Cisco
350-701 · Question #738
350-701 Question #738: Real Exam Question with Answer & Explanation
The correct answer is D. authentication violation replace. When network access control is implemented, configuring the switch port with authentication violation replace ensures new corporate devices can connect by replacing any existing authenticated session.
Submitted by yasin.bd· Mar 30, 2026Endpoint Security and Secure Network Access
Question
Refer to the exhibit. Network access control is implemented on the LAN and an engineer must now configure the switch port level so that users with new corporate devices can connect to the corporate LAN without issues. What must be configured next?
Options
- Aclear port-security dynamic
- Bshut and no shut
- Cerrdisable recovery cause psesecure-violation
- Dauthentication violation replace
Explanation
When network access control is implemented, configuring the switch port with authentication violation replace ensures new corporate devices can connect by replacing any existing authenticated session.
Common mistakes.
- A.
clear port-security dynamicremoves dynamically learned MAC addresses from port security, which is unrelated to the authentication behavior for new devices under NAC policies. - B.
shutandno shutadministratively restart the interface, which can reset its state but does not configure the specific behavior for handling authentication violations when a new device connects. - C.
errdisable recovery cause port-security-violationconfigures the switch to automatically recover a port that has been err-disabled due to a port security violation, but it does not change the initial violation action that might prevent new devices from connecting.
Concept tested. Network Access Control (NAC) port violation modes
Topics
#Cisco NAC#802.1X authentication#Switch port violation actions
Community Discussion
No community discussion yet for this question.