ROA coverage: what should you do if a necessary prefix is not covered?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Master RIPE BGP Security with our comprehensive test. Understand the Border Gateway Protocol, explore multiple choice questions, and get ready for your exam with detailed hints and explanations.

Multiple Choice

ROA coverage: what should you do if a necessary prefix is not covered?

Explanation:
ROA coverage defines which origin ASes are authorized to announce a given prefix through signed ROA records. If a needed prefix isn’t covered, the proper move is to extend the ROA so that that prefix is explicitly included with the correct origin ASN and an appropriate maxLength. This keeps legitimate routes verifiable and prevents them from being treated as non-authentic. If updating the ROA isn’t possible right away, applying a policy for unknown origins can be a temporary fallback to maintain reachability, but it comes with security trade-offs and should be resolved by updating the ROA. Deleting all ROAs would remove the protective layer entirely, which isn’t desirable. ROAs apply to both IPv4 and IPv6, and changes after deployment are normal as networks evolve.

ROA coverage defines which origin ASes are authorized to announce a given prefix through signed ROA records. If a needed prefix isn’t covered, the proper move is to extend the ROA so that that prefix is explicitly included with the correct origin ASN and an appropriate maxLength. This keeps legitimate routes verifiable and prevents them from being treated as non-authentic. If updating the ROA isn’t possible right away, applying a policy for unknown origins can be a temporary fallback to maintain reachability, but it comes with security trade-offs and should be resolved by updating the ROA. Deleting all ROAs would remove the protective layer entirely, which isn’t desirable. ROAs apply to both IPv4 and IPv6, and changes after deployment are normal as networks evolve.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy