CCNP Secure FAQ Implementing and Configuring Cisco IOS Control Plane Security


CCNP Secure FAQ Implementing and Configuring Cisco IOS Control Plane Security

Q1. The central processing unit of each device is tasked to not do which of these?
A. Process fast-path data plane traffic
B. Process control plane traffic
C. Process management plane traffic
D. Process slow-path data plane traffic

Answer: A

Q2. The route processor is divided into which of the following parts?
A. Distributed switch engine
B. Management plane
C. Central switch engine
D. Control plane

Answer: C and D

Q3. The purpose of a slow-path denial of service attack is to force packets to be what?
A. Distributed switched
B. Process switched
C. Routed
D. Switched

Answer: B

Q4. When using Control Plane Policing, the two types of policing types include which of the following?
A. Distributed control plane services
B. Summarized control plane services
C. Processed control plane services
D. Aggregate control plane services

Answer: A and D

Q5. Which of the following traffic is classified as always destined for the control plane?
A. Data traffic packets
B. Routing protocol control packets
C. Management protocol packets
D. Marked QoS packets

Answer: B and C

Q6. When using Control Plane Protection, which of the following subinterfaces are not used to further refine control plane security?
A. Control plane host subinterface
B. Control plane transmit subinterface
C. Control plane CEF-exception subinterface
D. Control plane transit subinterface

Answer: B

Q7. Which of the following features were added with Control Plane Protection?
A. Port filtering
B. Queue thresholding
C. Protocol filtering
D. Port thresholding

Answer: A and B

Q8. Which of the CPPr features provide the ability to early-drop specific packets before they get to the process level?
A. Queue thresholding
B. Packet filtering
C. Protocol filtering
D. Port filtering

Answer: D

Q9. What security mechanism works by creating a hash that is then transmitted to verify authenticity?
A. MD4
C. MD5

Answer: C

Q10. Which of the following steps is not used by the MQC to create and deploy a traffic policy?
A. Creation of a class map
B. Application of a class map
C. Creation of a policy map
D. Application of a policy map

Answer: B

Q11. The control plane includes the group of processes that are run at the _____ level and control most high-level control IOS functions.

Answer: process

Q12. The _____ is responsible for the high-speed routing of packets that typically come from nondistributed interfaces.

Answer: central switch engine

Q13. _____ control plane services are considered first, and then the conditioned traffic is passed through to _____ control plane services.

Answer: Distributed, aggregated

Q14. Output control plane services are applied after the packet exits the control plane and are only available with _____ control plane services.

Answer: aggregate

Q15. _____ allows the control plane to be considered like a separate entity with its own input and output interface.

Answer: Control Plane Policing

Q16. With Control Plane Protection, the control plane interface is split into four pieces, an _____ and _____.

Answer: aggregate, three subinterfaces

Q17. The _____ receives all control plane IP traffic that is directed at one of the device’s interfaces.

Answer: control plane host subinterface

Q18. The _____ feature enhances Control Plane Protection by providing a mechanism for Climiting the number of matched protocol packets allowed at the process level.

Answer: queue-thresholding

Q19. _____ works by creating a one-way hash out of a shared secret and sending this hash between source and destination.

Answer: MD5

Q20. A _____ is essentially an electronic repository of keys and their respective shared secret and validity schedules.

Answer: key chain

More Resources

About the author


Leave a Comment