nerdexam
Exams300-415Questions#10
Cisco

300-415 · Question #10

300-415 Question #10: Real Exam Question with Answer & Explanation

The correct answer is C: A UDP packet sourcing from 172.16.10.1 and destined to 172.16.20.1 is dropped. The access-list 'acl-guest' is configured to match TCP traffic (protocol 6) from 172.16.10.0/24 to 172.16.20.0/24 on destination port 20, applying a policer to it.

Security and Quality of Service

Question

Refer to the exhibit. Which QoS treatment results from this configuration after the access list acl-guest is applied inbound on the vpn1 interface? policy policer ccnp rate 1000000 burst 15000 exceed drop ! access-list acl-guest sequence 1 match source-ip 172.16.10.0/24 destination-ip 172.16.20.0/24 destination-port 20 protocol 6 ! action accept policer ccnp ! ! default-action drop

Options

  • AA TCP packet sourcing from 172.16.10.1 and destined to 172.16.20.1 is dropped
  • BA UDP packet sourcing from 172.16.10.1 and destined to 172.16.10.1 is accepted
  • CA UDP packet sourcing from 172.16.10.1 and destined to 172.16.20.1 is dropped
  • DA TCP packet sourcing from 172.16.10.1 and destined to 172.16.10.1 is accepted

Explanation

The access-list 'acl-guest' is configured to match TCP traffic (protocol 6) from 172.16.10.0/24 to 172.16.20.0/24 on destination port 20, applying a policer to it.

Common mistakes.

  • A. A TCP packet sourcing from 172.16.10.1 and destined to 172.16.20.1 on destination port 20 would match sequence 1 and be subjected to the policer, not directly dropped by the default action.
  • B. A UDP packet sourcing from 172.16.10.1 and destined to 172.16.10.1 fails on both protocol (UDP vs. TCP) and destination IP range, thus it would be dropped by the default-action drop.
  • D. A TCP packet sourcing from 172.16.10.1 and destined to 172.16.10.1 fails on the destination IP range (172.16.10.1 is not in 172.16.20.0/24), thus it would be dropped by the default-action drop.

Concept tested. SD-WAN localized policy matching and actions

Reference. https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/policy/sdwan-policy-book/localized-policy.html

Topics

#QoS#Policing#Access Control List#Traffic Classification

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 300-415 Practice