Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

Certifications›300-410›Objectives›Control Plane Policing (CoPP)
Objective 304.0

Control Plane Policing (CoPP)

300-410 Practice Questions

Full Practice Test →All Objectives

300-410 Control Plane Policing (CoPP) — Practice Questions

30 questions from this objective

Question 2hardmultiple choice
Open the full BGP breakdown →

A network engineer notices that BGP sessions between two directly connected routers are flapping every few minutes. The routers are running IOS-XE 17.3 and have CoPP enabled. The engineer checks the CoPP policy and sees a class-map matching BGP packets with a police rate of 8000 bps. The BGP session uses MD5 authentication and the routers exchange a full BGP table with 500,000 prefixes. What is the most likely cause of the BGP session flapping?

Question 3mediummultiple choice
Study the full ACL explanation →

A router experiences high CPU utilization due to SSH login attempts from an external attacker. The network engineer implements a CoPP policy to rate-limit SSH traffic to 10000 bps. After applying the policy, the engineer notices that legitimate SSH sessions from the management network are also being dropped intermittently. The CoPP policy uses a class-map that matches TCP port 22 traffic. What should the engineer do to fix this issue?

Question 4mediummultiple choice
Review the full OSPF breakdown →

An engineer applies a CoPP policy to a router to protect the control plane. The policy includes a class-map that matches all ICMP traffic and polices it to 5000 bps. After the policy is applied, the engineer notices that OSPF adjacencies are going down. The OSPF hello packets are not being received. What is the most likely cause?

Question 5mediummultiple choice
Study the full EIGRP explanation →

A router running EIGRP has a CoPP policy that includes a class-map matching EIGRP packets with a police rate of 2000 bps. The network engineer notices that EIGRP neighbor adjacencies are flapping. The EIGRP network has 100 routes. The engineer checks the CoPP statistics and sees that the EIGRP class has dropped 500 packets in the last hour. What is the most likely root cause?

Question 6hardmultiple choice
Study the full ACL explanation →

A network engineer configures CoPP on a router to limit PIM-SM control plane traffic. The policy includes a class-map matching PIM packets and polices them to 10000 bps. After the policy is applied, the engineer notices that multicast traffic is not being forwarded correctly, and PIM neighbors are not forming. The router is a PIM-SM rendezvous point (RP). What is the most likely issue?

Question 7mediummultiple choice
Study the full ACL explanation →

A router has a CoPP policy that includes a class-map matching all TCP traffic with a police rate of 5000 bps. The engineer notices that Telnet sessions to the router are timing out, but SSH sessions work fine. The router is configured to accept both Telnet and SSH. What is the most likely cause?

Question 8easymultiple choice
Study the full ACL explanation →

An engineer applies a CoPP policy to a router to protect the control plane from a DDoS attack. The policy includes a class-map matching UDP traffic to port 123 (NTP) and polices it to 1000 bps. After the policy is applied, the engineer notices that the router's clock is not synchronizing with its NTP server. The NTP server is reachable via ping. What is the most likely cause?

Question 9easymultiple choice
Study the full ACL explanation →

A router has a CoPP policy that includes a class-map matching all traffic from a specific source IP address (the management station) and polices it to 100000 bps. The engineer notices that SNMP polls from the management station are timing out. The SNMP traffic uses UDP port 161. The engineer checks the CoPP statistics and sees that the class for the management station has dropped packets. What is the most likely cause?

Question 10mediummultiple choice
Study the full ACL explanation →

A network engineer configures CoPP on a router to limit ICMP traffic to 5000 bps. After the policy is applied, the engineer notices that the router is not responding to ping requests from a remote network. However, the router can ping other devices successfully. The engineer checks the CoPP statistics and sees that the ICMP class has dropped packets. What is the most likely root cause?

