A network administrator is preparing a newly installed access-layer switch that will serve 48 wall jacks in a public lobby. To reduce the chance that an unauthorized visitor can plug in a device and reach the production network, which security hardening step should the administrator perform first?
Move the switch management interface to a non-default VLAN
Configure separate VLANs for each department
Enable the switch's integrated DHCP server
Disable all switch interfaces that are not actively in use
Disabling or shutting down switch interfaces that are not currently connected removes physical access points that an attacker could exploit. Because no electrical signal is negotiated, a rogue device plugged into an inactive jack cannot communicate until an administrator intentionally enables that port. VLAN segmentation and moving the management VLAN help with logical isolation but do not block unused jacks. Enabling an on-board DHCP server offers no direct security benefit and might even broaden the attack surface if misconfigured.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is disabling unused ports an effective security measure?
Open an interactive chat with Bash
What is a VLAN, and how does it contribute to network security?
Open an interactive chat with Bash
Why is merely changing the management VLAN insufficient for securing a switch?