Home » Cisco » 210-260 v.2 » What features can protect the data plane?
What features can protect the data plane? (Choose three.)
A. policing
B. ACLs
C. IPS
D. antispoofing
E. QoS
F. DHCP-snooping
Correct Answer: BDF
Explanation/Reference:
Explanation:
Data plane security can be implemented using the following features:
Access control lists
Access control lists (ACLs) perform packet filtering to control which packets move through the network and where.
Antispoofing
ACLs can be used as an antispoofing mechanism that discards traffic that has an invalid source address.
Layer 2 security features
Cisco Catalyst switches have integrated features to help secure the Layer 2 infrastructure.
Reference: http://www.ciscopress.com/articles/article.asp?p=1924983&seqNum=5
All answer is valid
http://www.ciscopress.com/articles/article.asp?p=1924983&seqNum=5
It’s BCD
From Official Cert Guide, page 271:
Best Practices for Protecting the Data Plane
To secure the data plane, adhere to these best practices:
■ Block unwanted traffic at the router. If your corporate policy does not allow TFTP traffic, just implement ACLs that deny traffic that is not allowed. You can implement ACLs
inbound or outbound on any Layer 3 interface on the router. With extended ACLs, which
can match based on the source and/or destination address, placing the ACL closer to the
source saves resources because it denies the packet before it consumes network bandwidth and before route lookups are done on a router that is filtering inbound rather than
outbound. Filtering on protocols or traffic types known to be malicious is a good idea.
■ Reduce the chance of DoS attacks. Techniques such as TCP Intercept and firewall services
can reduce the risk of SYN-flood attacks.
■ Reduce spoofing attacks. For example, you can filter (deny) packets trying to enter your
network (from the outside) that claim to have a source IP address that is from your internal network.
■ Provide bandwidth management. Implementing rate-limiting on certain types of traffic
can also reduce the risk of an attack (Internet Control Message Protocol [ICMP], for
example, which would normally be used in small quantities for legitimate traffic).
■ When possible, use an IPS to inhibit the entry of malicious traffic into the network.