300-410 Practice Questions
30 questions from this objective
A network engineer runs the following command on Router R1:
R1# show policy-map control-plane
Control Plane
Service-policy input: CoPP-IN
Class-map: CoPP-ICMP (match-all) 0 packets, 0 bytes 5 minute offered rate 0000 bps, drop rate 0000 bps Match: access-group 100 police: cir 8000 bps, bc 1500 bytes, be 1500 bytes conformed 0 packets, 0 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop violated 0 packets, 0 bytes; actions: drop
Class-map: CoPP-SSH (match-all) 0 packets, 0 bytes 5 minute offered rate 0000 bps, drop rate 0000 bps Match: access-group 110 police: cir 16000 bps, bc 3000 bytes, be 3000 bytes conformed 0 packets, 0 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop violated 0 packets, 0 bytes; actions: drop
Class-map: class-default (match-any) 1250 packets, 75000 bytes 5 minute offered rate 1000 bps, drop rate 0000 bps Match: any
Based on this output, which statement is correct?
A network engineer runs the following command on Router R1:
R1# show access-lists 100
Extended IP access list 100
10 permit icmp any any echo
20 permit icmp any any echo-reply
30 permit icmp any any time-exceeded
40 permit icmp any any unreachable
R1# show policy-map control-planeControl Plane
Service-policy input: CoPP-IN
Class-map: CoPP-ICMP (match-all) 0 packets, 0 bytes 5 minute offered rate 0000 bps, drop rate 0000 bps Match: access-group 100 police: cir 8000 bps, bc 1500 bytes, be 1500 bytes conformed 0 packets, 0 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop violated 0 packets, 0 bytes; actions: drop
Based on this output, what is the most likely problem?
A network engineer runs the following command on Router R1:
R1# show policy-map control-plane
Control Plane
Service-policy input: CoPP-IN
Class-map: CoPP-BGP (match-all) 500 packets, 30000 bytes 5 minute offered rate 1000 bps, drop rate 500 bps Match: access-group 120 police: cir 8000 bps, bc 1500 bytes, be 1500 bytes conformed 300 packets, 18000 bytes; actions: transmit exceeded 100 packets, 6000 bytes; actions: drop violated 100 packets, 6000 bytes; actions: drop
Based on this output, which statement is correct?
A network engineer runs the following command on Router R1:
R1# show policy-map control-plane
Control Plane
Service-policy input: CoPP-IN
Class-map: CoPP-SNMP (match-all) 0 packets, 0 bytes 5 minute offered rate 0000 bps, drop rate 0000 bps Match: access-group 130 police: cir 32000 bps, bc 6000 bytes, be 6000 bytes conformed 0 packets, 0 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop violated 0 packets, 0 bytes; actions: drop
R1# show access-lists 130
Extended IP access list 130
10 permit udp any any eq snmp
20 permit udp any any eq snmptrapBased on this output, what is the most likely reason that no packets are matching the CoPP-SNMP class?
A network engineer runs the following command on Router R1:
R1# show policy-map control-plane
Control Plane
Service-policy input: CoPP-IN
Class-map: CoPP-OSPF (match-all) 1000 packets, 60000 bytes 5 minute offered rate 2000 bps, drop rate 0000 bps Match: access-group 140 police: cir 64000 bps, bc 12000 bytes, be 12000 bytes conformed 1000 packets, 60000 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop violated 0 packets, 0 bytes; actions: drop
Based on this output, which statement is correct?
A network engineer runs the following command on Router R1:
R1# show policy-map control-plane
Control Plane
Service-policy input: CoPP-IN
Class-map: CoPP-DEFAULT (match-any) 5000 packets, 300000 bytes 5 minute offered rate 4000 bps, drop rate 2000 bps Match: any police: cir 32000 bps, bc 6000 bytes, be 6000 bytes conformed 3000 packets, 180000 bytes; actions: transmit exceeded 1000 packets, 60000 bytes; actions: drop violated 1000 packets, 60000 bytes; actions: drop
Based on this output, what is the most likely impact on the router?
A network engineer runs the following command on Router R1:
R1# show policy-map control-plane
Control Plane
Service-policy input: CoPP-IN
Class-map: CoPP-EIGRP (match-all) 200 packets, 12000 bytes 5 minute offered rate 1000 bps, drop rate 0000 bps Match: access-group 150 police: cir 16000 bps, bc 3000 bytes, be 3000 bytes conformed 200 packets, 12000 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop violated 0 packets, 0 bytes; actions: drop
R1# show ip eigrp neighbors
EIGRP-IPv4 neighbors for process 100 H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 0 10.1.1.2 Gi0/0 13 00:10:00 1 200 0 5
Based on this output, which statement is correct?
