Cisco
352-001 · Question #143
352-001 Question #143: Real Exam Question with Answer & Explanation
The correct answer is A: uRPF strict mode. uRPF strict mode verifies that the source address of an incoming packet is reachable via the exact interface it arrived on, which matches the requirement that all packets on an interface belong to that interface's subnet.
Question
The network administrator of a branch office network has decided to deploy Unicast RPF at the access layer. He insists that the design must guarantee that all the packets arriving on the router interfaces are assigned to the same interface subnet. Which mode of Unicast RPF would you recommend as the lead network designer?
Options
- AuRPF strict mode
- BuRPF loose mode
- CuRPF VRF mode
- DRPF feasible mode
Explanation
uRPF strict mode verifies that the source address of an incoming packet is reachable via the exact interface it arrived on, which matches the requirement that all packets on an interface belong to that interface's subnet.
Common mistakes.
- B. uRPF loose mode only checks that the source address appears anywhere in the routing table, so it does not enforce that the address belongs to the receiving interface's subnet.
- C. uRPF VRF mode is used to perform the reverse-path check within a specific VRF context and does not inherently enforce per-interface subnet assignment.
- D. RPF feasible mode (also called feasible-path or loose with allow-default) accepts packets as long as the source is reachable via any feasible path, which does not guarantee subnet-to-interface alignment.
Concept tested. uRPF strict mode for access-layer spoofing prevention
Community Discussion
No community discussion yet for this question.