CCNA: Cisco Certified Network Associate — Question 1332

What is a practice that protects a network from VLAN hopping attacks?

Answer options

• A. Implement port security on internet-facing VLANs
• B. Enable dynamic ARP inspection
• C. Assign all access ports to VLANs other than the native VLAN
• D. Configure an ACL to prevent traffic from changing VLANs

Correct answer: C

Explanation

The correct answer, C, ensures that access ports are assigned to VLANs that are not the native VLAN, thereby reducing the risk of VLAN hopping. Option A is incorrect because port security alone does not specifically address VLAN hopping. Option B is unrelated as dynamic ARP inspection deals with ARP attacks. Option D, while it involves ACLs, does not effectively prevent VLAN hopping as it doesn't address the native VLAN issue.