nerdexam
Cisco

400-007 · Question #32

400-007 Question #32: Real Exam Question with Answer & Explanation

The correct answer is B. PortFast E. BPDU Guard. PortFast and BPDU Guard work together on access ports to block unauthorized switches - PortFast enables rapid port transitions and BPDU Guard shuts down the port immediately when a BPDU is detected.

Designing Security

Question

Company ABC wants to minimize the risk of users plugging unauthorized switches and hubs into the network. Which two features can be used on the LAN access ports to support this design requirement? (Choose two.)

Options

  • ALoop Guard
  • BPortFast
  • CDTF
  • DRoot Guard
  • EBPDU Guard

Explanation

PortFast and BPDU Guard work together on access ports to block unauthorized switches - PortFast enables rapid port transitions and BPDU Guard shuts down the port immediately when a BPDU is detected.

Common mistakes.

  • A. Loop Guard protects against unidirectional link failures that could cause a blocked port to incorrectly transition to forwarding, but does not address unauthorized device connections on access ports.
  • C. DTF is not a recognized Cisco or IEEE spanning tree feature and plays no role in preventing unauthorized switch connectivity on access ports.
  • D. Root Guard prevents a connected switch from winning the STP root election but does not err-disable the port or otherwise block connectivity when an unauthorized switch is plugged in.

Concept tested. BPDU Guard and PortFast for access port security

Reference. https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12-2_52_se/configuration/guide/3560scg/swstpopt.html

Topics

#BPDU Guard#PortFast#access port security#STP

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 400-007 Practice