An engineer is asked to protect unused ports that are configured in the default VLAN on a switch. Which two steps will fulfill the request? (Choose two.)
A.
Configure the ports as trunk ports.
B.
Enable the Cisco Discovery Protocol.
C.
Configure the port type as access and place in VLAN 99.
The answer is trying to say is that put the ports into access vlan so that it does not get dtp traffic and put it under an unused vlan that is not in the network, for this example is 99...this is the best practice. Answers C & D is correct.
Don't do that because then not a single port will work unless you place them manually into a vlan. Its not a bad advice but if you are unaware of what I just mentioned, you wouldn't know why all of a sudden nothing is working.
No brother, the question explicitly says secure port that is in vlan 1. If you change the vlan on the port that port will have no way of reaching anything on vlan aka securing the port. The vlan will be automatically created once you tell the port to join vlan 99.
C. Configuring the port type as access and placing the unused ports in a specific VLAN (such as VLAN 99) ensures that any connected devices will not have access to the default VLAN, thereby protecting it.
D. Administratively shutting down the unused ports completely disables them, preventing any traffic from passing through and enhancing security.
The other options are not directly related to protecting unused ports in the default VLAN:
A. Configuring the ports as trunk ports is used for carrying multiple VLANs across a single link.
B. Enabling the Cisco Discovery Protocol (CDP) is a network protocol used by Cisco devices for discovering and sharing information about neighboring devices.
E. Configuring the ports in an EtherChannel is a technique for bundling multiple physical links into a logical link for increased bandwidth and redundancy.
All port are in vlan 1 by default which everyone known. There for put in ina vlan 99 no body know what is that vlan for, also shit down it is one of the best practice
The answer C is not complete but the idea is to put the port in access mode in a "blackhole vlan" read an unused vlan without any "issue". Vlan 99 is not a special vlan available on switches for this application, you can use any vlan nummer you want
Additionally, setting up a Trunk port would not protect the port. An attacker could simply setup a switch with a trunk to access the rest of the network.
upvoted 3 times
...
...
This section is not available anymore. Please use the main Exam Page.200-301 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
ZayaB
Highly Voted 3 years, 8 months agoac89l
1 year, 6 months agoAminoooo
1 year agoebachka
9 months, 2 weeks agoDoBronx
Highly Voted 2 years agoebachka
9 months, 2 weeks ago[Removed]
Most Recent 7 months, 2 weeks agopicho707
1 year agoebachka
9 months, 2 weeks agoStingVN
1 year, 5 months agocormorant
2 years agoDaBest
3 years, 1 month agoAcai
3 years, 6 months agoNhan
3 years, 8 months agoGA24
3 years, 9 months agouevenasdf
4 years, 1 month agoGoldsmate
4 years, 2 months agoMaxiturne
4 years, 2 months agoI_Ninja
4 years, 2 months agolaurvy36
2 years, 9 months agoSanchezEldorado
4 years, 2 months ago