A could be correct if the wording is "to the switch" rather than "to a switch", strict CoPP default settings for Nexus 9k is 3000pps with a committed burst of 32
A large image upload is more probable to generate that level of traffic.
15 SSH session would mean an average of 200pps per session, and they simply mention that the session remain connected, if there are no inputs in them they have 0pps and even a full config push would probably not require 200 packets total.
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/6-x/security/configuration/guide/b_Cisco_Nexus_9000_Series_NX-OS_Security_Configuration_Guide/b_Cisco_Nexus_9000_Series_NX-OS_Security_Configuration_Guide_chapter_010001.html
class copp-system-p-class-management
set cos 2
police cir 3000 pps bc 32 packets conform transmit violate drop
I've changed my mind...Correct is A : If system images must be uploaded to the switch, use either the out-of-band management port (mgmt0) or use the USB ports for the fastest transfer. ( https://www.cisco.com/c/en/us/support/docs/quality-of-service-qos/control-plane-policing/217946-verify-control-plane-policing-violations.html )
strict CoPP policy is most likely to drop packets during a DDoS attack (option D) as it aims to prevent the switch from becoming overloaded by excessive traffic.
My Bet is a A if the transfer is going to the local switch copp may drop
The most common behaviors or drops associated with this class include:
-Transfer files with FTP, SCP, SFTP, TFTP protocols on the switch. The most common behavior seen is an attempt to transfer system/kickstart boot images by in-band
management ports. This can lead to higher transfer times and closed/terminated transmission sessions determined by the aggregate bandwidth for the class.
They also mention SSH traffic but I am not sure 15 sessions can generate that much traffic .
https://www.cisco.com/c/en/us/support/docs/quality-of-service-qos/control-plane-policing/217946-verify-control-plane-policing-violations.html
Its A.
Remember COPP is CONTROL Plane.
There are 3: Data - Control - Mgmt.
Data = User , traffic Transiting the switch - going through the switch
Mgmt -- Device Management
therefore, Control Plane - Image Copied to the Switch. That would be the only logical answer as this impacts the Control Plane, Not management and not User Data .
A
What about C? a ping sweep to a subnet connected through the switch might cause a lot of arp traffic which are considered redirected packets, which are handled by the supervisor - from the book:
○ Redirected packets: Packets that are redirected to the supervisor module. Features such as Dynamic Host Configuration Protocol (DHCP) snooping or dynamic Address Resolution Protocol (ARP) inspection redirect some packets to the supervisor module.
Tricky one, not sure which is right, but not D for sure. CoPP relates to a CPU DoS to the switch not to a web page behind the switch. A file transfer (even a nx-os image) does not affect the control plane (CPU), several ssh sessions to the switch with no Copp protection can affect the CPU, but 15 sessions looks to be a small amount.
SSH session is also sent to the switch IP address.
Both A and B are the Management Plane traffic which is redirected by Control Plane by inband interface.
What is CoPP system profile?
Control plane policing (CoPP) classifies and then rate-limits traffic being sent to the CPU of a switch. The rate limits are enforced by policing, which will drop traffic that exceeds the defined rate. ... System access via SSH or HTTP & SNMP management traffic are also handled by the system CPU
A ping sweep could also theoretically trigger CoPP drops in case of an SVI and e.g. several HSRP groups in a subnet, depending on the amount of packets sent by the sweeper as ICMP is assigned to the "copp-system-p-class-monitoring", which only allows 75 pps with a burst of 128.
I keep re-reading the question... answer is definitely A.
"excessive traffic to the supervisor module could overload and slow down the performance of the entire Cisco NX-OS device. For example, a DoS attack on the supervisor module could generate IP traffic streams to the control plane at a very high rate, forcing the control plane to spend a large amount of time in handling these packets and preventing the control plane from processing genuine traffic."
15 SSH sessions can hardly be considered "excessive"
Agree about this because strict CoPP protect protocol packet as a safe go and drop other packets passing through switch like webserver on DDoS attack
Because questions is asking which are drops
D is correct.
Page 834 DCCOR 350-601Official Cert Guide
When you bring up your Cisco NX-OS device for the first time, the Cisco NX-OS software
installs the default copp-system-p-policy-strict policy to protect the supervisor module from DoS attacks
This might be B.
CoPP handles traffic TO the device, not THROUGH it. B is the only one that meets that criteria.
upvoted 4 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
JS8
Highly Voted 4 years, 4 months agobizzar7774
Most Recent 2 weeks, 2 days agobizzar7774
4 days, 3 hours ago75e983c
7 months agoasd248402
9 months, 1 week agonaleenh
9 months, 3 weeks agoHuberttheman
1 year, 6 months agoCamaro1
1 year, 7 months agoGuyThatTakesDumps
2 years, 3 months agomauchi
2 years, 8 months agomendieta
2 years, 7 months agomendieta
2 years, 9 months agomendieta
2 years, 7 months agocamelw
11 months, 1 week agoSamanmal2020
2 years, 9 months agoSmoothey
2 years, 10 months agoRTL_dude
2 years, 10 months agoMaxG
3 years, 4 months agomanirul
2 years, 8 months agocrosillo30
3 years, 4 months agomasq
3 years, 2 months agoAllenT
4 years, 6 months ago