Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertifications300-410DomainsNetwork Logging and Syslog
300-410Free — No Signup

Network Logging and Syslog

Practice 300-410 Network Logging and Syslog questions with full explanations on every answer.

76questions

Start practicing

Network Logging and Syslog — choose a session length

10 questions~10 min20 questions~20 min30 questions~30 min50 questions~50 min

Free · No account required

300-410 Domains

Layer 3 TechnologiesEIGRP TroubleshootingOSPF Troubleshooting (v2/v3)BGP TroubleshootingRoute RedistributionPolicy-Based Routing (PBR)VRF-LiteRoute Maps and Route FilteringAdministrative DistanceRoute SummarizationBidirectional Forwarding Detection (BFD)VPN TechnologiesMPLS OperationsMPLS L3VPNDMVPNIPsec Site-to-Site VPNIPv6 Tunneling TechniquesInfrastructure SecurityDevice Access ControlIPv4 Access Control ListsIPv6 Traffic Filtering and uRPFControl Plane Policing (CoPP)IPv6 First Hop SecurityInfrastructure ServicesDevice ManagementSNMP TroubleshootingNetwork Logging and SyslogEmbedded Event Manager (EEM)IP SLANetFlow and Flexible NetFlowSPAN, RSPAN, and ERSPANDHCP (IPv4 and IPv6)NAT and PAT

Practice Network Logging and Syslog questions

10Q20Q30Q50Q

All 300-410 Network Logging and Syslog questions (76)

Start session

Click any question to see the full explanation and answer options, or start a focused practice session above.

1

A network engineer notices that the syslog server at 10.1.1.100 is not receiving any log messages from a Cisco router running IOS-XE 16.9. The engineer has configured 'logging host 10.1.1.100' and 'logging trap debugging'. The router can ping the syslog server successfully. What is the most likely cause of the missing syslog messages?

2

An engineer is troubleshooting why syslog messages from a router are not being received by the syslog server at 192.168.1.10. The router configuration includes 'logging host 192.168.1.10' and 'logging trap 6'. The engineer runs 'debug ip packet' and sees packets destined for 192.168.1.10 being sent but no response. What should the engineer check first?

3

A network engineer is troubleshooting a router that is generating excessive syslog messages, filling up the local logging buffer and causing performance issues. The engineer wants to reduce the volume of messages sent to the remote syslog server while still capturing critical alerts locally. The current configuration includes 'logging buffered 4096 debugging' and 'logging host 10.1.1.100'. What is the best approach?

4

A router is configured with 'logging host 10.1.1.100' and 'logging trap informational'. The engineer notices that syslog messages with severity 5 (notice) are being sent, but messages with severity 6 (informational) are not. What is the most likely cause?

5

An engineer is troubleshooting a router that is not sending syslog messages to the remote server at 192.168.1.10. The configuration includes 'logging host 192.168.1.10' and 'logging trap 7'. The router can ping 192.168.1.10. The engineer runs 'show logging' and sees 'Syslog logging: enabled (0 messages dropped, 0 messages rate-limited, 0 flushes, 0 overruns)'. What is the most likely cause?

6

A router is configured to send syslog messages to two servers: 10.1.1.100 and 10.1.1.200. The engineer notices that only server 10.1.1.100 is receiving messages. The configuration shows 'logging host 10.1.1.100' and 'logging host 10.1.1.200'. Both servers are reachable via ping. What is the most likely cause?

7

An engineer is troubleshooting a router that is generating syslog messages with incorrect timestamps. The router has 'service timestamps log datetime msec' configured, but the timestamps show the wrong time zone. The router's clock is set correctly via NTP. What is the most likely cause?

8

A router is configured with 'logging host 10.1.1.100' and 'logging trap debugging'. The engineer notices that the router is sending a large number of debug messages to the syslog server, causing high CPU usage. The engineer wants to stop sending debug messages to the remote server but keep them in the local buffer. What is the best command to achieve this?

9

A network engineer is troubleshooting a router that is not generating any syslog messages at all, even for critical events like interface flaps. The 'show logging' output shows 'Syslog logging: disabled'. What is the most likely cause?

10

A network engineer runs the following command on Router R1: R1# show logging Syslog logging: enabled (0 messages dropped, 3 messages rate-limited, 0 flushes, 0 overruns, xml disabled, small buffer) Console logging: level debugging, 37 messages logged, xml disabled, filtering disabled Monitor logging: level debugging, 0 messages logged, xml disabled, filtering disabled Buffer logging: level informational, 5 messages logged, xml disabled, filtering disabled Logging Exception size (4096 bytes) Count and timestamp logging messages: disabled Persistent logging: disabled No active filter modules. Trap logging: level informational, 0 message lines logged Logging to 192.168.1.100 (udp port 514, audit disabled, link up), 0 message lines logged, xml disabled, filtering disabled Logging Source Interface: Loopback0 Log Buffer (4096 bytes): *Mar 1 00:01:23.456: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to up *Mar 1 00:02:34.567: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up Based on this output, which statement is correct?

11

A network engineer runs the following command on Router R2: R2# show logging | include %SYS-5-CONFIG_I *Mar 1 00:10:15.123: %SYS-5-CONFIG_I: Configured from console by console *Mar 1 00:12:45.678: %SYS-5-CONFIG_I: Configured from console by console *Mar 1 00:15:30.001: %SYS-5-CONFIG_I: Configured from console by console *Mar 1 00:20:00.999: %SYS-5-CONFIG_I: Configured from console by console Based on this output, what is the most likely problem?

12

A network engineer runs the following command on Router R3: R3# show logging | include %OSPF-5-ADJCHG *Mar 1 00:05:10.123: %OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.1 on GigabitEthernet0/0 from LOADING to FULL, Loading Done *Mar 1 00:06:20.456: %OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.1 on GigabitEthernet0/0 from FULL to DOWN, Neighbor Down: Dead timer expired *Mar 1 00:07:30.789: %OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.1 on GigabitEthernet0/0 from DOWN to INIT, Received Hello *Mar 1 00:08:40.012: %OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.1 on GigabitEthernet0/0 from INIT to EXSTART, Event: start *Mar 1 00:09:50.345: %OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.1 on GigabitEthernet0/0 from EXSTART to EXCHANGE, Event: Negotiation Done *Mar 1 00:10:00.678: %OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.1 on GigabitEthernet0/0 from EXCHANGE to LOADING, Event: Exchange Done *Mar 1 00:11:10.901: %OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.1 on GigabitEthernet0/0 from LOADING to FULL, Loading Done *Mar 1 00:12:20.234: %OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.1 on GigabitEthernet0/0 from FULL to DOWN, Neighbor Down: Dead timer expired Based on this output, what is the most likely problem?

13

A network engineer runs the following command on Router R4: R4# show logging | include %BGP-3-NOTIFICATION *Mar 1 00:01:05.123: %BGP-3-NOTIFICATION: sent to neighbor 10.0.0.2 4/0 (Hold Timer Expired) 0 bytes *Mar 1 00:02:10.456: %BGP-3-NOTIFICATION: received from neighbor 10.0.0.2 4/0 (Hold Timer Expired) 0 bytes *Mar 1 00:03:15.789: %BGP-3-NOTIFICATION: sent to neighbor 10.0.0.2 4/0 (Hold Timer Expired) 0 bytes Based on this output, what is the most likely problem?

14

A network engineer runs the following command on Router R5: R5# show logging | include %LINEPROTO-5-UPDOWN *Mar 1 00:00:10.123: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up *Mar 1 00:00:20.456: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to down *Mar 1 00:00:30.789: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up *Mar 1 00:00:40.012: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to down *Mar 1 00:00:50.345: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up *Mar 1 00:01:00.678: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to down Based on this output, what is the most likely problem?

15

A network engineer runs the following command on Router R6: R6# show logging | include %SEC-6-IPACCESSLOGP *Mar 1 00:01:15.123: %SEC-6-IPACCESSLOGP: list ACL_INBOUND denied tcp 10.0.0.100(12345) -> 192.168.1.1(80), 1 packet *Mar 1 00:01:20.456: %SEC-6-IPACCESSLOGP: list ACL_INBOUND denied tcp 10.0.0.100(12346) -> 192.168.1.1(80), 1 packet *Mar 1 00:01:25.789: %SEC-6-IPACCESSLOGP: list ACL_INBOUND denied tcp 10.0.0.100(12347) -> 192.168.1.1(80), 1 packet *Mar 1 00:01:30.012: %SEC-6-IPACCESSLOGP: list ACL_INBOUND denied tcp 10.0.0.100(12348) -> 192.168.1.1(80), 1 packet Based on this output, what is the most likely problem?

16

A network engineer runs the following command on Router R7: R7# show logging | include %SYS-2-MALLOCFAIL *Mar 1 00:05:10.123: %SYS-2-MALLOCFAIL: Memory allocation failed for size 1024, from process 0x12345678, pool Processor *Mar 1 00:06:20.456: %SYS-2-MALLOCFAIL: Memory allocation failed for size 2048, from process 0x12345678, pool Processor *Mar 1 00:07:30.789: %SYS-2-MALLOCFAIL: Memory allocation failed for size 512, from process 0x12345678, pool Processor Based on this output, what is the most likely problem?

