nerdexam
Cisco

300-440 · Question #60

300-440 Question #60: Real Exam Question with Answer & Explanation

The correct answer is B. The policy direction must run from-tunnel rather than from-service.. The policy direction should be from-tunnel instead of from-service to block inbound traffic from the SD-WAN fabric, which is where the DOS attacks are originating.

Question

Refer to the exhibit. The policy has failed to stop DOS attacks from within the service VPN 100. The counter shows no logб but the destination network reported DOS attacks from network 10.10.0.0/16. The engineer identified a misconfigured policy. Which setting is the source of the issue?

Exhibit

300-440 question #60 exhibit

Options

  • A"Echo-reply" must be matched instead of icmp-msg in protocol 1.
  • BThe policy direction must run from-tunnel rather than from-service.
  • CProtocol 1 must be completely blocked with all its options.
  • D"Echo" must be matched rather than icmp-msg in protocol 1.

Explanation

The policy direction should be from-tunnel instead of from-service to block inbound traffic from the SD-WAN fabric, which is where the DOS attacks are originating.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 300-440 Practice
Refer to the exhibit. The policy has failed to stop DOS attacks... | 300-440 Q#60 Answer | NerdExam