You are Cisco Express Foundation Design Specialist in a company. You just properly configured multiple VLANs, Which three steps are required to secure VLAN network? (Choose three.)
A.
If a port is connected to a foreign device make sure to disable CDP, DTP, RPR,PAgP, UDLP
B.
Enable root guard feature
C.
Configure VTP domains appropriately or turn off VTP altogether
D.
Disable all unused ports and place them in an unused VLAN.
Explanation:
content\166040\plo_content\ORG1114\COURSE166040\enus_011140\lsn_02\tpc_a\enus_011425_03c.xml :
To secure a switch network, VTP domains should be configured appropriately, or turn off VTP altogether. This limits or prevents possible undesirable protocol interaction with regards to the network-wide VLAN configuration.
content\166040\plo_content\ORG1114\COURSE166040\enus_011425\lsn_03\tpc_b\enus_011425_03b.xml:
For security, you should disable all unused ports and place them into an unused VLAN. That prevents unauthorized users from plugging in and sending traffic to a legitimate VLAN. If this unused VLAN differs from the native VLAN on any trunk, this also protects against a “VLAN hopping” exploit. You should also set unused access ports to trunking OFF, so they will reject any trunk-encapsulated frames.