Syslog, SNMP, and Netflow

Question 1

What is the default port used by Syslog?
a) TCP 514
b) UDP 514
c) TCP 162
d) UDP 162

Answer 1

Answer: b) UDP 514

Question 2

Which Syslog severity level indicates a critical condition that requires immediate attention?
a) 0 (Emergency)
b) 2 (Critical)
c) 3 (Error)
d) 5 (Notice)

Answer 2

Answer: b) 2 (Critical)

Question 3

What is the highest severity level in Syslog?
a) 0 (Emergency)
b) 1 (Alert)
c) 7 (Debug)
d) 6 (Informational)

Answer 3

Answer: a) 0 (Emergency)

Question 4

Which command enables Syslog logging on a Cisco router?
a) logging on
b) logging host <IP>
c) logging trap <level>
d) All of the above
Answer: d) All of the above</level></IP>

Answer 4

Answer: d) All of the above

Question 5

What does Syslog facility level 16 (local0) typically represent?
a) Kernel messages
b) User-level messages
c) Locally defined logs
d) Mail system logs

Answer 5

Answer: c) Locally defined logs

Question 6

Which Syslog severity level is used for normal but significant events?
a) 5 (Notice)
b) 6 (Informational)
c) 4 (Warning)
d) 7 (Debug)

Answer 6

Answer: a) 5 (Notice)

Question 7

What is the purpose of the logging synchronous command?
a) Synchronizes logs across multiple devices
b) Prevents console messages from interrupting commands
c) Enables secure Syslog with TLS
d) Sets Syslog timestamps

Answer 7

Answer: b) Prevents console messages from interrupting commands

Question 8

Which command configures a router to send Syslog messages to a server at 192.168.1.100?
a) logging 192.168.1.100
b) logging host 192.168.1.100
c) syslog server 192.168.1.100
d) log-server 192.168.1.100

Answer 8

Answer: b) logging host 192.168.1.100

Question 9

Which Syslog severity level is used for debug-level messages?
a) 7
b) 6
c) 5
d) 4

Answer 9

Answer: a) 7

Question 10

What is the purpose of the service timestamps log datetime command?
a) Adds timestamps to Syslog messages
b) Synchronizes time with an NTP server
c) Enables logging of date and time for debug messages
d) Both a and c

Answer 10

Answer: d) Both a and c

Question 11

Which of the following is NOT a valid Syslog facility?
a) auth
b) cron
c) ospf
d) syslog

Answer 11

Answer: c) ospf

Question 12

What happens if a Syslog server is unreachable?
a) Logs are stored locally in a buffer
b) Logs are discarded
c) The router stops functioning
d) Logs are sent via email

Answer 12

Answer: b) Logs are discarded (unless buffered)

Question 13

Which command limits Syslog messages to only level 4 (Warnings) and higher?
a) logging trap 4
b) logging level 4
c) logging severity 4
d) logging filter 4

Answer 13

Answer: a) logging trap 4

Question 14

Which protocol does Syslog typically use for transport?
a) TCP
b) UDP
c) Both TCP and UDP
d) ICMP

Answer 14

Answer: b) UDP

Question 15

What is the purpose of the logging buffered command?
a) Stores logs in NVRAM
b) Sends logs to a buffer in RAM
c) Forwards logs to a Syslog server
d) Encrypts log messages

Answer 15

Answer: b) Sends logs to a buffer in RAM

Question 16

What is the default port for SNMP traps?
a) UDP 161
b) UDP 162
c) TCP 161
d) TCP 162

Answer 16

Answer: b) UDP 162

Question 17

Which SNMP version provides encryption and authentication?
a) SNMPv1
b) SNMPv2c
c) SNMPv3
d) All of the above

Answer 17

Answer: c) SNMPv3

Question 18

What is an SNMP OID?
a) A unique identifier for managed devices
b) A numeric identifier for a specific variable in the MIB
c) A password for SNMP access
d) A type of SNMP trap

Answer 18

Answer: b) A numeric identifier for a specific variable in the MIB

Question 19

Which SNMP operation allows an agent to send unsolicited alerts?
a) GET
b) SET
c) TRAP
d) WALK

Answer 19

Answer: c) TRAP

Question 20

What is the community string in SNMPv2c used for?
a) Encryption
b) Authentication
c) Compression
d) Error checking

Answer 20

Answer: b) Authentication

Question 21

Which command enables SNMPv2c with a read-only community string “public”?
a) snmp-server community public ro
b) snmp-server public ro
c) snmp enable community public
d) snmp ro community public

Answer 21

Answer: a) snmp-server community public ro

Question 22

Which MIB contains system information such as device uptime?
a) IF-MIB
b) IP-MIB
c) SNMPv2-MIB
d) CISCO-SMI

Answer 22

Answer: c) SNMPv2-MIB

Question 23

What is the purpose of the snmp-server host command?
a) Configures an SNMP manager IP
b) Defines where traps/informs are sent
c) Enables SNMP on an interface
d) Sets the SNMP read-write community

Answer 23

Answer: b) Defines where traps/informs are sent

Question 24

Which SNMP version uses a community string for authentication?
a) SNMPv1
b) SNMPv2c
c) SNMPv3
d) Both a and b

Answer 24

Answer: d) Both a and b

Question 25

What is the difference between SNMP traps and informs? a) Traps are unacknowledged, informs are acknowledged b) Informs use TCP, traps use UDP c) Traps are secure, informs are not d) Informs are only in SNMPv1

