- A
STP prevents loops, VTP manages VLANs, EtherChannel aggregates links, Port Security restricts MAC addresses, DTP negotiates trunks, and Rapid PVST+ provides fast per-VLAN convergence.
This option correctly matches each switching feature to its primary purpose as defined in Cisco IOS documentation.
- B
STP manages VLANs, VTP prevents loops, EtherChannel restricts MAC addresses, Port Security aggregates links, DTP provides fast per-VLAN convergence, and Rapid PVST+ negotiates trunks.
Why wrong: This option incorrectly assigns purposes to each feature, mixing up their actual functions.
- C
STP aggregates links, VTP prevents loops, EtherChannel manages VLANs, Port Security negotiates trunks, DTP restricts MAC addresses, and Rapid PVST+ provides fast per-VLAN convergence.
Why wrong: This option incorrectly assigns purposes to STP, VTP, EtherChannel, Port Security, and DTP, though Rapid PVST+ is correctly matched.
- D
STP provides fast per-VLAN convergence, VTP aggregates links, EtherChannel prevents loops, Port Security manages VLANs, DTP restricts MAC addresses, and Rapid PVST+ negotiates trunks.
Why wrong: This option incorrectly assigns purposes to all features, with no correct matches.
Quick Answer
The correct match is STP prevents loops, VTP manages VLANs, EtherChannel aggregates links, and Port Security restricts MAC addresses, because each feature addresses a distinct switching challenge. Spanning Tree Protocol (STP) eliminates bridging loops by blocking redundant paths, while VTP simplifies VLAN administration by propagating database changes across a network. EtherChannel bundles multiple physical links into a single logical interface for increased bandwidth and redundancy, and Port Security enforces access control by limiting which MAC addresses can communicate on a port. On the CCNA 200-301 v2 exam, you will often see these features tested in drag-and-drop matching or scenario-based questions, where a common trap is confusing DTP (which negotiates trunks) with VTP or mixing up Port Security with DHCP Snooping. A helpful memory tip is to think of the acronym “S-V-E-P”: STP stops loops, VTP vends VLANs, EtherChannel equals extra bandwidth, and Port Security patrols ports.
CCNA Switching and Network Access Practice Question
This 200-301 practice question tests your understanding of switching and network access. Read the scenario carefully and evaluate each option against the stated constraints before committing to an answer. A key principle to apply: portFast immediately transitions an access port to forwarding state, reducing STP convergence delay for end devices.. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.
Match each switching feature to its most accurate purpose.
Answer choices
Why each option matters
Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.
Correct answer & explanation
STP prevents loops, VTP manages VLANs, EtherChannel aggregates links, Port Security restricts MAC addresses, DTP negotiates trunks, and Rapid PVST+ provides fast per-VLAN convergence.
PortFast allows an edge port (connected to an end device) to bypass the listening and learning states and transition directly to forwarding, speeding up convergence. BPDU Guard disables a port if it receives a BPDU, protecting against accidental bridge connections on edge ports. Port security restricts which MAC addresses can communicate on a switch port, preventing unauthorized devices. DHCP Snooping filters DHCP messages and builds a binding table of trusted clients, helping to block rogue DHCP servers and attacks.
Key principle: PortFast immediately transitions an access port to forwarding state, reducing STP convergence delay for end devices.
Answer analysis
Option-by-option breakdown
For each option: why learners choose it and why it is or isn't the right answer here.
- ✓
STP prevents loops, VTP manages VLANs, EtherChannel aggregates links, Port Security restricts MAC addresses, DTP negotiates trunks, and Rapid PVST+ provides fast per-VLAN convergence.
Why this is correct
This option correctly matches each switching feature to its primary purpose as defined in Cisco IOS documentation.
Related concept
PortFast immediately transitions an access port to forwarding state, reducing STP convergence delay for end devices.
- ✗
STP manages VLANs, VTP prevents loops, EtherChannel restricts MAC addresses, Port Security aggregates links, DTP provides fast per-VLAN convergence, and Rapid PVST+ negotiates trunks.
Why it's wrong here
This option incorrectly assigns purposes to each feature, mixing up their actual functions.
- ✗
STP aggregates links, VTP prevents loops, EtherChannel manages VLANs, Port Security negotiates trunks, DTP restricts MAC addresses, and Rapid PVST+ provides fast per-VLAN convergence.
Why it's wrong here
This option incorrectly assigns purposes to STP, VTP, EtherChannel, Port Security, and DTP, though Rapid PVST+ is correctly matched.
- ✗
STP provides fast per-VLAN convergence, VTP aggregates links, EtherChannel prevents loops, Port Security manages VLANs, DTP restricts MAC addresses, and Rapid PVST+ negotiates trunks.
