CCNA: Cisco Certified Network Associate — Question 897

What is a practice that protects a network from VLAN hopping attacks?

Answer options

• A. Enable dynamic ARP inspection
• B. Configure an ACL to prevent traffic from changing VLANs
• C. Change native VLAN to an unused VLAN ID
• D. Implement port security on internet-facing VLANs

Correct answer: C

Explanation

The correct answer is C because changing the native VLAN to an unused VLAN ID prevents unauthorized access and mitigates the risk of VLAN hopping. Option A, enabling dynamic ARP inspection, helps with ARP spoofing but does not specifically address VLAN hopping. Option B is not effective as ACLs alone cannot stop VLAN tagging changes. Option D, while useful for preventing unauthorized devices, does not directly counter VLAN hopping attacks.