nerdexam
Cisco

350-401 · Question #776

Refer to the exhibit. An engineer must protect the CPU of the router from high rates of NTP, SNMP, and SSH traffic. Which two configurations must be applied to drop these types of traffic when it cont

The correct answer is C. R1(config)#policy-map POLICY-CoPP E. R1(config)#control-plane R1(config-cp)# service-policy input POLICY-CoPP. Control Plane Policing (CoPP) protects the router CPU by defining a policy map for specific traffic and applying it to the control plane in the input direction.

Submitted by marco_it· Mar 6, 2026Security

Question

Refer to the exhibit. An engineer must protect the CPU of the router from high rates of NTP, SNMP, and SSH traffic. Which two configurations must be applied to drop these types of traffic when it continuously exceeds 320 kbps? (Choose two)

Exhibits

350-401 question #776 exhibit 1
350-401 question #776 exhibit 2

Options

  • AR1(config-pmap)#class CLASS-CoPP-Management
  • BR1(config)#policy-map POLICY-CoPP
  • CR1(config)#policy-map POLICY-CoPP
  • DR1(config)#control-plane R1(config-cp)# service-policy output POLICY-CoPP
  • ER1(config)#control-plane R1(config-cp)# service-policy input POLICY-CoPP

How the community answered

(34 responses)
  • A
    3% (1)
  • B
    9% (3)
  • C
    82% (28)
  • D
    6% (2)

Why each option

Control Plane Policing (CoPP) protects the router CPU by defining a policy map for specific traffic and applying it to the control plane in the input direction.

AR1(config-pmap)#class CLASS-CoPP-Management

`class CLASS-CoPP-Management` is used within a policy-map definition, not as a standalone command to initiate the overall CoPP strategy.

BR1(config)#policy-map POLICY-CoPP

This option is identical to C, which is already selected as a correct answer in a 'choose two' scenario, indicating a redundancy in choices.

CR1(config)#policy-map POLICY-CoPPCorrect

This command initiates the creation or modification of a policy map, which is essential for defining the classification and policing actions for the specified traffic types (NTP, SNMP, SSH).

DR1(config)#control-plane R1(config-cp)# service-policy output POLICY-CoPP

Applying the service policy to the `output` of the control plane would rate-limit traffic originating from the router's CPU, not protect it from incoming malicious traffic.

ER1(config)#control-plane R1(config-cp)# service-policy input POLICY-CoPPCorrect

This command applies the defined `POLICY-CoPP` to the control plane in the input direction, ensuring that incoming management traffic destined for the router's CPU is policed according to the policy rules.

Concept tested: Control Plane Policing (CoPP) configuration

Source: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_cpp/configuration/15-mt/sec-data-cpp-15-mt-book/sec-data-cpp-concepts.html

Topics

#CoPP#control plane#rate limiting#CPU protection

Community Discussion

No community discussion yet for this question.

Full 350-401 Practice