- A
VTP pruning reduces unnecessary broadcast traffic by preventing a trunk from carrying traffic for VLANs that have no active ports in the VLAN on downstream switches.
This is the primary benefit of VTP pruning; it dynamically prunes VLANs from trunk links.
- B
VTP pruning is enabled globally using the 'vtp pruning' command in global configuration mode.
The command 'vtp pruning' enables pruning for the entire VTP domain.
- C
VTP pruning can be enabled on a VTP client switch.
Why wrong: VTP clients cannot enable pruning; they only receive pruning information from the server. Pruning must be configured on the VTP server.
- D
Manual VLAN pruning using 'switchport trunk allowed vlan' overrides VTP pruning for that specific trunk interface.
If a manual allowed VLAN list is configured, VTP pruning will not remove those VLANs from the trunk, as manual configuration takes precedence.
- E
VTP pruning can remove the native VLAN from a trunk link.
Why wrong: The native VLAN is always allowed on a trunk and cannot be pruned by VTP pruning.
Quick Answer
The correct answer is that manual VLAN pruning using the 'switchport trunk allowed vlan' command overrides VTP pruning for that specific trunk interface. This is because VTP pruning dynamically removes VLANs from trunk allowed lists to reduce unnecessary broadcast traffic, but it only operates when VTP is in server or transparent mode and does not affect the native VLAN. On the ENCOR 350-401 exam, this concept tests your understanding of how VTP pruning interacts with manual configuration, often appearing in a "choose three" question where you must distinguish between global VTP pruning behavior and per-interface overrides. A common trap is assuming VTP pruning applies to all VLANs equally, but remember that the native VLAN is always allowed and manual pruning takes precedence. Memory tip: "Manual overrides dynamic—if you prune by hand, VTP takes a stand."
350-401 VLANs and Trunking Practice Question
This 350-401 practice question tests your understanding of vlans and trunking. The scenario asks you to isolate a root cause — eliminate options that address a different problem before choosing. After answering, compare your reasoning against the explanation and wrong-answer breakdown below. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.
Which three statements about trunking and VLAN pruning are true? (Choose three.)
Answer choices
Why each option matters
Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.
Correct answer & explanation
VTP pruning reduces unnecessary broadcast traffic by preventing a trunk from carrying traffic for VLANs that have no active ports in the VLAN on downstream switches.
VTP pruning reduces unnecessary broadcast traffic on trunk links by dynamically removing VLANs from trunk allowed lists when no downstream switch has ports in that VLAN. VTP pruning is enabled globally with the 'vtp pruning' command. It requires VTP to be in server or transparent mode; clients cannot enable pruning. The 'switchport trunk allowed vlan' command can manually prune VLANs, and this overrides VTP pruning for that interface. VTP pruning does not affect the native VLAN, which is always allowed.
Key principle: Authentication proves identity; authorization controls what that identity can do after login. Both must work for full privileged access.
Answer analysis
Option-by-option breakdown
For each option: why learners choose it and why it is or isn't the right answer here.
- ✓
VTP pruning reduces unnecessary broadcast traffic by preventing a trunk from carrying traffic for VLANs that have no active ports in the VLAN on downstream switches.
Why this is correct
This is the primary benefit of VTP pruning; it dynamically prunes VLANs from trunk links.
Related concept
Authentication checks who the user is.
- ✓
VTP pruning is enabled globally using the 'vtp pruning' command in global configuration mode.
Why this is correct
The command 'vtp pruning' enables pruning for the entire VTP domain.
Related concept
Authentication checks who the user is.
- ✗
VTP pruning can be enabled on a VTP client switch.
Why it's wrong here
VTP clients cannot enable pruning; they only receive pruning information from the server. Pruning must be configured on the VTP server.
- ✓
Manual VLAN pruning using 'switchport trunk allowed vlan' overrides VTP pruning for that specific trunk interface.
- ✗
VTP pruning can remove the native VLAN from a trunk link.
Why it's wrong here
The native VLAN is always allowed on a trunk and cannot be pruned by VTP pruning.
Common exam traps
Common exam trap: authentication is not authorization
Logging in proves the user can authenticate. It does not automatically mean the user is allowed to enter privileged or configuration mode. Watch for AAA authorization, privilege level and command authorization details.
Detailed technical explanation
How to think about this question
This kind of question is testing the difference between identity and permission. A user may successfully log in to a router because authentication is working, but still fail to enter configuration mode because authorization is missing, misconfigured or mapped to a lower privilege level.
KKey Concepts to Remember
- Authentication checks who the user is.
- Authorization controls what the user is allowed to do after login.
- Privilege levels affect access to EXEC and configuration commands.
- AAA, TACACS+ and RADIUS can separate login success from command access.
TExam Day Tips
- Do not assume successful login means full administrative access.
- Look for words such as cannot enter configuration mode, privilege level, authorization or command access.
- Separate login problems from permission problems before choosing the answer.
