Which statement describes the effect of strict inbound/outbound filtering in defensive routing?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Master RIPE BGP Security with our comprehensive test. Understand the Border Gateway Protocol, explore multiple choice questions, and get ready for your exam with detailed hints and explanations.

Multiple Choice

Which statement describes the effect of strict inbound/outbound filtering in defensive routing?

Explanation:
Strict inbound/outbound filtering focuses on validating and controlling what routes you both learn and advertise, as a core defense for BGP. On inbound filtering, the router checks each received update against policy: is the prefix allowed, is the origin valid, does the AS path look correct, and does ROA/RPKI validation pass? If a route fails, it’s dropped instead of being installed in the routing table. This directly prevents hijacked, leaked, or misconfigured routes from taking hold. On outbound filtering, the router enforces what it exposes to peers. It only advertises routes that meet policy—dropping announcements for internal prefixes, ensuring prefixes aren’t leaked to the wrong neighbors, and applying AS-path and ROA-based restrictions. This reduces the chance that bad or sensitive route information propagates beyond its intended scope. Taken together, strict filtering ensures that the routing system accepts only legitimate routes and shares only appropriate routes, which is the essence of defensive routing. It doesn’t block all BGP sessions, nor does it disable RPKI (it uses validation information rather than removing it), and it isn’t intended to increase instability—if anything, it helps stabilize routing by removing invalid data.

Strict inbound/outbound filtering focuses on validating and controlling what routes you both learn and advertise, as a core defense for BGP. On inbound filtering, the router checks each received update against policy: is the prefix allowed, is the origin valid, does the AS path look correct, and does ROA/RPKI validation pass? If a route fails, it’s dropped instead of being installed in the routing table. This directly prevents hijacked, leaked, or misconfigured routes from taking hold.

On outbound filtering, the router enforces what it exposes to peers. It only advertises routes that meet policy—dropping announcements for internal prefixes, ensuring prefixes aren’t leaked to the wrong neighbors, and applying AS-path and ROA-based restrictions. This reduces the chance that bad or sensitive route information propagates beyond its intended scope.

Taken together, strict filtering ensures that the routing system accepts only legitimate routes and shares only appropriate routes, which is the essence of defensive routing. It doesn’t block all BGP sessions, nor does it disable RPKI (it uses validation information rather than removing it), and it isn’t intended to increase instability—if anything, it helps stabilize routing by removing invalid data.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy