350-401 Question #557: Real Exam Question with Answer & Explanation

Question

Refer to the exhibit. How does the router handle traffic after the CoPP policy is configured on the router?

Options

• ATraffic coming to R1 that does not match access list SNMP is dropped.
• BTraffic coming to R1 that matches access list SNMP is policed.
• CTraffic passing through R1 that matches access list SNMP is policed.
• DTraffic generated by R1 that matches access list SNMP is policed.

Explanation

CoPP (Control Plane Policing) Explanation

Option D is correct because CoPP (Control Plane Policing) is specifically designed to protect the router's control plane, which includes traffic generated by the router itself (such as routing protocol updates, SNMP responses, etc.) - not transit traffic passing through the router's data plane.

• Option A is wrong because CoPP does not drop non-matching traffic by default; unmatched traffic is typically allowed unless explicitly configured with a "drop" action in the policy.
• Option B is wrong because while matching traffic is policed, CoPP only applies to traffic destined to or generated by the router itself, not just "traffic coming to R1" in general - this phrasing is too vague and misleading.
• Option C is wrong because traffic passing through (transit traffic) is handled by the data plane, not the control plane - CoPP has no effect on transit traffic.

🧠 Memory Tip: Think of CoPP as a bodyguard for the router's CPU. It only cares about traffic that involves the router itself (to/from the control plane), not traffic that simply passes through. If you remember "C" in CoPP = Control Plane = CPU protection, you'll avoid confusing it with standard transit traffic policies.

No community discussion yet for this question.