Sample questions
CCNA 200-301 v2 practice questions
A switchport connected to another switch should carry multiple VLANs, but it was manually configured as an access port. What is the most likely operational result?
Trap 1: The switch automatically converts the access port into a proper…
This is wrong because the device does not simply self-correct the design requirement.
Trap 2: The port becomes a routed Layer 3 interface.
This is wrong because access-port configuration does not create a routed port.
Trap 3: The VLANs are summarized into one prefix automatically.
This is wrong because VLAN transport and route summarization are unrelated concepts.
- A
The link will not carry multiple VLANs as intended because an access port handles one VLAN only.
This is correct because access mode is the wrong role for a multi-VLAN inter-switch link.
- B
The switch automatically converts the access port into a proper trunk.
Why wrong: This is wrong because the device does not simply self-correct the design requirement.
- C
The port becomes a routed Layer 3 interface.
Why wrong: This is wrong because access-port configuration does not create a routed port.
- D
The VLANs are summarized into one prefix automatically.
Why wrong: This is wrong because VLAN transport and route summarization are unrelated concepts.
What problem is HSRP designed to solve?
Trap 1: Layer 2 switching loops
Loop prevention is handled by spanning tree.
Trap 2: Duplicate MAC addresses on trunks
HSRP does not manage trunk duplicate MAC issues.
Trap 3: Wireless interference
Wireless interference is unrelated.
- A
Layer 2 switching loops
Why wrong: Loop prevention is handled by spanning tree.
- B
Loss of the default gateway if one router fails
Correct. HSRP provides first-hop redundancy.
- C
Duplicate MAC addresses on trunks
Why wrong: HSRP does not manage trunk duplicate MAC issues.
- D
Wireless interference
Why wrong: Wireless interference is unrelated.
Which TWO statements correctly describe the causes or implications of CRC errors, runts, giants, or output errors as seen in the output of 'show interface' or 'show interface status'?
Trap 1: CRC errors are always caused by a faulty switch port and require…
CRC errors are usually caused by cabling issues or electromagnetic interference, not necessarily a faulty port.
Trap 2: Giants are frames that exceed the maximum transmission unit (MTU)…
Giants are frames larger than the maximum allowed size, but some switches may forward them if configured for jumbo frames; they are not always discarded.
Trap 3: The 'show controllers' command provides a detailed view of CRC…
'show controllers' displays hardware-level details including CRC errors, but it can also show runts, giants, and other frame errors depending on the platform.
- A
CRC errors are always caused by a faulty switch port and require port replacement.
Why wrong: CRC errors are usually caused by cabling issues or electromagnetic interference, not necessarily a faulty port.
- B
A high number of runts on an interface typically indicates excessive collisions or a faulty NIC.
Runts are frames smaller than 64 bytes and often result from collisions (e.g., in half-duplex) or a malfunctioning NIC that generates undersized frames.
- C
Giants are frames that exceed the maximum transmission unit (MTU) and are always discarded by the switch.
Why wrong: Giants are frames larger than the maximum allowed size, but some switches may forward them if configured for jumbo frames; they are not always discarded.
- D
Output errors, including late collisions, can be caused by a duplex mismatch between the switch and the connected device.
A duplex mismatch (e.g., one side full-duplex, the other half-duplex) leads to late collisions and other output errors due to timing issues.
- E
The 'show controllers' command provides a detailed view of CRC errors but does not show runts or giants.
Why wrong: 'show controllers' displays hardware-level details including CRC errors, but it can also show runts, giants, and other frame errors depending on the platform.
You are connected to R1. Configure IPv4 and IPv6 addressing on R1's interfaces and verify reachability to R2. The current configuration has a wrong subnet mask on G0/0, missing default gateway for IPv4, and R1's IPv6 address is configured using EUI-64 while R2 uses a static IPv6 address. Fix these issues so that R1 can ping both R2's IPv4 and IPv6 addresses.
