CNX-001 · Question #52
CNX-001 Question #52: Real Exam Question with Answer & Explanation
The correct answer is A: Configure Layer 2 client isolation for the wireless network.. By enabling client isolation at Layer 2, guest clients can still reach the Internet but cannot directly communicate with any other device on that VLAN, including your corporate endpoints, stopping lateral attacks without needing MAC whitelists or overly complex captive-portal set
Question
A network engineer is setting up guest access on a Wi-Fi network. After a recent network analysis, the engineer discovered that a user could access the guest network and attack the corporate network, since the networks share the same VLAN. Which of the following should the engineer do to prevent an attack like this one from happening?
Options
- AConfigure Layer 2 client isolation for the wireless network.
- BSet up a MAC filtering rule and add the MAC addresses of all corporate devices to the allow list.
- CSet up a strong password on the guest wireless network.
- DSet up a captive portal so all guest users have to register before gaining access to the wireless
Explanation
By enabling client isolation at Layer 2, guest clients can still reach the Internet but cannot directly communicate with any other device on that VLAN, including your corporate endpoints, stopping lateral attacks without needing MAC whitelists or overly complex captive-portal setups.
Topics
Community Discussion
No community discussion yet for this question.