CCNA 4 Chapter 8 Monitoring the Network Exam Answers 2017 (v5.0.3 + v6.0)

CCNA 4 Chapter 8 : Monitoring the Network Exam Answers 2017 (v5.0.3 + v6.0)

1. When should a network performance baseline be measured?

  • after normal work hours to reduce possible interruptions
  • during normal work hours of an organization*
  • when a denial of service attack to the network is detected and blocked
  • immediately after the main network devices restarted

2. What is a purpose of establishing a network baseline?

  • It provides a statistical average for network performance.
  • It creates a point of reference for future network evaluations.*
  • It manages the performance of network devices.
  • It checks the security configuration of network devices.

3. Which three pieces of information are typically recorded in a logical topology diagram? (Choose three.)

  • device models and manufacturers
  • device locations
  • cable specifications
  • static routes*
  • routing protocols*
  • IP address and prefix lengths*

4. In which step of gathering symptoms does the network engineer determine if the problem is at the core, distribution, or access layer of the network?

  • Determine the symptoms.
  • Narrow the scope.*
  • Determine ownership.
  • Gather information.
  • Document the symptoms.

5. A team of engineers has identified a solution to a significant network problem. The proposed solution is likely to affect critical network infrastructure components. What should the team follow while implementing the solution to avoid interfering with other processes and infrastructure?

  • syslog messages and reports
  • one of the layered troubleshooting approaches
  • knowledge base guidelines
  • change-control procedures*

6. Refer to the exhibit. What action occurs at stage 3 of the general troubleshooting process?

  • Document symptoms.
  • Question end users.
  • Narrow the scope.
  • Correct the problem.*

7. After which step in the network troubleshooting process would one of the layered troubleshooting methods be used?

  • documenting symptoms
  • determining ownership
  • narrowing the scope
  • gathering symptoms from suspect devices*

8. A network technician is troubleshooting an email connection problem. Which question to the end-user will provide clear information to better define the problem?

  • How big are the emails you tried to send?
  • What kind of equipment are you using to send emails?
  • Is your email working now?
  • When did you first notice your email problem?*

9. A network engineer is troubleshooting a network problem and can successfully ping between two devices. However, Telnet between the same two devices does not work. Which OSI layers should the administrator investigate next?

  • from the network layer to the physical layer
  • all of the layers
  • only the network layer
  • from the network layer to the application layer*

10. A network administrator is having issues with a newly installed network not appearing in other routers. At which layer of the OSI model is the network administrator going to start the troubleshooting process when using a top-down approach?

  • internet
  • application
  • network*
  • session
  • transport

11. Which troubleshooting method begins by examining cable connections and wiring issues?

  • top-down
  • divide-and-conquer
  • substitution
  • bottom-up*

12. Refer to the exhibit. On the basis of the information presented, which two IP SLA related statements are true? (Choose two.)

  • IP SLA 99 will run forever unless explicitly disabled.*
  • IP SLA 99 is measuring jitter.
  • IP SLA 99 is configured with the type dns target-addr command.
  • IP SLA 99 is sending echo requests from IP address
  • IP SLA 99 is scheduled to begin in 2 hours.
  • IP SLA 99 is sending echo requests every 10 seconds.*

13. A company is setting up a web site with SSL technology to protect the authentication credentials required to access the web site. A network engineer needs to verify that the setup is correct and that the authentication is indeed encrypted. Which tool should be used?

  • baselining tool
  • cable analyzer
  • protocol analyzer*
  • fault-management tool

14. Which category of software troubleshooting tools provides device-level monitoring, configuration, and fault-management?

  • host-based protocol analyzers
  • baselining tools
  • knowledge bases
  • network management system tools*

15. Which two specialized troubleshooting tools can monitor the amount of traffic that passes through a switch? (Choose two.)

