What features can protect the data plane? (Choose three.)
A . policing
B . ACLs
C . IPS
D . antispoofing
E . QoS
F . DHCP-snooping
Answer: B,D,F
Explanation:
+ Block unwanted traffic at the router. If your corporate policy does not allow TFTP traffic, just implement ACLs that deny traffic that is not allowed.
+ Reduce spoofing attacks. For example, you can filter (deny) packets trying to enter your network (from the outside) that claim to have a source IP address that is from your internal network.
+ Dynamic Host Configuration Protocol (DHCP) snooping to prevent a rogue DHCP server from handing out incorrect default gateway information and to protect a DHCP server from a starvation attack
Source: Cisco Official Certification Guide, Best Practices for Protecting the Data Plane ,
p.271
Leave a Reply