ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 300-410 All Questions

View all questions & answers for the 300-410 exam
Go to Exam

Exam 300-410 topic 1 question 136 discussion

Actual exam question from Cisco's 300-410
Question #: 136
Topic #: 1
[All 300-410 Questions]

When configuring Control Plane Policing on a router to protect it from malicious traffic, an engineer observes that the configured routing protocols start flapping on that device.
Which action in the Control Plane Policy prevents this problem in a production environment while achieving the security objective?

  • A. Set the conform-action and exceed-action to transmit initially to test the ACLs and transmit rates and apply the Control Plane Policy in the output direction.
  • B. Set the conform-action and exceed-action to transmit initially to test the ACLs and transmit rates and apply the Control Plane Policy in the input direction.
  • C. Set the conform-action to transmit and exceed-action to drop to test the ACLs and transmit rates and apply the Control Plane Policy in the input direction.
  • D. Set the conform-action to transmit and exceed-action to drop to test the ACLs and transmit rates and apply the Control Plane Policy in the output direction.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by [deleted] at Aug. 1, 2021, 5:57 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
inteldarvid
2 years ago
Selected Answer: B
B correct: https://www.exam-answer.com/configure-control-plane-policing-prevent-routing-protocol-flapping
upvoted 1 times
...
HungarianDish_111
2 years, 3 months ago
Selected Answer: B
I agree with the post from Networkingguy, first we permit (transmit) all traffic to see how much packets are exceeding. Pls see: https://networklessons.com/cisco/ccie-routing-switching-written/copp-control-plane-policing However, we would need to use exceed-action drop in order to protect the control plane (security objective). The question is formed ambiguously. Still I vote for B, because testing should be performed before setting the drop action.
upvoted 4 times
...
chris7890
2 years, 9 months ago
can someone resolve whether answer B or C are correct? Thanks
upvoted 2 times
...
JOKERR
3 years, 2 months ago
I think given answer is right. This is an excerpt from Cisco: he CoPP feature on a Cisco device does exactly what it sounds like: It polices the traffic coming to the control plane. For this purpose, the control plane is treated as a logical source and destination, with its own inbound and outbound interfaces. Only traffic that is destined for the control plane is policed as part of this feature. This is in addition to any policing, filtering, or any other processing done at the interface where the packet was received by the device. So, you police traffic coming to the Control Plane so that it doesn't have to process it. https://www.ciscopress.com/articles/article.asp?p=2928193&seqNum=3
upvoted 1 times
...
Kimaf
3 years, 3 months ago
I know the answer is either A or B because of the ACL but here is the a paragraph from the OCG Enarsi book page 861 Direction: CoPP can be applied to packets entering or leaving the control plane interface. Therefore, the correct direction needs to be specified. For incoming packets, you specify input, and for outgoing packets you specify output. Direction can be verified with the output of show policy-map control-plane as well. Note that not all versions support output CoPP, and for the ones that do, you need to ensure that the correct traffic is being classified in the ACLs and the class maps. For example, when it comes to BGP, OSPF (Open Shortest Path First), and EIGRP, you typically use output CoPP for the replies that are being sent because of an already received packet. For ICMP, it would be error and informational reply messages. For Telnet, SSH (Secure Shell), HTTP (Hypertext Transfer Protocol), or SNMP (Simple Network Management Protocol), you would be dealing with replies or traps. If the ACL and class map are not configured appropriately for the replies, the desired result will not be achieved. So my guess is A.
upvoted 1 times
[Removed]
1 year, 11 months ago
I also viewed this excerpt as the answer, but the question is talking about protecting the router from malicious traffic, and this (to me) meant inbound traffic is being policed and maybe some of the routing protocol packets are getting caught in the policy map
upvoted 3 times
...
...
Carl1999
3 years, 5 months ago
B or C correct. I only know that" the input direction" is correct.
upvoted 1 times
Networkingguy
3 years, 4 months ago
Input direction because we are sussing out Malicious public traffic that might come in, and we are testing so we would want to use conform and exceed to just give results of what we are working with.
upvoted 3 times
...
...
[Removed]
4 years ago
The given answer is correct
upvoted 1 times
Networkingguy
3 years, 6 months ago
ExamShark, you are a twat for copy and pasting the same response on every question. I haven't seen you say anything useful, hope you get the lot ya dawg
upvoted 14 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel