nerdexam
Cisco

350-401 · Question #529

When the "deny" statement is used within a route map that is used for policy-based routing, how is the traffic that matches the deny route-map line treated?

The correct answer is B. Traffic is returned to the normal forwarding behavior of the router.. When a 'deny' statement is matched within a route map used for policy-based routing, the traffic is not policy routed by that statement and instead reverts to the router's normal forwarding behavior based on its routing table.

Submitted by carter_n· Mar 6, 2026Infrastructure

Question

When the "deny" statement is used within a route map that is used for policy-based routing, how is the traffic that matches the deny route-map line treated?

Options

  • ATraffic is routed to the null 0 interface of the router and discarded.
  • BTraffic is returned to the normal forwarding behavior of the router.
  • CAn additional sequential route-map line is needed to divert the traffic to the router's normal
  • DAn additional sequential route-map line is needed to policy route this traffic.

How the community answered

(32 responses)
  • B
    94% (30)
  • C
    3% (1)
  • D
    3% (1)

Why each option

When a 'deny' statement is matched within a route map used for policy-based routing, the traffic is not policy routed by that statement and instead reverts to the router's normal forwarding behavior based on its routing table.

ATraffic is routed to the null 0 interface of the router and discarded.

Traffic matching a 'deny' statement in a PBR route-map is not discarded; it is merely excluded from policy routing and is then processed by normal routing mechanisms.

BTraffic is returned to the normal forwarding behavior of the router.Correct

In policy-based routing, if a 'deny' statement in a route-map is matched, the router will not apply any policy routing actions defined within that specific route-map line. Instead, the traffic is passed to the next route-map line for evaluation; if no subsequent 'permit' statement matches and applies a 'set' action, or if the end of the route-map is reached, the traffic will be forwarded using the router's standard IP routing table.

CAn additional sequential route-map line is needed to divert the traffic to the router's normal

While an additional line might be needed for different policy routing, the 'deny' action itself does not require a sequential line to revert to normal forwarding; it's the default behavior if no 'permit' match with 'set' action occurs.

DAn additional sequential route-map line is needed to policy route this traffic.

A 'deny' statement explicitly prevents policy routing for the matching traffic by that specific line, thus an additional line for policy routing would only apply if the traffic matched a 'permit' statement.

Concept tested: Policy-Based Routing (PBR) deny statement behavior

Source: https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/23769-pbr.html

Topics

#policy-based routing#route map#deny action#traffic forwarding

Community Discussion

No community discussion yet for this question.

Full 350-401 Practice