Practice 300-410 Network Logging and Syslog questions with full explanations on every answer.
Start practicing
Network Logging and Syslog — choose a session length
Free · No account required
Click any question to see the full explanation and answer options, or start a focused practice session above.
A network engineer notices that the syslog server at 10.1.1.100 is not receiving any log messages from a Cisco router running IOS-XE 16.9. The engineer has configured 'logging host 10.1.1.100' and 'logging trap debugging'. The router can ping the syslog server successfully. What is the most likely cause of the missing syslog messages?
2An engineer is troubleshooting why syslog messages from a router are not being received by the syslog server at 192.168.1.10. The router configuration includes 'logging host 192.168.1.10' and 'logging trap 6'. The engineer runs 'debug ip packet' and sees packets destined for 192.168.1.10 being sent but no response. What should the engineer check first?
3A network engineer is troubleshooting a router that is generating excessive syslog messages, filling up the local logging buffer and causing performance issues. The engineer wants to reduce the volume of messages sent to the remote syslog server while still capturing critical alerts locally. The current configuration includes 'logging buffered 4096 debugging' and 'logging host 10.1.1.100'. What is the best approach?
4A router is configured with 'logging host 10.1.1.100' and 'logging trap informational'. The engineer notices that syslog messages with severity 5 (notice) are being sent, but messages with severity 6 (informational) are not. What is the most likely cause?
5An engineer is troubleshooting a router that is not sending syslog messages to the remote server at 192.168.1.10. The configuration includes 'logging host 192.168.1.10' and 'logging trap 7'. The router can ping 192.168.1.10. The engineer runs 'show logging' and sees 'Syslog logging: enabled (0 messages dropped, 0 messages rate-limited, 0 flushes, 0 overruns)'. What is the most likely cause?
6A router is configured to send syslog messages to two servers: 10.1.1.100 and 10.1.1.200. The engineer notices that only server 10.1.1.100 is receiving messages. The configuration shows 'logging host 10.1.1.100' and 'logging host 10.1.1.200'. Both servers are reachable via ping. What is the most likely cause?
7An engineer is troubleshooting a router that is generating syslog messages with incorrect timestamps. The router has 'service timestamps log datetime msec' configured, but the timestamps show the wrong time zone. The router's clock is set correctly via NTP. What is the most likely cause?
8A router is configured with 'logging host 10.1.1.100' and 'logging trap debugging'. The engineer notices that the router is sending a large number of debug messages to the syslog server, causing high CPU usage. The engineer wants to stop sending debug messages to the remote server but keep them in the local buffer. What is the best command to achieve this?
9A network engineer is troubleshooting a router that is not generating any syslog messages at all, even for critical events like interface flaps. The 'show logging' output shows 'Syslog logging: disabled'. What is the most likely cause?
10A network engineer runs the following command on Router R1: R1# show logging Syslog logging: enabled (0 messages dropped, 3 messages rate-limited, 0 flushes, 0 overruns, xml disabled, small buffer) Console logging: level debugging, 37 messages logged, xml disabled, filtering disabled Monitor logging: level debugging, 0 messages logged, xml disabled, filtering disabled Buffer logging: level informational, 5 messages logged, xml disabled, filtering disabled Logging Exception size (4096 bytes) Count and timestamp logging messages: disabled Persistent logging: disabled No active filter modules. Trap logging: level informational, 0 message lines logged Logging to 192.168.1.100 (udp port 514, audit disabled, link up), 0 message lines logged, xml disabled, filtering disabled Logging Source Interface: Loopback0 Log Buffer (4096 bytes): *Mar 1 00:01:23.456: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to up *Mar 1 00:02:34.567: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up Based on this output, which statement is correct?
11A network engineer runs the following command on Router R2: R2# show logging | include %SYS-5-CONFIG_I *Mar 1 00:10:15.123: %SYS-5-CONFIG_I: Configured from console by console *Mar 1 00:12:45.678: %SYS-5-CONFIG_I: Configured from console by console *Mar 1 00:15:30.001: %SYS-5-CONFIG_I: Configured from console by console *Mar 1 00:20:00.999: %SYS-5-CONFIG_I: Configured from console by console Based on this output, what is the most likely problem?
