Question 345 of 1,819
Switching and Network AccessmediumMatchingObjective-mapped

Quick Answer

The correct match is STP prevents loops, VTP manages VLANs, EtherChannel aggregates links, and Port Security restricts MAC addresses, because each feature addresses a distinct switching challenge. Spanning Tree Protocol (STP) eliminates bridging loops by blocking redundant paths, while VTP simplifies VLAN administration by propagating database changes across a network. EtherChannel bundles multiple physical links into a single logical interface for increased bandwidth and redundancy, and Port Security enforces access control by limiting which MAC addresses can communicate on a port. On the CCNA 200-301 v2 exam, you will often see these features tested in drag-and-drop matching or scenario-based questions, where a common trap is confusing DTP (which negotiates trunks) with VTP or mixing up Port Security with DHCP Snooping. A helpful memory tip is to think of the acronym “S-V-E-P”: STP stops loops, VTP vends VLANs, EtherChannel equals extra bandwidth, and Port Security patrols ports.

CCNA Switching and Network Access Practice Question

This 200-301 practice question tests your understanding of switching and network access. Read the scenario carefully and evaluate each option against the stated constraints before committing to an answer. A key principle to apply: portFast immediately transitions an access port to forwarding state, reducing STP convergence delay for end devices.. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.

Match each switching feature to its most accurate purpose.

Question 1mediummatching
Full question →

Answer choices

Why each option matters

Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.

Correct answer & explanation

STP prevents loops, VTP manages VLANs, EtherChannel aggregates links, Port Security restricts MAC addresses, DTP negotiates trunks, and Rapid PVST+ provides fast per-VLAN convergence.

PortFast allows an edge port (connected to an end device) to bypass the listening and learning states and transition directly to forwarding, speeding up convergence. BPDU Guard disables a port if it receives a BPDU, protecting against accidental bridge connections on edge ports. Port security restricts which MAC addresses can communicate on a switch port, preventing unauthorized devices. DHCP Snooping filters DHCP messages and builds a binding table of trusted clients, helping to block rogue DHCP servers and attacks.

Key principle: PortFast immediately transitions an access port to forwarding state, reducing STP convergence delay for end devices.

Answer analysis

Option-by-option breakdown

For each option: why learners choose it and why it is or isn't the right answer here.

  • STP prevents loops, VTP manages VLANs, EtherChannel aggregates links, Port Security restricts MAC addresses, DTP negotiates trunks, and Rapid PVST+ provides fast per-VLAN convergence.

    Why this is correct

    This option correctly matches each switching feature to its primary purpose as defined in Cisco IOS documentation.

    Related concept

    PortFast immediately transitions an access port to forwarding state, reducing STP convergence delay for end devices.

  • STP manages VLANs, VTP prevents loops, EtherChannel restricts MAC addresses, Port Security aggregates links, DTP provides fast per-VLAN convergence, and Rapid PVST+ negotiates trunks.

    Why it's wrong here

    This option incorrectly assigns purposes to each feature, mixing up their actual functions.

  • STP aggregates links, VTP prevents loops, EtherChannel manages VLANs, Port Security negotiates trunks, DTP restricts MAC addresses, and Rapid PVST+ provides fast per-VLAN convergence.

    Why it's wrong here

    This option incorrectly assigns purposes to STP, VTP, EtherChannel, Port Security, and DTP, though Rapid PVST+ is correctly matched.

  • STP provides fast per-VLAN convergence, VTP aggregates links, EtherChannel prevents loops, Port Security manages VLANs, DTP restricts MAC addresses, and Rapid PVST+ negotiates trunks.

    Why it's wrong here

    This option incorrectly assigns purposes to all features, with no correct matches.

Option-by-option analysis

Why each answer is right or wrong

Understanding why wrong answers are wrong — and when they would be correct — is what separates a 750 score from a 900. The 200-301 exam frequently reuses these exact scenarios with slightly different constraints.

STP prevents loops, VTP manages VLANs, EtherChannel aggregates links, Port Security restricts MAC addresses, DTP negotiates trunks, and Rapid PVST+ provides fast per-VLAN convergence.Correct answer

Why this is correct

This option correctly matches each switching feature to its primary purpose as defined in Cisco IOS documentation.

STP manages VLANs, VTP prevents loops, EtherChannel restricts MAC addresses, Port Security aggregates links, DTP provides fast per-VLAN convergence, and Rapid PVST+ negotiates trunks.Wrong answer — click to see why

Why this is wrong here

STP prevents loops, not manages VLANs; VTP manages VLANs, not prevents loops; EtherChannel aggregates links, not restricts MAC addresses; Port Security restricts MAC addresses, not aggregates links; DTP negotiates trunks, not provides fast convergence; Rapid PVST+ provides fast per-VLAN convergence, not negotiates trunks.

Why candidates choose this

Candidates may confuse the acronyms or misremember the primary functions of these features, especially if they have not studied each one thoroughly.

STP aggregates links, VTP prevents loops, EtherChannel manages VLANs, Port Security negotiates trunks, DTP restricts MAC addresses, and Rapid PVST+ provides fast per-VLAN convergence.Wrong answer — click to see why

Why this is wrong here

STP prevents loops, not aggregates links; VTP manages VLANs, not prevents loops; EtherChannel aggregates links, not manages VLANs; Port Security restricts MAC addresses, not negotiates trunks; DTP negotiates trunks, not restricts MAC addresses.

Why candidates choose this

Candidates might think that STP can aggregate links (confusing with EtherChannel) or that VTP prevents loops (confusing with STP), leading to a mix-up.