Question 11mediummultiple choice
Study the full ACL explanation →

A network engineer runs the following command on Router R1:

R1# show policy-map control-plane

Control Plane

Service-policy input: CoPP-IN

Class-map: CoPP-ICMP (match-all) 0 packets, 0 bytes 5 minute offered rate 0000 bps, drop rate 0000 bps Match: access-group 100 police: cir 8000 bps, bc 1500 bytes, be 1500 bytes conformed 0 packets, 0 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop violated 0 packets, 0 bytes; actions: drop

Class-map: CoPP-SSH (match-all) 0 packets, 0 bytes 5 minute offered rate 0000 bps, drop rate 0000 bps Match: access-group 110 police: cir 16000 bps, bc 3000 bytes, be 3000 bytes conformed 0 packets, 0 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop violated 0 packets, 0 bytes; actions: drop

Class-map: class-default (match-any) 1250 packets, 75000 bytes 5 minute offered rate 1000 bps, drop rate 0000 bps Match: any

Based on this output, which statement is correct?

Question 12hardmultiple choice
Study the full ACL explanation →

A network engineer runs the following command on Router R1:

R1# show access-lists 100

Extended IP access list 100

10 permit icmp any any echo
    
20 permit icmp any any echo-reply
    
30 permit icmp any any time-exceeded
    
40 permit icmp any any unreachable

R1# show policy-map control-plane

Control Plane

Service-policy input: CoPP-IN

Class-map: CoPP-ICMP (match-all) 0 packets, 0 bytes 5 minute offered rate 0000 bps, drop rate 0000 bps Match: access-group 100 police: cir 8000 bps, bc 1500 bytes, be 1500 bytes conformed 0 packets, 0 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop violated 0 packets, 0 bytes; actions: drop

Based on this output, what is the most likely problem?

Question 13mediummultiple choice
Open the full BGP breakdown →

A network engineer runs the following command on Router R1:

R1# show policy-map control-plane

Control Plane

Service-policy input: CoPP-IN

Class-map: CoPP-BGP (match-all) 500 packets, 30000 bytes 5 minute offered rate 1000 bps, drop rate 500 bps Match: access-group 120 police: cir 8000 bps, bc 1500 bytes, be 1500 bytes conformed 300 packets, 18000 bytes; actions: transmit exceeded 100 packets, 6000 bytes; actions: drop violated 100 packets, 6000 bytes; actions: drop

Based on this output, which statement is correct?

Question 14hardmultiple choice
Study the full ACL explanation →

A network engineer runs the following command on Router R1:

R1# show policy-map control-plane

Control Plane

Service-policy input: CoPP-IN

Class-map: CoPP-SNMP (match-all) 0 packets, 0 bytes 5 minute offered rate 0000 bps, drop rate 0000 bps Match: access-group 130 police: cir 32000 bps, bc 6000 bytes, be 6000 bytes conformed 0 packets, 0 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop violated 0 packets, 0 bytes; actions: drop

R1# show access-lists 130

Extended IP access list 130

10 permit udp any any eq snmp
    
20 permit udp any any eq snmptrap

Based on this output, what is the most likely reason that no packets are matching the CoPP-SNMP class?

Question 15easymultiple choice
Review the full OSPF breakdown →

A network engineer runs the following command on Router R1:

R1# show policy-map control-plane

Control Plane

Service-policy input: CoPP-IN

Class-map: CoPP-OSPF (match-all) 1000 packets, 60000 bytes 5 minute offered rate 2000 bps, drop rate 0000 bps Match: access-group 140 police: cir 64000 bps, bc 12000 bytes, be 12000 bytes conformed 1000 packets, 60000 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop violated 0 packets, 0 bytes; actions: drop

Based on this output, which statement is correct?

Question 16mediummultiple choice
Study the full ACL explanation →

A network engineer runs the following command on Router R1:

R1# show policy-map control-plane

Control Plane

Service-policy input: CoPP-IN

Class-map: CoPP-DEFAULT (match-any) 5000 packets, 300000 bytes 5 minute offered rate 4000 bps, drop rate 2000 bps Match: any police: cir 32000 bps, bc 6000 bytes, be 6000 bytes conformed 3000 packets, 180000 bytes; actions: transmit exceeded 1000 packets, 60000 bytes; actions: drop violated 1000 packets, 60000 bytes; actions: drop

Based on this output, what is the most likely impact on the router?

