CCDE: Cisco Certified Design Expert (Practical) — Question 96

Company XYZ must design a strategy to protect their routers from DoS attacks such as traffic destined to the router's own route processor, using separate control plane categories. Which two capabilities can be used to achieve this requirement? (Choose two.)

Answer options

• A. Control Plane Protection using queue thresholding on the transit subinterface
• B. Control Plane Protection using queue thresholding on the host subinterface
• C. Control Plane Protection using port filtering on the host subinterface
• D. Control Plane Protection using port filtering on the transit subinterface
• E. Control Plane Protection using port filtering on the main interface

Correct answer: B, C

Explanation

The correct answers, B and C, implement Control Plane Protection on the host subinterface, which is effective against DoS attacks targeting the control plane. Options A and D focus on the transit subinterface, which does not directly protect the route processor, while option E is not specific enough to address the control plane's vulnerabilities.