Which of the following is a VLAN hopping attack that uses DTP to negotiate a trunk link? (Select the best
answer.)

A.
ARP spoofing

B.
DHCP spoofing

C.
MAC spoofing

D.
switch spoofing

Explanation:
Switch spoofing is a virtual LAN (VLAN) hopping attack that is characterized by using Dynamic Trunking
Protocol (DTP) to negotiate a trunk link with a switch port in order to capture all traffic that is allowed on the
trunk. In a switch spoofing attack, the attacking system is configured to act like a switch with a trunk port. This
enables the attacking system to become a member of all VLANs, which enables the attacker to send and
receive traffic among the other VLANs.
Dynamic Host Configuration Protocol (DHCP) spoofing is a maninthemiddle attack that is most likely to be used
to cause a workstation to send traffic to a false gateway IP address. In a DHCP spoofing attack, a rogue DHCP
server is attached to the network in an attempt to intercept DHCP requests. The rogue DHCP server can then
respond to the DHCP requests with its own IP address as the default gateway address so that all traffic is
routed through the rogue DHCP server. DHCP snooping is a security technique that can be used to mitigate
DHCP spoofing.
In an Address Resolution Protocol (ARP) poisoning attack, which is also known as an ARP spoofing attack, the
attacker sends a gratuitous ARP (GARP) message to a host. The GARP message associates the attacker’s
Media Access Control (MAC) address with the IP address of a valid host on the network. Subsequently, traffic
sent to the valid host address will go to the attacker’s computer rather than to the intended recipient.
MAC spoofing makes network traffic from a device look as if it is coming from a different device. MAC spoofing
is often implemented to bypass port security by making a device appear as if it were an authorized device.
Malicious users can also use MAC spoofing to intercept network traffic that should be destined for a different
device. ARP cache poisoning, content addressable memory (CAM) table flooding, and Denial of Service (DoS)
attacks can all be performed by MAC spoofing.

Cisco: Switch Attacks and Countermeasures: VLAN Based Attacks (PDF)