Implementing Cisco Network Security (IINS, legacy) — Question 20

Which two configurations can prevent VLAN hopping attack from attackers at VLAN 10? (Choose two.)

Answer options

• A. using switchport mode access command on all host ports
• B. enabling BPDU guard on all access ports
• C. creating VLAN 99 and using switchport trunk native vlan 99 command on trunk ports
• D. applying ACL between VLANs
• E. using switchport trunk native vlan 10 command on trunk ports
• F. using switchport nonegotiate command on dynamic desirable ports

Correct answer: A, C

Explanation

Option A is correct because using the switchport mode access command on host ports ensures they only belong to a single VLAN, thus preventing potential VLAN hopping. Option C is also correct as configuring VLAN 99 as the native VLAN on trunk ports isolates VLAN 10 from being used in VLAN hopping attacks. The other options do not effectively mitigate VLAN hopping risks in the same way.