  • DTX cable analyzer
  • TDR
  • digital multimeter
  • portable network analyzer*
  • NAM*

16. Which number represents the most severe level of syslog logging?

  • 0*
  • 1
  • 6
  • 7

17. A user in a large office calls technical support to complain that a PC has suddenly lost connectivity to the network. The technician asks the caller to talk to nearby users to see if other machines are affected. The caller reports that several immediate neighbors in the same department have a similar problem and that they cannot ping each other. Those who are seated in other departments have connectivity. What should the technician check as the first step in troubleshooting the issue?

  • the power outlet to the PC that is used by the caller
  • the cable connection between a PC and a network outlet that is used by a neighbor
  • the cable that connects the PC of the caller to the network jack
  • the status of the departmental workgroup switch in the wiring closet*
  • the trunks between switches in the wiring closet

18. A user reports that after an OS patch of the networking subsystem has been applied to a workstation, it performs very slowly when connecting to network resources. A network technician tests the link with a cable analyzer and notices that the workstation sends an excessive number of frames smaller than 64 bytes and also other meaningless frames. What is the possible cause of the problem?

  • corrupted application installation
  • cabling faults
  • corrupted NIC driver*
  • Ethernet signal attenuation

19. An administrator is troubleshooting an Internet connectivity problem on a router. The output of the show interfaces gigabitethernet 0/0 command reveals higher than normal framing errors on the interface that connects to the Internet. At what layer of the OSI model is the problem likely occurring?

  • Layer 1
  • Layer 2*
  • Layer 3
  • Layer 4
  • Layer 7

20. A group of Windows PCs in a new subnet has been added to an Ethernet network. When testing the connectivity, a technician finds that these PCs can access local network resources but not the Internet resources. To troubleshoot the problem, the technician wants to initially confirm the IP address and DNS configurations on the PCs, and also verify connectivity to the local router. Which three Windows CLI commands and utilities will provide the necessary information?(Choose three.)

  • ping*
  • arp -a
  • netsh interface ipv6 show neighbor
  • nslookup*
  • tracert
  • ipconfig*
  • telnet

21. Users report that the new web site cannot be accessed. The helpdesk technician checks and verifies that the web site can be accessed with Which layer in the TCP/IP model is involved in troubleshooting this issue?

  • transport*
  • application
  • network access
  • internet

22. A networked PC is having trouble accessing the Internet, but can print to a local printer and ping other computers in the area. Other computers on the same network are not having any issues. What is the problem?

  • The PC has a missing or incorrect default gateway.*
  • The link between the switch to which the PC connects and the default gateway router is down.
  • The switch port to which the PC connects has an incorrect VLAN configured.
  • The default gateway router does not have a default route.

23. The newly configured ASBR that connects a company to the Internet has a default route configured and has the default-information originate command entered. Devices connected through this router can access the Internet. The problem is that no other OSPF routers have a default route in the routing table and no other users throughout the organization can access the Internet. What could be the problem?

  • The ASBR should use the exit_interface argument instead of next-hop on the default route.
  • The ASBR does not have OSPF configured.
  • The ASBR does not have an OSPF neighbor.*
  • The other routers are not configured to accept LSA type 4s.

24. An internal corporate server can be accessed by internal PCs, but not by external Internet users that should have access. What could be the issue?

  • The default gateway router for the server does not have a default route.
  • The switch port to which the server connects has an incorrect VLAN configured.
  • The server does not have a private IP address assigned.
  • Static NAT has not been configured properly or at all.*

25. Fill in the blank.
Use the cache to verify IPv4 address to Layer 2 Ethernet address mappings on a host computer.
Correct Answer: ARP

26. Open the PT Activity. Perform the tasks in the activity instructions and then answer the question.
A user reports that PC0 cannot visit the web server Troubleshoot the network configuration to identify the problem.
What is the cause of the problem?

  • The clock rate on Branch S0/0/0 is configured incorrectly.
  • A serial interface encapsulation is configured incorrectly.*
  • The DNS server address on PC0 is configured incorrectly.
  • A default route on HQ is not configured.

