CCNA: Cisco Certified Network Associate — Question 1233
Which port security violation mode allows from valid MAC addresses to pass but blocks traffic from invalid MAC addresses?
Answer options
- A. restrict
- B. shutdown
- C. protect
- D. shutdown VLAN
Correct answer: C
Explanation
The correct answer is C, 'protect', because it allows traffic from valid MAC addresses and drops packets from invalid ones without generating any alerts. The 'restrict' mode also blocks invalid MAC addresses but additionally logs the violations, while 'shutdown' places the interface into an error-disabled state, and 'shutdown VLAN' is not a valid option for port security violation modes.