Question 17mediummultiple choice
Study the full EIGRP explanation →

A network engineer runs the following command on Router R1:

R1# show policy-map control-plane

Control Plane

Service-policy input: CoPP-IN

Class-map: CoPP-EIGRP (match-all) 200 packets, 12000 bytes 5 minute offered rate 1000 bps, drop rate 0000 bps Match: access-group 150 police: cir 16000 bps, bc 3000 bytes, be 3000 bytes conformed 200 packets, 12000 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop violated 0 packets, 0 bytes; actions: drop

R1# show ip eigrp neighbors

EIGRP-IPv4 neighbors for process 100 H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 0 10.1.1.2 Gi0/0 13 00:10:00 1 200 0 5

Based on this output, which statement is correct?

Question 18hardmultiple choice
Open the full BGP breakdown →

A network engineer runs the following command on Router R1:

R1# show policy-map control-plane

Control Plane

Service-policy input: CoPP-IN

Class-map: CoPP-BGP (match-all) 0 packets, 0 bytes 5 minute offered rate 0000 bps, drop rate 0000 bps Match: access-group 120 police: cir 32000 bps, bc 6000 bytes, be 6000 bytes conformed 0 packets, 0 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop violated 0 packets, 0 bytes; actions: drop

R1# show ip bgp summary

BGP router identifier 1.1.1.1, local AS number 100 BGP table version is 1, main routing table version 1

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
10.1.1.2        4          200      10      10        1    0    0 00:05:00        5

Based on this output, what is the most likely problem?

Question 19mediummultiple choice
Study the full ACL explanation →

A network engineer runs the following command on Router R1:

R1# show policy-map control-plane

Control Plane

Service-policy input: CoPP-IN

Class-map: CoPP-ICMP (match-all) 100 packets, 6000 bytes 5 minute offered rate 500 bps, drop rate 500 bps Match: access-group 100 police: cir 8000 bps, bc 1500 bytes, be 1500 bytes conformed 50 packets, 3000 bytes; actions: transmit exceeded 25 packets, 1500 bytes; actions: drop violated 25 packets, 1500 bytes; actions: drop

Based on this output, what is the most likely impact on the router?

Question 20mediummultiple choice
Study the full ACL explanation →

Examine the following CoPP configuration on a Cisco IOS-XE router:

!--- ACL to match traffic

access-list 100 permit tcp any any eq 22
access-list 
100 permit tcp any any eq 23
access-list 
100 permit icmp any any echo

! !--- Class-map class-map match-all COPP-MGMT match access-group 100 ! !--- Policy-map policy-map COPP-POLICY

class COPP-MGMT

police 8000 conform-action transmit exceed-action drop

class class-default

police 64000 conform-action transmit exceed-action drop ! !--- Apply to control-plane control-plane service-policy input COPP-POLICY

What is the effect of this configuration?

Question 21mediummultiple choice
Review the full OSPF breakdown →

Consider the following CoPP configuration:

class-map match-any COPP-ROUTING match protocol ospf match protocol eigrp match protocol bgp ! policy-map COPP-POLICY

class COPP-ROUTING

police 32000 conform-action transmit exceed-action drop

class class-default

police 64000 conform-action transmit exceed-action drop ! control-plane service-policy input COPP-POLICY

What is a potential issue with this configuration?

Question 22mediummultiple choice
Review the full OSPF breakdown →

Analyze the following partial configuration:

access-list 101 permit tcp any any eq 179
access-list 
101 permit udp any any eq 646
access-list 
101 permit ospf any any

! class-map match-all COPP-BGP match access-group 101 ! policy-map COPP-POLICY

class COPP-BGP

police 48000 conform-action transmit exceed-action drop

class class-default

police 128000 conform-action transmit exceed-action drop !

interface GigabitEthernet0/0
 ip address 192.168.1.1 255.255.255.0

! control-plane service-policy input COPP-POLICY

Which statement is true?

