nerdexam
Cisco

350-401 · Question #795

Which trunking configuration between two Cisco switches can cause a security risk?

The correct answer is D. configuring different native VLANs on the switches. Configuring different native VLANs on interconnected trunk ports can create a security risk by allowing traffic from one native VLAN to leak into another.

Submitted by manish99· Mar 6, 2026

Question

Which trunking configuration between two Cisco switches can cause a security risk?

Options

  • Aconfiguring incorrect channel-groups on the switches
  • Bconfiguring different trunk modes on the switches
  • Cdisabling DTP on the trunk ports
  • Dconfiguring different native VLANs on the switches
  • Econfiguring mismatched VLANs on the trunk

How the community answered

(30 responses)
  • C
    7% (2)
  • D
    90% (27)
  • E
    3% (1)

Why each option

Configuring different native VLANs on interconnected trunk ports can create a security risk by allowing traffic from one native VLAN to leak into another.

Aconfiguring incorrect channel-groups on the switches

Incorrect channel-groups would prevent an EtherChannel from forming, resulting in connectivity issues rather than a security risk.

Bconfiguring different trunk modes on the switches

Configuring different trunk modes (e.g., dynamic desirable and dynamic auto) might prevent a trunk from forming or result in an access port, leading to connectivity problems but not a direct security vulnerability like VLAN leakage.

Cdisabling DTP on the trunk ports

Disabling DTP (Dynamic Trunking Protocol) is often a security best practice, as it prevents unauthorized devices from negotiating a trunk link, thereby mitigating certain security risks, not causing one.

Dconfiguring different native VLANs on the switchesCorrect

Configuring different native VLANs on interconnected trunk ports can lead to a security risk known as VLAN hopping or VLAN leakage, where traffic from the native VLAN of one switch can be directed to a different VLAN on the other switch. This allows an attacker to potentially access VLANs they should not have access to, compromising network segmentation.

Econfiguring mismatched VLANs on the trunk

Configuring mismatched allowed VLANs on the trunk would simply prevent traffic for the disallowed VLANs from traversing the trunk, resulting in connectivity issues rather than a security breach.

Concept tested: Native VLAN mismatch security risk

Source: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/50sg/configuration/guide/config/sw_sec.html#wp1026049

Topics

#VLAN Trunking#Native VLAN#Switch Security#VLAN Hopping

Community Discussion

No community discussion yet for this question.

Full 350-401 Practice