Implementing Cisco Edge Network Security Solutions (SENSS, legacy) — Question 12

Which two best practices can mitigate Layer 2 attacks on the network? (Choose two.)

Answer options

• A. Disabling STP on all Layer 2 network switches to mitigate ARP attacks.
• B. Configuring dynamic ARP inspection to mitigate ARP attacks.
• C. Configuring IP source guard to mitigate CAM and DHCP starvation attacks.
• D. Disabling DTP on all user access ports to mitigate VLAN hopping.
• E. Configuring port security on the trunk port to mitigate CAM and DHCP starvation attacks.

Correct answer: D, E

Explanation

Disabling DTP on user access ports helps prevent VLAN hopping by ensuring that no dynamic trunking protocols can be initiated, making it a valid security measure. Configuring port security on trunk ports also mitigates CAM and DHCP starvation attacks by controlling which devices can connect to the network, thus enhancing security. The other options either do not effectively address Layer 2 attacks or involve incorrect practices.