300-410 · topic practice

Control Plane Policing (CoPP) practice questions

Practise Cisco CCNP ENARSI 300-410 Control Plane Policing (CoPP) practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Control Plane Policing (CoPP)

What the exam tests

What to know about Control Plane Policing (CoPP)

QoS questions usually test traffic classification (DSCP/CoS), queuing strategies, policing vs shaping and where each mechanism is applied.

DSCP and CoS marking and trust boundaries.

Queuing mechanisms: FIFO, WFQ, CBWFQ, LLQ.

Policing (drops excess) vs shaping (delays excess).

Where QoS is applied: ingress, egress, LAN, WAN.

Watch out for

Common Control Plane Policing (CoPP) exam traps

  • Policing drops traffic; shaping buffers it — they solve different problems.
  • DSCP EF (46) is for voice; AF classes are for data tiers.
  • QoS must be configured end-to-end to be effective.
  • CoS values are Layer 2; DSCP is Layer 3.

Practice set

Control Plane Policing (CoPP) questions

20 questions · select your answer, then reveal the explanation

Question 1hardmultiple choice
Open the full BGP breakdown →

A network engineer notices that BGP sessions between two directly connected routers are flapping every few minutes. The routers are running IOS-XE 17.3 and have CoPP enabled. The engineer checks the CoPP policy and sees a class-map matching BGP packets with a police rate of 8000 bps. The BGP session uses MD5 authentication and the routers exchange a full BGP table with 500,000 prefixes. What is the most likely cause of the BGP session flapping?

Question 2mediummultiple choice
Study the full ACL explanation →

A router experiences high CPU utilization due to SSH login attempts from an external attacker. The network engineer implements a CoPP policy to rate-limit SSH traffic to 10000 bps. After applying the policy, the engineer notices that legitimate SSH sessions from the management network are also being dropped intermittently. The CoPP policy uses a class-map that matches TCP port 22 traffic. What should the engineer do to fix this issue?

Question 3mediummultiple choice
Review the full OSPF breakdown →

An engineer applies a CoPP policy to a router to protect the control plane. The policy includes a class-map that matches all ICMP traffic and polices it to 5000 bps. After the policy is applied, the engineer notices that OSPF adjacencies are going down. The OSPF hello packets are not being received. What is the most likely cause?

Question 4mediummultiple choice
Study the full EIGRP explanation →

A router running EIGRP has a CoPP policy that includes a class-map matching EIGRP packets with a police rate of 2000 bps. The network engineer notices that EIGRP neighbor adjacencies are flapping. The EIGRP network has 100 routes. The engineer checks the CoPP statistics and sees that the EIGRP class has dropped 500 packets in the last hour. What is the most likely root cause?

Question 5hardmultiple choice
Study the full ACL explanation →

A network engineer configures CoPP on a router to limit PIM-SM control plane traffic. The policy includes a class-map matching PIM packets and polices them to 10000 bps. After the policy is applied, the engineer notices that multicast traffic is not being forwarded correctly, and PIM neighbors are not forming. The router is a PIM-SM rendezvous point (RP). What is the most likely issue?

Question 6mediummultiple choice
Study the full ACL explanation →

A router has a CoPP policy that includes a class-map matching all TCP traffic with a police rate of 5000 bps. The engineer notices that Telnet sessions to the router are timing out, but SSH sessions work fine. The router is configured to accept both Telnet and SSH. What is the most likely cause?

Question 7easymultiple choice
Study the full ACL explanation →

An engineer applies a CoPP policy to a router to protect the control plane from a DDoS attack. The policy includes a class-map matching UDP traffic to port 123 (NTP) and polices it to 1000 bps. After the policy is applied, the engineer notices that the router's clock is not synchronizing with its NTP server. The NTP server is reachable via ping. What is the most likely cause?

Question 8easymultiple choice
Study the full ACL explanation →

A router has a CoPP policy that includes a class-map matching all traffic from a specific source IP address (the management station) and polices it to 100000 bps. The engineer notices that SNMP polls from the management station are timing out. The SNMP traffic uses UDP port 161. The engineer checks the CoPP statistics and sees that the class for the management station has dropped packets. What is the most likely cause?

