Question 8 - CompTIA Network+ N10-009 Real Exam Questions [Jan 2026 Update]

Q: 8

After a security incident, a technician reveals that company data was stolen. During the investigation, it is discovered that a host disguised itself as a switch. Which of the following best describes the attack that occurred?

Options

Correct Answer:

Explanation

The scenario describes a VLAN hopping attack, specifically using the "switch spoofing" technique. In this attack, a malicious host connects to a switch port and emulates the behavior of another switch. It does this by sending Dynamic Trunking Protocol (DTP) frames, which are used to negotiate a trunk link. If the legitimate switch port is configured to automatically negotiate trunking (e.g., "dynamic auto" or "dynamic desirable"), it will form a trunk link with the malicious host. This allows the attacker's host to receive traffic from all VLANs configured on the trunk, enabling access to data across previously segregated network segments.

Why Incorrect

B. Evil twin: This is a wireless attack where a rogue access point impersonates a legitimate one to intercept user traffic. It does not involve impersonating a switch.

C. DNS poisoning: This attack corrupts DNS cache data to redirect users to malicious websites. It operates at the application layer and is unrelated to switch impersonation.

D. ARP spoofing: This attack involves an attacker sending forged ARP messages to link their MAC address with the IP of another host, typically for man-in-the-middle attacks within the same VLAN.

References

1. Vendor Documentation:

Cisco Systems

Inc. (2002). VLAN Security White Paper. Section: "VLAN Hopping Attacks

" Subsection: "Switch Spoofing." This document states

"A switch spoofing attack is initiated by an attacking host that is capable of emulating a switch... The attacking host is then able to generate DTP messages and to become a neighbor switch. If successful

the attacking host becomes a switch and forms a trunk link with the victim switch."

(Available through Cisco public documentation archives).

2. University Courseware:

Parno

B. (2011). Lecture 10: Network Security. Carnegie Mellon University

Course 15-410: Operating System Design and Implementation. Slide 23

"VLAN Hopping." The slide describes how an attacker can "Spoof DTP packets from a host to a switch

to make it think you are a switch that wants to form a trunk."

(Available via CMU's public courseware site).

3. Academic Publication:

Kim

& Shavitt

Y. (2013). Measuring the "V" in VLANs. In Proceedings of the 2013 conference on Internet measurement conference (IMC '13). Association for Computing Machinery

New York

USA

423–436. Section 2.2

"VLAN Hopping

" describes switch spoofing as a method where "an attacker can spoof a switch by sending DTP (Dynamic Trunking Protocol) frames."

DOI: https://doi.org/10.1145/2504730.2504767

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE