- A
The port is a trunk port but configured as access, causing VLAN mismatch
Why wrong: Port is access mode.
- B
The port is configured in multi-auth host mode, causing conflicts
Why wrong: Host mode not shown; default is single-host.
- C
The 'authentication periodic' command forces reauthentication every 3600 seconds, and the client fails to reauthenticate
Periodic reauthentication can cause disconnections if client fails.
- D
The switch is using MAC authentication bypass (MAB) as a fallback, which fails for some devices
Why wrong: MAB is not configured in the snippet.
Quick Answer
The answer is the 'authentication periodic' command, which forces reauthentication every 3600 seconds, and the client fails to reauthenticate. This command enables periodic reauthentication on the port, and the 'authentication timer reauthenticate 3600' sets the interval to one hour, but the logs show failures far sooner—meaning the client is failing reauthentication triggered by other events, such as a new supplicant attempt or a port state change. On the Cisco DevNet Associate 200-901 exam, this tests your understanding of 802.1X authentication periodic reauthentication failure scenarios, often presented as a troubleshooting question where valid credentials work initially but cause intermittent connectivity loss due to EAP method mismatches or credential caching issues. A common trap is assuming the timer alone causes the problem, when in fact the periodic command makes the switch reauthenticate on any trigger, and a client that cannot complete the exchange gets disconnected. Memory tip: think "periodic = persistent pestering"—if the client can't answer every knock, it gets kicked off.
200-901 Network Fundamentals Practice Question
This 200-901 practice question tests your understanding of network fundamentals. The scenario asks you to isolate a root cause — eliminate options that address a different problem before choosing. After answering, compare your reasoning against the explanation and wrong-answer breakdown below. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.
A university campus network uses Cisco switches with 802.1X for wired authentication. Recently, users in a dormitory report intermittent connectivity: they can connect initially but are disconnected after a few minutes. The network team checks the switch logs and sees messages like 'Authentication failure for MAC address xxxx.xxxx.xxxx on port GigabitEthernet1/0/5' but the users claim they are using valid credentials. The same users can connect from other ports without issues. The port configuration for Gi1/0/5 is: switchport mode access, authentication port-control auto, dot1x pae authenticator, authentication periodic, authentication timer reauthenticate 3600. The team suspects a misconfiguration. What is the most likely cause of the intermittent disconnections?
Clue words in this question
Noticing these words before you look at the options changes how you read each choice.
Clue:
"most likely"Why it matters: Probability qualifier — the question wants the most probable cause or outcome, not a guaranteed one. Eliminate low-probability options.
Answer choices
Why each option matters
Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.
Correct answer & explanation
The 'authentication periodic' command forces reauthentication every 3600 seconds, and the client fails to reauthenticate
The 'authentication periodic' command enables periodic reauthentication, and the 'authentication timer reauthenticate 3600' sets the interval to 3600 seconds (1 hour). However, the logs show authentication failures occurring much sooner than 3600 seconds, indicating that the client is failing reauthentication attempts triggered by other events (e.g., a new supplicant attempt or a reauthentication due to a port state change). The intermittent disconnections are caused by the client failing to reauthenticate when the switch initiates a new authentication exchange, likely due to a mismatch in EAP method or credential caching issues.
Key principle: Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.
Answer analysis
Option-by-option breakdown
For each option: why learners choose it and why it is or isn't the right answer here.
- ✗
The port is a trunk port but configured as access, causing VLAN mismatch
Why it's wrong here
Port is access mode.
- ✗
The port is configured in multi-auth host mode, causing conflicts
Why it's wrong here
Host mode not shown; default is single-host.
- ✓
The 'authentication periodic' command forces reauthentication every 3600 seconds, and the client fails to reauthenticate
Why this is correct
Periodic reauthentication can cause disconnections if client fails.
Clue confirmation
The clue word "most likely" in the question point toward this answer.
Related concept
Read the scenario before looking for a memorised answer.
- ✗
The switch is using MAC authentication bypass (MAB) as a fallback, which fails for some devices
Why it's wrong here
MAB is not configured in the snippet.
