Which two configuration requirements for port security are true? (Choose two.)
A. Port must be in access mode
B. Port security must be enabled on the port level
C. Port must be in interface VLAN mode
D. Port security must be disabled on the port level
E. Port must be in encapsulation mode
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/25ew/configuration/guide/conf/port_sec.html#wp1047761
Port Security Guidelines and Restrictions
Follow these guidelines when configuring port security:
•A secure port cannot be a trunk port.
•A secure port cannot be a destination port for Switch Port Analyzer (SPAN).
•A secure port cannot belong to an EtherChannel port-channel interface.
•A secure port and static MAC address configuration are mutually exclusive.
Switch(config-if)# switchport port-security
Enables port security on the interface.
I second Jochen’s comment. Also E is not correct because the port needs to be either Static Trunk with specified encapsulation, or a static access port, which doesn’t use encapsulation but can obviously still get port-security
Correct answer BD
I think that because you can configure port-security on non DTP trunk ports.
And you configure port-security at port-level. Then enable and disable must be done at port-level.
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/25sg/configuration/guide/conf/port_sec.pdf