300-410 Question #28: Real Exam Question with Answer & Explanation

The correct answer is B: CoPP. Control Plane Policing (CoPP) is the most effective method for protecting a device's CPU from excessive or malicious traffic by applying QoS policies to traffic destined for the control plane.

Infrastructure Security

Question

Which option is the best for protecting CPU utilization on a device?

Options

Afragmentation
BCoPP
CICMP redirects
DICMP unreachable messages

Explanation

Control Plane Policing (CoPP) is the most effective method for protecting a device's CPU from excessive or malicious traffic by applying QoS policies to traffic destined for the control plane.

Common mistakes.

A. Fragmentation is the process of breaking packets into smaller units and is a standard network function that can increase, not decrease, CPU load due to reassembly overhead.
C. ICMP redirects are diagnostic messages used by routers to inform hosts about a better path to a destination, not a mechanism to protect CPU utilization.
D. ICMP unreachable messages are sent to indicate that a destination is inaccessible and are a symptom of network issues, not a preventative measure for CPU overload.

Concept tested. Control Plane Policing (CoPP) for CPU protection

Reference. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_copp/configuration/xe-16/sec-data-copp-xe-16-book/sec-data-copp-overview.html

Topics

#Control Plane Policing#CPU Protection#Device Hardening#Infrastructure Security

Community Discussion

No community discussion yet for this question.

Full 300-410 Practice Browse All 300-410 Questions