Cisco
352-001 · Question #514
352-001 Question #514: Real Exam Question with Answer & Explanation
The correct answer is A: CPP protects the control plane from reconnaissance and or denial-of-service attacks. Control Plane Policing (CoPP) is designed to protect the router CPU and control plane from being overwhelmed by reconnaissance or denial-of-service attack traffic.
Question
What is a design application of control plane policing?
Options
- ACPP protects the control plane from reconnaissance and or denial-of-service attacks
- CCPP protects the forwarding plane by allowing legitimate traffic and dropping excessive traffic
- DCPP drop malformed packet that are sent to the CPU
Explanation
Control Plane Policing (CoPP) is designed to protect the router CPU and control plane from being overwhelmed by reconnaissance or denial-of-service attack traffic.
Common mistakes.
- C. CoPP operates on traffic directed to the control plane (route processor), not on through-traffic in the forwarding plane - policing legitimate versus excessive transit traffic is handled by data plane QoS features like MQC or CBWFQ applied to interfaces.
- D. Dropping malformed packets sent to the CPU is a secondary behavior of CoPP, not its primary design application - the fundamental purpose is protecting the control plane from reconnaissance and DoS attacks, not malformed packet filtering.
Concept tested. Control Plane Policing CoPP DoS protection design
Community Discussion
No community discussion yet for this question.