Implementing and Operating Cisco Data Center Core Technologies (DCCOR) — Question 513

An engineer must implement protection against ICMP DoS attacks on a Cisco Nexus 9000 Series Switch. The requirement is to rate-limit ICMP without denying all other ICMP traffic. The ICMP traffic currently passing through the Cisco Nexus 9000 device must not be affected. Which configuration accomplishes these goals?

Answer options

• A. Reconfigure the Layer 3 interfaces to be in the non-default VRF and ICMP broadcast storm control.
• B. Create an access list deny ICMP traffic and apply it to all interfaces in the inside direction.
• C. Apply a control plane service policy that matches all ICMP traffic to drop the traffic that exceeds the threshold.
• D. Configure SNMP traps to send the ICMP notification if the CPU utilization is more than 90%.

Correct answer: C

Explanation

The correct answer is C because applying a control plane service policy allows for rate-limiting ICMP traffic while still permitting other ICMP packets to pass through. Option A does not directly address rate-limiting ICMP, while option B would block ICMP traffic entirely, which is not desired. Option D is unrelated to rate-limiting ICMP and focuses on CPU utilization instead.