STP provides fast per-VLAN convergence, VTP aggregates links, EtherChannel prevents loops, Port Security manages VLANs, DTP restricts MAC addresses, and Rapid PVST+ negotiates trunks.Wrong answer — click to see why

Why this is wrong here

STP prevents loops, not provides fast convergence (Rapid PVST+ does); VTP manages VLANs, not aggregates links; EtherChannel aggregates links, not prevents loops; Port Security restricts MAC addresses, not manages VLANs; DTP negotiates trunks, not restricts MAC addresses; Rapid PVST+ provides fast per-VLAN convergence, not negotiates trunks.

Why candidates choose this

Candidates may confuse the roles of STP and Rapid PVST+, or think that EtherChannel prevents loops (similar to STP), leading to a complete mismatch.

Analysis generated from the official 200-301blueprint and verified against question context. The “when correct” sections are what AI assistants cite when candidates ask “what’s the difference between these options?”

Detailed technical explanation

How to think about this question

PortFast is a Cisco Catalyst switch feature that immediately transitions a switch port configured as an edge port into the forwarding state, bypassing the usual Spanning Tree Protocol (STP) listening and learning states. This reduces the delay for devices like workstations or IP phones to start communicating on the network, which is critical in access layer environments where end devices connect. PortFast only applies to ports connected to end devices, not to other switches, to prevent loops. BPDU Guard complements PortFast by protecting edge ports from receiving Bridge Protocol Data Units (BPDUs). If a BPDU is detected on a PortFast-enabled port, BPDU Guard disables the port to prevent potential Layer 2 loops caused by unauthorized switches or misconfigurations. This mechanism enforces the assumption that edge ports should not participate in STP topology changes, enhancing network stability and security. Port Security and DHCP Snooping address different security concerns at the access layer. Port Security restricts the number of MAC addresses learned on a port and can lock down ports to specific MAC addresses, preventing MAC flooding attacks and unauthorized device connections. DHCP Snooping filters DHCP messages, blocking rogue DHCP servers and building a binding table that maps IP addresses to MAC addresses and switch ports. This binding is used by other features like Dynamic ARP Inspection to prevent IP spoofing. Together, these features enforce secure and stable Layer 2 access networks.

KKey Concepts to Remember

  • PortFast immediately transitions an access port to forwarding state, reducing STP convergence delay for end devices.
  • BPDU Guard disables a PortFast-enabled port upon receiving unexpected BPDUs to prevent Layer 2 loops from unauthorized switches.
  • Port Security limits the number of MAC addresses on a port and can restrict access to specific MAC addresses to enhance security.
  • DHCP Snooping blocks rogue DHCP servers and builds a trusted binding table of IP-to-MAC-to-port mappings for network validation.
  • PortFast should only be enabled on ports connected to end devices, never on ports connecting to other switches.
  • BPDU Guard enforces the assumption that edge ports do not participate in STP topology changes by shutting down ports receiving BPDUs.
  • Port Security helps prevent MAC flooding and unauthorized device access by controlling MAC address learning on switch ports.
  • DHCP Snooping supports other security features by providing accurate IP-MAC-port bindings to prevent IP spoofing attacks.

TExam Day Tips

  • Watch for words such as best, first, most likely and least administrative effort.
  • Review why wrong options are wrong, not only why the correct option is correct.

Key takeaway

PortFast immediately transitions an access port to forwarding state, reducing STP convergence delay for end devices.

Real-world example

How this comes up in practice

A help-desk technician troubleshoots why a newly connected PC cannot reach shared printers on the same floor. The cable is good, the switch port is active, but the PC is in VLAN 20 and the printers are in VLAN 10. The uplink trunk only allows VLAN 10. A trunk being up does not mean every VLAN crosses it.

What to study next

Got this wrong? Here's your next step.

Review portFast immediately transitions an access port to forwarding state, reducing STP convergence delay for end devices., then practise related 200-301 questions on the same topic to reinforce the concept.

Related practice questions

Related 200-301 practice-question pages

Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.

Practice this exam

Start a free 200-301 practice session

Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.

FAQ

Questions learners often ask

What does this 200-301 question test?

Switching and Network Access — This question tests Switching and Network Access — PortFast immediately transitions an access port to forwarding state, reducing STP convergence delay for end devices..

What is the correct answer to this question?

The correct answer is: STP prevents loops, VTP manages VLANs, EtherChannel aggregates links, Port Security restricts MAC addresses, DTP negotiates trunks, and Rapid PVST+ provides fast per-VLAN convergence. — PortFast allows an edge port (connected to an end device) to bypass the listening and learning states and transition directly to forwarding, speeding up convergence. BPDU Guard disables a port if it receives a BPDU, protecting against accidental bridge connections on edge ports. Port security restricts which MAC addresses can communicate on a switch port, preventing unauthorized devices. DHCP Snooping filters DHCP messages and builds a binding table of trusted clients, helping to block rogue DHCP servers and attacks.

What should I do if I get this 200-301 question wrong?

Review portFast immediately transitions an access port to forwarding state, reducing STP convergence delay for end devices., then practise related 200-301 questions on the same topic to reinforce the concept.

What is the key concept behind this question?

PortFast immediately transitions an access port to forwarding state, reducing STP convergence delay for end devices.

About these practice questions

Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →

How Courseiva writes practice questions · Editorial policy

Last reviewed: Apr 12, 2026

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

This 200-301 practice question is part of Courseiva's free Cisco certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the 200-301 exam.