想希望一題飲恨啦http://cache.soso.com/img/img/e118.gif
===============================================

题库 136题 valid reason for a switch to deny port access to new devices when port

===============================================
http://exam-640-802.blogspot.tw/2012/04/ccna-switch-questions.html

What is valid reason for a switch to deny port access to new devices when port security is enabled?
A. The denied MAC addresses have already been learned or configured on another secure interface in the same VLAN.
B. The denied MAC address are statically configured on the port.
C. The minimum MAC threshold has been reached.
D. The absolute aging times for the denied MAC addresses have expired.

Answer: A
Explanation
A security violation occurs in either of these situations:
* When the maximum number of secure MAC addresses is reached on a secure port and the source MAC address of the ingress traffic is different from any of the identified secure MAC addresses, port security applies the configured violation mode.
* If traffic with a secure MAC address that is configured or learned on one secure port attempts to access another secure port in the same VLAN, applies the configured violation mode.
From the second statement we can figure out A is the correct answer. But for your information we will discuss other answers as well.
Answer B is not correct because we can’t configured which MAC address will be denied. We can only configure which MAC is allowed.
We can only configure the maximum MAC threshold, not the minimum threshold -> C is not correct.
The aging times are only configured for allowed MAC addresses, not for denied MAC -> D is correct.
For your information about aging time:
When the aging type is configured with the absolute keyword, all the dynamically learned secure addresses age out when the aging time expires
This is how to configure the secure MAC address aging type on the port:
Router(config-if)# switchport port-security aging type absolute
and configure the aging time (aging time = 120 minutes)
Router(config-if)# switchport port-security aging time 120
When this command is used, all the dynamically learned secure addresses age out when the aging time expires
(Reference: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/port_sec.html)


ss.xz 发表于 2013-3-13 10:55:59

{:6_267:}{:6_267:}{:6_267:}

ss.xz 发表于 2013-3-13 23:26:35

來個烤過的提點一下吧
拜託{:6_278:}{:6_278:}{:6_278:}

菜鸟学徒 发表于 2013-3-19 20:35:30

答案是B

ss.xz 发表于 2013-3-20 08:58:54

菜鸟学徒 发表于 2013-3-19 20:35 static/image/common/back.gif
答案是B

謝謝您 !
請問您是考試遇到滿分考過
還是有解釋的方式 ??

{:6_267:}

feichangage 发表于 2013-6-30 22:54:34

Answer is A
页: [1]
查看完整版本: 題庫[136][2012.11.11版] 题库 136题 valid reason for a switch to deny port access