What features can protect the data plane? (Choose three.)
A.
policing
B.
ACLs
C.
IPS
D.
antispoofing
E.
QoS
F.
DHCP-snooping
Explanation:
BD
+ Block unwanted traffic at the router. If your corporate policy does not allow TFTP traffic, just implement ACLs
that deny traffic that is not allowed.
+ Reduce spoofing attacks. For example, you can filter (deny) packets trying to enter your network (from the
outside) that claim to have a source IP address that is from your internal network.
+ Dynamic Host Configuration Protocol (DHCP) snooping to prevent a rogue DHCP server from handing outincorrect default gateway information and to protect a DHCP server from a starvation attack
Source: Cisco Official Certification Guide, Best Practices for Protecting the Data Plane , p.271
http://www.ciscopress.com/articles/article.asp?p=1924983&seqNum=5
The answer is correct. The link above confirms that