By default, each port in a Cisco Catalyst switch is assigned to VLAN1. Which two recommendations are key to avoid unauthorized management access? (Choose two.)
A.
Create an additional ACL to block the access to VLAN 1.
B.
Move the management VLAN to something other than default.
C.
Move all ports to another VLAN and deactivate the default VLAN.
D.
Limit the access in the switch using port security configuration.
E.
Use static VLAN in trunks and access ports to restrict connections.
F.
Shutdown all unused ports in the Catalyst switch.
Cisco Press books, do not recommend to move the management vlan (at least for the CCNA exams), instead they recommend to set all unused ports to an unused vlan (parking vlan), and then shutdown them. Also suggests to set the switchport mode access and switchport nonegotiate command as an extended security appliance. So the question with the current answers might be considered out of CCNA objectives or even wrong. Maybe the answers D and F are most appropriate for CCNA objectives.
0
0