300-320 · Question #374
300-320 Question #374: Real Exam Question with Answer & Explanation
The correct answer is C: Control plane policy. Control Plane Policing (CoPP) is the primary mechanism to protect a router or switch's CPU and control plane from DDoS attacks. The control plane handles routing protocol traffic, management traffic (SSH, SNMP), and other traffic destined for the router itself. Without CoPP, a fl
Question
Options
- APolicy map
- BACL
- CControl plane policy
- DUsed zoned firewall on router
Explanation
Control Plane Policing (CoPP) is the primary mechanism to protect a router or switch's CPU and control plane from DDoS attacks. The control plane handles routing protocol traffic, management traffic (SSH, SNMP), and other traffic destined for the router itself. Without CoPP, a flood of packets targeting the control plane can overwhelm the CPU, causing routing protocol failures and outages. CoPP uses policy-map constructs to classify and rate-limit traffic sent to the control plane, effectively mitigating DDoS attacks on the device itself. While ACLs (B) can filter specific traffic and a zone-based firewall (D) protects traffic passing through the router, neither specifically rate-limits traffic destined to the router's CPU the way CoPP does. A policy-map (A) alone is just a component used within CoPP, not the complete solution.
Community Discussion
No community discussion yet for this question.