What features can protect the data plane?

– by 2

What features can protect the data plane? (Choose three.)
A. policing
B. ACLs
C. IPS
D. antispoofing
E. QoS
F. DHCP-snooping

cisco-exams

2 thoughts on “What features can protect the data plane?

  2. It’s BCD

    From Official Cert Guide, page 271:

    Best Practices for Protecting the Data Plane
    To secure the data plane, adhere to these best practices:
    ■ Block unwanted traffic at the router. If your corporate policy does not allow TFTP traffic, just implement ACLs that deny traffic that is not allowed. You can implement ACLs
    inbound or outbound on any Layer 3 interface on the router. With extended ACLs, which
    can match based on the source and/or destination address, placing the ACL closer to the
    source saves resources because it denies the packet before it consumes network bandwidth and before route lookups are done on a router that is filtering inbound rather than
    outbound. Filtering on protocols or traffic types known to be malicious is a good idea.
    ■ Reduce the chance of DoS attacks. Techniques such as TCP Intercept and firewall services
    can reduce the risk of SYN-flood attacks.
    ■ Reduce spoofing attacks. For example, you can filter (deny) packets trying to enter your
    network (from the outside) that claim to have a source IP address that is from your internal network.
    ■ Provide bandwidth management. Implementing rate-limiting on certain types of traffic
    can also reduce the risk of an attack (Internet Control Message Protocol [ICMP], for
    example, which would normally be used in small quantities for legitimate traffic).
    ■ When possible, use an IPS to inhibit the entry of malicious traffic into the network.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.