When STP mitigation features are configured, where should the root guard feature be deployed?
A.
toward ports that connect to switches that should not be the root bridge
B.
on all switch ports
C.
toward user-facing ports
D.
Root guard should be configured globally on the switch.
Explanation:
http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00800ae96b.shtml
The root guard feature provides a way to enforce the root bridge placement in the network.
The root guard ensures that the port on which root guard is enabled is the designated port.
Normally, root bridge ports are all designated ports, unless two or more ports of the root bridge are
connected together. If the bridge receives superior STP Bridge Protocol Data Units (BPDUs) on a root
guard-enabled port, root guard moves this port to a root-inconsistent STP state. This rootinconsistent state is effectively equal to a listening state. No traffic is forwarded across this port. In
this way, the root guard enforces the position of the root bridge.