Cisco Enterprise Network Core Technologies (ENCOR) Practice Exam

Root Guard is applied to port interfaces on a Cisco switch to prevent any ports from becoming the root port when they should not. This feature protects the integrity of the spanning tree topology by ensuring that only designated ports on designated switches can become the root port. When Root Guard is enabled on a port, it will only allow a designated bridge to become the root bridge. If a superior Bridge Protocol Data Unit (BPDU) is received on that port, the port is placed into a root-inconsistent state, effectively blocking any undesired changes to the network topology that could lead to loops or instability.

When considering the other options, routing protocols are not the focus of Root Guard; it specifically pertains to the port and spanning tree functionality. Physical devices themselves do not hold a configuration for Root Guard; instead, it is a feature applied to specific ports on a switch. Lastly, while it is important for network security to manage the perimeter of a network, Root Guard operates internally within the switching environment to maintain the intended topology.