ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 300-410 All Questions

View all questions & answers for the 300-410 exam
Go to Exam

Exam 300-410 topic 1 question 384 discussion

Actual exam question from Cisco's 300-410
Question #: 384
Topic #: 1
[All 300-410 Questions]

The network administrator configured the router for Control Plane Policing so that inbound SSH traffic is policed to 500 kbps. This policy must apply to traffic coming in from 10.10.10.0/24 and 192.168.10.0/24 networks.

access-list 100 permit ip 10.10.10.0 0.0.0.255 any
access-list 100 permit tcp 192.168.10.0 0.0.0.255 any eq 23
!
class-map CLASS-SSH
match access-group 100
!
policy-map PM-COPP
class CLASS-SSH
police 500000 conform-action transmit
!
interface E0/0
service-policy input PM-COPP
!
interface E0/1
service-policy input PM-COPP

The Control Plane Policing is not applied to SSH traffic and SSH is open to use any bandwidth available. Which configuration resolves this issue?

  • A. no access-list 100
    access-list 100 permit tcp 10.10.10.0 0.0.0.255 any eq 22
    access-list 100 permit tcp 192.168.10.0 0.0.0.255 any eq 22
  • B. interface E0/0
    no service-policy input PM-COPP
    !
    interface E0/1
    no service-policy input PM-COPP
    !
    control-plane
    service-policy input PM-COPP
  • C. no access-list 100
    access-list 100 permit tcp 10.10.10.0 0.0.0.255 any eq 22
    access-list 100 permit tcp 192.168.10.0 0.0.0.255 any eq 22
    !
    policy-map PM-COPP
    class CLASS-SSH
    no police 500000 conform-action transmit
    police 500000 conform-action transmit exceed-action drop
  • D. no access-list 100
    access-list 100 permit tcp 10.10.10.0 0.0.0.255 any eq 22
    access-list 100 permit tcp 192.168.10.0 0.0.0.255 any eq 22
    !
    interface E0/0
    no service-policy input PM-COPP
    !
    interface E0/1
    no service-policy input PM-COPP
    !
    control-plane
    service-policy input PM-COPP
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by ellen_AA at Jan. 26, 2023, 3:29 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
HungarianDish_111
Highly Voted 1 year, 7 months ago
Selected Answer: D
Answer "C" does not apply the policy correctly. This important part is missing from "C": control-plane service-policy input PM-COPP For me, "D" is the closest solution as all other options are totally wrong. However, "D" does not limit SSH traffic to desired CIR because the drop action is missing (from the exceed or violate parameters.)
upvoted 9 times
ALEXD99
3 days, 9 hours ago
Indeed it is added by default in newer iOS versions: policy-map CLAss-SSH class class police 500000 conform-action transmit do sh policy-map Policy Map CLAss-SSH Class class police cir 500000 bc 15625 conform-action transmit exceed-action drop
upvoted 1 times
...
...
ellen_AA
Highly Voted 1 year, 10 months ago
Selected Answer: D
D is correct!
upvoted 5 times
...
[Removed]
Most Recent 4 months, 2 weeks ago
Selected Answer: D
D is correct
upvoted 1 times
...
XBfoundX
4 months, 3 weeks ago
I'm fine with C. They are saying "Which configuration resolves this issue?" means that you do not have to put all the config but the configuration that's gonna fix this. First of all we need to adjuist the ACL and everyone is fine with that. What D is not doing is the exceed-action drop. If you choose D you are saying if the burst is 500kbps send it but that's it, you are not doing nothing more. In the Cisco documentation as always is not clear is the conform action command will transmit also packets that are more than the burst of traffic specified. But if the command exceeded-action drop exists there is a why right? So I think that C is more appropriate as a policing configuration. The service-policy command already exists. Without it
upvoted 1 times
...
[Removed]
4 months, 3 weeks ago
Selected Answer: D
D is correct
upvoted 1 times
...
inteldarvid
1 year, 5 months ago
Selected Answer: D
D is correct :)
upvoted 2 times
...
6dd4aa0
1 year, 8 months ago
Selected Answer: C
SSH traffic needs to be configured such that the CIR must be policed with certain rate. In this way, SSH traffic can be controlled by the service-policy. Hence, the answer is C
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago