Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertifications350-401TopicsACLs and CoPP
Free · No Signup RequiredCisco · 350-401

350-401 ACLs and CoPP Practice Questions

20+ practice questions focused on ACLs and CoPP — one of the most tested topics on the ENCOR 350-401 exam. Each question includes a detailed explanation so you learn why the right answer is correct.

Start ACLs and CoPP Practice

Exam Domains

ArchitectureEnterprise Network DesignSD-Access ArchitectureSD-WAN ArchitectureQoS ArchitectureVirtualizationNetwork Function VirtualizationAll domains →

Study Tools

Practice TestMock ExamFlashcardsAll Topics

Sample ACLs and CoPP Questions

Practice all 20+ →
1.

A network engineer is troubleshooting an issue where SSH access to a Cisco router from a specific management subnet (10.10.10.0/24) is intermittently failing. The router has a CoPP policy applied to the control plane. The engineer checks the CoPP statistics and sees that packets from the management subnet are being dropped by the control-plane service-policy. Which configuration change should the engineer make to allow SSH from the management subnet while still protecting the control plane?

A.Modify the CoPP ACL to include a permit statement for TCP port 22 from 10.10.10.0/24 before the deny statement.
B.Remove the deny statement from the CoPP ACL to allow all traffic.
C.Increase the police rate for the CoPP class that matches SSH traffic.
D.Remove the CoPP policy from the control plane and rely on interface ACLs.

Explanation: The correct answer adds an ACL entry to permit SSH from the management subnet before the deny statement, ensuring that SSH traffic is matched by the CoPP policy and not dropped. Option B is incorrect because removing the deny statement would leave the control plane unprotected. Option C is incorrect because increasing the police rate might not resolve the issue if the traffic is being dropped by an ACL deny. Option D is incorrect because removing the CoPP policy entirely removes all protection.

2.

An enterprise network uses a Cisco Catalyst 9300 switch as a distribution layer device. The network team notices that ICMP echo requests from a monitoring server (192.168.1.100) to the switch's management IP are being dropped intermittently. The switch has a CoPP policy that includes a class-map matching ICMP traffic. The engineer checks the CoPP statistics and sees that ICMP packets from the monitoring server are being dropped by the policy. What is the most likely cause of this issue?

A.The CoPP policy is policing ICMP traffic to a rate that is too low for the monitoring server's traffic.
B.An ACL applied to the management interface is blocking ICMP from the monitoring server.
C.The monitoring server is sending ICMP packets with a TTL of 1, causing them to be dropped.
D.The switch's CPU is overloaded, causing CoPP to drop all packets.

Explanation: The correct answer is that the CoPP policy is policing ICMP traffic to a rate that is too low for the monitoring server's traffic. Option B is incorrect because the ACL is not mentioned as blocking ICMP. Option C is incorrect because the monitoring server is not the source of the issue; it is the target. Option D is incorrect because the switch's CPU is not necessarily overloaded; the drops are due to CoPP policing.

3.

A network engineer is configuring CoPP on a Cisco ASR 1000 router to protect the control plane from excessive traffic. The engineer wants to allow BGP traffic from a specific peer (10.0.0.1) while rate-limiting all other BGP traffic. The engineer creates an ACL that permits TCP port 179 from host 10.0.0.1 and denies all other BGP traffic. The CoPP class-map matches this ACL. However, after applying the policy, BGP sessions from other peers are still being established. What is the most likely reason?

A.The ACL denies all other BGP traffic, so CoPP does not match it, and it falls through to the default class, which permits it.
B.The ACL is applied in the wrong order; the deny statement should be before the permit statement.
C.BGP uses UDP port 179, not TCP, so the ACL does not match BGP traffic.
D.CoPP does not affect BGP sessions because they are established before the policy is applied.

Explanation: The correct answer is that the ACL only matches traffic from the specific peer, but CoPP class-maps match traffic based on the ACL; if the ACL denies other BGP traffic, CoPP will not match it, and it will be processed by the default class, which may permit it. Option B is incorrect because the ACL order is not the issue. Option C is incorrect because BGP uses TCP port 179, not UDP. Option D is incorrect because CoPP does not affect routing protocol sessions directly; it only polices traffic to the control plane.

