CDP/LLDP traffic will potentially pop up on a network penetration test as a finding (if your org either performs internal red team assessments or engages an external assessor as part of a compliance regime). Have seen it disabled for this reason.