Sandra is concerned about attacks against her network's Spanning Tree Protocol (STP). She wants to ensure that a new switch introduced by an attacker cannot change the topology by asserting a lower bridge ID than the current configuration.
What should she implement to prevent this?

Root Guard can be set on a per-port basis to protect ports that will never be set up to be the root bridge for a VLAN. Since this shouldn’t change regularly, it is safe to set for most ports in a network. A spanning tree is used to prevent loops, so disabling STP would actually make this problem more likely. Bridge IDs cannot be negative, and BridgeProtect was made up for this question.