12A network engineer runs the following command on Router R3: R3# show logging | include %OSPF-5-ADJCHG *Mar 1 00:05:10.123: %OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.1 on GigabitEthernet0/0 from LOADING to FULL, Loading Done *Mar 1 00:06:20.456: %OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.1 on GigabitEthernet0/0 from FULL to DOWN, Neighbor Down: Dead timer expired *Mar 1 00:07:30.789: %OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.1 on GigabitEthernet0/0 from DOWN to INIT, Received Hello *Mar 1 00:08:40.012: %OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.1 on GigabitEthernet0/0 from INIT to EXSTART, Event: start *Mar 1 00:09:50.345: %OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.1 on GigabitEthernet0/0 from EXSTART to EXCHANGE, Event: Negotiation Done *Mar 1 00:10:00.678: %OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.1 on GigabitEthernet0/0 from EXCHANGE to LOADING, Event: Exchange Done *Mar 1 00:11:10.901: %OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.1 on GigabitEthernet0/0 from LOADING to FULL, Loading Done *Mar 1 00:12:20.234: %OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.1 on GigabitEthernet0/0 from FULL to DOWN, Neighbor Down: Dead timer expired Based on this output, what is the most likely problem?
13A network engineer runs the following command on Router R4: R4# show logging | include %BGP-3-NOTIFICATION *Mar 1 00:01:05.123: %BGP-3-NOTIFICATION: sent to neighbor 10.0.0.2 4/0 (Hold Timer Expired) 0 bytes *Mar 1 00:02:10.456: %BGP-3-NOTIFICATION: received from neighbor 10.0.0.2 4/0 (Hold Timer Expired) 0 bytes *Mar 1 00:03:15.789: %BGP-3-NOTIFICATION: sent to neighbor 10.0.0.2 4/0 (Hold Timer Expired) 0 bytes Based on this output, what is the most likely problem?
14A network engineer runs the following command on Router R5: R5# show logging | include %LINEPROTO-5-UPDOWN *Mar 1 00:00:10.123: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up *Mar 1 00:00:20.456: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to down *Mar 1 00:00:30.789: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up *Mar 1 00:00:40.012: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to down *Mar 1 00:00:50.345: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up *Mar 1 00:01:00.678: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to down Based on this output, what is the most likely problem?
15A network engineer runs the following command on Router R6: R6# show logging | include %SEC-6-IPACCESSLOGP *Mar 1 00:01:15.123: %SEC-6-IPACCESSLOGP: list ACL_INBOUND denied tcp 10.0.0.100(12345) -> 192.168.1.1(80), 1 packet *Mar 1 00:01:20.456: %SEC-6-IPACCESSLOGP: list ACL_INBOUND denied tcp 10.0.0.100(12346) -> 192.168.1.1(80), 1 packet *Mar 1 00:01:25.789: %SEC-6-IPACCESSLOGP: list ACL_INBOUND denied tcp 10.0.0.100(12347) -> 192.168.1.1(80), 1 packet *Mar 1 00:01:30.012: %SEC-6-IPACCESSLOGP: list ACL_INBOUND denied tcp 10.0.0.100(12348) -> 192.168.1.1(80), 1 packet Based on this output, what is the most likely problem?
16A network engineer runs the following command on Router R7: R7# show logging | include %SYS-2-MALLOCFAIL *Mar 1 00:05:10.123: %SYS-2-MALLOCFAIL: Memory allocation failed for size 1024, from process 0x12345678, pool Processor *Mar 1 00:06:20.456: %SYS-2-MALLOCFAIL: Memory allocation failed for size 2048, from process 0x12345678, pool Processor *Mar 1 00:07:30.789: %SYS-2-MALLOCFAIL: Memory allocation failed for size 512, from process 0x12345678, pool Processor Based on this output, what is the most likely problem?
17A network engineer runs the following command on Router R8: R8# show logging | include %LDP-5-NBRCHG *Mar 1 00:01:10.123: %LDP-5-NBRCHG: LDP Neighbor 10.0.0.2:0 (1) is UP *Mar 1 00:02:20.456: %LDP-5-NBRCHG: LDP Neighbor 10.0.0.2:0 (1) is DOWN *Mar 1 00:03:30.789: %LDP-5-NBRCHG: LDP Neighbor 10.0.0.2:0 (1) is UP *Mar 1 00:04:40.012: %LDP-5-NBRCHG: LDP Neighbor 10.0.0.2:0 (1) is DOWN Based on this output, what is the most likely problem?
18A network engineer runs the following command on Router R9: R9# show logging | include %DMVPN-5-ADJCHG *Mar 1 00:01:05.123: %DMVPN-5-ADJCHG: NHRP: Peer 10.0.0.1 on Tunnel0 is UP *Mar 1 00:02:10.456: %DMVPN-5-ADJCHG: NHRP: Peer 10.0.0.1 on Tunnel0 is DOWN *Mar 1 00:03:15.789: %DMVPN-5-ADJCHG: NHRP: Peer 10.0.0.1 on Tunnel0 is UP *Mar 1 00:04:20.012: %DMVPN-5-ADJCHG: NHRP: Peer 10.0.0.1 on Tunnel0 is DOWN Based on this output, what is the most likely problem?
19Examine the following partial router configuration: logging buffered 16384 logging console warnings logging monitor notifications logging trap debugging logging source-interface Loopback0 logging 192.168.1.100 What is the effect of this configuration?
20Given the following partial configuration on a Cisco IOS-XE router: logging host 10.1.1.1 transport tcp port 514 logging source-interface GigabitEthernet0/1 logging on What is missing or incorrect in this configuration?
21Refer to the following partial configuration: logging console informational logging monitor debugging logging trap errors logging buffered 4096 Which statement is true about the logging levels?
22Consider the configuration snippet: logging 192.168.1.10 vrf Mgmt-intf logging source-interface Vlan1 logging trap 6 What is the effect of the 'logging trap 6' command?
23Examine the following configuration: logging host 10.1.1.1 logging host 10.1.1.2 logging host 10.1.1.3 logging origin-id hostname logging facility local7 What is the purpose of the 'logging origin-id hostname' command?
24Given the configuration: logging buffered 8192 warnings logging console alerts logging monitor critical Which of the following is true?
25What is the default severity level for syslog messages sent to the console on a Cisco IOS device?
26According to RFC 3164, which facility code is used by default for Cisco IOS syslog messages?
27What is the default size of the logging buffer on a Cisco IOS-XE router if not explicitly configured?
28Which TWO commands would a network engineer use to verify that syslog messages are being sent to a remote syslog server? (Choose TWO.)
29Which TWO statements about syslog message severity levels are true? (Choose TWO.)
30Which THREE configuration steps are required to send syslog messages from a Cisco router to a remote syslog server? (Choose THREE.)
31Which TWO symptoms indicate that syslog messages are not being sent to the remote syslog server? (Choose TWO.)
32Which THREE are valid syslog severity levels defined in RFC 5424? (Choose THREE.)
33A service provider network uses OSPF with route summarization on Area Border Routers (ABRs). Router R1 (ABR) has the configuration: router ospf 1 area 1 range 10.1.0.0 255.255.240.0 area 1 range 10.1.16.0 255.255.240.0 Router R2 (internal to area 1) shows: R2# show ip route ospf 10.1.0.0/20 is subnetted, 1 subnets O IA 10.1.0.0/20 [110/2] via 10.2.1.1, 00:00:15, Serial0/0/0 10.1.16.0/20 is subnetted, 1 subnets O IA 10.1.16.0/20 [110/2] via 10.2.1.1, 00:00:10, Serial0/0/0 10.1.32.0/20 [110/3] via 10.2.1.2, 00:00:05, Serial0/0/1 R2 is missing a route to 10.1.48.0/20. What is the root cause?
34Two OSPF domains are redistributed into each other on router R1. R1 has: router ospf 1 redistribute ospf 2 subnets router ospf 2 redistribute ospf 1 subnets Router R2 (in OSPF 1) shows: R2# show ip route ospf O E2 10.1.1.0/24 [110/20] via 10.2.1.1, 00:00:05, Serial0/0/0 O E2 10.2.1.0/24 [110/20] via 10.2.1.1, 00:00:05, Serial0/0/0 R2# traceroute 10.1.1.1 source 10.2.1.2 Type escape sequence to abort. Tracing the route to 10.1.1.1 1 10.2.1.1 4 msec 4 msec 4 msec 2 10.1.1.1 8 msec 8 msec 8 msec R2# traceroute 10.2.1.1 source 10.1.1.2 Type escape sequence to abort. Tracing the route to 10.2.1.1 1 10.1.1.1 4 msec 4 msec 4 msec 2 10.2.1.1 8 msec 8 msec 8 msec Traffic between the two domains is taking suboptimal paths. What is the root cause?
35In an iBGP network, router R1 has: router bgp 65000 bgp bestpath as-path multipath-relax neighbor 10.1.1.2 route-map SET-MED in route-map SET-MED permit 10 set metric 50 neighbor 10.1.1.3 route-map SET-MED2 in route-map SET-MED2 permit 10 set metric 100 Router R2 shows: R2# show ip bgp 192.168.1.0/24 BGP routing table entry for 192.168.1.0/24, version 2 Paths: (2 available, best #2) Path #1: via 10.1.1.1, metric 50 Path #2: via 10.1.1.4, metric 100 R2# show ip route 192.168.1.0 Routing entry for 192.168.1.0/24 Known via "bgp 65000", distance 200, metric 100 Last update from 10.1.1.4 00:00:10 Serial0/0/1 R2 is choosing the path with higher metric. What is the root cause?
36Two routers R1 and R2 are connected via Ethernet. R1 has: interface GigabitEthernet0/0 ip ospf network point-to-point R2 has default OSPF network type (broadcast). R1 shows: R1# show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 10.2.2.2 0 FULL/ - 00:00:35 10.1.1.2 GigabitEthernet0/0 R2 shows: R2# show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 10.1.1.1 1 FULL/DR 00:00:30 10.1.1.1 GigabitEthernet0/0 R1 is not installing OSPF routes from R2. What is the root cause?
37EIGRP network with routers R1, R2, R3. R1 has: router eigrp 100 network 10.0.0.0 R2 has: router eigrp 100 network 10.0.0.0 R3 has: router eigrp 100 network 10.0.0.0 R1 shows: R1# show ip eigrp topology 10.1.1.0/24 EIGRP-IPv4 Topology Entry for 10.1.1.0/24 State is Passive, Query origin flag is 1, 1 Successor(s), FD is 128256 Routing Descriptor Blocks: 10.2.1.2 (Serial0/0/0), from 10.2.1.2, Send flag is 0x0 Composite metric is (128256/156160), Route is Internal 10.3.1.3 (Serial0/0/1), from 10.3.1.3, Send flag is 0x0 Composite metric is (156160/128256), Route is Internal R1# show ip route 10.1.1.0 Routing entry for 10.1.1.0/24 Known via "eigrp 100", distance 90, metric 128256 Last update from 10.2.1.2 on Serial0/0/0 R1 is using the path with higher feasible distance as successor. What is the root cause?