Exhibit
R1#show running-config Building configuration... hostname R1 ! interface GigabitEthernet0/0 ip address 192.0.2.1 255.255.255.0 ipv6 address 2001:db8:1::/64 eui-64 no shutdown ! interface GigabitEthernet0/1 ip address 198.51.100.1 255.255.255.0 ipv6 address 2001:db8:2::1/64 no shutdown ! ip route 0.0.0.0 0.0.0.0 192.0.2.254 ! end R2#show running-config Building configuration... hostname R2 ! interface GigabitEthernet0/0 ip address 192.0.2.2 255.255.255.252 ipv6 address 2001:db8:1::2/64 no shutdown ! interface GigabitEthernet0/1 ip address 203.0.113.1 255.255.255.0 no shutdown ! end R1#show ip interface brief Interface IP-Address OK? Method Status Protocol GigabitEthernet0/0 192.0.2.1 YES manual up up GigabitEthernet0/1 198.51.100.1 YES manual up up R1#ping 192.0.2.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.0.2.2, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) R1#ping 2001:db8:1::2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001:db8:1::2, timeout is 2 seconds: ..... Success rate is 0 percent (0/5)
Trap 1: Change R1 G0/0 subnet mask to /30, add a default route via…
This is incorrect because the default route points to 192.0.2.254, which is not R2's G0/0 IP (192.0.2.2), so IPv4 traffic will not be forwarded. Also, EUI-64 generates an interface ID from the MAC, which will not match the subnet expected by R2's static address 2001:db8:1::2/64.
Trap 2: Change R1 G0/0 subnet mask to /24, add a default route via…
This is incorrect because the subnet mask on R1's G0/0 remains /24, which does not match R2's /30. R1 will consider the subnet to be 192.0.2.0/24, while R2 uses 192.0.2.0/30, causing a mismatch that prevents direct communication.
Trap 3: Change R1 G0/0 subnet mask to /30, add a default route via…
This is incorrect because while the IPv4 issues are fixed, the IPv6 address generated by EUI-64 will not match the subnet expected by R2's static address 2001:db8:1::2/64. EUI-64 creates an interface ID based on the MAC, which is unpredictable and unlikely to be in the same subnet as R2's static address.
- A
Change R1 G0/0 subnet mask to /30, add a default route via 192.0.2.2, and configure a static IPv6 address 2001:db8:1::1/64 on G0/0.
This corrects all three issues: the mask matches R2's /30, the default route points to R2's G0/0 IP (192.0.2.2), and the static IPv6 address places R1 on the same subnet as R2's static address 2001:db8:1::2/64.
- B
Change R1 G0/0 subnet mask to /30, add a default route via 192.0.2.254, and keep the EUI-64 IPv6 address on G0/0.
Why wrong: This is incorrect because the default route points to 192.0.2.254, which is not R2's G0/0 IP (192.0.2.2), so IPv4 traffic will not be forwarded. Also, EUI-64 generates an interface ID from the MAC, which will not match the subnet expected by R2's static address 2001:db8:1::2/64.
- C
Change R1 G0/0 subnet mask to /24, add a default route via 192.0.2.2, and configure a static IPv6 address 2001:db8:1::1/64 on G0/0.
Why wrong: This is incorrect because the subnet mask on R1's G0/0 remains /24, which does not match R2's /30. R1 will consider the subnet to be 192.0.2.0/24, while R2 uses 192.0.2.0/30, causing a mismatch that prevents direct communication.
- D
Change R1 G0/0 subnet mask to /30, add a default route via 192.0.2.2, and keep the EUI-64 IPv6 address on G0/0.
Why wrong: This is incorrect because while the IPv4 issues are fixed, the IPv6 address generated by EUI-64 will not match the subnet expected by R2's static address 2001:db8:1::2/64. EUI-64 creates an interface ID based on the MAC, which is unpredictable and unlikely to be in the same subnet as R2's static address.
Which TWO statements accurately describe how AI/ML concepts are applied to network operations in modern enterprise networks?
Trap 1: Reinforcement learning is primarily used to automatically classify…
Reinforcement learning learns through trial-and-error for sequential decisions (e.g., routing optimization), not for static classification tasks like spam filtering, which typically use supervised learning.
Trap 2: Clustering algorithms, a type of unsupervised learning, are used to…
Clustering groups similar data points but does not predict numeric values; prediction tasks require regression or time-series forecasting, not clustering.
Trap 3: Predictive analytics in network operations relies solely on static…
Modern predictive analytics uses ML models that learn from historical data and adapt to changing patterns, not just static thresholds.
- A
Supervised machine learning models can be used to classify network traffic into predefined categories, such as identifying whether traffic is voice, video, or data.
Supervised learning trains on labeled data to classify new traffic, enabling accurate identification of application types for QoS or security policies.
- B
Anomaly detection algorithms, often based on unsupervised learning, can identify unusual network behavior that may indicate a security threat or device malfunction.