Common exam traps
Common exam trap: answer the scenario, not the keyword
Cisco often tests the subtle behavior of 'authentication periodic' and 'authentication timer reauthenticate' — candidates mistakenly think the timer is the only trigger for reauthentication, but the switch can also reauthenticate due to link state changes or new supplicant attempts, and a failure during any reauthentication causes immediate disconnection.
Trap categories for this question
Command / output trap
Host mode not shown; default is single-host.
Detailed technical explanation
How to think about this question
With 'authentication periodic' enabled, the switch sends an EAPoL-Request/Identity to the client after the reauthentication timer expires. If the client does not respond correctly (e.g., due to a stale credential cache or incompatible EAP method), the switch treats it as a failure and places the port in an unauthorized state, causing disconnection. In real-world scenarios, this often happens with Windows supplicants that cache credentials and fail to re-authenticate if the switch requests a different EAP method than the one used initially.
KKey Concepts to Remember
- Read the scenario before looking for a memorised answer.
- Find the constraint that changes the correct option.
- Eliminate answers that are true in general but not in this case.
TExam Day Tips
- Watch for words such as best, first, most likely and least administrative effort.
- Review why wrong options are wrong, not only why the correct option is correct.
Key takeaway
Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.
Real-world example
How this comes up in practice
A help-desk technician troubleshoots why a newly connected PC cannot reach shared printers on the same floor. The cable is good, the switch port is active, but the PC is in VLAN 20 and the printers are in VLAN 10. The uplink trunk only allows VLAN 10. A trunk being up does not mean every VLAN crosses it.
What to study next
Got this wrong? Here's your next step.
Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.
- →
Network Fundamentals — study guide chapter
Learn the concepts, then practise the questions
- →
Network Fundamentals practice questions
Targeted practice on this topic area only
- →
All 200-901 questions
505 questions across all exam domains
- →
Cisco DevNet Associate 200-901 study guide
Full concept coverage aligned to exam objectives
- →
200-901 practice test guide
How to use practice tests most effectively before exam day
Related practice questions
Related 200-901 practice-question pages
Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.
Software Development and Design practice questions
Practise 200-901 questions linked to Software Development and Design.
Understanding and Using APIs practice questions
Practise 200-901 questions linked to Understanding and Using APIs.
Cisco Platforms and Development practice questions
Practise 200-901 questions linked to Cisco Platforms and Development.
Application Deployment and Security practice questions
Practise 200-901 questions linked to Application Deployment and Security.
Infrastructure and Automation practice questions
Practise 200-901 questions linked to Infrastructure and Automation.
Network Fundamentals practice questions
Practise 200-901 questions linked to Network Fundamentals.
200-901 fundamentals practice questions
Practise 200-901 questions linked to 200-901 fundamentals.
200-901 scenario practice questions
Practise 200-901 questions linked to 200-901 scenario.
200-901 troubleshooting practice questions
Practise 200-901 questions linked to 200-901 troubleshooting.
Practice this exam
Start a free 200-901 practice session
Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.
FAQ
Questions learners often ask
What does this 200-901 question test?
Network Fundamentals — This question tests Network Fundamentals — Read the scenario before looking for a memorised answer..
What is the correct answer to this question?
The correct answer is: The 'authentication periodic' command forces reauthentication every 3600 seconds, and the client fails to reauthenticate — The 'authentication periodic' command enables periodic reauthentication, and the 'authentication timer reauthenticate 3600' sets the interval to 3600 seconds (1 hour). However, the logs show authentication failures occurring much sooner than 3600 seconds, indicating that the client is failing reauthentication attempts triggered by other events (e.g., a new supplicant attempt or a reauthentication due to a port state change). The intermittent disconnections are caused by the client failing to reauthenticate when the switch initiates a new authentication exchange, likely due to a mismatch in EAP method or credential caching issues.
What should I do if I get this 200-901 question wrong?
Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.
Are there clue words in this question I should notice?
Yes — watch for: "most likely". Probability qualifier — the question wants the most probable cause or outcome, not a guaranteed one. Eliminate low-probability options.
What is the key concept behind this question?
Read the scenario before looking for a memorised answer.
About these practice questions
Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →
Last reviewed: Jun 11, 2026
This 200-901 practice question is part of Courseiva's free Cisco certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the 200-901 exam.
Question Discussion
Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.
Sign in to join the discussion.