Implementing and Operating Cisco Security Core Technologies (SCOR) — Question 658

A networking team must harden an organization's network from VLAN hopping attacks. The team disables Dynamic Trunking Protocol and puts any unused ports in an unused VLAN. A trunk port is used as a trunk link. What must the team configure next to harden the network against VLAN hopping attacks?

Answer options

• A. dedicated VLAN ID for all trunk ports
• B. disable STP on the network devices
• C. DHCP snooping on all the switches
• D. enable port-based network access control

Correct answer: A

Explanation

Configuring a dedicated VLAN ID for all trunk ports helps to ensure that only authorized VLANs can traverse the trunk, thereby preventing VLAN hopping. Disabling STP could lead to network loops and instability, while DHCP snooping and port-based network access control are useful but do not directly address VLAN hopping vulnerabilities.