What is the best way to prevent a VLAN hopping attack?
- Disable trunk negotiation for trunk ports and statically set nontrunk ports as access ports.
- Disable STP on all nontrunk ports.
- Use VLAN 1 as the native VLAN on trunk ports.
- Use ISL encapsulation on all trunk links.
Explanation: VLAN hopping attacks rely on the attacker being able to create a trunk link with a switch. Disabling DTP and configuring user-facing ports as static access ports can help prevent these types of attacks. Disabling the Spanning Tree Protocol (STP) will not eliminate VLAN hopping attacks.
Exam with this question: 11.6.4 Module Quiz - Switch Security Configuration Answers
Exam with this question: CCNA 2 SRWEv7 Practice Final Exam Answers
Exam with this question: Network Security 1.0 Final Exam Answers
Exam with this question: CCNA Security Final Exam (CCNAS v1.2)
Please login or Register to submit your answer