It is enabled by default on all VLANs and interfaces. Security questions require distinguishing authentication, authorization, encryption, secure management, malware protection, and physical controls. Cisco CCNA 200-301 v1.1 includes this under Network Access, where the expected skill is to identify the feature that actually creates the observed behavior or meets the configuration goal. The wording usually contains the decisive clue: a prefix length, a VLAN role, a protocol version, a wireless security standard, or a management-plane function. The wrong options apply the right security vocabulary to the wrong control or use weaker/deprecated protection. In an operational network, choosing the wrong option would typically cause failed connectivity, insecure management, poor wireless behavior, or incorrect forwarding. The selected answer matches the Cisco configuration model and is retained as the verified answer.