ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
During a security review of a campus network, you discover that switch management interfaces currently share the same Layer-3 infrastructure that carries ordinary user traffic. To minimize the chance that a compromised endpoint can influence routing or reconfigure devices, which network design change most directly enforces a clear separation between the control plane and the data plane?
Place every switch and router management interface into a dedicated out-of-band network that is accessible only from hardened administrative jump hosts.
Apply port security to restrict each access port to a single learned MAC address.
Replace distribution switches with Layer-2-only models to remove routing capabilities.
Enable Spanning Tree Protocol with root guard on all trunk links.
Separating the control plane from the data plane means isolating management and routing functions from regular user traffic. Moving all device management interfaces into a physically or logically out-of-band network-reachable only through tightly controlled jump hosts-removes management traffic from the production forwarding path and prevents compromised user segments from interacting with the control plane. Port security, spanning-tree features, and switching to pure Layer-2 devices improve specific aspects of security or stability but do not create a dedicated control-plane network.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the control plane and data plane in networking?
Open an interactive chat with Bash
What is an out-of-band network in network management?
Open an interactive chat with Bash
What is the purpose of hardened administrative jump hosts in network security?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Network and Communication Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .