300-410 Question #6: Real Exam Question with Answer & Explanation

The correct answer is D: policy-map COPP. Control Plane Policing (CoPP) is the policy mechanism used to protect a device's CPU from excessive traffic, such as BGP, by limiting the rate of packets destined to the CPU and dropping any traffic exceeding the defined rate.

Infrastructure Security

Question

Refer to the exhibit. Which control plan policy limits BGP traffic that is destined to the CPU to 1 Mbps and ignores BGP traffic that is higher rate?

Options

Apolicy-map SHAPE_BGP
Bpolicy-map LIMIT_BGP
Cpolicy-map POLICE_BGP
Dpolicy-map COPP

Explanation

Control Plane Policing (CoPP) is the policy mechanism used to protect a device's CPU from excessive traffic, such as BGP, by limiting the rate of packets destined to the CPU and dropping any traffic exceeding the defined rate.

Common mistakes.

A. 'policy-map SHAPE_BGP' implies traffic shaping, which buffers and delays excess traffic, typically applied to user plane, not for direct CPU protection.
B. 'policy-map LIMIT_BGP' is a generic name and doesn't specifically refer to the Cisco feature for control plane protection.
C. 'policy-map POLICE_BGP' describes the action of policing within a policy map, but 'COPP' is the overarching policy framework specifically for protecting the control plane using such actions.

Concept tested. Control Plane Policing (CoPP)

Reference. https://www.cisco.com/c/en/us/td/docs/ios/security/security_management/qos_based_rate_limiting/configuration/guide/sec_copp.html

Topics

#Control Plane Policing (CoPP)#QoS#BGP#Network Security

Community Discussion

No community discussion yet for this question.

Full 300-410 Practice Browse All 300-410 Questions