Older Version

27. What are the most common syslog messages?

  • those that occur when a packet matches a parameter condition in an access control list
  • link up and link down messages*
  • output messages that are generated from debug output
  • error messages about hardware or software malfunctions

28. When logging is used, which severity level indicates that a device is unusable?

  • Alert – Level 1
  • Critical – Level 2
  • Emergency – Level 0*
  • Error – Level 3

29. Refer to the exhibit. Which two conclusions can be drawn from the syslog message that was generated by the router? (Choose two.)

  • This message resulted from an unusual error requiring reconfiguration of the interface.
  • This message indicates that the interface should be replaced.
  • This message is a level 5 notification message. *
  • This message indicates that service timestamps have been configured.*
  • This message indicates that the interface changed state five times.

30. A network technician has issued the service timestamps log datetime command in the configuration of the branch router. Which additional command is required to include the date and time in logged events?

  • Branch1(config)# service timestamps log uptime
  • Branch1# clock set 08:00:00 05 AUG 2013*
  • Branch1(config)# service timestamps debug datetime
  • Branch1# copy running-config startup-config

31. Refer to the exhibit. From what location have the syslog messages been retrieved?

  • syslog server
  • syslog client
  • router RAM*
  • router NVRAM

32. Refer to the exhibit. What does the number 17:46:26.143 represent?

  • the time passed since the syslog server has been started
  • the time when the syslog message was issued*
  • the time passed since the interfaces have been up
  • the time on the router when the show logging command was issued

33. Which destination do Cisco routers and switches use by default when sending syslog messages for all severity levels?

  • console*
  • nearest syslog server
  • RAM

34. A network administrator has issued the logging trap 4 global configuration mode command. What is the result of this command?

  • After four events, the syslog client will send an event message to the syslog server.
  • The syslog client will send to the syslog server any event message that has a severity level of 4 and higher.
  • The syslog client will send to the syslog server any event message that has a severity level of 4 and lower.*
  • The syslog client will send to the syslog server event messages with an identification trap level of only 4.

35. Which statement describes SNMP operation?

  • An NMS periodically polls the SNMP agents that are residing on managed devices by using traps to query the devices for data.
  • A get request is used by the SNMP agent to query the device for data.
  • An SNMP agent that resides on a managed device collects information about the device and stores that information remotely in the MIB that is located on the NMS.
  • A set request is used by the NMS to change configuration variables in the agent device.*

36. What are SNMP trap messages?

  • messages that are used by the NMS to query the device for data
  • unsolicited messages that are sent by the SNMP agent and alert the NMS to a condition on the network*
  • messages that are used by the NMS to change configuration variables in the agent device
  • messages that are sent periodically by the NMS to the SNMP agents that reside on managed devices to query the device for data

37. Which SNMP feature provides a solution to the main disadvantage of SNMP polling?

  • SNMP set messages
  • SNMP trap messages*
  • SNMP get messages
  • SNMP community strings

38. When SNMPv1 or SNMPv2 is being used, which feature provides secure access to MIB objects?

  • packet encryption
  • message integrity
  • community strings*
  • source validation

39. A network administrator has issued the snmp-server user admin1 admin v3 encrypted auth md5 abc789 priv des 256 key99 command. What are two features of this command? (Choose two.)

  • It adds a new user to the SNMP group.*
  • It restricts SNMP access to defined SNMP managers.
  • It forces the network manager to log into the agent to retrieve the SNMP messages.
  • It uses the MD5 authentication of the SNMP messages.*
  • It allows a network administrator to configure a secret encrypted password on the SNMP server.

40. How can SNMP access be restricted to a specific SNMP manager?

  • Use the snmp-server community command to configure the community string with no access level.
  • Specify the IP address of the SNMP manager by using the snmp-server host command.
  • Use the snmp-server traps command to enable traps on an SNMP manager.
  • Define an ACL and reference it by using the snmp-server community command.*

41. A network administrator issues two commands on a router:
R1(config)# snmp-server host version 2c campus 
R1(config)# snmp-server enable traps
What can be concluded after the commands are entered?

  • No traps are sent, because the notification-types argument was not specified yet.
  • Traps are sent with the source IP address as
  • If an interface comes up, a trap is sent to the server.*
  • The snmp-server enable traps command needs to be used repeatedly if a particular subset of trap types is desired.

