Cisco
352-001 · Question #325
352-001 Question #325: Real Exam Question with Answer & Explanation
The correct answer is A: BPDU Guard. BPDU Guard detects unauthorized switches via their BPDUs and err-disables the port, while Port Security limits MAC addresses to block hubs and switches introducing multiple hosts.
Question
Acme Corporation wants to minimize the risk of users plugging unauthorized switches and hubs into the network. Which two features can be used on the LAN access ports to support this design requirement? (Choose two.)
Options
- ABPDU Guard
- BPortFast
- CLoop Guard
- DPort Security
- EUDLD
Explanation
BPDU Guard detects unauthorized switches via their BPDUs and err-disables the port, while Port Security limits MAC addresses to block hubs and switches introducing multiple hosts.
Common mistakes.
- B. PortFast only accelerates STP port state transitions so end devices come online faster; it provides no mechanism to detect or block unauthorized switches or hubs.
- C. Loop Guard protects against unidirectional link failures that could create STP forwarding loops by monitoring BPDU receipt; it has no capability to detect or block unauthorized device connections.
- E. UDLD detects physical-layer unidirectional link failures by monitoring echo replies between neighbors; it does not identify or restrict unauthorized switches or hubs connected to access ports.
Concept tested. LAN access port security against unauthorized switches and hubs
Community Discussion
No community discussion yet for this question.