Question 23mediummultiple choice
Study the full ACL explanation →

Examine this CoPP configuration:

ip access-list extended COPP-ACL
 permit tcp any any eq 22
 permit tcp any any eq

23

permit icmp any any echo

! class-map match-all COPP-CLASS match access-group name COPP-ACL ! policy-map COPP-POLICY

class COPP-CLASS

police 10000 1500 1500 conform-action transmit exceed-action drop violate-action drop

class class-default

police 64000 conform-action transmit exceed-action drop ! control-plane service-policy input COPP-POLICY

What is the effect of the police command in class COPP-CLASS?

Question 24mediummultiple choice
Study the full ACL explanation →

Consider the following CoPP configuration:

access-list 150 permit tcp any any eq 179
access-list 
150 permit udp any any eq 646

! class-map match-all COPP-CORE match access-group 150 ! policy-map COPP-POLICY

class COPP-CORE

police 64000 conform-action transmit exceed-action drop

class class-default

police 128000 conform-action transmit exceed-action drop ! control-plane service-policy input COPP-POLICY

What is missing from this configuration to also protect against ICMP-based control-plane attacks?

Question 25mediummultiple choice
Study the full ACL explanation →

Examine this CoPP configuration:

ip access-list extended PROTECT-ACL
 permit tcp any any eq 22
 permit tcp any any eq

23

permit tcp any any eq 179

! class-map match-all PROTECT-CLASS match access-group name PROTECT-ACL ! policy-map PROTECT-POLICY

class PROTECT-CLASS

police 16000 conform-action transmit exceed-action drop

class class-default

police 64000 conform-action transmit exceed-action drop ! control-plane service-policy input PROTECT-POLICY

What will happen to SSH traffic that exceeds 16000 bps?

Question 26easymultiple choice
Study the full ACL explanation →

What is the default CoPP policy on a Cisco IOS-XE router if no service-policy is applied to the control-plane?

Question 27easymultiple choice
Full question →

Which of the following is NOT a valid match criterion for a class-map used in Control Plane Policing?

Question 28mediummultiple choice
Study the full ACL explanation →

In a CoPP policy, what is the effect of the 'violate-action' parameter in the police command?

Question 29mediummulti select
Study the full ACL explanation →

Which TWO commands verify the operational status and packet statistics of a Control Plane Policing (CoPP) policy on a Cisco IOS-XE device? (Choose TWO.)

Question 30mediummulti select
Study the full ACL explanation →

Which TWO statements about Control Plane Policing (CoPP) are true? (Choose TWO.)

Question 31hardmulti select
Study the full ACL explanation →

Which TWO configuration steps are required to implement Control Plane Policing (CoPP) on a Cisco IOS-XE router? (Choose TWO.)

More Control Plane Policing (CoPP) questions available in the full practice test.

Continue Practising →
←

Previous objective

IPv6 Traffic Filtering and uRPF

Next objective

IPv6 First Hop Security

→

All 300-410 Objectives

  • 100.Layer 3 Technologies35%
  • 101.EIGRP Troubleshooting
  • 102.OSPF Troubleshooting (v2/v3)
  • 103.BGP Troubleshooting
  • 104.Route Redistribution
  • 105.Policy-Based Routing (PBR)
  • 106.VRF-Lite
  • 107.Route Maps and Route Filtering
  • 108.Administrative Distance
  • 109.Route Summarization
  • 110.Bidirectional Forwarding Detection (BFD)
  • 200.VPN Technologies20%
  • 201.MPLS Operations
  • 202.MPLS L3VPN
  • 203.DMVPN
  • 204.IPsec Site-to-Site VPN
  • 205.IPv6 Tunneling Techniques
  • 300.Infrastructure Security20%
  • 301.Device Access Control
  • 302.IPv4 Access Control Lists
  • 303.IPv6 Traffic Filtering and uRPF
  • 304.Control Plane Policing (CoPP)
  • 305.IPv6 First Hop Security
  • 400.Infrastructure Services25%
  • 401.Device Management
  • 402.SNMP Troubleshooting
  • 403.Network Logging and Syslog
  • 404.Embedded Event Manager (EEM)
  • 405.IP SLA
  • 406.NetFlow and Flexible NetFlow
  • 407.SPAN, RSPAN, and ERSPAN
  • 408.DHCP (IPv4 and IPv6)
  • 409.NAT and PAT