Question 1,014 of 1,819
Switching and Network AccessmediumMultiple ChoiceObjective-mapped

CCNA Switching and Network Access Practice Question

This 200-301 practice question tests your understanding of switching and network access. Read the scenario carefully and evaluate each option against the stated constraints before committing to an answer. A key principle to apply: bPDU Guard is a Cisco feature that disables a PortFast-enabled access port if it receives a Bridge Protocol Data Unit (BPDU), preventing potential Layer 2 loops.. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.

Exhibit

interface g1/0/24
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable

SW1 is the root bridge for VLAN 10. A user switch receives a BPDU on an access port connected to a desk-side unmanaged switch. What should happen if BPDU Guard is enabled on that port?

Question 1mediummultiple choice
Open the full VLAN trunking answer →

Exhibit

interface g1/0/24
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable

Answer choices

Why each option matters

Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.

Correct answer & explanation

The port is moved to err-disabled state

BPDU Guard is designed to protect edge ports. If a BPDU is received on a PortFast access port, the switch places the interface into the err-disabled state to stop a potential Layer 2 loop or rogue switch.

Key principle: BPDU Guard is a Cisco feature that disables a PortFast-enabled access port if it receives a Bridge Protocol Data Unit (BPDU), preventing potential Layer 2 loops.

Answer analysis

Option-by-option breakdown

For each option: why learners choose it and why it is or isn't the right answer here.

  • The port transitions to forwarding more quickly

    Why it's wrong here

    That is PortFast behavior, not BPDU Guard after receiving a BPDU.

    When this WOULD be correct

    In a different scenario, if the question asked about a switch port that is configured with Rapid Spanning Tree Protocol (RSTP) and receives a BPDU, one might mistakenly think that the port would transition to forwarding mode due to the rapid convergence feature of RSTP, making this option appear correct.

  • The port is moved to err-disabled state

    Why this is correct

    BPDU Guard shuts the port down when a BPDU is seen on an edge port.

    Related concept

    BPDU Guard is a Cisco feature that disables a PortFast-enabled access port if it receives a Bridge Protocol Data Unit (BPDU), preventing potential Layer 2 loops.

  • The switch elects a new root bridge

    Why it's wrong here

    A BPDU on one edge port does not force a new root election.

    When this WOULD be correct

    In a different scenario where a question asks about the behavior of a switch when a BPDU is received on a port configured as a root port or in a situation where a switch is actively participating in Spanning Tree Protocol (STP), the switch may elect a new root bridge if it determines that the received BPDU indicates a better root bridge candidate.

  • The port becomes a trunk automatically

    Why it's wrong here

    STP protections do not convert access ports into trunks.

    When this WOULD be correct

    In a different scenario where a switch is configured to automatically negotiate trunking on a port and receives a specific configuration BPDU indicating a trunking request, the port could transition to trunk mode. The question would need to focus on trunk negotiation protocols like DTP (Dynamic Trunking Protocol) rather than BPDU Guard.

Option-by-option analysis

Why each answer is right or wrong

Understanding why wrong answers are wrong — and when they would be correct — is what separates a 750 score from a 900. The 200-301 exam frequently reuses these exact scenarios with slightly different constraints.

The port is moved to err-disabled stateCorrect answer

Why this is correct

BPDU Guard shuts the port down when a BPDU is seen on an edge port.

The port transitions to forwarding more quicklyWrong answer — click to see why

Why this is wrong here

PortFast allows a port to transition to forwarding immediately upon link up, but it does not react to BPDU reception. BPDU Guard is a separate feature that disables the port upon receiving a BPDU, not accelerate forwarding.

★ When this WOULD be the correct answer

In a different scenario, if the question asked about a switch port that is configured with Rapid Spanning Tree Protocol (RSTP) and receives a BPDU, one might mistakenly think that the port would transition to forwarding mode due to the rapid convergence feature of RSTP, making this option appear correct.

Why candidates choose this

Students often confuse PortFast and BPDU Guard because both are commonly applied to edge ports. Since PortFast speeds up forwarding, they might think BPDU Guard also does something similar when a BPDU is received.

The switch elects a new root bridgeWrong answer — click to see why

Why this is wrong here

Receiving a BPDU on a single edge port does not trigger a root bridge election. Root bridge election is based on bridge ID comparison across the entire spanning-tree domain, not on a single BPDU on a port.

★ When this WOULD be the correct answer

In a different scenario where a question asks about the behavior of a switch when a BPDU is received on a port configured as a root port or in a situation where a switch is actively participating in Spanning Tree Protocol (STP), the switch may elect a new root bridge if it determines that the received BPDU indicates a better root bridge candidate.

Why candidates choose this

Test-takers may think that any BPDU reception can influence root bridge selection, especially if they confuse BPDU Guard with root guard. Root guard prevents a port from becoming a root port, but BPDU Guard simply disables the port.

The port becomes a trunk automaticallyWrong answer — click to see why

Why this is wrong here

BPDU Guard does not change the port mode; it only reacts to BPDU reception by disabling the port. Port mode (access or trunk) is configured separately and is not affected by STP protection features.

★ When this WOULD be the correct answer

In a different scenario where a switch is configured to automatically negotiate trunking on a port and receives a specific configuration BPDU indicating a trunking request, the port could transition to trunk mode. The question would need to focus on trunk negotiation protocols like DTP (Dynamic Trunking Protocol) rather than BPDU Guard.