A network engineer runs the following command on Router R1:
R1# show policy-map control-plane
Control Plane
Service-policy input: CoPP-IN
Class-map: CoPP-BGP (match-all) 0 packets, 0 bytes 5 minute offered rate 0000 bps, drop rate 0000 bps Match: access-group 120 police: cir 32000 bps, bc 6000 bytes, be 6000 bytes conformed 0 packets, 0 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop violated 0 packets, 0 bytes; actions: drop
R1# show ip bgp summary
BGP router identifier 1.1.1.1, local AS number 100 BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.1.1.2 4 200 10 10 1 0 0 00:05:00 5
Based on this output, what is the most likely problem?
A network engineer runs the following command on Router R1:
R1# show policy-map control-plane
Control Plane
Service-policy input: CoPP-IN
Class-map: CoPP-ICMP (match-all) 100 packets, 6000 bytes 5 minute offered rate 500 bps, drop rate 500 bps Match: access-group 100 police: cir 8000 bps, bc 1500 bytes, be 1500 bytes conformed 50 packets, 3000 bytes; actions: transmit exceeded 25 packets, 1500 bytes; actions: drop violated 25 packets, 1500 bytes; actions: drop
Based on this output, what is the most likely impact on the router?
Examine the following CoPP configuration on a Cisco IOS-XE router:
!--- ACL to match traffic
access-list 100 permit tcp any any eq 22 access-list 100 permit tcp any any eq 23 access-list 100 permit icmp any any echo
! !--- Class-map class-map match-all COPP-MGMT match access-group 100 ! !--- Policy-map policy-map COPP-POLICY
class COPP-MGMT
police 8000 conform-action transmit exceed-action drop
class class-default
police 64000 conform-action transmit exceed-action drop ! !--- Apply to control-plane control-plane service-policy input COPP-POLICY
What is the effect of this configuration?
Consider the following CoPP configuration:
class-map match-any COPP-ROUTING match protocol ospf match protocol eigrp match protocol bgp ! policy-map COPP-POLICY
class COPP-ROUTING
police 32000 conform-action transmit exceed-action drop
class class-default
police 64000 conform-action transmit exceed-action drop ! control-plane service-policy input COPP-POLICY
What is a potential issue with this configuration?
Analyze the following partial configuration:
access-list 101 permit tcp any any eq 179 access-list 101 permit udp any any eq 646 access-list 101 permit ospf any any
! class-map match-all COPP-BGP match access-group 101 ! policy-map COPP-POLICY
class COPP-BGP
police 48000 conform-action transmit exceed-action drop
class class-default
police 128000 conform-action transmit exceed-action drop !
interface GigabitEthernet0/0 ip address 192.168.1.1 255.255.255.0
! control-plane service-policy input COPP-POLICY
Which statement is true?
Examine this CoPP configuration:
ip access-list extended COPP-ACL permit tcp any any eq 22 permit tcp any any eq
23
permit icmp any any echo
! class-map match-all COPP-CLASS match access-group name COPP-ACL ! policy-map COPP-POLICY
class COPP-CLASS
police 10000 1500 1500 conform-action transmit exceed-action drop violate-action drop
class class-default
police 64000 conform-action transmit exceed-action drop ! control-plane service-policy input COPP-POLICY
What is the effect of the police command in class COPP-CLASS?
Consider the following CoPP configuration:
access-list 150 permit tcp any any eq 179 access-list 150 permit udp any any eq 646
! class-map match-all COPP-CORE match access-group 150 ! policy-map COPP-POLICY
class COPP-CORE
police 64000 conform-action transmit exceed-action drop
class class-default
police 128000 conform-action transmit exceed-action drop ! control-plane service-policy input COPP-POLICY
What is missing from this configuration to also protect against ICMP-based control-plane attacks?
Examine this CoPP configuration:
ip access-list extended PROTECT-ACL permit tcp any any eq 22 permit tcp any any eq
23
permit tcp any any eq 179
! class-map match-all PROTECT-CLASS match access-group name PROTECT-ACL ! policy-map PROTECT-POLICY
class PROTECT-CLASS
police 16000 conform-action transmit exceed-action drop
class class-default
police 64000 conform-action transmit exceed-action drop ! control-plane service-policy input PROTECT-POLICY
What will happen to SSH traffic that exceeds 16000 bps?
More Control Plane Policing (CoPP) questions available in the full practice test.
Continue Practising →