Question 212 of 505
Application Deployment and SecurityeasyMultiple ChoiceObjective-mapped

Quick Answer

The answer is that the server is generating BPDU frames, which triggers BPDU guard and places the port into an errdisable state. This occurs because BPDU guard, often enabled implicitly when PortFast is configured on a switch port, immediately errdisables the port upon receiving any Bridge Protocol Data Unit. The switch interprets these frames as a potential bridging loop threat, even if the server is simply running a virtualization hypervisor or a software bridge. On the Cisco DevNet Associate 200-901 exam, this scenario tests your understanding of Layer 2 loop prevention mechanisms and the interaction between PortFast and BPDU guard. A common trap is assuming the server is malfunctioning or that the configuration is incorrect, but the key insight is that BPDU guard is designed to protect the network from unauthorized switches. Remember the memory tip: “BPDU guard + PortFast = instant errdisable on any BPDU.”

200-901 Application Deployment and Security Practice Question

This 200-901 practice question tests your understanding of application deployment and security. The scenario asks you to isolate a root cause — eliminate options that address a different problem before choosing. After answering, compare your reasoning against the explanation and wrong-answer breakdown below. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.

Exhibit

Refer to the exhibit.
```
interface GigabitEthernet1/0/1
 description CONNECTION TO APP SERVER
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
```

Refer to the exhibit. An engineer applied this configuration to a Cisco switch port connected to an application server. The server runs a critical business application that should not be disrupted. However, after applying the configuration, the port goes into errdisable state. What is the most likely cause?

Clue words in this question

Noticing these words before you look at the options changes how you read each choice.

  • Clue: "most likely"

    Why it matters: Probability qualifier — the question wants the most probable cause or outcome, not a guaranteed one. Eliminate low-probability options.

Question 1easymultiple choice
Full question →

Exhibit

Refer to the exhibit.
```
interface GigabitEthernet1/0/1
 description CONNECTION TO APP SERVER
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
 spanning-tree bpduguard enable
```

Answer choices

Why each option matters

Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.

Correct answer & explanation

The server is generating BPDU frames, triggering BPDU guard.

The correct answer is D because BPDU guard is enabled on the switch port (implicitly or explicitly via spanning-tree bpduguard enable). When the application server sends BPDU frames—perhaps because it is running a software bridge, virtualization host, or has a misconfigured NIC—the switch detects these frames on a port configured with portfast and immediately errdisables the port to prevent a potential bridging loop. This matches the symptom of the port going into errdisable state after applying the configuration.

Key principle: Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Answer analysis

Option-by-option breakdown

For each option: why learners choose it and why it is or isn't the right answer here.

  • The VLAN 10 does not exist on the switch.

    Why it's wrong here

    A missing VLAN would result in the port being inactive, not errdisable.

  • The spanning-tree portfast command is incompatible with access ports.

    Why it's wrong here

    Portfast is typically used on access ports to speed up transition to forwarding state; it does not cause errdisable.

  • The switchport mode access command is incorrect for a server connection.

    Why it's wrong here

    Access mode is appropriate for connecting a single server.

  • The server is generating BPDU frames, triggering BPDU guard.

    Why this is correct

    BPDU guard errdisables a port if it receives a BPDU, which can happen if the server runs STP or is connected to another switch.

    Clue confirmation

    The clue word "most likely" in the question point toward this answer.

    Related concept

    Read the scenario before looking for a memorised answer.

Common exam traps

Common exam trap: answer the scenario, not the keyword

Cisco often tests the misconception that BPDU guard is only for trunk ports or that PortFast is incompatible with access ports, but the trap here is that candidates overlook how a server can generate BPDU frames (e.g., from a virtual switch or bridging software) and that BPDU guard on an access port will errdisable it.

Detailed technical explanation

How to think about this question

BPDU guard works in conjunction with PortFast: when a port is configured with PortFast (or globally with spanning-tree portfast default), enabling BPDU guard causes the switch to disable the port if any BPDU is received, because an edge port should never receive BPDUs. The errdisable state can be recovered manually or automatically via errdisable recovery cause bpduguard. In real-world scenarios, servers running hypervisors with virtual switches or NIC teaming software may inadvertently generate BPDUs, triggering this protection.

KKey Concepts to Remember

  • Read the scenario before looking for a memorised answer.
  • Find the constraint that changes the correct option.
  • Eliminate answers that are true in general but not in this case.

TExam Day Tips

  • Watch for words such as best, first, most likely and least administrative effort.
  • Review why wrong options are wrong, not only why the correct option is correct.

Key takeaway

Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Real-world example

How this comes up in practice

A help-desk technician troubleshoots why a newly connected PC cannot reach shared printers on the same floor. The cable is good, the switch port is active, but the PC is in VLAN 20 and the printers are in VLAN 10. The uplink trunk only allows VLAN 10. A trunk being up does not mean every VLAN crosses it.

What to study next

Got this wrong? Here's your next step.

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

Related practice questions

Related 200-901 practice-question pages

Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.

Practice this exam

Start a free 200-901 practice session

Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.

FAQ

Questions learners often ask

What does this 200-901 question test?

Application Deployment and Security — This question tests Application Deployment and Security — Read the scenario before looking for a memorised answer..

What is the correct answer to this question?

The correct answer is: The server is generating BPDU frames, triggering BPDU guard. — The correct answer is D because BPDU guard is enabled on the switch port (implicitly or explicitly via spanning-tree bpduguard enable). When the application server sends BPDU frames—perhaps because it is running a software bridge, virtualization host, or has a misconfigured NIC—the switch detects these frames on a port configured with portfast and immediately errdisables the port to prevent a potential bridging loop. This matches the symptom of the port going into errdisable state after applying the configuration.

What should I do if I get this 200-901 question wrong?

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

Are there clue words in this question I should notice?

Yes — watch for: "most likely". Probability qualifier — the question wants the most probable cause or outcome, not a guaranteed one. Eliminate low-probability options.

What is the key concept behind this question?

Read the scenario before looking for a memorised answer.

About these practice questions

Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →

How Courseiva writes practice questions · Editorial policy

Last reviewed: Jun 11, 2026

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

This 200-901 practice question is part of Courseiva's free Cisco certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the 200-901 exam.