CCNA: Cisco Certified Network Associate — Question 1051

Which action protects a network from VLAN hopping attacks?

Answer options

• A. Implement port security on internet-facing VLANs.
• B. Change the native VLAN to an unused VLAN ID.
• C. Enable dynamic ARP inspection.
• D. Configure an ACL to prevent traffic from changing VLANs.

Correct answer: B

Explanation

Changing the native VLAN to an unused VLAN ID stops attackers from exploiting the default native VLAN for VLAN hopping. The other options, while beneficial for overall security, do not specifically address the issue of VLAN hopping. For example, port security is useful but does not prevent VLAN hopping directly.