200-301 Question #1463: Real Exam Question with Answer & Explanation

The correct answer is C: restrict. The restrict port security violation mode drops packets from unauthorized source MAC addresses, increments a security violation counter, and sends an SNMP trap notification.

Submitted by kevin_r· Mar 5, 2026Network Access

Question

Which port-security violation mode drops traffic from unknown MAC addresses and forwards an SNMP trap?

Options

Ashutdown VLAN
Bprotect
Crestrict
Dshutdown

Explanation

The restrict port security violation mode drops packets from unauthorized source MAC addresses, increments a security violation counter, and sends an SNMP trap notification.

Common mistakes.

A. shutdown VLAN is not a standard port security violation mode; the standard shutdown mode disables the entire interface and puts it into an error-disabled state.
B. The protect violation mode drops packets from unauthorized MAC addresses but does not log a violation or send an SNMP trap, making it less visible to administrators.
D. The shutdown violation mode immediately disables the port when a violation occurs, placing it in an error-disabled state and requiring manual intervention or automatic recovery; while it sends an SNMP trap, its primary action is to disable the port, not just drop traffic while keeping the port up.

Concept tested. Cisco port security violation modes

Reference. https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960x/software/15_2_2_e/configuration_guide/b_c2960x_cg_152_2_e/b_c2960x_cg_152_2_e_chapter_01000010.html#concept_E9447B95F540454394F8D1E6160F5F29

Topics

#Cisco port-security#Port-security violation modes#MAC address security

Community Discussion

No community discussion yet for this question.

Full 200-301 Practice Browse All 200-301 Questions