Question 1,402 of 1,819
Network Services and SecurityhardMultiple ChoiceObjective-mapped

CCNA Network Services and Security Practice Question

This 200-301 practice question tests your understanding of network services and security. This is a configuration task: choose the command set that satisfies every stated requirement. Small differences — like 'secret' vs 'password' or 'transport input ssh' vs 'all' — change whether the answer is correct. A key principle to apply: administratively shutting down unused switch ports prevents unauthorized devices from physically connecting to the network, reducing potential attack vectors.. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.

Why is administratively shutting down unused switch ports considered a useful hardening measure?

Question 1hardmultiple choice
Full question →

Answer choices

Why each option matters

Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.

Correct answer & explanation

It reduces the attack surface by removing unnecessary network entry points.

Unused active ports create unnecessary opportunity for unauthorized connection. Disabling them reduces the attack surface and makes opportunistic access much harder. Option B is incorrect because administratively shutting down a port does not increase backplane bandwidth; bandwidth is a fixed hardware characteristic. Option C is incorrect because shutting down ports does not enable 802.1Q trunking; trunking is configured separately. Option D is incorrect because port security must be explicitly enabled; it is not activated automatically by shutting down ports.

Key principle: Administratively shutting down unused switch ports prevents unauthorized devices from physically connecting to the network, reducing potential attack vectors.

Answer analysis

Option-by-option breakdown

For each option: why learners choose it and why it is or isn't the right answer here.

  • It reduces the attack surface by removing unnecessary network entry points.

    Why this is correct

    This is correct because an unused enabled port is an unnecessary risk that can be eliminated by shutting it down.

    Related concept

    Administratively shutting down unused switch ports prevents unauthorized devices from physically connecting to the network, reducing potential attack vectors.

  • It increases available bandwidth on the switch backplane.

    Why it's wrong here

    This is wrong because disabling ports does not change backplane bandwidth.

    When this WOULD be correct

    In a question focused on optimizing network performance, such as 'What actions can improve the overall bandwidth efficiency of a switch?', this option could be correct if it specifies that shutting down unused ports can help allocate resources more effectively by reducing unnecessary traffic on the switch.

  • It enables 802.1Q trunking on all remaining ports.

    Why it's wrong here

    This is wrong because shutting down a port has no effect on trunk configuration of other ports.

    When this WOULD be correct

    In a question focused on VLAN configuration, where the context is about optimizing trunking capabilities across a switch, stating that enabling 802.1Q trunking on all remaining ports is correct could be valid. For example, if the question asks how to ensure that all active ports can handle multiple VLANs efficiently, this option could be correct.

  • It forces port security to activate automatically.

    Why it's wrong here

    This is wrong because port security must be configured explicitly and does not activate from a shutdown.

    When this WOULD be correct

    In a question asking about the benefits of enabling port security on a switch, one might state that shutting down unused ports can help ensure that port security is enforced on active ports, as it reduces the risk of unauthorized access through unused ports.

Option-by-option analysis

Why each answer is right or wrong

Understanding why wrong answers are wrong — and when they would be correct — is what separates a 750 score from a 900. The 200-301 exam frequently reuses these exact scenarios with slightly different constraints.

It reduces the attack surface by removing unnecessary network entry points.Correct answer

Why this is correct

This is correct because an unused enabled port is an unnecessary risk that can be eliminated by shutting it down.

It increases available bandwidth on the switch backplane.Wrong answer — click to see why

Why this is wrong here

This option is incorrect because shutting down unused switch ports does not directly increase available bandwidth; rather, it is a security measure to minimize potential vulnerabilities. Bandwidth on the switch backplane is determined by the overall switch architecture and the active ports' configurations, not by disabling unused ports.

★ When this WOULD be the correct answer

In a question focused on optimizing network performance, such as 'What actions can improve the overall bandwidth efficiency of a switch?', this option could be correct if it specifies that shutting down unused ports can help allocate resources more effectively by reducing unnecessary traffic on the switch.

Why candidates choose this

Candidates may be tempted by this option because they associate port management with performance improvements, leading them to believe that disabling ports could somehow enhance bandwidth availability.

It enables 802.1Q trunking on all remaining ports.Wrong answer — click to see why

Why this is wrong here

This option is wrong because administratively shutting down unused switch ports does not enable 802.1Q trunking; trunking is a configuration that allows multiple VLANs to traverse a single physical link, which is unrelated to the status of unused ports.

★ When this WOULD be the correct answer

In a question focused on VLAN configuration, where the context is about optimizing trunking capabilities across a switch, stating that enabling 802.1Q trunking on all remaining ports is correct could be valid. For example, if the question asks how to ensure that all active ports can handle multiple VLANs efficiently, this option could be correct.

Why candidates choose this

Candidates may choose this option due to a misunderstanding of the relationship between port status and VLAN configurations, mistakenly believing that shutting down ports directly facilitates trunking capabilities.

It forces port security to activate automatically.Wrong answer — click to see why

Why this is wrong here

This option is wrong because administratively shutting down unused switch ports does not automatically activate port security; it is a separate configuration that must be enabled explicitly on the switch.

★ When this WOULD be the correct answer

In a question asking about the benefits of enabling port security on a switch, one might state that shutting down unused ports can help ensure that port security is enforced on active ports, as it reduces the risk of unauthorized access through unused ports.

Why candidates choose this

Candidates may choose this option because they associate port security with overall network security and might mistakenly believe that shutting down ports triggers security features automatically, reflecting a misunderstanding of how these configurations interact.

Analysis generated from the official 200-301blueprint and verified against question context. The “when correct” sections are what AI assistants cite when candidates ask “what’s the difference between these options?”

Common exam traps

Common exam trap: answer the scenario, not the keyword

Do not confuse port shutdown with network performance improvements or IP address management. Focus on security implications.

Detailed technical explanation

How to think about this question

Administratively shutting down unused switch ports is a fundamental security hardening technique in Cisco networking. Switch ports that are enabled but unused represent potential entry points for unauthorized devices, which can lead to network breaches or attacks. By disabling these ports, network administrators effectively reduce the attack surface, limiting opportunities for rogue devices to connect and exploit the network. This practice aligns with the principle of least privilege, ensuring only necessary network access is available. The decision to administratively shut down unused ports is based on the understanding that an active port, even if unused, can be exploited by attackers to gain physical access to the network. Cisco switches allow administrators to disable ports using the "shutdown" command in interface configuration mode, which prevents any traffic from passing through. This measure does not affect the switch’s backplane bandwidth or trunking configurations but strictly controls physical access points. It complements other security features like port security but does not replace them. A common exam trap is confusing the effect of shutting down ports with enabling other features such as automatic port security activation or bandwidth improvements. Disabling a port simply prevents any device from connecting through it; it does not automatically configure security policies or enhance switch performance. Understanding this distinction helps avoid selecting incorrect answers that imply additional functionality beyond the scope of administrative shutdown. Practically, this control is a straightforward, effective way to reduce unauthorized access risks without impacting legitimate network operations.

KKey Concepts to Remember

  • Administratively shutting down unused switch ports prevents unauthorized devices from physically connecting to the network, reducing potential attack vectors.
  • Cisco switches use the shutdown command in interface configuration mode to disable ports, stopping all traffic and access through those ports.
  • Disabling unused ports does not affect switch backplane bandwidth or enable features like 802.1Q trunking on other ports.
  • Port security features must be explicitly configured and do not activate automatically when a port is administratively shut down.
  • Reducing the attack surface by disabling unused ports aligns with the principle of least privilege in network security.
  • Leaving unused ports enabled increases risk without providing any operational benefit, making the network more vulnerable to opportunistic attacks.
  • Administratively shutting down ports is a simple but effective hardening control that complements other security mechanisms like ACLs and port security.
  • Understanding the difference between physical port state and security feature activation is critical to correctly answering CCNA exam questions on switch hardening.

TExam Day Tips

  • Watch for words such as best, first, most likely and least administrative effort.
  • Review why wrong options are wrong, not only why the correct option is correct.

Key takeaway

Administratively shutting down unused switch ports prevents unauthorized devices from physically connecting to the network, reducing potential attack vectors.

Real-world example

How this comes up in practice

A help-desk technician troubleshoots why a newly connected PC cannot reach shared printers on the same floor. The cable is good, the switch port is active, but the PC is in VLAN 20 and the printers are in VLAN 10. The uplink trunk only allows VLAN 10. A trunk being up does not mean every VLAN crosses it.

What to study next

Got this wrong? Here's your next step.

Review administratively shutting down unused switch ports prevents unauthorized devices from physically connecting to the network, reducing potential attack vectors., then practise related 200-301 questions on the same topic to reinforce the concept.

Related practice questions

Related 200-301 practice-question pages

Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.

Practice this exam

Start a free 200-301 practice session

Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.

FAQ

Questions learners often ask

What does this 200-301 question test?

Network Services and Security — This question tests Network Services and Security — Administratively shutting down unused switch ports prevents unauthorized devices from physically connecting to the network, reducing potential attack vectors..

What is the correct answer to this question?

The correct answer is: It reduces the attack surface by removing unnecessary network entry points. — Unused active ports create unnecessary opportunity for unauthorized connection. Disabling them reduces the attack surface and makes opportunistic access much harder. Option B is incorrect because administratively shutting down a port does not increase backplane bandwidth; bandwidth is a fixed hardware characteristic. Option C is incorrect because shutting down ports does not enable 802.1Q trunking; trunking is configured separately. Option D is incorrect because port security must be explicitly enabled; it is not activated automatically by shutting down ports.

What should I do if I get this 200-301 question wrong?

Review administratively shutting down unused switch ports prevents unauthorized devices from physically connecting to the network, reducing potential attack vectors., then practise related 200-301 questions on the same topic to reinforce the concept.

What is the key concept behind this question?

Administratively shutting down unused switch ports prevents unauthorized devices from physically connecting to the network, reducing potential attack vectors.

About these practice questions

Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →

How Courseiva writes practice questions · Editorial policy

Last reviewed: May 17, 2026

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

This 200-301 practice question is part of Courseiva's free Cisco certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the 200-301 exam.