Why it's wrong here
This option incorrectly assigns purposes to all features, with no correct matches.
Option-by-option analysis
Why each answer is right or wrong
Understanding why wrong answers are wrong — and when they would be correct — is what separates a 750 score from a 900. The 200-301 exam frequently reuses these exact scenarios with slightly different constraints.
✓STP prevents loops, VTP manages VLANs, EtherChannel aggregates links, Port Security restricts MAC addresses, DTP negotiates trunks, and Rapid PVST+ provides fast per-VLAN convergence.Correct answer▾
Why this is correct
This option correctly matches each switching feature to its primary purpose as defined in Cisco IOS documentation.
✗STP manages VLANs, VTP prevents loops, EtherChannel restricts MAC addresses, Port Security aggregates links, DTP provides fast per-VLAN convergence, and Rapid PVST+ negotiates trunks.Wrong answer — click to see why▾
Why this is wrong here
STP prevents loops, not manages VLANs; VTP manages VLANs, not prevents loops; EtherChannel aggregates links, not restricts MAC addresses; Port Security restricts MAC addresses, not aggregates links; DTP negotiates trunks, not provides fast convergence; Rapid PVST+ provides fast per-VLAN convergence, not negotiates trunks.
Why candidates choose this
Candidates may confuse the acronyms or misremember the primary functions of these features, especially if they have not studied each one thoroughly.
✗STP aggregates links, VTP prevents loops, EtherChannel manages VLANs, Port Security negotiates trunks, DTP restricts MAC addresses, and Rapid PVST+ provides fast per-VLAN convergence.Wrong answer — click to see why▾
Why this is wrong here
STP prevents loops, not aggregates links; VTP manages VLANs, not prevents loops; EtherChannel aggregates links, not manages VLANs; Port Security restricts MAC addresses, not negotiates trunks; DTP negotiates trunks, not restricts MAC addresses.
Why candidates choose this
Candidates might think that STP can aggregate links (confusing with EtherChannel) or that VTP prevents loops (confusing with STP), leading to a mix-up.
✗STP provides fast per-VLAN convergence, VTP aggregates links, EtherChannel prevents loops, Port Security manages VLANs, DTP restricts MAC addresses, and Rapid PVST+ negotiates trunks.Wrong answer — click to see why▾
Why this is wrong here
STP prevents loops, not provides fast convergence (Rapid PVST+ does); VTP manages VLANs, not aggregates links; EtherChannel aggregates links, not prevents loops; Port Security restricts MAC addresses, not manages VLANs; DTP negotiates trunks, not restricts MAC addresses; Rapid PVST+ provides fast per-VLAN convergence, not negotiates trunks.
Why candidates choose this
Candidates may confuse the roles of STP and Rapid PVST+, or think that EtherChannel prevents loops (similar to STP), leading to a complete mismatch.
Analysis generated from the official 200-301blueprint and verified against question context. The “when correct” sections are what AI assistants cite when candidates ask “what’s the difference between these options?”
Common exam traps
Common exam trap: answer the scenario, not the keyword
Cisco exams often test the specific purpose of each switching feature; avoid confusing PortFast with BPDU Guard, or mixing up DHCP Snooping with Dynamic ARP Inspection.
Detailed technical explanation
How to think about this question
PortFast is a Cisco Catalyst switch feature that immediately transitions a switch port configured as an edge port into the forwarding state, bypassing the usual Spanning Tree Protocol (STP) listening and learning states. This reduces the delay for devices like workstations or IP phones to start communicating on the network, which is critical in access layer environments where end devices connect. PortFast only applies to ports connected to end devices, not to other switches, to prevent loops. BPDU Guard complements PortFast by protecting edge ports from receiving Bridge Protocol Data Units (BPDUs). If a BPDU is detected on a PortFast-enabled port, BPDU Guard disables the port to prevent potential Layer 2 loops caused by unauthorized switches or misconfigurations. This mechanism enforces the assumption that edge ports should not participate in STP topology changes, enhancing network stability and security. Port Security and DHCP Snooping address different security concerns at the access layer. Port Security restricts the number of MAC addresses learned on a port and can lock down ports to specific MAC addresses, preventing MAC flooding attacks and unauthorized device connections. DHCP Snooping filters DHCP messages, blocking rogue DHCP servers and building a binding table that maps IP addresses to MAC addresses and switch ports. This binding is used by other features like Dynamic ARP Inspection to prevent IP spoofing. Together, these features enforce secure and stable Layer 2 access networks.
KKey Concepts to Remember
- PortFast immediately transitions an access port to forwarding state, reducing STP convergence delay for end devices.
