200-301 Question #99: Real Exam Question with Answer & Explanation

The correct answer is B: Administratively shut down the ports. To secure unused switch ports, an engineer should administratively shut them down and reassign them to an isolated, unused VLAN.

Submitted by andres_qro· Mar 5, 2026Network Access

Question

An engineer is asked to protect unused ports that are configured in the default VLAN on a switch. Which two steps will fulfill the request? (Choose two)

Options

AConfigure the ports in an EtherChannel.
BAdministratively shut down the ports
CConfigure the port type as access and place in VLAN 99
DConfigure the ports as trunk ports
EEnable the Cisco Discovery Protocol

Explanation

To secure unused switch ports, an engineer should administratively shut them down and reassign them to an isolated, unused VLAN.

Common mistakes.

A. Configuring ports in an EtherChannel bundles them for increased bandwidth and redundancy, which does not secure individual unused ports.
D. Configuring ports as trunk ports allows multiple VLANs to traverse them, which increases the attack surface for unused ports rather than securing them.
E. Enabling Cisco Discovery Protocol (CDP) allows device discovery but is not a security measure for unused ports and can potentially expose information about the switch.

Concept tested. Securing unused switch ports

Reference. https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12-2_55_se/configuration/guide/3560scg/swint.html#wp1077651

Topics

#Switch port security#Unused port protection#VLAN assignment#Interface shutdown

Community Discussion

No community discussion yet for this question.

Full 200-301 Practice Browse All 200-301 Questions