ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 350-501 All Questions

View all questions & answers for the 350-501 exam
Go to Exam

Exam 350-501 topic 1 question 270 discussion

Actual exam question from Cisco's 350-501
Question #: 270
Topic #: 1
[All 350-501 Questions]


Refer to the exhibit. ISP ASN 65100 provides Internet services to router CE-1 and receives customer prefix 198.18.18.0/24 via eBGP. An administrator for the ISP is now provisioning RTBH services to provide on-demand data-plane security for the customer's IP space. Which route-map configuration must the administrator apply to router RTBH-1 to complete the implementation of RTBH services to CE-1?

  • A. route-map RTBH-CUSTOMER-IN permit 10 description AS65001 match ip address prefix-list AS65001-PREFIXES match community 99 set local-preference 200 set community no-export additive set ip next-hop 192.168.255.255 route-map RTBH-CUSTOMER-IN deny 65535 description DEFAULT DENY
  • B. route-map RTBH-CUSTOMER-IN permit 10 description AS65001 match ip address prefix-list AS65001-PREFIXES match community 99 set local-preference 200 set community local-as additive set ip next-hop 192.168.255.255 route-map RTBH-CUSTOMER-IN deny 65535 description DEFAULT DENY
  • C. route-map RTBH-CUSTOMER-IN permit 10 description AS65001 match ip address prefixlist AS65001-PREFIXES match community 99 set local-preference 200 set community no-advertise additive set ip next-hop local-address route-map RTBH-CUSTOMER-IN deny 65535 description DEFAULT DENY
  • D. route-map RTBH-CUSTOMER-IN permit 10 description AS65001 match ip address prefix-list AS65001-PREFIXES match community 99 set local-preference 200 set community no-advertise additive set ip next-hop 192.168.255.255 route-map RTBH-CUSTOMER-IN deny 65535 description DEFAULT DENY
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by ccie_race at Oct. 24, 2022, 3:04 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
cocopost
7 months, 1 week ago
Answer A is correct: Justification: I chose the one with -no-export and -set next-hop to the null sacrifice 192.168.255.255 Comments: - dont pick no-advertise -the RBTH route wont get past this router, and wont have the desired effect of blackholing attacks - Whats the point of "DENY-ALL-ROUTES" out? Why do we need to prevent RBTH sending routes to CE-1? no info was given about that.
upvoted 1 times
cocopost
6 months, 2 weeks ago
Another issue : the exhibit conflicts with the question: The route map used for redistribute static is named STATIC-to BGP shouldve been RBTH-CUSTOMER-IN The route map RBTH-CUSTOMER-IN is applied to to inbound routes from CE-1. is it intentional? its not the usual way. Are they trying to block out all access to CE-1? The most typical strategy for RBTH follows a static route injection as in this whitepaper: https://packetlife.net/blog/2009/jul/6/remotely-triggered-black-hole-rtbh-routing/
upvoted 1 times
...
...
joeneo
1 year, 2 months ago
Selected Answer: A
is the only option without configuration errors
upvoted 1 times
...
ccie_race
2 years ago
community no-export
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago