CCDE: Cisco Certified Design Expert (Practical) — Question 20

Company XYZ wants to improve the security design of their network to include protection from reconnaissance and DoS attacks on their subinterfaces destined toward next hop routers. Which technology can be used to prevent these types of attacks?

Answer options

• A. DPP
• B. CPPr
• C. CoPP
• D. MPP

Correct answer: B

Explanation

The correct answer is CPPr (Control Plane Policing), which is specifically designed to protect the control plane from various types of attacks, including reconnaissance and DoS. DPP (Dynamic Packet Filtering), CoPP (Class-Based Policing), and MPP (Management Plane Protection) do not provide the same level of targeted protection for these specific attack vectors on subinterfaces.