Question 9mediummultiple choice
Study the full ACL explanation →

A network engineer configures CoPP on a router to limit ICMP traffic to 5000 bps. After the policy is applied, the engineer notices that the router is not responding to ping requests from a remote network. However, the router can ping other devices successfully. The engineer checks the CoPP statistics and sees that the ICMP class has dropped packets. What is the most likely root cause?

Question 10mediummultiple choice
Study the full ACL explanation →

A network engineer runs the following command on Router R1:

R1# show policy-map control-plane

Control Plane

Service-policy input: CoPP-IN

Class-map: CoPP-ICMP (match-all) 0 packets, 0 bytes 5 minute offered rate 0000 bps, drop rate 0000 bps Match: access-group 100 police: cir 8000 bps, bc 1500 bytes, be 1500 bytes conformed 0 packets, 0 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop violated 0 packets, 0 bytes; actions: drop

Class-map: CoPP-SSH (match-all) 0 packets, 0 bytes 5 minute offered rate 0000 bps, drop rate 0000 bps Match: access-group 110 police: cir 16000 bps, bc 3000 bytes, be 3000 bytes conformed 0 packets, 0 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop violated 0 packets, 0 bytes; actions: drop

Class-map: class-default (match-any) 1250 packets, 75000 bytes 5 minute offered rate 1000 bps, drop rate 0000 bps Match: any

Based on this output, which statement is correct?

Question 11hardmultiple choice
Study the full ACL explanation →

A network engineer runs the following command on Router R1:

R1# show access-lists 100

Extended IP access list 100

10 permit icmp any any echo
    
20 permit icmp any any echo-reply
    
30 permit icmp any any time-exceeded
    
40 permit icmp any any unreachable

R1# show policy-map control-plane

Control Plane

Service-policy input: CoPP-IN

Class-map: CoPP-ICMP (match-all) 0 packets, 0 bytes 5 minute offered rate 0000 bps, drop rate 0000 bps Match: access-group 100 police: cir 8000 bps, bc 1500 bytes, be 1500 bytes conformed 0 packets, 0 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop violated 0 packets, 0 bytes; actions: drop

Based on this output, what is the most likely problem?

Question 12mediummultiple choice
Open the full BGP breakdown →

A network engineer runs the following command on Router R1:

R1# show policy-map control-plane

Control Plane

Service-policy input: CoPP-IN

Class-map: CoPP-BGP (match-all) 500 packets, 30000 bytes 5 minute offered rate 1000 bps, drop rate 500 bps Match: access-group 120 police: cir 8000 bps, bc 1500 bytes, be 1500 bytes conformed 300 packets, 18000 bytes; actions: transmit exceeded 100 packets, 6000 bytes; actions: drop violated 100 packets, 6000 bytes; actions: drop

Based on this output, which statement is correct?

Question 13hardmultiple choice
Study the full ACL explanation →

A network engineer runs the following command on Router R1:

R1# show policy-map control-plane

Control Plane

Service-policy input: CoPP-IN

Class-map: CoPP-SNMP (match-all) 0 packets, 0 bytes 5 minute offered rate 0000 bps, drop rate 0000 bps Match: access-group 130 police: cir 32000 bps, bc 6000 bytes, be 6000 bytes conformed 0 packets, 0 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop violated 0 packets, 0 bytes; actions: drop

R1# show access-lists 130

Extended IP access list 130

10 permit udp any any eq snmp
    
20 permit udp any any eq snmptrap

Based on this output, what is the most likely reason that no packets are matching the CoPP-SNMP class?

Question 14easymultiple choice
Review the full OSPF breakdown →

A network engineer runs the following command on Router R1:

R1# show policy-map control-plane

Control Plane

Service-policy input: CoPP-IN

Class-map: CoPP-OSPF (match-all) 1000 packets, 60000 bytes 5 minute offered rate 2000 bps, drop rate 0000 bps Match: access-group 140 police: cir 64000 bps, bc 12000 bytes, be 12000 bytes conformed 1000 packets, 60000 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop violated 0 packets, 0 bytes; actions: drop

Based on this output, which statement is correct?

Question 15mediummultiple choice
Study the full ACL explanation →

A network engineer runs the following command on Router R1:

R1# show policy-map control-plane

Control Plane

Service-policy input: CoPP-IN

Class-map: CoPP-DEFAULT (match-any) 5000 packets, 300000 bytes 5 minute offered rate 4000 bps, drop rate 2000 bps Match: any police: cir 32000 bps, bc 6000 bytes, be 6000 bytes conformed 3000 packets, 180000 bytes; actions: transmit exceeded 1000 packets, 60000 bytes; actions: drop violated 1000 packets, 60000 bytes; actions: drop

Based on this output, what is the most likely impact on the router?