42. Refer to the exhibit. What can be concluded from the produced output?

  • An ACL was configured to restrict SNMP access to an SNMP manager.*
  • This is the output of the show snmp command without any parameters.
  • The system contact was not configured with the snmp-server contact command.
  • The location of the device was not configured with the snmp-server location command.

43. What is a difference between SNMP and NetFlow?

  • Unlike NetFlow, SNMP uses a “push”-based model.
  • NetFlow collects more detailed traffic statistics on IP networks than SNMP does.*
  • SNMP only gathers traffic statistics, whereas NetFlow can also collect many other performance indicators, such as interface errors and CPU usage.
  • Unlike NetFlow, SNMP may be used to provide IP accounting for billing purposes.

44. How does NetFlow function on a Cisco router or multilayer switch?

  • Netflow captures and analyzes traffic.
  • One user connection to an application exists as two NetFlow flows.*
  • On 2960 switches, Netlow allows for data export.
  • NetFlow does not consume any additional memory.

45. Which type of information can an administrator obtain with the show ip cache flow command?

  • the NetFlow version that is enabled
  • whether NetFlow is configured on the correct interface and in the correct direction
  • the configuration of the export parameters
  • the protocol that uses the largest volume of traffic*

46. Which two statements describe items to be considered in configuring NetFlow? (Choose two.)

  • Netflow requires both management and agent software.
  • Netflow requires UDP port 514 for notification messages.
  • NetFlow consumes additional memory.*
  • Netflow can only be used in a unidirectional flow.*
  • NetFlow can only be used if all devices on the network support it.

47. What is the most common purpose of implementing NetFlow in a networked environment?

  • to support accounting and monitoring with consumer applications*
  • to actively capture traffic from networked devices
  • to monitor live data usage and to control traffic flow with set messages
  • to passively capture changing events that occur in the network and to perform after-the-fact-analysis

48. Refer to the exhibit. While planning an upgrade, a network administrator uses the Cisco NetFlow utility to analyze data flow in the current network. Which protocol used the greatest amount of network time?

  • TCP-Telnet
  • TCP-other
  • UDP-other *

49.Fill in the blank.
The syslogprotocol uses UDP port 514 and is the most common method to access system messages provided by networking devices.

50. When SNMPvl or SNMPv2 is being used, which feature provides secure access to MIB objects?

  • message integrity
  • source validation
  • community strings*
  • packet encryption

51. A network administrator has issued the snmp-server user adminl admin v3 encrypted auth md5 abc789 priv des 256 key99 command. What are two features of this command? (Choose two.)

  • It forces the network manager to log into the agent to retrieve the SNMP messages.
  • It restricts SNMP access to defined SNMP managers.
  • It uses the MD5 authentication of the SNMP messages.*
  • It allows a network administrator to configure a secret encrypted password on the SNMP server.
  • It adds a new user to the SNMP group.

52. Which SNMP version uses weak community string-based access control and supports bulk retrieval?

  • SNMPv3​
  • SNMPv1
  • SNMPv2c*
  • SNMPv2Classic​

53. Which protocol or service can be configured to send unsolicited messages to alert the network administrator about a network event such as an extremely high CPU utilization on a router?

  • SNMP*
  • NetFlow
  • syslog
  • NTP

54. Which protocol or service allows network administrators to receive system messages that are provided by network devices?

  • SNMP
  • syslog*
  • NetFlow
  • NTP

55. The command ntp server is issued on a router. What impact does this command have?

  • determines which server to send system log files to
  • synchronizes the clock of the device to the timeserver that is located at IP address*
  • identifies the server on which to store backup configurations
  • ensures that all logging will have a time stamp associated with it

56. Which syslog message type is accessible only to an administrator and only via the

  • Cisco CLI?
  • alerts
  • debugging*
  • emergency
  • errors

57. Which protocol is used by network administrators to track and gather statistics on TCP/IP packets that are entering or exiting network devices?

  • syslog
  • NetFlow*
  • NTP
  • SNMP

More Resources

About the author


Leave a Comment