200-301 Question #475: Real Exam Question with Answer & Explanation

The correct answer is B: configure ports in a black hole VLAN. For security best practices, unused switch ports should be placed into a dedicated "black hole" VLAN that is not routed.

Submitted by hassan_iq· Mar 5, 2026DOMAIN_LIST_MISSING

Question

A network administrator is asked to configure VLANS 2, 3 and 4 for a new implementation. Some ports must be assigned to the new VLANS with unused remaining. Which action should be taken for the unused ports?

Options

Aconfigure port in the native VLAN
Bconfigure ports in a black hole VLAN
Cconfigure in a nondefault native VLAN
Dconfigure ports as access ports

Explanation

For security best practices, unused switch ports should be placed into a dedicated "black hole" VLAN that is not routed.

Common mistakes.

A. Configuring unused ports in the native VLAN (often VLAN 1 by default) can be a security risk as VLAN 1 is often routed or used for management, providing potential unauthorized network access.
C. While using a nondefault native VLAN can improve security in some contexts, simply configuring unused ports in any nondefault native VLAN without making it an isolated "black hole" VLAN does not guarantee the same level of security.
D. Configuring ports as access ports is a necessary step, but it doesn't specify which VLAN they should be assigned to; assigning them to an active VLAN would be insecure if the ports are unused.

Concept tested. VLAN security for unused ports

Reference. https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960x/software/15-0_2_EX/security/configuration_guide/b_sec_152ex_2960x_cg/b_sec_152ex_2960x_cg_chapter_010.html

Topics

#VLAN configuration#Port security#Black hole VLAN#Switch port configuration

Community Discussion

No community discussion yet for this question.

Full 200-301 Practice Browse All 200-301 Questions