nerdexam
Exams352-001Questions#472
Cisco

352-001 · Question #472

352-001 Question #472: Real Exam Question with Answer & Explanation

The correct answer is C: BPDU guard. BPDU guard protects access ports by err-disabling them upon receiving any BPDU, preventing rogue switches and accidental loops from affecting the campus network.

Question

In Layer 2 access campus design, which mechanism should be enabled on access ports to protect the campus network from undesired access switches and looped ports?

Options

  • Aroot guard
  • BEtherChannel guard
  • CBPDU guard
  • Dloop guard

Explanation

BPDU guard protects access ports by err-disabling them upon receiving any BPDU, preventing rogue switches and accidental loops from affecting the campus network.

Common mistakes.

  • A. Root guard prevents a designated port from accepting a superior BPDU and becoming a root port, protecting root bridge placement rather than blocking unauthorized switch connections on access ports.
  • B. EtherChannel guard detects and responds to misconfigured EtherChannel bundles between switches and does not prevent rogue switch connections on individual access ports.
  • D. Loop guard prevents an alternate or root port from transitioning to a forwarding state when BPDUs stop arriving due to a unidirectional link failure, which is unrelated to blocking unauthorized switch connections.

Concept tested. STP BPDU guard on access ports

Reference. https://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/10586-65.html

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 352-001 Practice