Why is it beneficial to tie bogon prefix filtering with RPKI validation?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Master RIPE BGP Security with our comprehensive test. Understand the Border Gateway Protocol, explore multiple choice questions, and get ready for your exam with detailed hints and explanations.

Multiple Choice

Why is it beneficial to tie bogon prefix filtering with RPKI validation?

Explanation:
Combining bogon filtering with RPKI validation creates layered defense by preventing routes that shouldn’t exist and routes that aren’t properly authorized from being accepted. Bogon filtering blocks prefixes that are unallocated or reserved, so traffic from those spaces never enters the router’s forwarding decisions. RPKI validation checks that a route’s origin is authorized to announce the prefix, using cryptographic ROAs and certificate data to reject misconfigurations or hijacks. Used together, they cover more risk: bogons guard against non-existent or mishandled address space, while RPKI guards against prefixes announced by the wrong or unauthorized origin. This reduces the chance that a bad route will be accepted, improving overall routing security. It applies to both IPv4 and IPv6, and it won’t slow networks to an unreasonable degree when implemented with sensible policies. The other options don’t fit because they either claim no benefit or misstate scope (only IPv6) or impact on performance, which isn’t accurate.

Combining bogon filtering with RPKI validation creates layered defense by preventing routes that shouldn’t exist and routes that aren’t properly authorized from being accepted. Bogon filtering blocks prefixes that are unallocated or reserved, so traffic from those spaces never enters the router’s forwarding decisions. RPKI validation checks that a route’s origin is authorized to announce the prefix, using cryptographic ROAs and certificate data to reject misconfigurations or hijacks.

Used together, they cover more risk: bogons guard against non-existent or mishandled address space, while RPKI guards against prefixes announced by the wrong or unauthorized origin. This reduces the chance that a bad route will be accepted, improving overall routing security. It applies to both IPv4 and IPv6, and it won’t slow networks to an unreasonable degree when implemented with sensible policies.

The other options don’t fit because they either claim no benefit or misstate scope (only IPv6) or impact on performance, which isn’t accurate.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy