CCNA: Cisco Certified Network Associate — Question 1006

Which port-security violation mode drops traffic from unknown MAC addresses and forwards an SNMP trap?

Answer options

• A. shutdown VLAN
• B. protect
• C. restrict
• D. shutdown

Correct answer: C

Explanation

The correct answer is C, 'restrict', as it allows traffic from known MAC addresses while dropping traffic from unknown ones and generates SNMP traps. Option A, 'shutdown VLAN', shuts down the port entirely, while B, 'protect', only drops unknown traffic without sending SNMP notifications. Option D, 'shutdown', also disables the port, which does not fit the requirement of forwarding an SNMP trap.