Which two Layer 2 security best practices would help prevent VLAN hopping attacks? (Choose two.)

IT Questions BankCategory: CCNAWhich two Layer 2 security best practices would help prevent VLAN hopping attacks? (Choose two.)

Question:
Which two Layer 2 security best practices would help prevent VLAN hopping attacks? (Choose two.)

  • Change the native VLAN number to one that is distinct from all user VLANs and is not VLAN 1.
  • Change the management VLAN to a distinct VLAN that is not accessible by regular users.
  • Statically configure all ports that connect to end-user host devices to be in trunk mode.
  • Disable DTP autonegotiation on end-user ports.
  • Use SSH for all remote management access.

Explanation: Allowing end-user devices to negotiate trunk settings via DTP can lead to a VLAN hopping attack, so DTP autonegotiation should be disabled on access ports. Configuring a trunk link with a native VLAN that is also used for end-users can lead to VLAN hopping attacks as well. The native VLAN should be set to a VLAN that is not used anywhere else.

Exam with this question: CCNA Security Pretest Exam Answers
Exam with this question: CCNA 2 (v5.0.3 + v6.0) Chapter 3 Exam Answers

Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments