350-401 Question #622: Real Exam Question with Answer & Explanation

Question

Which two statements are true about control plane policing? (Choose two.)

Options

• AControl plane policing will affect only traffic that is destined to the route processor.
• BAccess lists that are used in policies for control plane policing must not use the log keyword.
• CAccess lists that use the deny rule in control plane policing do not progress to the next class.
• DThe log keyword can be used but the log-input keyword must not be used in policing.

Explanation

Control Plane Policing (CoPP) protects the route processor from excessive traffic, only affecting packets destined for it, and requires careful ACL configuration without the log keyword.

Common mistakes.

• C. In Modular QoS CLI (MQC) policies, a deny rule in an access list does cause the packet to proceed to the next class-map in the policy, continuing evaluation, unless an explicit action (like drop) is taken within that class.
• D. The log keyword should generally not be used in ACLs applied for control plane policing due to the potential for excessive logging and CPU strain, contrary to the statement that it can be used.

Concept tested. Control Plane Policing (CoPP) characteristics and configuration

Reference. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_copp/configuration/xe-3s/sec-data-copp-xe-3s-book/sec-control-plane-policing.html

No community discussion yet for this question.