Unsupervised learning detects deviations from normal baselines, flagging anomalies without requiring labeled attack data.
- C
Reinforcement learning is primarily used to automatically classify email traffic as spam or not spam based on a labeled dataset.
Why wrong: Reinforcement learning learns through trial-and-error for sequential decisions (e.g., routing optimization), not for static classification tasks like spam filtering, which typically use supervised learning.
- D
Clustering algorithms, a type of unsupervised learning, are used to predict the exact bandwidth usage of a specific application over the next hour.
Why wrong: Clustering groups similar data points but does not predict numeric values; prediction tasks require regression or time-series forecasting, not clustering.
- E
Predictive analytics in network operations relies solely on static thresholds defined by network administrators to forecast potential failures.
Why wrong: Modern predictive analytics uses ML models that learn from historical data and adapt to changing patterns, not just static thresholds.
Which TWO switch port configurations are required when connecting a Cisco IP phone and a desktop PC to a single access port?
Trap 1: Configure the port as a trunk and allow both VLANs.
This is incorrect because the port should remain an access port, not a trunk. Trunk ports are used for switch-to-switch or switch-to-router links, not for end devices like phones and PCs.
Trap 2: Disable spanning tree on the port to prevent voice delays.
Disabling spanning tree is dangerous and unnecessary; STP prevents loops and should remain enabled. Voice delays are better managed by QoS and proper VLAN configuration.
Trap 3: Configure the port as a routed port with an IP address for…
Routed ports are used for Layer 3 connectivity between routers or switches, not for connecting end devices like phones and PCs. This would break VLAN segmentation.
- A
Configure the port as a trunk and allow both VLANs.
Why wrong: This is incorrect because the port should remain an access port, not a trunk. Trunk ports are used for switch-to-switch or switch-to-router links, not for end devices like phones and PCs.
- B
Use the 'switchport voice vlan' command to assign a dedicated voice VLAN.
This command separates voice traffic from data traffic by placing the phone in a specific VLAN, typically VLAN 10 or similar, while the PC remains in the native access VLAN.
- C
Disable spanning tree on the port to prevent voice delays.
Why wrong: Disabling spanning tree is dangerous and unnecessary; STP prevents loops and should remain enabled. Voice delays are better managed by QoS and proper VLAN configuration.
- D
Apply 'mls qos trust cos' on the interface to preserve voice packet markings.
Cisco IP phones mark voice packets with CoS value 5. Trusting these markings on the access port ensures that the QoS policy in the network treats voice traffic with priority.
- E
Configure the port as a routed port with an IP address for management.
Why wrong: Routed ports are used for Layer 3 connectivity between routers or switches, not for connecting end devices like phones and PCs. This would break VLAN segmentation.
Which TWO statements about IPv4/IPv6 static routing are true?
Trap 1: A floating static route is configured with a lower administrative…
A floating static route must have a higher administrative distance than the primary route so it is only used as a backup.
Trap 2: A static route with an administrative distance of 1 is preferred…
Directly connected routes have an administrative distance of 0, which is lower (more preferred) than 1.
Trap 3: IPv4 and IPv6 static routes are configured using the same command…
IPv4 static routes use 'ip route' while IPv6 static routes use 'ipv6 route'. They are different commands.
- A
A floating static route is configured with a lower administrative distance than the primary route.
Why wrong: A floating static route must have a higher administrative distance than the primary route so it is only used as a backup.
- B
An IPv6 default static route can be configured using the destination prefix ::/0.
The IPv6 default route is ::/0, similar to 0.0.0.0/0 for IPv4.
- C
A static route with an administrative distance of 1 is preferred over a directly connected route.
Why wrong: Directly connected routes have an administrative distance of 0, which is lower (more preferred) than 1.
- D
A floating static route becomes active in the routing table only when the primary route is removed or fails.
Due to its higher administrative distance, the floating static route is not installed until the primary route (with lower AD) disappears.
- E
IPv4 and IPv6 static routes are configured using the same command syntax.
Why wrong: IPv4 static routes use 'ip route' while IPv6 static routes use 'ipv6 route'. They are different commands.
Which four of the following correctly describe how AI/ML techniques can improve network operations in a modern enterprise? (Choose all that apply.)
A small office uses PAT for user Internet access. What mechanism does PAT use to allow many users to share one public address while keeping their sessions distinct?
Trap 1: Convert all inside hosts to the same private IP address.