Question 16mediummultiple choice
Study the full EIGRP explanation →

A network engineer runs the following command on Router R1:

R1# show policy-map control-plane

Control Plane

Service-policy input: CoPP-IN

Class-map: CoPP-EIGRP (match-all) 200 packets, 12000 bytes 5 minute offered rate 1000 bps, drop rate 0000 bps Match: access-group 150 police: cir 16000 bps, bc 3000 bytes, be 3000 bytes conformed 200 packets, 12000 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop violated 0 packets, 0 bytes; actions: drop

R1# show ip eigrp neighbors

EIGRP-IPv4 neighbors for process 100 H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 0 10.1.1.2 Gi0/0 13 00:10:00 1 200 0 5

Based on this output, which statement is correct?

Question 17hardmultiple choice
Open the full BGP breakdown →

A network engineer runs the following command on Router R1:

R1# show policy-map control-plane

Control Plane

Service-policy input: CoPP-IN

Class-map: CoPP-BGP (match-all) 0 packets, 0 bytes 5 minute offered rate 0000 bps, drop rate 0000 bps Match: access-group 120 police: cir 32000 bps, bc 6000 bytes, be 6000 bytes conformed 0 packets, 0 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop violated 0 packets, 0 bytes; actions: drop

R1# show ip bgp summary

BGP router identifier 1.1.1.1, local AS number 100 BGP table version is 1, main routing table version 1

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
10.1.1.2        4          200      10      10        1    0    0 00:05:00        5

Based on this output, what is the most likely problem?

Question 18mediummultiple choice
Study the full ACL explanation →

A network engineer runs the following command on Router R1:

R1# show policy-map control-plane

Control Plane

Service-policy input: CoPP-IN

Class-map: CoPP-ICMP (match-all) 100 packets, 6000 bytes 5 minute offered rate 500 bps, drop rate 500 bps Match: access-group 100 police: cir 8000 bps, bc 1500 bytes, be 1500 bytes conformed 50 packets, 3000 bytes; actions: transmit exceeded 25 packets, 1500 bytes; actions: drop violated 25 packets, 1500 bytes; actions: drop

Based on this output, what is the most likely impact on the router?

Question 19mediummultiple choice
Study the full ACL explanation →

Examine the following CoPP configuration on a Cisco IOS-XE router:

!--- ACL to match traffic

access-list 100 permit tcp any any eq 22
access-list 
100 permit tcp any any eq 23
access-list 
100 permit icmp any any echo

! !--- Class-map class-map match-all COPP-MGMT match access-group 100 ! !--- Policy-map policy-map COPP-POLICY

class COPP-MGMT

police 8000 conform-action transmit exceed-action drop

class class-default

police 64000 conform-action transmit exceed-action drop ! !--- Apply to control-plane control-plane service-policy input COPP-POLICY

What is the effect of this configuration?

Question 20mediummultiple choice
Review the full OSPF breakdown →

Consider the following CoPP configuration:

class-map match-any COPP-ROUTING match protocol ospf match protocol eigrp match protocol bgp ! policy-map COPP-POLICY

class COPP-ROUTING

police 32000 conform-action transmit exceed-action drop

class class-default

police 64000 conform-action transmit exceed-action drop ! control-plane service-policy input COPP-POLICY

What is a potential issue with this configuration?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Control Plane Policing (CoPP) sessions

Start a Control Plane Policing (CoPP) only practice session

Every question in these sessions is drawn from the Control Plane Policing (CoPP) domain — nothing else.

Related practice questions

Related 300-410 topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the 300-410 exam test about Control Plane Policing (CoPP)?
QoS questions usually test traffic classification (DSCP/CoS), queuing strategies, policing vs shaping and where each mechanism is applied.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Control Plane Policing (CoPP) questions in a focused session?
Yes — the session launcher on this page draws every question from the Control Plane Policing (CoPP) domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other 300-410 topics?
Use the topic links above to move to related areas, or go back to the 300-410 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the 300-410 exam covers. They are not copied from any real exam or dump site.