A. The switch will uniquely authorize the client by using the client MAC address.
B. The switch will cause the port to remain in the unauthorized state， ignoring all attempts by the  client to authenticate.
C. The switch port will disable 802.1x port-based authentication and cause the port to transition to  the authorized state without any further authentication exchange.
D. The switch port will enable 802.1x port-based authentication and begin relaying authentication  messages between the client and the authentication server.

A. Configure only trusted interfaces with root guard.
B. Implement private VLANs （PVLANs） to carry only user traffic.
C. Implement private VLANs （PVLANs） to carry only DHCP traffic.
D. Configure only untrusted interfaces with root guard.
E. Configure DHCP spoofing on all ports that connect untrusted clients.
F. Configure DHCP snooping only on ports that connect trusted DHCP servers.
G. None of the other alternatives apply

A. MAC spoofing attacks allow an attacking device to receive frames intended for a different  network host.
B. Port scanners are the most effective defense against dynamic ARP inspection.
C. MAC spoofing, in conjunction with ARP snooping, is the most effective counter-measure against reconnaissance attacks that use dynamic ARP inspection (DAI) to determine vulnerable  attack points.
D. Dynamic ARP inspection in conjunction with ARP spoofing can be used to counter DHCP  snooping attacks.
E. DHCP snooping sends unauthorized replies to DHCP queries.
F. ARP spoofing can be used to redirect traffic to counter dynamic ARP inspection.
G. None of the other alternatives apply.

A. The port will permit the new MAC address because one or more of the original MAC addresses  are inactive.
B. The port will permit the new MAC address because one or more of the original MAC addresses  will age out.
C. Because the new MAC address is not configured on the port， the port will not permit the new  MAC address.
D. Although one or more of the original MAC addresses are inactive， the port will not permit the  new MAC address.

A. Spanning tree PortFast cannot be configured on a port where a voice VLAN is configured.
B. Sticky secure MAC addresses cannot be used on a port when a voice VLAN is configured.
C. Spanning tree PortFast cannot be configured on a port when a sticky secure MAC address is  used.
D. The switch port must be configured as a trunk.

A. Port security can be configured for ports supporting VoIP.
B. With port security configured， four MAC addresses are allowed by default.
C. The network administrator must manually enter the MAC address for each device in order for  the switch to allow connectivity.
D.  Withsecurity configured， only one MAC addresses is allowed by default.  
E. Port security cannot be configured for ports supporting VoIP.

A. Connecting a host with MAC address 0000.0000.4147 will move interface FastEthernet0/2 into  error disabled state.
B. The host with address 0000.0000.4141 is removed from the secure address list after 5 seconds  of inactivity.
C. The sticky secure MAC addresses are treated as static secure MAC addresses after the  running configuration is saved to the startup configuration and the switch is restarted.
D. Interface FastEthernet0/2 is a voice VLAN port.
E. The host with address 0000.0000.000b is removed from the secure address list after 300  seconds.

A. Ports 0/1 and 0/2
B. The trunk port 0/22 and the EtherChannel ports
C. Ports 0/1， 0/2 and 0/3
D. Ports 0/1， 0/2， 0/3， the trunk port 0/22 and the EtherChannel ports
E. Port 0/1
F. Ports 0/1， 0/2， 0/3 and the trunk port 0/22

A. The host will be allowed to connect.
B. The port will shut down.
C. The host can only connect through a hub/switch where 0002.0002.0002 is already connected.  
D. The host will be refused access.
E. None of the other alternatives apply

A. Implicit deny feature at end of list.
B. Implicit deny feature at start of list.
C. Implicit forward feature at end of list
D. Implicit forward feature at start of list.