I just got a message from my friend, he took exam in last week and got H2+, he said with me in section 4.1, Cisco was asked as below:
Configure the network as per the following requirements:
Protect R17s control-plane from TTL expiry attacks so that match IP packets with a TTL of 0 or 1 are dropped before the CPU processes them.
Legit packets include expected control protocols running on the link.
Not allowed to configure deny statement.
Any I deal about this situation? Please share.