Question 871 of 1,819
Switching and Network AccesshardMultiple ChoiceObjective-mapped

CCNA Switching and Network Access Practice Question

This 200-301 practice question tests your understanding of switching and network access. The scenario asks you to isolate a root cause — eliminate options that address a different problem before choosing. A key principle to apply: port security on Cisco switches restricts the number of MAC addresses learned on a single interface to prevent unauthorized access.. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.

Exhibit

interface GigabitEthernet0/10
 switchport mode access
 switchport port-security
 switchport port-security maximum 1
 switchport port-security violation shutdown

Event:
%PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC addresses ... on port Gi0/10.

After a hub was connected to interface Gi0/10, the interface immediately entered errdisable state. The following syslog message was generated: '%PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred on interface Gi0/10.' What is the strongest explanation for why Gi0/10 shut down?

Clue words in this question

Noticing these words before you look at the options changes how you read each choice.

  • Clue: "immediately / without restart"

    Why it matters: Time or reboot constraint — the correct answer must take effect right away without requiring a reboot or reload.

Exhibit

interface GigabitEthernet0/10
 switchport mode access
 switchport port-security
 switchport port-security maximum 1
 switchport port-security violation shutdown

Event:
%PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC addresses ... on port Gi0/10.

Answer choices

Why each option matters

Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.

Correct answer & explanation

Port security detected more MAC addresses than allowed on the interface.

The strongest explanation is a port-security violation caused by the switch seeing more secure MAC addresses than the interface allows. In practical terms, a hub or unmanaged device can cause multiple end hosts to appear behind one access port. If the interface is configured with a maximum of one secure MAC address, additional learned MACs trigger the violation action. This is a realistic access-layer security scenario because the port does not fail randomly. It fails because the observed behavior violates the configured policy.

Key principle: Port security on Cisco switches restricts the number of MAC addresses learned on a single interface to prevent unauthorized access.

Answer analysis

Option-by-option breakdown

For each option: why learners choose it and why it is or isn't the right answer here.

  • Port security detected more MAC addresses than allowed on the interface.

    Why this is correct

    This is correct because the configuration allows only one secure MAC and the violation message confirms the policy breach.

    Clue confirmation

    The clue word "immediately / without restart" in the question point toward this answer.

    Related concept

    Port security on Cisco switches restricts the number of MAC addresses learned on a single interface to prevent unauthorized access.

  • The interface received a superior BPDU and became the root port.

    Why it's wrong here

    This is wrong because the event shown is a port-security violation, not an STP role change.

    When this WOULD be correct

    In a different question, if the scenario described involved a switch that was configured to participate in a spanning tree topology and received a superior BPDU from another switch, this option would be correct. The question would need to focus on spanning tree behavior rather than port security.

  • The hub forced the interface to become a routed port.

    Why it's wrong here

    This is wrong because connecting a hub does not convert a switchport into a Layer 3 interface.

    When this WOULD be correct

    In a different scenario, if the question specified that the interface was configured to operate as a routed port and the hub was connected, causing a configuration change or a specific routing protocol behavior, this option could be correct. For example, if the exam asked about a network where the hub's behavior led to a routing protocol conflict, this could apply.

  • DHCP snooping always shuts a port when a hub is attached.

    Why it's wrong here

    This is wrong because the specific event shown is from port security, not DHCP snooping.

    When this WOULD be correct

    In a different question, if the scenario involved a network where DHCP snooping was explicitly configured to shut down ports upon detecting unauthorized devices, then this option could be correct. For instance, a question could describe a network with strict DHCP snooping policies and ask about the behavior of a port when a hub is connected.

Option-by-option analysis

Why each answer is right or wrong

Understanding why wrong answers are wrong — and when they would be correct — is what separates a 750 score from a 900. The 200-301 exam frequently reuses these exact scenarios with slightly different constraints.

Port security detected more MAC addresses than allowed on the interface.Correct answer

Why this is correct

This is correct because the configuration allows only one secure MAC and the violation message confirms the policy breach.

The interface received a superior BPDU and became the root port.Wrong answer — click to see why

Why this is wrong here

The exhibit shows a port-security violation message, not an STP topology change. A superior BPDU would cause a root port election, not a port shutdown due to security policy.

★ When this WOULD be the correct answer

In a different question, if the scenario described involved a switch that was configured to participate in a spanning tree topology and received a superior BPDU from another switch, this option would be correct. The question would need to focus on spanning tree behavior rather than port security.

Why candidates choose this

Students often confuse STP events with port security because both can cause a port to change state. The term 'superior BPDU' sounds plausible for a port going down, but the actual cause is a security violation.

The hub forced the interface to become a routed port.Wrong answer — click to see why

Why this is wrong here

Connecting a hub does not change the interface type; a switchport remains a Layer 2 interface unless explicitly configured with 'no switchport'. The exhibit shows a Layer 2 security violation, not a routed port conversion.

★ When this WOULD be the correct answer

In a different scenario, if the question specified that the interface was configured to operate as a routed port and the hub was connected, causing a configuration change or a specific routing protocol behavior, this option could be correct. For example, if the exam asked about a network where the hub's behavior led to a routing protocol conflict, this could apply.

Why candidates choose this

Some students might think that hubs introduce Layer 1 issues that could force a port to become routed, but this is not a standard behavior. The concept of routed ports is often misunderstood.