This is wrong because PAT does not require all inside hosts to use the same private address.
Trap 2: Increase the size of the NAT pool to include multiple public…
This is wrong because disabling the default route would break Internet access rather than improve PAT.
Trap 3: Configure static NAT mappings for each inside host.
This is wrong because switchport trunking does not create PAT behavior.
- A
Use transport-layer port values to distinguish multiple inside sessions behind one outside address.
This is correct because PAT uses ports to separate many sessions sharing one public IP.
- B
Convert all inside hosts to the same private IP address.
Why wrong: This is wrong because PAT does not require all inside hosts to use the same private address.
- C
Increase the size of the NAT pool to include multiple public addresses.
Why wrong: This is wrong because disabling the default route would break Internet access rather than improve PAT.
- D
Configure static NAT mappings for each inside host.
Why wrong: This is wrong because switchport trunking does not create PAT behavior.
A switchport is configured for 802.1X authentication. What is the usual role of the RADIUS server in that design?
Trap 1: It provides Layer 2 trunk negotiation for the supplicant.
RADIUS does not negotiate switchport trunking.
Trap 2: It replaces the need for DHCP on the access layer.
RADIUS and DHCP have different functions.
Trap 3: It generates ARP replies on behalf of the default gateway.
RADIUS does not perform ARP gateway functions.
- A
It provides Layer 2 trunk negotiation for the supplicant.
Why wrong: RADIUS does not negotiate switchport trunking.
- B
It validates authentication credentials for the supplicant.
Correct. The RADIUS server performs centralized AAA decisions.
- C
It replaces the need for DHCP on the access layer.
Why wrong: RADIUS and DHCP have different functions.
- D
It generates ARP replies on behalf of the default gateway.
Why wrong: RADIUS does not perform ARP gateway functions.
Drag and drop the AAA terms on the left to their correct definitions on the right.
Trap 1: Authorization: Determines what actions or resources an…
This is incorrect because authorization controls access rights and privileges, not identity verification. The definition given is correct for authorization, but the question asks for the definition of authentication.
Trap 2: Accounting: Logs and tracks user activities, such as login times,…
This is incorrect because accounting is about logging and auditing, not identity verification. The definition is accurate for accounting, but the question asks for authentication.
Trap 3: RADIUS: A protocol that provides centralized authentication,…
This is incorrect because RADIUS is a protocol used to implement AAA, not a definition of authentication itself. The question asks for the definition of authentication, not a protocol.
- A
Authentication: Verifies the identity of a user or device before granting access to the network.
Authentication is the process of confirming the identity of a user or device, typically through credentials like username/password, certificates, or biometrics. It is the first step in the AAA framework.
- B
Authorization: Determines what actions or resources an authenticated user is permitted to access.
Why wrong: This is incorrect because authorization controls access rights and privileges, not identity verification. The definition given is correct for authorization, but the question asks for the definition of authentication.
- C
Accounting: Logs and tracks user activities, such as login times, commands executed, and data usage.
Why wrong: This is incorrect because accounting is about logging and auditing, not identity verification. The definition is accurate for accounting, but the question asks for authentication.
- D
RADIUS: A protocol that provides centralized authentication, authorization, and accounting for network access.
Why wrong: This is incorrect because RADIUS is a protocol used to implement AAA, not a definition of authentication itself. The question asks for the definition of authentication, not a protocol.
Which three of the following statements about VLAN Trunking Protocol (VTP) are correct? (Choose three.)
A switch shows a clock that is several minutes off from other devices even though an NTP server has been configured. Which issue is the most likely cause?
Exhibit
show ntp associations address ref clock st when poll reach delay offset disp *~10.10.50.5 .INIT. 16 - 64 0 0.000 0.000 16000 Configured server: 10.10.50.5
Trap 1: The device must run Syslog before NTP can sync
Syslog is unrelated.
Trap 2: NTP requires a trunk port on the management VLAN
NTP needs IP reachability, not a trunk specifically.
Trap 3: The clock can sync only if DNS is configured
NTP uses IP connectivity; DNS is optional if using addresses.
- A
The NTP server is unsynchronized or unreachable
This is correct because NTP requires a reachable, synchronized time source. If the server is unreachable or not synchronized, the switch cannot update its clock, leading to drift.
- B
The device must run Syslog before NTP can sync
Why wrong: Syslog is unrelated.
- C
NTP requires a trunk port on the management VLAN
Why wrong: NTP needs IP reachability, not a trunk specifically.
- D
The clock can sync only if DNS is configured
Why wrong: NTP uses IP connectivity; DNS is optional if using addresses.
Which three statements about Power over Ethernet (PoE) and PoE+ standards are correct? (Choose three.)
Which three of the following are valid considerations when configuring EtherChannel? (Choose three.)
Drag and drop the following steps into the correct order to configure HSRP on an interface and verify the active/standby election process, including failover and verification.
- A
Enter interface configuration mode, set HSRP version, configure virtual IP, set priority (if needed), enable preempt, then verify with 'show standby'.
This is the correct sequence: first configure HSRP on the interface (version, virtual IP, priority, preempt), then verify the state with 'show standby' to confirm active/standby roles.
- B
Enter global configuration mode, create a VLAN, assign an IP address, then enable HSRP on the VLAN interface.
This is incorrect because HSRP is configured on a Layer 3 interface (e.g., physical or SVI), not by creating a VLAN separately. The steps are out of order and incomplete.
- C
Configure HSRP priority first, then set the virtual IP, then enter interface configuration mode, and finally verify with 'show running-config'.
This is incorrect because you must enter interface configuration mode before setting HSRP parameters. Also, verification should use 'show standby' to see active/standby state, not just 'show running-config'.
- D
Enable HSRP globally with a 'router hsrp' command, then assign the virtual IP on the interface, and verify with 'debug standby'.
This is incorrect because HSRP does not require a global 'router hsrp' command; it is configured per interface. 'debug standby' is a debugging tool, not a verification command for normal operation.
Why is idempotency valuable in network automation?
Trap 1: It guarantees every API call will use TCP instead of UDP.
Idempotency is not a transport guarantee.
Trap 2: It encrypts device credentials stored in scripts.
Encryption is a different concern.
Trap 3: It forces the controller to use only one management protocol.
Idempotency is about behavior of repeated operations, not protocol exclusivity.
- A
It guarantees every API call will use TCP instead of UDP.
Why wrong: Idempotency is not a transport guarantee.
- B
It ensures repeated runs converge on the same desired state safely.
Correct. That property reduces drift and repeated-change problems.
- C
It encrypts device credentials stored in scripts.
Why wrong: Encryption is a different concern.
- D
It forces the controller to use only one management protocol.
Why wrong: Idempotency is about behavior of repeated operations, not protocol exclusivity.
Which three of the following are correct steps in the process of CDP (Cisco Discovery Protocol) neighbor discovery? (Choose three.)
A network engineer is troubleshooting OSPFv3 adjacency between two directly connected Cisco routers, R1 and R2, both running IOS-XE. The engineer configures OSPFv3 on both routers but notices that the adjacency does not form. The engineer runs 'show ospfv3 neighbor' on R1 and sees no neighbors. What is the most likely cause of this issue?
Exhibit
R1# show ospfv3 neighbor
OSPFv3 1 address-family ipv6 (router-id 1.1.1.1)
Neighbor ID Pri State Dead Time Interface ID Interface
R1# show ipv6 interface brief
GigabitEthernet0/0 [up/up]
FE80::1
GigabitEthernet0/1 [up/up]
FE80::2
R1# show running-config | section router ospfv3
router ospfv3 1
address-family ipv6
router-id 1.1.1.1
area 0
interface GigabitEthernet0/0
interface GigabitEthernet0/1
R1# show running-config interface GigabitEthernet0/0
interface GigabitEthernet0/0
ipv6 address FE80::1 link-local
ipv6 ospfv3 1 ipv6 area 0
!Trap 1: The OSPFv3 process ID must match on both routers.
OSPFv3 process IDs are locally significant and do not need to match for adjacency to form.
Trap 2: The link-local addresses are not in the same subnet.
Link-local addresses are only used for neighbor discovery and do not require subnet matching; they are always on the same link.
Trap 3: The router ID 1.1.1.1 is duplicated on R2.
Duplicate router IDs can cause issues, but the 'show ospfv3 neighbor' output would typically show the neighbor in EXSTART or EXCHANGE state, not missing entirely.
- A
The OSPFv3 process ID must match on both routers.
Why wrong: OSPFv3 process IDs are locally significant and do not need to match for adjacency to form.
- B
The interface GigabitEthernet0/0 is missing the 'ospfv3 1 ipv6 area 0' command.
Without this command, OSPFv3 is not enabled on the interface, preventing adjacency formation.
