Implementing Cisco Network Security (IINS, legacy) — Question 91
If you change the native VLAN on the trunk port to an unused VLAN, what happens if an attack attempts a double tagging attack?
Answer options
- A. the attack VLAN will be pruned
- B. A VLAN hopping attack would be successful
- C. The trunk port would go into an error-disable state
Correct answer: A, V, L, A, N
Explanation
Changing the native VLAN to an unused one prevents the attacker from successfully tagging frames with the native VLAN, which in turn causes the attack VLAN to be pruned. Option B is incorrect because the attack won't succeed if the native VLAN is unused. Option C is also wrong as there is no condition that triggers an error-disable state simply by changing the native VLAN.