350-401 · Question #845
An engineer must configure and validate a CoPP policy that allows the network management server to monitor router R1 via SNMP while protecting the control plane. Which two commands or command sets mus
The correct answer is D. access-list 150 permit udp 10.0.1.4 0.0.0.0 host 10.0.1.2 eq snmp E. show policy-map control-plane. To configure a CoPP policy allowing SNMP and then validate its application, an access-list must be defined to permit SNMP traffic, and the show policy-map control-plane command must be used to verify the policy.
Question
An engineer must configure and validate a CoPP policy that allows the network management server to monitor router R1 via SNMP while protecting the control plane. Which two commands or command sets must be used? (Choose two.)
Exhibits
Options
- Aaccess-list 150 permit udp 10.0.1.4 0.0.0.0 host 10.0.1.2 eq snmp
- Bshow ip interface brief
- Cshow quality-of-service-profile
- Daccess-list 150 permit udp 10.0.1.4 0.0.0.0 host 10.0.1.2 eq snmp
- Eshow policy-map control-plane
How the community answered
(43 responses)- A5% (2)
- B12% (5)
- C19% (8)
- D65% (28)
Why each option
To configure a CoPP policy allowing SNMP and then validate its application, an access-list must be defined to permit SNMP traffic, and the `show policy-map control-plane` command must be used to verify the policy.
This command is identical to D and only represents one of the two required command sets; it is not an additional distinct correct choice.
`show ip interface brief` displays IP interface status, which is not directly relevant to configuring or validating a CoPP policy.
`show quality-of-service-profile` displays QoS profiles but is not the specific command for validating the applied CoPP policy on the control plane.
This `access-list` command correctly defines a rule to permit UDP SNMP traffic from the NMS (10.0.1.4) to the router's control plane (10.0.1.2) for CoPP. E: The `show policy-map control-plane` command is used to display the configured Control Plane Policing (CoPP) policy details, including the policy-map applied to the control plane and its associated class-maps and match criteria, which is essential for validation.
Concept tested: CoPP configuration and validation (ACL and show command)
Source: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_cp_security/configuration/15-mt/sec-data-cp-security-15-mt-book/sec-control-plane-policing.html
Topics
Community Discussion
No community discussion yet for this question.