Answer 25

Answer: a) Traps are unacknowledged, informs are acknowledged

Question 26

Which SNMP operation modifies MIB variables? a) GET b) GETNEXT c) SET d) TRAP

Answer 26

Answer: c) SET

Question 27

What is the purpose of the snmp-server enable traps command? a) Enables all SNMP traps b) Disables all SNMP traps c) Enables specific SNMP traps d) Configures SNMP polling

Answer 27

Answer: c) Enables specific SNMP traps

Question 28

Which SNMP security model provides message integrity and encryption? a) NoAuthNoPriv b) AuthNoPriv c) AuthPriv d) Community-based

Answer 28

Answer: c) AuthPriv

Question 29

What is the default SNMP port for polling? a) UDP 161 b) UDP 162 c) TCP 161 d) TCP 162

Answer 29

Answer: a) UDP 161

Question 30

Which command configures an SNMPv3 user with authentication and encryption? a) snmp-server user admin auth sha password priv aes 256 key b) snmp-server user admin auth md5 password priv des key c) snmpv3 user admin auth sha password priv aes 128 key d) snmp enable user admin auth sha password priv aes key

Answer 30

Answer: b) snmp-server user admin auth md5 password priv des key

Question 31

What is the purpose of the snmp-server location command? a) Sets the device’s physical location in the MIB b) Configures SNMP server IP c) Enables SNMP on a specific interface d) Defines SNMP trap destinations

Answer 31

Answer: a) Sets the device’s physical location in the MIB

Question 32

Which SNMP PDU type is used for a response to a GET request? a) GET-RESPONSE b) RESPONSE c) REPLY d) GET-REPLY

Answer 32

Answer: a) GET-RESPONSE

Question 33

What does the snmp-server contact command do? a) Sets the administrator contact information in the MIB b) Configures SNMP trap contacts c) Enables SNMP notifications d) Disables SNMP polling

Answer 33

Answer: a) Sets the administrator contact information in the MIB

Question 34

Which SNMP version is the most secure? a) SNMPv1 b) SNMPv2c c) SNMPv3 d) All are equally secure

Answer 34

Answer: c) SNMPv3

Question 35

What is the purpose of the snmp-server engineID command? a) Configures a unique identifier for the SNMP engine b) Sets the SNMP server IP c) Enables SNMP traps d) Disables SNMP polling

Answer 35

Answer: a) Configures a unique identifier for the SNMP engine

Question 36

What is the primary purpose of NetFlow? a) Network monitoring and traffic analysis b) Encrypting network traffic c) Configuring VLANs d) Managing SNMP traps

Answer 36

Answer: a) Network monitoring and traffic analysis

Question 37

Which protocol does NetFlow typically use for exporting data? a) TCP b) UDP c) SCTP d) ICMP

Answer 37

Answer: b) UDP

Question 38

What is a NetFlow "flow"? a) A unidirectional sequence of packets with common attributes b) A bidirectional communication session c) A routing table update d) An SNMP trap message

Answer 38

Answer: a) A unidirectional sequence of packets with common attributes

Question 39

Which command enables NetFlow on a Cisco router interface? a) ip flow ingress b) ip flow-export destination c) ip flow monitor d) netflow enable

Answer 39

Answer: a) ip flow ingress

Question 40

What is the default NetFlow export version on Cisco devices? a) Version 1 b) Version 5 c) Version 9 d) Version 10 (IPFIX)

Answer 40

Answer: b) Version 5

Question 41

Which NetFlow version supports flexible, template-based data export? a) Version 5 b) Version 7 c) Version 9 d) Version 3

Answer 41

Answer: c) Version 9

Question 42

What is the purpose of the ip flow-export destination command? a) Configures where NetFlow data is sent b) Enables NetFlow on an interface c) Defines flow timeout values d) Sets the NetFlow version

Answer 42

Answer: a) Configures where NetFlow data is sent

Question 43

Which of the following is NOT a key field in a NetFlow record? a) Source IP b) Destination IP c) TCP Window Size d) Next-hop router

Answer 43

Answer: c) TCP Window Size

Question 44

What is the purpose of the ip flow-cache timeout command? a) Defines how long flows are stored before export b) Sets the NetFlow export interval c) Configures SNMP polling for NetFlow d) Disables NetFlow on an interface

Answer 44

Answer: a) Defines how long flows are stored before export

Question 45

Which command displays active NetFlow flows on a router? a) show ip flow b) show flow cache c) show ip cache flow d) show netflow stats

Answer 45

Answer: c) show ip cache flow

Question 46

What is IPFIX? a) A proprietary Cisco version of NetFlow b) An IETF standard based on NetFlow v9 c) An SNMP-based flow monitoring protocol d) A Syslog extension for flow data

Answer 46

Answer: b) An IETF standard based on NetFlow v9

Question 47

Which transport layer protocol is monitored by NetFlow? a) Only TCP b) Only UDP c) TCP, UDP, and others d) Only ICMP

Answer 47

Answer: c) TCP, UDP, and others

Question 48

What is the purpose of the ip flow-export source command? a) Sets the source interface for NetFlow exports b) Configures the NetFlow collector IP c) Enables flow monitoring on an interface d) Disables NetFlow sampling

Answer 48

Answer: a) Sets the source interface for NetFlow exports

Question 49

Which NetFlow component collects and analyzes flow data? a) NetFlow exporter b) NetFlow collector c) NetFlow monitor d) NetFlow aggregator

Answer 49

Answer: b) NetFlow collector

Question 50

What is the purpose of NetFlow sampling? a) To reduce CPU usage by analyzing only a subset of packets b) To encrypt NetFlow data c) To increase the number of exported flows d) To disable NetFlow on low-speed interfaces

Answer 50

Answer: a) To reduce CPU usage by analyzing only a subset of packets