Question 148 of 504
Network and Communications SecuritymediumMultiple ChoiceObjective-mapped

Quick Answer

The correct answer is that the third device’s traffic will be dropped and a syslog message will be generated. This occurs because port security with a VoIP phone MAC limit enforces a maximum number of allowed MAC addresses on the access port, which already includes the phone’s MAC and the connected PC’s MAC. When a third device connects to the phone’s passthrough port, it introduces an additional MAC, exceeding the configured limit, and the switch’s default violation mode (typically ‘restrict’) discards the offending frames while logging the event via syslog, without error-disabling the port. On the Systems Security Certified Practitioner SSCP exam, this scenario tests your understanding of how port security interacts with VoIP daisy-chaining—a common trap is assuming the violation mode always shuts down the port, but ‘restrict’ or ‘protect’ silently drops traffic and logs it. Remember the memory tip: “Three’s a crowd—restrict logs, protect drops, shutdown locks.”

SSCP Network and Communications Security Practice Question

This SSCP practice question tests your understanding of network and communications security. This is a configuration task: choose the command set that satisfies every stated requirement. Small differences — like 'secret' vs 'password' or 'transport input ssh' vs 'all' — change whether the answer is correct. After answering, compare your reasoning against the explanation and wrong-answer breakdown below. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.

Exhibit

Refer to the exhibit.

interface GigabitEthernet0/1
 switchport mode access
 switchport port-security
 switchport port-security maximum 2
 switchport port-security violation restrict
 switchport port-security mac-address sticky

A network administrator configured the above port security on an access port connected to a VoIP phone and a PC. A third device is connected to the phone's passthrough port. What will happen when the third device attempts to communicate?

Question 1mediummultiple choice
Full question →

Exhibit

Refer to the exhibit.

interface GigabitEthernet0/1
 switchport mode access
 switchport port-security
 switchport port-security maximum 2
 switchport port-security violation restrict
 switchport port-security mac-address sticky

Answer choices

Why each option matters

Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.

Correct answer & explanation

The third device's traffic will be dropped, and a syslog message will be generated.

The port security configuration on the access port has a maximum MAC address count that includes the VoIP phone's MAC address. When a third device connects to the phone's passthrough port, it introduces an additional MAC address, exceeding the configured limit. The switch will then drop traffic from the third device and generate a syslog message, as the default violation mode is 'restrict' (or 'protect' depending on the configuration), which does not error-disable the port but discards offending frames and logs the event.

Key principle: Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Answer analysis

Option-by-option breakdown

For each option: why learners choose it and why it is or isn't the right answer here.

  • The third device will be allowed to communicate because the phone's MAC is not counted.

    Why it's wrong here

    The phone's MAC is counted; the limit is 2, so the third is denied.

  • The third device's traffic will be dropped, and a syslog message will be generated.

    Why this is correct

    'Restrict' drops excess traffic and logs the violation.

    Related concept

    Read the scenario before looking for a memorised answer.

  • The port will be error-disabled.

    Why it's wrong here

    Only 'shutdown' violation mode causes error-disable.

  • The port will remain up but all traffic will be dropped.

    Why it's wrong here

    Only the third device's traffic is dropped, not all.

Common exam traps

Common exam trap: answer the scenario, not the keyword

ISC2 often tests the misconception that the VoIP phone's MAC address is not counted toward port security limits, leading candidates to incorrectly choose that the third device is allowed, when in fact the phone's MAC is always counted unless a specific 'voice VLAN' exception is configured (which is not the case here).

Detailed technical explanation

How to think about this question

Port security uses the 'switchport port-security' command with a maximum MAC address count (e.g., 2) and a violation mode (default is 'shutdown' on many Cisco switches, but 'restrict' or 'protect' can be configured). In 'restrict' mode, the switch drops frames from unknown MAC addresses and sends a syslog message, while 'protect' drops silently. The VoIP phone's MAC is learned on the port and counts toward the limit, and the PC's MAC is also learned; a third device's MAC violates the limit, triggering the configured action. In real-world scenarios, this prevents unauthorized devices from using the network via a phone's passthrough port.

KKey Concepts to Remember

  • Read the scenario before looking for a memorised answer.
  • Find the constraint that changes the correct option.
  • Eliminate answers that are true in general but not in this case.

TExam Day Tips

  • Watch for words such as best, first, most likely and least administrative effort.
  • Review why wrong options are wrong, not only why the correct option is correct.

Key takeaway

Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Real-world example

How this comes up in practice

A security analyst at a medium-sized enterprise encounters this scenario during an investigation or architecture review. The correct answer reflects best practice for the specific threat or control described. Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option. Security exam questions test whether you can match controls to threats in context — not just recall definitions.

What to study next

Got this wrong? Here's your next step.

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

Related practice questions

Related SSCP practice-question pages

Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.

Practice this exam

Start a free SSCP practice session

Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.

FAQ

Questions learners often ask

What does this SSCP question test?

Network and Communications Security — This question tests Network and Communications Security — Read the scenario before looking for a memorised answer..

What is the correct answer to this question?

The correct answer is: The third device's traffic will be dropped, and a syslog message will be generated. — The port security configuration on the access port has a maximum MAC address count that includes the VoIP phone's MAC address. When a third device connects to the phone's passthrough port, it introduces an additional MAC address, exceeding the configured limit. The switch will then drop traffic from the third device and generate a syslog message, as the default violation mode is 'restrict' (or 'protect' depending on the configuration), which does not error-disable the port but discards offending frames and logs the event.

What should I do if I get this SSCP question wrong?

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

What is the key concept behind this question?

Read the scenario before looking for a memorised answer.

About these practice questions

Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →

How Courseiva writes practice questions · Editorial policy

Last reviewed: Jun 30, 2026

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

This SSCP practice question is part of Courseiva's free ISC2 certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the SSCP exam.