38DMVPN network with hub R1 and spoke R2. R1 has: interface Tunnel0 ip address 172.16.1.1 255.255.255.0 tunnel source GigabitEthernet0/0 tunnel mode gre multipoint ip nhrp network-id 1 ip nhrp authentication cisco123 R2 has: interface Tunnel0 ip address 172.16.1.2 255.255.255.0 tunnel source GigabitEthernet0/0 tunnel mode gre multipoint ip nhrp network-id 1 ip nhrp nhs 172.16.1.1 ip nhrp authentication cisco123 R2 shows: R2# show dmvpn Legend: Attrb -> S: Static, D: Dynamic, I: Incomplete NHRP domain: 1 Interface: Tunnel0, IPv4 NHRP Details Type:Spoke, NHC:172.16.1.2, NBMA:10.2.2.2 (no NHRP mappings) R2# ping 172.16.1.1 source 172.16.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) What is the root cause?
39MPLS network with LDP enabled. Routers R1 and R2 are directly connected. R1 has: mpls ip interface Serial0/0/0 mpls ip R2 has: mpls ip interface Serial0/0/0 mpls ip R1 shows: R1# show mpls ldp neighbor Peer LDP Ident: 10.2.2.2:0; Local LDP Ident: 10.1.1.1:0 TCP connection: 10.2.2.2.646 - 10.1.1.1.646 State: Oper; Msgs sent/rcvd: 10/10; Downstream Up time: 00:00:30 LDP discovery sources: Serial0/0/0, Src IP addr: 10.2.2.2 R1# show mpls forwarding-table Local tag Outgoing tag Prefix Bytes tag switched Outgoing interface 16 Untagged 10.3.3.0/24 0 Serial0/0/0 R2 shows: R2# show mpls forwarding-table Local tag Outgoing tag Prefix Bytes tag switched Outgoing interface 16 17 10.3.3.0/24 0 Serial0/0/0 R1 is not installing a label for 10.3.3.0/24 from R2. What is the root cause?
40Router R1 has an ACL applied to its VTY lines for SSH access: access-list 10 permit 10.1.1.0 0.0.0.255 line vty 0 4 access-class 10 in transport input ssh R1 also has CoPP policy: class-map match-all SSH-CLASS match access-group name SSH-ACL policy-map COPP class SSH-CLASS police cir 8000 bc 1500 conform-action transmit exceed-action drop R2 (10.1.1.2) shows: R2# ssh -l admin 10.2.2.1 % Connection refused by remote host R2# telnet 10.2.2.1 Trying 10.2.2.1 ... % Connection timed out; remote host not responding What is the root cause?
41Two VRFs on router R1: VRF A and VRF B. R1 has: ip vrf A rd 100:1 route-target export 100:1 route-target import 100:2 ip vrf B rd 100:2 route-target export 100:2 route-target import 100:1 R1 shows: R1# show ip route vrf A B 10.1.1.0/24 [200/0] via 10.2.2.2, 00:00:10 R1# show ip route vrf B B 10.1.1.0/24 [200/0] via 10.2.2.2, 00:00:10 Router R2 (in VRF A) can ping 10.1.1.1, but router R3 (in VRF B) cannot. What is the root cause?
42A network engineer runs the following command to troubleshoot a Network Logging and Syslog issue: R1# debug ip packet Output: IP: s=10.1.1.1 (GigabitEthernet0/1), d=10.2.2.2, len 100, rcvd 3 IP: s=10.1.1.1 (GigabitEthernet0/1), d=10.2.2.2, len 100, rcvd 4 IP: s=10.1.1.1 (GigabitEthernet0/1), d=10.2.2.2, len 100, rcvd 5 What does this output indicate?
43A network engineer runs the following command to troubleshoot a Network Logging and Syslog issue: R1# show logging Output: Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns) Console logging: level debugging, 100 messages logged Monitor logging: level debugging, 0 messages logged Buffer logging: level debugging, 100 messages logged Trap logging: level informational, 100 messages logged Logging to 192.168.1.100 (udp port 514, audit disabled) What does this output indicate?
44A network engineer runs the following command to troubleshoot a Network Logging and Syslog issue: R1# debug ip ospf adj Output: OSPF: 2 Way Communication to 10.0.0.2 on GigabitEthernet0/0, state 2WAY OSPF: Send hello to 224.0.0.5 on GigabitEthernet0/0 OSPF: Rcv DBD from 10.0.0.2 on GigabitEthernet0/0 seq 0x1E opt 0x52 flag 0x7 len 32 OSPF: NBR negotiation done. We are the SLAVE OSPF: Exchange done with 10.0.0.2 on GigabitEthernet0/0 OSPF: Build router LSA for area 0, router ID 10.0.0.1 What does this output indicate?
45A network engineer runs the following command to troubleshoot a Network Logging and Syslog issue: R1# debug ip bgp updates Output: BGP(0): 10.0.0.2 rcvd UPDATE w/ attr: nexthop 10.0.0.2, origin i, path 65002 BGP(0): 10.0.0.2 rcvd 10.1.1.0/24 BGP(0): 10.0.0.2 rcvd UPDATE w/ attr: nexthop 10.0.0.2, origin i, path 65002 65003 BGP(0): 10.0.0.2 rcvd 10.2.2.0/24 What does this output indicate?
46A network engineer runs the following command to troubleshoot a Network Logging and Syslog issue: R1# show ip route summary Output: Route Source Networks Subnets Overhead Memory (bytes) connected 0 2 0 0 static 0 0 0 0 ospf 1 5 10 0 0 bgp 65001 3 5 0 0 Total 8 17 0 0 What does this output indicate?
47A network engineer runs the following command to troubleshoot a Network Logging and Syslog issue: R1# show mpls ldp neighbor detail Output: Peer LDP Ident: 10.0.0.2:0, Local LDP Ident: 10.0.0.1:0 TCP connection: 10.0.0.2.646 - 10.0.0.1.646 State: Oper; Msgs sent/rcvd: 100/100; Downstream Up time: 00:10:00 LDP discovery sources: GigabitEthernet0/0, Src IP addr: 10.0.0.2 Addresses bound to peer LDP Ident: 10.0.0.2 10.1.1.2 10.2.2.2 What does this output indicate?
48A network engineer runs the following command to troubleshoot a Network Logging and Syslog issue: R1# show ip nhrp detail Output: 10.1.1.1/32 via 10.0.0.2, Tunnel0 created 00:05:00, expire 01:55:00 Type: dynamic, Flags: authoritative NBMA address: 192.168.1.2 10.2.2.2/32 via 10.0.0.3, Tunnel0 created 00:04:00, expire 01:56:00 Type: dynamic, Flags: authoritative NBMA address: 192.168.1.3 What does this output indicate?
49A network engineer runs the following command to troubleshoot a Network Logging and Syslog issue: R1# show crypto engine connections active Output: Crypto Engine Connections ID Type Algorithm State Connection-ID 1 IPsec AES256-SHA Active 100 2 IPsec AES256-SHA Active 101 3 ISAKMP SHA Active 200 What does this output indicate?
50A network engineer runs the following command to troubleshoot a Network Logging and Syslog issue: R1# show policy-map control-plane input class class-default Output: Class-map: class-default (match-any) 0 packets, 0 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: any police: cir 1000000 bps, bc 31250 bytes conformed 0 packets, 0 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop violated 0 packets, 0 bytes; actions: drop What does this output indicate?
51What is the default logging severity level for messages sent to the console in Cisco IOS-XE?
52According to RFC 5424, which syslog severity level corresponds to 'Critical' conditions?
53What is the default behavior of the 'logging buffered' command in Cisco IOS-XE when no severity level is specified?
54Which syslog facility code is used by default for Cisco IOS messages when sent to a syslog server?
55What is the default rate-limit interval for the 'logging rate-limit' command in Cisco IOS-XE?
56Which statement correctly describes the behavior of the 'logging synchronous' command on a Cisco IOS device?
57What is the default size of the logging buffer in Cisco IOS-XE when 'logging buffered' is enabled without specifying a size?
58Which syslog severity level is used for informational messages that are not errors but may be useful for monitoring?
59What is the default port number used by syslog servers to receive UDP syslog messages?
60Drag and drop the steps to configure conditional debugging and syslog forwarding into the correct order, from first to last.
61Drag and drop the steps to troubleshoot syslog connectivity failures into the correct order, from first to last.
62Drag and drop the steps to verify and validate syslog operational state into the correct order, from first to last.
63Which TWO statements about the syslog message format and its fields are correct? (Choose TWO.)
64An engineer must ensure that all syslog messages with severity level 4 (warning) and higher are sent to a remote syslog server at 10.1.1.100, while also logging messages of severity 6 (informational) to the console. Which TWO configuration commands are required? (Choose TWO.)
65Which TWO statements about the 'logging rate-limit' command and its effects are correct? (Choose TWO.)
66Which TWO statements about the 'logging buffered' command and its interaction with other logging commands are correct? (Choose TWO.)
67Which THREE commands can be used to verify the current syslog configuration and message flow on a Cisco IOS device? (Choose THREE.)
68An engineer configures OSPF on two routers connected via a serial link. Both routers show the neighbor state as EXSTART/EXSTART, and no LSAs are exchanged. The engineer verifies that the OSPF process IDs are the same, areas match, and authentication is correct. Which is the most likely explanation?
69An engineer configures EIGRP named mode on two routers. The engineer notices that route summarization configured under the interface does not generate a summary route in the routing table, even though the component routes are present. The engineer confirms that the summary address is correct and the interface is up. Which is the most likely explanation?
70An engineer configures iBGP between two routers in the same AS. The engineer notices that routes learned from one iBGP neighbor are not being advertised to another iBGP neighbor, even though the next-hop is reachable. The engineer verifies that the BGP session is established and that the routes are present in the BGP table. Which is the most likely explanation?
71An engineer configures mutual redistribution between OSPF and EIGRP. After a few minutes, the network becomes unstable with routing loops. The engineer checks the routing tables and notices that the same prefix is being learned from both protocols with different administrative distances. Which is the most likely explanation?
72An engineer configures a DMVPN Phase 2 network. Spoke routers can communicate with the hub, but spoke-to-spoke traffic is not establishing dynamically. The engineer verifies that NHRP is configured and that the hub is configured as an NHRP server. Which is the most likely explanation?
73An engineer configures an IPsec site-to-site VPN between two routers. The tunnel comes up, but no traffic is encrypted. The engineer verifies that the crypto map is applied to the outgoing interface and that the ACL defining interesting traffic is correct. Which is the most likely explanation?
74An engineer configures Control Plane Policing (CoPP) on a router to protect the control plane. After applying the policy, the router becomes unreachable via SSH, and OSPF neighbor adjacencies go down. The engineer checks the CoPP policy and sees that the class-map for SSH and OSPF traffic is configured with a police rate. Which is the most likely explanation?
75An engineer configures uRPF (Unicast Reverse Path Forwarding) in strict mode on a router interface facing the Internet. After configuration, legitimate traffic from customers is being dropped. The engineer verifies that the routing table has a route back to the source IP address. Which is the most likely explanation?
76An engineer configures syslog logging to a remote server using the 'logging host' command. The engineer notices that syslog messages are not being received on the server, but the router can ping the server successfully. The engineer verifies that the logging level is set to debugging and that the server is configured to receive syslog messages. Which is the most likely explanation?
The Network Logging and Syslog domain covers the key concepts tested in this area of the 300-410 exam blueprint published by Cisco. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all 300-410 domains — no account required.
The Courseiva 300-410 question bank contains 76 questions in the Network Logging and Syslog domain. Click any question to see the full explanation and answer breakdown.
Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.
Yes — the session launcher on this page draws questions exclusively from the Network Logging and Syslog domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.
Save your results, see per-domain analytics, and get readiness scores — free, for every certification.
Sign Up FreeFree forever · Every certification included