4.

A network engineer is troubleshooting a connectivity issue between two VLANs on a Cisco Catalyst 3850 switch. The switch has an ACL applied to VLAN 10 that permits traffic from VLAN 20 to VLAN 10, but denies all other traffic. Hosts in VLAN 20 can ping hosts in VLAN 10, but not vice versa. The engineer checks the ACL and finds that it is applied inbound on VLAN 10. What is the most likely cause of the issue?

A.The ACL is applied inbound on VLAN 10, so it only filters traffic entering VLAN 10, not traffic leaving VLAN 10.
B.The ACL is applied outbound on VLAN 10, so it filters traffic leaving VLAN 10, preventing replies.
C.The ACL is applied to the SVI for VLAN 10, but the hosts are in VLAN 10, so the ACL does not apply.
D.The ACL is blocking ICMP echo replies from VLAN 10 to VLAN 20.

Explanation: The correct answer is that the ACL is applied inbound on VLAN 10, so it filters traffic entering VLAN 10; traffic from VLAN 20 to VLAN 10 is permitted, but traffic from VLAN 10 to VLAN 20 is not affected by this ACL. Option B is incorrect because the ACL is applied inbound, not outbound. Option C is incorrect because the ACL is applied to the VLAN, not the SVI. Option D is incorrect because the ACL does not affect routing between VLANs; it only filters traffic.

5.

A network engineer is configuring CoPP on a Cisco Nexus 9000 switch to protect the control plane from a potential DoS attack. The engineer creates a class-map that matches traffic with a specific DSCP value (AF41) and applies a police rate of 10 Mbps. After applying the policy, the engineer notices that legitimate traffic with DSCP AF41 is being dropped even though the traffic rate is only 5 Mbps. What is the most likely cause?

A.The CoPP policy has a conform-action of drop, which drops all traffic matching the class.
B.The police rate is too low, and the traffic is being dropped due to exceeding the rate.
C.The DSCP value AF41 is not supported on Nexus switches.
D.The CoPP policy is applied to the wrong queue, causing all traffic to be dropped.

Explanation: The correct answer is that the CoPP policy is using a conform-action of drop, which drops all traffic that matches the class, regardless of rate. Option B is incorrect because the police rate is not exceeded. Option C is incorrect because DSCP AF41 is a valid value. Option D is incorrect because CoPP does not require a specific queue; it uses policing.

+15 more ACLs and CoPP questions available

Practice all ACLs and CoPP questions

How to master ACLs and CoPP for 350-401

1. Baseline your knowledge

Start with 10 questions to gauge your current understanding of ACLs and CoPP. This tells you whether you need a concept refresher or just practice.

2. Review every explanation

For each question — right or wrong — read the full explanation. Understanding why an answer is correct is more valuable than knowing the answer itself.

3. Focus on exam traps

ACLs and CoPP questions on the 350-401 frequently use trap wording. Look for subtle differences in answers that test your precision, not just general knowledge.

4. Reach 80% consistently

Do repeated sessions until you score 80%+ three times in a row. Then move to mixed-mode practice to test cross-topic recall under realistic conditions.

Frequently asked questions

How many 350-401 ACLs and CoPP questions are on the real exam?

The exact number varies per candidate. ACLs and CoPP is tested as part of the ENCOR 350-401 blueprint. Practicing with targeted ACLs and CoPP questions ensures you can handle any format or difficulty that appears.

Are these 350-401 ACLs and CoPP practice questions free?

Yes. Courseiva provides free 350-401 practice questions across all exam topics and domains. The platform includes topic-based practice, mock exams, missed-question review, bookmarked questions, and readiness tracking — no account required.

Is ACLs and CoPP one of the harder 350-401 topics?

Difficulty is subjective, but ACLs and CoPP is a high-priority exam concept tested in multiple ways — direct recall, scenario analysis, and command-output interpretation. Consistent practice is the best way to build confidence.

Ready to practice?

Launch a full ACLs and CoPP practice session with instant scoring and detailed explanations.

Start ACLs and CoPP Practice →

Topic Info

Topic

ACLs and CoPP

Exam

350-401

Questions available

20+