Key takeaway
Authentication proves identity; authorization controls what that identity can do after login. Both must work for full privileged access.
Real-world example
How this comes up in practice
A help-desk technician troubleshoots why a newly connected PC cannot reach shared printers on the same floor. The cable is good, the switch port is active, but the PC is in VLAN 20 and the printers are in VLAN 10. The uplink trunk only allows VLAN 10. A trunk being up does not mean every VLAN crosses it.
What to study next
Got this wrong? Here's your next step.
Review Cisco AAA concepts — authentication, authorization, and accounting. Study privilege levels (0–15), command authorization under TACACS+, and how RADIUS differs. Then practise related 350-401 questions on access control and AAA configuration.
- →
VLANs and Trunking — study guide chapter
Learn the concepts, then practise the questions
- →
VLANs and Trunking practice questions
Targeted practice on this topic area only
- →
All 350-401 questions
2,015 questions across all exam domains
- →
ENCOR 350-401 study guide
Full concept coverage aligned to exam objectives
- →
350-401 practice test guide
How to use practice tests most effectively before exam day
Related practice questions
Related 350-401 practice-question pages
Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.
Architecture practice questions
Practise 350-401 questions linked to Architecture.
Enterprise Network Design practice questions
Practise 350-401 questions linked to Enterprise Network Design.
SD-Access Architecture practice questions
Practise 350-401 questions linked to SD-Access Architecture.
SD-WAN Architecture practice questions
Practise 350-401 questions linked to SD-WAN Architecture.
QoS Architecture practice questions
Practise 350-401 questions linked to QoS Architecture.
Virtualization practice questions
Practise 350-401 questions linked to Virtualization.
Network Function Virtualization practice questions
Practise 350-401 questions linked to Network Function Virtualization.
Virtual Machines and Hypervisors practice questions
Practise 350-401 questions linked to Virtual Machines and Hypervisors.
VRF and Path Isolation practice questions
Practise 350-401 questions linked to VRF and Path Isolation.
Infrastructure practice questions
Practise 350-401 questions linked to Infrastructure.
OSPF practice questions
Practise 350-401 questions linked to OSPF.
BGP practice questions
Practise 350-401 questions linked to BGP.
Practice this exam
Start a free 350-401 practice session
Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.
FAQ
Questions learners often ask
What does this 350-401 question test?
VLANs and Trunking — This question tests VLANs and Trunking — Authentication checks who the user is..
What is the correct answer to this question?
The correct answer is: VTP pruning reduces unnecessary broadcast traffic by preventing a trunk from carrying traffic for VLANs that have no active ports in the VLAN on downstream switches. — VTP pruning reduces unnecessary broadcast traffic on trunk links by dynamically removing VLANs from trunk allowed lists when no downstream switch has ports in that VLAN. VTP pruning is enabled globally with the 'vtp pruning' command. It requires VTP to be in server or transparent mode; clients cannot enable pruning. The 'switchport trunk allowed vlan' command can manually prune VLANs, and this overrides VTP pruning for that interface. VTP pruning does not affect the native VLAN, which is always allowed.
What should I do if I get this 350-401 question wrong?
Review Cisco AAA concepts — authentication, authorization, and accounting. Study privilege levels (0–15), command authorization under TACACS+, and how RADIUS differs. Then practise related 350-401 questions on access control and AAA configuration.
What is the key concept behind this question?
Authentication checks who the user is.
About these practice questions
Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →
Same concept, more angles
1 more ways this is tested on 350-401
These questions test the same concept from different angles. Work through them to make sure you can recognise it however the exam phrases it.
Variation 1. Which three statements about trunking and VLAN pruning are true? (Choose three.)
medium- ✓ A.VTP pruning dynamically removes VLANs from a trunk if the VLAN is not present on the remote switch.
- ✓ B.Manual pruning can be achieved using the 'switchport trunk allowed vlan' command.
- ✓ C.VTP pruning requires VTP to be enabled on the switches in the management domain.
- D.VTP pruning is only supported in VTP version 3.
- E.The 'switchport trunk native vlan' command is used to prune VLANs from a trunk.
Why A: Correct: A is true because VTP pruning reduces unnecessary broadcast traffic on trunk links by dynamically removing VLANs that are not needed on a switch. B is true because pruning can be manually configured on a trunk using the 'switchport trunk allowed vlan' command to restrict which VLANs traverse the link. C is true because VTP pruning requires VTP to be configured and operating in the domain; it is not available without VTP. D is incorrect because VTP pruning works with VTP versions 1 and 2, not just version 3. E is incorrect because the 'switchport trunk native vlan' command sets the native VLAN, not pruning; pruning is controlled by allowed VLAN lists or VTP pruning.
Last reviewed: Jun 18, 2026
This 350-401 practice question is part of Courseiva's free Cisco certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the 350-401 exam.
Question Discussion
Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.
Sign in to join the discussion.