The work analyzes dynamic responses of a healthy plant under optimal switching data-injection attacks on sensors and develops countermeasures from the vantage point of optimal control. This is approached in a cyber-physical system setting, where the attacker can inject false data into a selected subset of sensors to maximize the quadratic cost of states and the energy consumption of the controller at a minimal effort. A 0-1 integer program is formulated, through which the adversary finds an optimal sequence of sets of sensors to attack at optimal switching instants. Specifically, the number of compromised sensors per instant is kept fixed, yet their locations can be dynamic. Leveraging the embedded transformation and mathematical programming, an analytical solution is obtained, which includes an algebraic switching condition determining the optimal sequence of attack locations (compromised sensor sets), along with an optimal state-feedback-based data-injection law. To thwart the adversary, however, a resilient control approach is put forward for stabilizing the compromised system under arbitrary switching attacks constructed based on a set of state-feedback laws, each of which corresponds to a compromised sensor set. Finally, an application using power generators in a cyber-enabled smart grid is provided to corroborate the effectiveness of the resilient control scheme and the practical merits of the theory.