- BPDU Guard disables a PortFast-enabled port upon receiving unexpected BPDUs to prevent Layer 2 loops from unauthorized switches.
- Port Security limits the number of MAC addresses on a port and can restrict access to specific MAC addresses to enhance security.
- DHCP Snooping blocks rogue DHCP servers and builds a trusted binding table of IP-to-MAC-to-port mappings for network validation.
- PortFast should only be enabled on ports connected to end devices, never on ports connecting to other switches.
- BPDU Guard enforces the assumption that edge ports do not participate in STP topology changes by shutting down ports receiving BPDUs.
- Port Security helps prevent MAC flooding and unauthorized device access by controlling MAC address learning on switch ports.
- DHCP Snooping supports other security features by providing accurate IP-MAC-port bindings to prevent IP spoofing attacks.
TExam Day Tips
- Watch for words such as best, first, most likely and least administrative effort.
- Review why wrong options are wrong, not only why the correct option is correct.
Key takeaway
PortFast immediately transitions an access port to forwarding state, reducing STP convergence delay for end devices.
Real-world example
How this comes up in practice
A help-desk technician troubleshoots why a newly connected PC cannot reach shared printers on the same floor. The cable is good, the switch port is active, but the PC is in VLAN 20 and the printers are in VLAN 10. The uplink trunk only allows VLAN 10. A trunk being up does not mean every VLAN crosses it.
What to study next
Got this wrong? Here's your next step.
Review portFast immediately transitions an access port to forwarding state, reducing STP convergence delay for end devices., then practise related 200-301 questions on the same topic to reinforce the concept.
- →
Switching and Network Access — study guide chapter
Learn the concepts, then practise the questions
- →
Switching and Network Access practice questions
Targeted practice on this topic area only
- →
All 200-301 questions
1,819 questions across all exam domains
- →
CCNA 200-301 v2 study guide
Full concept coverage aligned to exam objectives
- →
200-301 practice test guide
How to use practice tests most effectively before exam day
Related practice questions
Related 200-301 practice-question pages
Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.
Network Infrastructure and Connectivity practice questions
Practise 200-301 questions linked to Network Infrastructure and Connectivity.
Switching and Network Access practice questions
Practise 200-301 questions linked to Switching and Network Access.
IP Routing practice questions
Practise 200-301 questions linked to IP Routing.
Network Services and Security practice questions
Practise 200-301 questions linked to Network Services and Security.
AI and Network Operations practice questions
Practise 200-301 questions linked to AI and Network Operations.
CCNA subnetting practice questions
Practise IPv4 subnetting, CIDR, masks, host ranges and subnet selection.
CCNA OSPF practice questions
Practise OSPF neighbours, router IDs, metrics, areas and routing-table interpretation.
CCNA VLAN practice questions
Practise VLANs, access ports, trunks, allowed VLANs and switching scenarios.
CCNA STP practice questions
Practise spanning tree, root bridge election, port roles and STP troubleshooting.
CCNA EtherChannel practice questions
Practise LACP, PAgP, port-channel behaviour and bundle requirements.
CCNA ACL practice questions
Practise standard and extended ACLs, permit/deny logic and traffic filtering.
CCNA NAT practice questions
Practise static NAT, dynamic NAT, PAT and inside/outside address translation.
Practice this exam
Start a free 200-301 practice session
Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.
FAQ
Questions learners often ask
What does this 200-301 question test?
Switching and Network Access — This question tests Switching and Network Access — PortFast immediately transitions an access port to forwarding state, reducing STP convergence delay for end devices..
What is the correct answer to this question?
The correct answer is: STP prevents loops, VTP manages VLANs, EtherChannel aggregates links, Port Security restricts MAC addresses, DTP negotiates trunks, and Rapid PVST+ provides fast per-VLAN convergence. — PortFast allows an edge port (connected to an end device) to bypass the listening and learning states and transition directly to forwarding, speeding up convergence. BPDU Guard disables a port if it receives a BPDU, protecting against accidental bridge connections on edge ports. Port security restricts which MAC addresses can communicate on a switch port, preventing unauthorized devices. DHCP Snooping filters DHCP messages and builds a binding table of trusted clients, helping to block rogue DHCP servers and attacks.
What should I do if I get this 200-301 question wrong?
Review portFast immediately transitions an access port to forwarding state, reducing STP convergence delay for end devices., then practise related 200-301 questions on the same topic to reinforce the concept.
What is the key concept behind this question?
PortFast immediately transitions an access port to forwarding state, reducing STP convergence delay for end devices.
About these practice questions
Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →
Last reviewed: Apr 12, 2026
This 200-301 practice question is part of Courseiva's free Cisco certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the 200-301 exam.
Question Discussion
Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.
Sign in to join the discussion.