Why candidates choose this

Some might think that because BPDUs are typically sent on trunk ports, receiving a BPDU on an access port would cause the switch to automatically convert it to a trunk. However, this is not how STP protections work.

Analysis generated from the official 200-301blueprint and verified against question context. The “when correct” sections are what AI assistants cite when candidates ask “what’s the difference between these options?”

Common exam traps

Common exam trap: answer the scenario, not the keyword

Remember that BPDU Guard actively disables ports, it doesn't just log or ignore BPDUs.

Detailed technical explanation

How to think about this question

Spanning Tree Protocol (STP) uses Bridge Protocol Data Units (BPDUs) to detect loops and maintain a loop-free Layer 2 topology. Edge ports, typically connected to end devices, are configured with PortFast to speed up their transition to forwarding state by bypassing the usual STP listening and learning states. However, if a BPDU is received on such a port, it indicates that another switch or device capable of generating BPDUs is connected, which could cause loops or topology instability. BPDU Guard is a protective feature that disables a PortFast-enabled port immediately upon receipt of a BPDU. This action places the port into an err-disabled state, effectively shutting it down to prevent potential Layer 2 loops or rogue switches from affecting the network. The err-disabled state requires administrative intervention or configured automatic recovery to bring the port back up. This mechanism ensures that only trusted devices connect to edge ports, maintaining the integrity of the STP topology and the root bridge election process. A common exam trap is confusing BPDU Guard’s behavior with PortFast or STP root bridge election. While PortFast speeds up port activation, it does not shut down ports on BPDU receipt. BPDU Guard specifically disables the port to prevent loops. Also, receiving a BPDU on an edge port does not trigger a new root bridge election; root election depends on BPDU priority and path cost across the entire network. Understanding these distinctions is critical for correctly answering questions about STP protections and port security in the CCNA exam.

KKey Concepts to Remember

  • BPDU Guard is a Cisco feature that disables a PortFast-enabled access port if it receives a Bridge Protocol Data Unit (BPDU), preventing potential Layer 2 loops.
  • When BPDU Guard is enabled on an access port, the switch immediately moves the port to an err-disabled state upon receiving any BPDU frames.
  • PortFast allows access ports to transition quickly to the forwarding state, but BPDU Guard protects these ports from connecting unauthorized switches.
  • Receiving a BPDU on a PortFast-enabled port indicates a possible misconfiguration or rogue device, triggering BPDU Guard to shut down the port.
  • BPDU Guard does not cause the switch to elect a new root bridge; root bridge election is based on BPDU priority and path cost.
  • BPDU Guard does not convert access ports into trunk ports; port type remains unchanged regardless of BPDU reception.
  • The err-disabled state caused by BPDU Guard requires manual or automatic recovery to re-enable the port after the BPDU violation is resolved.
  • BPDU Guard is essential for securing edge ports in VLAN environments, especially in VLAN 10 where STP root bridge stability is critical.

TExam Day Tips

  • Watch for words such as best, first, most likely and least administrative effort.
  • Review why wrong options are wrong, not only why the correct option is correct.

Key takeaway

BPDU Guard is a Cisco feature that disables a PortFast-enabled access port if it receives a Bridge Protocol Data Unit (BPDU), preventing potential Layer 2 loops.

Real-world example

How this comes up in practice

A help-desk technician troubleshoots why a newly connected PC cannot reach shared printers on the same floor. The cable is good, the switch port is active, but the PC is in VLAN 20 and the printers are in VLAN 10. The uplink trunk only allows VLAN 10. A trunk being up does not mean every VLAN crosses it.

What to study next

Got this wrong? Here's your next step.

Review bPDU Guard is a Cisco feature that disables a PortFast-enabled access port if it receives a Bridge Protocol Data Unit (BPDU), preventing potential Layer 2 loops., then practise related 200-301 questions on the same topic to reinforce the concept.

Related practice questions

Related 200-301 practice-question pages

Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.

Practice this exam

Start a free 200-301 practice session

Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.

FAQ

Questions learners often ask

What does this 200-301 question test?

Switching and Network Access — This question tests Switching and Network Access — BPDU Guard is a Cisco feature that disables a PortFast-enabled access port if it receives a Bridge Protocol Data Unit (BPDU), preventing potential Layer 2 loops..

What is the correct answer to this question?

The correct answer is: The port is moved to err-disabled state — BPDU Guard is designed to protect edge ports. If a BPDU is received on a PortFast access port, the switch places the interface into the err-disabled state to stop a potential Layer 2 loop or rogue switch.

What should I do if I get this 200-301 question wrong?

Review bPDU Guard is a Cisco feature that disables a PortFast-enabled access port if it receives a Bridge Protocol Data Unit (BPDU), preventing potential Layer 2 loops., then practise related 200-301 questions on the same topic to reinforce the concept.

What is the key concept behind this question?

BPDU Guard is a Cisco feature that disables a PortFast-enabled access port if it receives a Bridge Protocol Data Unit (BPDU), preventing potential Layer 2 loops.

About these practice questions

Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →

How Courseiva writes practice questions · Editorial policy

Last reviewed: May 17, 2026

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

This 200-301 practice question is part of Courseiva's free Cisco certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the 200-301 exam.