The network security policy for Ezonexam requires that only one host be permitted to attach dynamically to each switch interface. If that policy is violated, the interface should be automatically disabled. Which two commands must the Ezonexam network administrator configure on the 2950 Catalyst switch to meet this policy? (Choose two)

AD
解析：ExplanationCatalystswitchesoffertheportsecurityfeaturetocontrolportaccessbasedonMACaddresses.Toconfigureportsecurityonanaccesslayerswitchport,beginbyenablingitwiththefollowinginterfaceconfigurationcommand:Switch(config-if)#switchportport-securityNext,youmustidentifyasetofallowedMACaddressessothattheportcangrantthemaccess.Youcanexplicitlyconfigureaddressesortheycanbedynamicallylearnedfromporttraffic.Oneachinterfacethatusesportsecurity,specifythemaximumnumberofMACaddressesthatwillbeallowedaccessusingthefollowinginterfaceconfigurationcommand:Switch(config-if)#switchportport-securitymaximummax-addrFinally,youmustdefinehoweachinterfaceusingportsecurityshouldreactifaMACaddressisinviolationbyusingthefollowinginterfaceconfigurationcommand:Switch(config-if)#switchportport-securityviolation{shutdown|restrict|protect}AviolationoccursifmorethanthemaximumnumberofMACaddressesarelearned,orifanunknown(notstaticallydefined)MACaddressattemptstotransmitontheport.Theswitchporttakesoneofthefollowingconfiguredactionswhenaviolationisdetected:shutdown-Theportisimmediatelyputintotheerrdisablestate,whicheffectivelyshutsitdown.Itmustbere-enabledmanuallyorthrougherrdisablerecoverytobeusedagain.restrict-Theportisallowedtostayup,butallpacketsfromviolatingMACaddressesaredropped.TheswitchkeepsarunningcountofthenumberofviolatingpacketsandcansendanSNMPtrapandasyslogmessageasanalertoftheviolation.protect-Theportisallowedtostayup,asintherestrictmode.Althoughpacketsfromviolatingaddressesaredropped,norecordoftheviolationiskept.