NETWORK SECURITY
INTRODUCTION
Question
[CLICK ON ANY CHOICE TO KNOW THE RIGHT ANSWER]
|
|
Set the native VLAN to an unused VLAN
|
|
Use private VLANs
|
|
Enable trunking manually
|
|
Enable Source Guard
|
|
Disable DTP
|
Detailed explanation-1: -Explanation: Mitigating a VLAN attack can be done by disabling Dynamic Trunking Protocol (DTP), manually setting ports to trunking mode, and by setting the native VLAN of trunk links to VLANs not in use.
Detailed explanation-2: -Explanation: Mitigating a VLAN hopping attack can be done by disabling Dynamic Trunking Protocol (DTP) and by setting the native VLAN of trunk links to a VLAN not in use.
Detailed explanation-3: -Good security hygiene helps reduce the risk of VLAN hopping. For example, unused interfaces should be closed and placed in a “parking lot” VLAN. Using VLANs on trunk ports should be avoided unless they are necessary. Additionally, access ports should be configured manually with the switchport mode access.
Detailed explanation-4: -Simply do not put any hosts on VLAN 1 (The default VLAN). i.e., assign an access VLAN other than VLAN 1 to every access port Switch (config-if)# switchport access vlan 2. Change the native VLAN on all trunk ports to an unused VLAN ID. Explicit tagging of the native VLAN on all trunk ports.