Exam 350-401 topic 1 question 520 discussion

The right answer is D

Correct answer is D

Right answer is D , but even D is wrong because POLICING a CoPP means #police 1000000 conform-action transmit EXCEED-ACTION DROP or violate-action DROP without the last part of the command this CoPP does nothing . There is NO IMPLIED DROP of traffic , you need to specify it .

The Answer says option A, but B is the correct one. The COPP policy is applied inbound and class map is matched on "Match Any".

Correct answer is D

this question is Tricky, the requirement is telnet and ssh conrol, but you use or telnet or ssh so you need mach-any

D is correct

It is D. Control Plane Policing (CoPP) is configured to control traffic entering the router, so the service-policy should be applied to the input direction. So, think out option A and B. Option C is incorrect because the class-map "class-telnet-ssh" has not been defined, only "class-telnet" and "class-ssh" have been configured. Therefore, the policy will not have any effect on the router. Hence, the correct answer is option D, which makes sense in the configuration.

Answer D CSR01(config)#ip access-list extended 100 CSR01(config-ext-nacl)#10 permit tcp any any eq telnet CSR01(config-ext-nacl)#ip access-list extended 101 CSR01(config-ext-nacl)#10 permit tcp any any eq 22 CSR01(config-ext-nacl)#exit CSR01(config)#class-map match-any class-control CSR01(config-cmap)#match access-group 100 CSR01(config-cmap)#match access-group 101 CSR01(config-cmap)#exit CSR01(config)#policy-map CoPP CSR01(config-pmap)#class class-control CSR01(config-pmap-c)#police 1000000 conform-action transmit CSR01(config-pmap-c-police)#exit CSR01(config-pmap-c)#exit CSR01(config-pmap)#exit CSR01(config)#control-plane CSR01(config-cp)#service-policy input CoPP CSR01(config-cp)#^Z CSR01# CSR01#show policy-map CoPP Policy Map CoPP Class class-control police cir 1000000 bc 31250 conform-action transmit exceed-action drop CSR01#

The right answer is D

D is the correct answer folks.

Answer is D R8(config)#class-map type ? control Configure a control policy class-map inspect Configure Firewall Class Map Inspect is to configure firewall class map R8(config)#class-map ? WORD class-map name match-all Logical-AND all matching statements under this classmap match-any Logical-OR all matching statements under this classmap https://community.cisco.com/t5/switching/class-map-match-all-or-match-any-exact-difference/td-p/783620 match-all (Optional) Matches all match criteria in the class map. match-any (Optional) Matches one or more match criteria.

Definitely D

class map type-inspect is used in Zone Based firewall config for IOS. D is the answer.

Don't know why i can't choose the answer here, but it is D for sure.

D is the right answer

if u select A, the warning XXX type inspect is not allowed in policy-map copp of type default; if u select D, match-any means OR not AND The B sounds better, because match-all means logical AND