VLAN hopping can be mitigated by which actions?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Network+ Exam with the comprehensive Jason Dion's Network+ Course. Utilize flashcards and multiple-choice questions with hints and explanations to master networking concepts and ace your test!

Multiple Choice

VLAN hopping can be mitigated by which actions?

Explanation:
Controlling how trunk links are negotiated and what traffic is allowed across them is how you prevent VLAN hopping. If trunking can be formed automatically, an attacker or misconfigured device might push traffic onto unintended VLANs, crossing boundaries that should be isolated. So the first protective step is to disable automatic trunk negotiation and configure trunks explicitly. This means ports that should carry a trunk are set up manually as trunk ports, not left to negotiate a trunk on their own. Next, get the trunk configuration right. Ensure only the needed VLANs are allowed on each trunk (not every VLAN present in the network). Also keep the native VLAN on both ends consistent and, ideally, not a sensitive or user VLAN, to prevent untagged traffic from being misrouted or exploited. Finally, apply ACLs to inter-VLAN traffic. Layer-3 or VLAN ACLs can enforce which communications are permitted between VLANs, providing a final gatekeeper so that even if a frame crosses into another VLAN, it must meet the ACL policies to pass. Why the other approaches aren’t as effective: enabling automatic trunking reintroduces the risk by allowing dynamic trunk negotiation; using only the default VLAN or leaving all VLANs open on trunks removes the segmentation that VLAN hopping relies on.

Controlling how trunk links are negotiated and what traffic is allowed across them is how you prevent VLAN hopping. If trunking can be formed automatically, an attacker or misconfigured device might push traffic onto unintended VLANs, crossing boundaries that should be isolated. So the first protective step is to disable automatic trunk negotiation and configure trunks explicitly. This means ports that should carry a trunk are set up manually as trunk ports, not left to negotiate a trunk on their own.

Next, get the trunk configuration right. Ensure only the needed VLANs are allowed on each trunk (not every VLAN present in the network). Also keep the native VLAN on both ends consistent and, ideally, not a sensitive or user VLAN, to prevent untagged traffic from being misrouted or exploited.

Finally, apply ACLs to inter-VLAN traffic. Layer-3 or VLAN ACLs can enforce which communications are permitted between VLANs, providing a final gatekeeper so that even if a frame crosses into another VLAN, it must meet the ACL policies to pass.

Why the other approaches aren’t as effective: enabling automatic trunking reintroduces the risk by allowing dynamic trunk negotiation; using only the default VLAN or leaving all VLANs open on trunks removes the segmentation that VLAN hopping relies on.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy