ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 350-401 All Questions

View all questions & answers for the 350-401 exam
Go to Exam

Exam 350-401 topic 1 question 463 discussion

Actual exam question from Cisco's 350-401
Question #: 463
Topic #: 1
[All 350-401 Questions]


An engineer must configure and validate a CoPP policy that allows the network management server to monitor router R1 via SNMP while protecting the control plane. Which two commands or command sets must be used? (Choose two.)

  • A. access-list 150 permit udp 10.0.1.4 0.0.0.0 host 10.0.1.2 eq snmp access-list 150 permit udp 10.0.1.4 0.0.0.0 eq snmp host 10.0.1.2 class-map match-all CoPP-management match access-group 150 policy-map CoPP-policy class CoPP-management police 8000 conform-action transmit exceed-action transmit violate-action drop control-plane Service-policy input CoPP-policy
  • B. show ip interface brief
  • C. show quality-of-service-profile
  • D. access-list 150 permit udp 10.0.1.4 0.0.0.0 host 10.0.1.2 eq snmp class-map match-all CoPP-management match access-group 150 policy-map CoPP-policy class CoPP-management police 8000 conform-action transmit exceed-action transmit violate-action transmit control-plane Service-policy input CoPP-policy
  • E. show policy-map control-plane
Show Suggested Answer Hide Answer
Suggested Answer: AE 🗳️
by fernandocirino at Nov. 6, 2022, 9:55 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
dragonwise
Highly Voted 1 year, 9 months ago
A. access-list 150 permit udp 10.0.1.4 0.0.0.0 host 10.0.1.2 eq snmp access-list 150 permit udp 10.0.1.4 0.0.0.0 eq snmp host 10.0.1.2 class-map match-all CoPP-management match access-group 150 policy-map CoPP-policy class CoPP-management police 8000 conform-action transmit exceed-action transmit violate-action drop control-plane Service-policy input CoPP-policy B. show ip interface brief C. show quality-of-service-profile D. access-list 150 permit udp 10.0.1.4 0.0.0.0 host 10.0.1.2 eq snmp class-map match-all CoPP-management match access-group 150 policy-map CoPP-policy class CoPP-management police 8000 conform-action transmit exceed-action transmit violate-action transmit control-plane Service-policy input CoPP-policy E. show policy-map control-plane
upvoted 14 times
...
markymark874
Highly Voted 2 years ago
Selected Answer: AE
Since question says needs to protect, so A is the answer. It has violate-action drop.
upvoted 6 times
...
[Removed]
Most Recent 7 months, 3 weeks ago
Selected Answer: AE
i will go with A and E D doesn't protect anything, all the actions are set to Transmit, no drop action
upvoted 3 times
...
Rose66
1 year, 12 months ago
Selected Answer: AE
A has "It has violate-action drop"
upvoted 5 times
...
forccnp
2 years ago
Selected Answer: DE
It should be D and E
upvoted 3 times
a197cbf
6 months, 2 weeks ago
D does not have any protections for the control plane. Conform action = transmit Exceed action = transmit violate action = transmit No matter what, all traffic will be transmitted to the control plane, which doesn't protect it. A does at least have a violate-action = drop, so that's more protection than D gives.
upvoted 2 times
...
...
PS5
2 years, 1 month ago
SNMP is management plane so surely it should be D and E ??
upvoted 1 times
Feliphus
2 years, 1 month ago
I think is D and E as well A option has this ACL 150: access-list 150 permit udp 10.0.1.4 0.0.0.0 host 10.0.1.2 eq snmp access-list 150 permit udp 10.0.1.4 0.0.0.0 eq snmp host 10.0.1.2 But D option only: access-list 150 permit udp 10.0.1.4 0.0.0.0 host 10.0.1.2 eq snmp A option has a violation-action drop, but D option has a violation-action transmit the SNMP traffic will be never dropped
upvoted 1 times
rmonteroherrera
1 year, 4 months ago
So, ACL would not be dropping traffic by its implicit deny? Would not the violate-action drop be applied only for the police 8000? Besides, Option A ACL second line does not make much of a sense having snmp polling permitted on to a server IMO.
upvoted 1 times
...
...
Wrad
2 years ago
But D only has "transmit" statements, so not much of a protection. E is only a show command and the question is for "must configure" so also not a perfect match, but maybe the best of the options.
upvoted 1 times
...
...
RexChen
2 years, 1 month ago
why not DE?
upvoted 1 times
Zizu007
2 years, 1 month ago
A - violation-action drop D - violation-action transmit
upvoted 3 times
...
...
fernandocirino
2 years, 2 months ago
Correct answer is A and E access-list 150 permit udp 10.0.1.4 0.0.0.0 host 10.0.1.2 eq snmp access-list 150 permit udp 10.0.1.4 0.0.0.0 eq snmp host 10.0.1.2 class-map match-all CoPP-management match access-group 150 ! ! policy-map CoPP-policy class CoPP-management police 8000 conform-action transmit exceed-action transmit violate-action drop ! control-plane service-policy input CoPP-policy
upvoted 3 times
Claudiu1
10 months, 4 weeks ago
agree, but I can;t help but wonder why "access-list 150 permit udp 10.0.1.4 0.0.0.0 eq snmp host 10.0.1.2" is here. Why would 10.0.1.4 send traffic sourced with port 161
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago