Designing Cisco Network Service Architectures (ARCH, legacy) — Question 80

Which two security measures must an engineer follow when implementing Layer 2 and Layer 3 network design? (Choose two.)

Answer options

• A. Utilize DHCP snooping on a per VLAN basis and apply ip dhcp snooping untrusted on all ports.
• B. Utilize the native VLAN only on trunk ports to reduce the risk of a Double-Tagged 802.1q VLAN hopping attack.
• C. Utilize an access list to prevent the use of ARP to modify entries to the table.
• D. Utilize private VLANs and ensure that all ports are part of the isolated port group.
• E. Utilize the ARP inspection feature to help prevent the misuse of gARP.

Correct answer: B, E

Explanation

Option B is correct because limiting the native VLAN to trunk ports helps mitigate the risk of VLAN hopping attacks. Option E is also correct as ARP inspection safeguards against malicious ARP traffic. Options A, C, and D, while they may improve network security, do not specifically address Layer 2 and Layer 3 design measures as effectively as B and E do.