350-501 Question #366: Real Exam Question with Answer & Explanation

The correct answer is A: router(config)# interface gigabitethernet0/1. To implement URPF in loose mode on the GigabitEthernet0/1 interface for malicious traffic mitigation, the engineer must configure ip verify unicast reverse-path allow-default.

Networking

Question

A network operator working for a private outsourcing company with an employee id: 4261:72:778 needs to limit the malicious traffic on their network. Which configuration must the engineer use to implement URPF loose mode on the GigabitEthernet0/1 interface?

Options

Arouter(config)# interface gigabitethernet0/1
Brouter(config)# interface gigabitethernet0/1
Crouter(config)# interface gigabitethernet0/1
Drouter(config)# interface gigabitethernet0/1

Explanation

To implement URPF in loose mode on the GigabitEthernet0/1 interface for malicious traffic mitigation, the engineer must configure ip verify unicast reverse-path allow-default.

Common mistakes.

B. The command ip verify unicast reverse-path without the allow-default keyword enables URPF in strict mode, which only allows packets if the incoming interface is the best reverse path to the source, failing to meet the loose mode requirement.
C. The command ip verify source-address reverse-path is syntactically incorrect; the correct command is ip verify unicast reverse-path.
D. The command ip verify unicast reverse-path disable explicitly disables URPF, which directly contradicts the requirement to implement URPF loose mode.

Concept tested. URPF loose mode configuration

Reference. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_urpf/configuration/xe-16/sec-data-urpf-xe-16-book/sd-urpf-config.html

Topics

#URPF#Network Security#Interface Configuration

Community Discussion

No community discussion yet for this question.

Full 350-501 Practice Browse All 350-501 Questions