CompTIA Network+ Practice Test

What can be done to prevent switch spoofing attacks?

• A. Enable native VLANs on switches
• B. Disable trunk negotiation and configure trunk interfaces
• C. Allow automatic VLAN assignments
• D. Increase the number of native VLANs

The correct answer is: Disable trunk negotiation and configure trunk interfaces

Disabling trunk negotiation and configuring trunk interfaces is an effective measure to prevent switch spoofing attacks because it eliminates the automatic negotiation features that can be exploited by an attacker. When trunk negotiation is disabled, switches do not automatically form trunks, which means that an unauthorized device cannot maliciously initiate a trunked connection to the switch. Instead, trunk ports must be explicitly configured, which ensures that only trusted devices can participate in the trunking process. By manually configuring trunk interfaces, network administrators can control which ports are set to trunk mode and define the allowed VLANs on those trunks, thereby reducing the risk of an attacker being able to send packets from unauthorized VLANs. This method reinforces the security of VLANs and minimizes the chance for VLAN hopping, where an attacker sends traffic to a VLAN they do not belong to. The other options, such as enabling native VLANs, allowing automatic VLAN assignments, or increasing the number of native VLANs, do not effectively mitigate the risk of switch spoofing. Instead, they could potentially expose the network to vulnerabilities. For instance, enabling native VLANs without proper configuration could allow unauthorized access, while automatic VLAN assignments may permit devices to join VLANs without strict control.