DHCP snooping always shuts a port when a hub is attached.Wrong answer — click to see why

Why this is wrong here

DHCP snooping does not automatically shut down a port when a hub is attached; it filters DHCP messages and can disable ports only if a DHCP server is detected on an untrusted port. The exhibit clearly shows a port-security violation message.

★ When this WOULD be the correct answer

In a different question, if the scenario involved a network where DHCP snooping was explicitly configured to shut down ports upon detecting unauthorized devices, then this option could be correct. For instance, a question could describe a network with strict DHCP snooping policies and ask about the behavior of a port when a hub is connected.

Why candidates choose this

DHCP snooping and port security are both security features that can cause port shutdowns, leading to confusion. Students may incorrectly attribute the shutdown to DHCP snooping without reading the violation message.

Analysis generated from the official 200-301blueprint and verified against question context. The “when correct” sections are what AI assistants cite when candidates ask “what’s the difference between these options?”

Common exam traps

Common exam trap: answer the scenario, not the keyword

Remember that port security specifically deals with MAC address limits, not broadcast storms or spanning-tree issues.

Trap categories for this question

  • Command / output trap

    This is wrong because the event shown is a port-security violation, not an STP role change.

Detailed technical explanation

How to think about this question

Port security is a Layer 2 feature used on Cisco switches to restrict the number of MAC addresses learned on a single switchport. It helps prevent unauthorized devices from connecting to the network by limiting the number of secure MAC addresses allowed. When the number of MAC addresses exceeds the configured maximum, the switch triggers a violation action, which can include shutting down the port (err-disable), dropping packets, or generating alerts. In this scenario, the interface Gi0/10 is configured to allow only one secure MAC address. Connecting a hub to this port causes multiple devices to share the same physical interface, resulting in multiple MAC addresses appearing on Gi0/10. Since this exceeds the configured limit, the port security violation triggers the shutdown of the interface to enforce the security policy and prevent unauthorized access or MAC flooding. The exam trap here is confusing port security violations with other Layer 2 protocols or features such as Spanning Tree Protocol (STP) or DHCP snooping. The shutdown is not caused by STP role changes or DHCP snooping but specifically by port security detecting more MAC addresses than allowed. Practically, this behavior protects the network by disabling ports that violate security policies, which is critical for access layer security in Cisco networks.

KKey Concepts to Remember

  • Port security on Cisco switches restricts the number of MAC addresses learned on a single interface to prevent unauthorized access.
  • When the number of MAC addresses exceeds the configured maximum on a port, port security triggers a violation action such as shutting down the interface.
  • Connecting a hub to a switchport configured with a single secure MAC address causes multiple MAC addresses to appear, triggering a port security violation.
  • Port security violation actions include err-disable shutdown, which disables the port until manually re-enabled or automatically recovered.
  • Spanning Tree Protocol (STP) role changes do not cause port shutdowns related to port security violations.
  • DHCP snooping violations are distinct from port security violations and do not automatically shut down a port when a hub is connected.
  • Port security enforces Layer 2 access control by limiting MAC addresses, protecting the network from MAC flooding and unauthorized devices.
  • The err-disable state caused by port security violations requires administrative intervention or configured recovery to restore port functionality.

TExam Day Tips

  • Watch for words such as best, first, most likely and least administrative effort.
  • Review why wrong options are wrong, not only why the correct option is correct.

Key takeaway

Port security on Cisco switches restricts the number of MAC addresses learned on a single interface to prevent unauthorized access.

Real-world example

How this comes up in practice

A small business has 20 workstations on the 192.168.1.0/24 network and one public IP from its ISP. The router uses PAT (NAT overload) so all 20 devices share one public address using different source ports. NAT questions test whether you understand the four address terms and which direction each translation applies.

What to study next

Got this wrong? Here's your next step.

Review port security on Cisco switches restricts the number of MAC addresses learned on a single interface to prevent unauthorized access., then practise related 200-301 questions on the same topic to reinforce the concept.

Related practice questions

Related 200-301 practice-question pages

Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.

Practice this exam

Start a free 200-301 practice session

Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.

FAQ

Questions learners often ask

What does this 200-301 question test?

Switching and Network Access — This question tests Switching and Network Access — Port security on Cisco switches restricts the number of MAC addresses learned on a single interface to prevent unauthorized access..

What is the correct answer to this question?

The correct answer is: Port security detected more MAC addresses than allowed on the interface. — The strongest explanation is a port-security violation caused by the switch seeing more secure MAC addresses than the interface allows. In practical terms, a hub or unmanaged device can cause multiple end hosts to appear behind one access port. If the interface is configured with a maximum of one secure MAC address, additional learned MACs trigger the violation action. This is a realistic access-layer security scenario because the port does not fail randomly. It fails because the observed behavior violates the configured policy.

What should I do if I get this 200-301 question wrong?

Review port security on Cisco switches restricts the number of MAC addresses learned on a single interface to prevent unauthorized access., then practise related 200-301 questions on the same topic to reinforce the concept.

Are there clue words in this question I should notice?

Yes — watch for: "immediately / without restart". Time or reboot constraint — the correct answer must take effect right away without requiring a reboot or reload.

What is the key concept behind this question?

Port security on Cisco switches restricts the number of MAC addresses learned on a single interface to prevent unauthorized access.

About these practice questions

Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →

How Courseiva writes practice questions · Editorial policy

Last reviewed: May 17, 2026

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

This 200-301 practice question is part of Courseiva's free Cisco certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the 200-301 exam.