- C
The link-local addresses are not in the same subnet.
Why wrong: Link-local addresses are only used for neighbor discovery and do not require subnet matching; they are always on the same link.
- D
The router ID 1.1.1.1 is duplicated on R2.
Why wrong: Duplicate router IDs can cause issues, but the 'show ospfv3 neighbor' output would typically show the neighbor in EXSTART or EXCHANGE state, not missing entirely.
Exhibit: Users report no internet access after PAT was configured. The inside and outside interfaces are marked correctly. Which missing configuration is the most likely cause?
Exhibit
Configured: interface G0/0 ip nat inside interface G0/1 ip nat outside No translations appear in 'show ip nat translations'.
Trap 1: No DHCP pool on the outside interface
Distractor.
Trap 2: No CDP enabled on the router
Distractor.
Trap 3: No syslog server configured
Distractor.
- A
No ACL and nat overload statement identifying inside source addresses
Correct choice.
- B
No DHCP pool on the outside interface
Why wrong: Distractor.
- C
No CDP enabled on the router
Why wrong: Distractor.
- D
No syslog server configured
Why wrong: Distractor.
A network engineer is implementing AIOps to improve network reliability. Which four of the following are core capabilities that AIOps platforms typically provide? (Choose four.)
A network administrator wants to secure remote CLI access to a Cisco router, moving beyond simple username/password authentication. Which approach best achieves this goal?
Trap 1: Replace SSH with Telnet to simplify troubleshooting
This is wrong because Telnet weakens management security by sending traffic in clear text.
Trap 2: Configure an extended ACL to limit remote access to specific source…
This is wrong because removing authentication undermines security.
Trap 3: Disable password authentication and rely solely on device location…
This is wrong because switch trunking is unrelated to stronger remote administrative authentication.
- A
Use stronger or additional authentication controls to improve remote administrative access security
This is correct because the goal is to improve authentication strength rather than rely only on a weak single factor.
- B
Replace SSH with Telnet to simplify troubleshooting
Why wrong: This is wrong because Telnet weakens management security by sending traffic in clear text.
- C
Configure an extended ACL to limit remote access to specific source IP addresses
Why wrong: This is wrong because removing authentication undermines security.
- D
Disable password authentication and rely solely on device location in the network
Why wrong: This is wrong because switch trunking is unrelated to stronger remote administrative authentication.
Which IPv6 address type is automatically created on an interface and used for link-local communication?
Trap 1: Unique local
Unique local addresses are not automatically the local-link-only address being tested here.
Trap 2: Global unicast
Global unicast addresses are routable beyond the local link.
Trap 3: Anycast
Anycast is an addressing behavior, not the specific auto-created local type.
- A
Unique local
Why wrong: Unique local addresses are not automatically the local-link-only address being tested here.
- B
Global unicast
Why wrong: Global unicast addresses are routable beyond the local link.
- C
Link-local
Correct. Link-local addresses are auto-created and used locally.
- D
Anycast
Why wrong: Anycast is an addressing behavior, not the specific auto-created local type.
A network administrator notices that a switchport in access mode with PortFast enabled has transitioned to an err-disabled state. What is the most likely cause?
Exhibit
interface GigabitEthernet1/0/9 switchport mode access spanning-tree portfast spanning-tree bpduguard enable Event: %SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on PortFast enabled port. Disabling interface.
Trap 1: Port security shut down the port because the VLAN was wrong.
This is wrong because the event shown is about BPDUs, not MAC-based port security.
Trap 2: DHCP snooping disabled the interface because a host requested an…
This is wrong because DHCP snooping does not produce this spanning-tree error.
Trap 3: EtherChannel suspended the interface because the bundle was…
This is wrong because the event message points to BPDU Guard, not EtherChannel.
- A
BPDU Guard disabled the PortFast-enabled access port after it received a BPDU.
This is correct because the event message explicitly identifies a BPDU Guard violation.
- B
Port security shut down the port because the VLAN was wrong.
Why wrong: This is wrong because the event shown is about BPDUs, not MAC-based port security.
- C
DHCP snooping disabled the interface because a host requested an address.
Why wrong: This is wrong because DHCP snooping does not produce this spanning-tree error.
- D
EtherChannel suspended the interface because the bundle was incomplete.
Why wrong: This is wrong because the event message points to BPDU Guard, not EtherChannel.
Question Discussion
Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.
Sign in to join the discussion.