A network technician is investigating a report that users in the marketing department (VLAN 20) can access servers in the finance department's network segment (VLAN 30). According to security policy, these two segments should be completely isolated from each other. The technician verifies that devices in both departments are receiving correct IP addresses from the DHCP server. What is the most likely cause of this security breach?
A broadcast storm is occurring on the network due to a routing loop.
The default gateway is misconfigured on the marketing department's workstations.
One or more switch ports for the marketing department have been assigned to the finance department's VLAN.
An access control list (ACL) is missing from the core router's configuration.
The correct answer is that one or more switch ports have been assigned to the wrong VLAN. VLANs (Virtual LANs) create logically separate networks on the same physical infrastructure. If a switch port used by a marketing department device is mistakenly assigned to the finance department's VLAN, that device will become part of the finance network segment, bypassing the intended security separation. A misconfigured default gateway or a routing loop would typically cause connectivity failures or performance degradation, not grant unintended access. While a missing access control list (ACL) on a router could also allow unwanted inter-VLAN traffic, the most fundamental cause for a device appearing in the wrong logical segment is an incorrect VLAN assignment on its switch port.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.