Cisco
352-001 · Question #402
352-001 Question #402: Real Exam Question with Answer & Explanation
The correct answer is A: Internet-based attacks can affect VPN customers.. Hosting both Internet and VPN services on a single PE router creates a security risk and a single point of failure that simultaneously impacts both service types.
Question
Which two options are considered risks or concerns when both the Internet and VPN service functions are on the same PE router? (Choose two.)
Options
- AInternet-based attacks can affect VPN customers.
- BBGP cannot simultaneously run on the PE router that runs MPLS.
- CMP-BGP prefixes increase routers' global routing tables, which affects network convergence.
- DFailure on the PE router affects both VPN and Internet services.
- ECustomer performance can be affected by VPN traffic if Internet-based traffic is not prioritized on
Explanation
Hosting both Internet and VPN services on a single PE router creates a security risk and a single point of failure that simultaneously impacts both service types.
Common mistakes.
- B. BGP can run concurrently with MPLS on the same PE router; in fact, MP-BGP is a fundamental component of standard MPLS L3VPN design and routinely coexists on PE devices.
- C. In MPLS VPN architecture, MP-BGP VPN prefixes are stored in per-VRF routing tables, not the global routing table, so they do not inflate the global RIB or negatively affect convergence in the way described.
- E. The statement is logically reversed and misleadingly worded; while resource contention is a real concern, the primary documented risks of co-located Internet and VPN services are the security exposure and single point of failure captured by A and D.
Concept tested. MPLS PE router colocation risks for Internet and VPN
Community Discussion
No community discussion yet for this question.