Which three items do you recommend for control plane hardening of an infrastructure device? (Choose three.)
A.
Routing protocol authentication
B.
SNMPv3
C.
Control Plane Policing
D.
Redundant AAA servers
E.
Warning banners
F.
To enable unused services
The Answer Is:
A, B, C
Want to know why?
Explanation:
Control plane hardening is a critical aspect of securing infrastructure devices. Recommended measures include:
A. Routing protocol authentication: Prevents unauthorized devices from injecting false routes by requiring secure key-based authentication (e.g., MD5 or SHA for OSPF/BGP).
B. SNMPv3: Provides secure management through authentication and encryption, preventing interception or modification of SNMP traffic.
C. Control Plane Policing (CoPP): Enforces rate limits and filtering for traffic directed to the device's CPU, protecting against DoS and control plane overloads.
Why other options are incorrect:
D. Redundant AAA servers support authentication resilience but are more about access control than direct control plane protection.
E. Warning banners are a legal and administrative best practice, not a technical control plane defense.
F. Enabling unused services is the opposite of best practices and increases the attack surface.
These control-plane protections are emphasized in CCDE v3.1 design guidance for resilient and secure infrastructure designs.
