The enterprise network WAN link has been receiving several denial of service attacks from both IPv4 and IPv6 sources. Which three elements can you use to identify an IPv6 packet via its header, in order to filter future attacks? (Choose three.)
A. Traffic Class
B. Source address
C. Flow Label
D. Hop Limit
E. Destination Address
F. Fragment Offset
YES
No, The question is basically asks what headers of IPv6 are different from IPv4.
Read the questions carefully!
So its is most definitively A C D.
because those headers are IPv6 only.
YES
the ipv6 header also has the source and destination addresses in it…. All the answers are in the ipv6 header. The question is asking which fields can be filtered on the WAN interface.
R1(config)#ipv6 access-list outbound
R1(config-ipv6-acl)#deny a::a/32 a::a/32 ? <— source and destination
dscp Match packets with given dscp value
flow-label Flow label <— flow label
fragments Check non-initial fragments
log Log matches against this entry
log-input Log matches against this entry, including input
routing Routing header
sequence Sequence number for this entry
time-range Specify a time-range
undetermined-transport Transport cannot be determined or is missing
I believe the answer is BCE
A C D , they are only in IPV6 header
Answer is : BCE
References :
https://www.ietf.org/proceedings/53/I-D/draft-ietf-ipv6-flow-label-00.txt
https://books.google.co.in/books?id=U15GP4BX1_IC&pg=PA196&lpg=PA196&dq=Packet+classifiers+use+the+triplet+of+Ipv6&source=bl&ots=PSjHcjV0ph&sig=05PhLCB8JfQM_Q9llLjIuCkC9R0&hl=en&sa=X&ved=2ahUKEwiDspqHx_TdAhVMQI8KHRotDL4Q6AEwBHoECAYQAQ#v=onepage&q=Packet%20classifiers%20use%20the%20triplet%20of%20Ipv6&f=false
No answer here is right ACD
BCE
http://www.infosectoday.com/Articles/Basic_IPv6_Security_Considerations.htm