17

A network engineer runs the following command on Router R8: R8# show logging | include %LDP-5-NBRCHG *Mar 1 00:01:10.123: %LDP-5-NBRCHG: LDP Neighbor 10.0.0.2:0 (1) is UP *Mar 1 00:02:20.456: %LDP-5-NBRCHG: LDP Neighbor 10.0.0.2:0 (1) is DOWN *Mar 1 00:03:30.789: %LDP-5-NBRCHG: LDP Neighbor 10.0.0.2:0 (1) is UP *Mar 1 00:04:40.012: %LDP-5-NBRCHG: LDP Neighbor 10.0.0.2:0 (1) is DOWN Based on this output, what is the most likely problem?

18

A network engineer runs the following command on Router R9: R9# show logging | include %DMVPN-5-ADJCHG *Mar 1 00:01:05.123: %DMVPN-5-ADJCHG: NHRP: Peer 10.0.0.1 on Tunnel0 is UP *Mar 1 00:02:10.456: %DMVPN-5-ADJCHG: NHRP: Peer 10.0.0.1 on Tunnel0 is DOWN *Mar 1 00:03:15.789: %DMVPN-5-ADJCHG: NHRP: Peer 10.0.0.1 on Tunnel0 is UP *Mar 1 00:04:20.012: %DMVPN-5-ADJCHG: NHRP: Peer 10.0.0.1 on Tunnel0 is DOWN Based on this output, what is the most likely problem?

19

Examine the following partial router configuration: logging buffered 16384 logging console warnings logging monitor notifications logging trap debugging logging source-interface Loopback0 logging 192.168.1.100 What is the effect of this configuration?

20

Given the following partial configuration on a Cisco IOS-XE router: logging host 10.1.1.1 transport tcp port 514 logging source-interface GigabitEthernet0/1 logging on What is missing or incorrect in this configuration?

21

Refer to the following partial configuration: logging console informational logging monitor debugging logging trap errors logging buffered 4096 Which statement is true about the logging levels?

22

Consider the configuration snippet: logging 192.168.1.10 vrf Mgmt-intf logging source-interface Vlan1 logging trap 6 What is the effect of the 'logging trap 6' command?

23

Examine the following configuration: logging host 10.1.1.1 logging host 10.1.1.2 logging host 10.1.1.3 logging origin-id hostname logging facility local7 What is the purpose of the 'logging origin-id hostname' command?

24

Given the configuration: logging buffered 8192 warnings logging console alerts logging monitor critical Which of the following is true?

25

What is the default severity level for syslog messages sent to the console on a Cisco IOS device?

26

According to RFC 3164, which facility code is used by default for Cisco IOS syslog messages?

27

What is the default size of the logging buffer on a Cisco IOS-XE router if not explicitly configured?

28

Which TWO commands would a network engineer use to verify that syslog messages are being sent to a remote syslog server? (Choose TWO.)

29

Which TWO statements about syslog message severity levels are true? (Choose TWO.)

30

Which THREE configuration steps are required to send syslog messages from a Cisco router to a remote syslog server? (Choose THREE.)

31

Which TWO symptoms indicate that syslog messages are not being sent to the remote syslog server? (Choose TWO.)

32

Which THREE are valid syslog severity levels defined in RFC 5424? (Choose THREE.)

33

A service provider network uses OSPF with route summarization on Area Border Routers (ABRs). Router R1 (ABR) has the configuration: router ospf 1 area 1 range 10.1.0.0 255.255.240.0 area 1 range 10.1.16.0 255.255.240.0 Router R2 (internal to area 1) shows: R2# show ip route ospf 10.1.0.0/20 is subnetted, 1 subnets O IA 10.1.0.0/20 [110/2] via 10.2.1.1, 00:00:15, Serial0/0/0 10.1.16.0/20 is subnetted, 1 subnets O IA 10.1.16.0/20 [110/2] via 10.2.1.1, 00:00:10, Serial0/0/0 10.1.32.0/20 [110/3] via 10.2.1.2, 00:00:05, Serial0/0/1 R2 is missing a route to 10.1.48.0/20. What is the root cause?

34

Two OSPF domains are redistributed into each other on router R1. R1 has: router ospf 1 redistribute ospf 2 subnets router ospf 2 redistribute ospf 1 subnets Router R2 (in OSPF 1) shows: R2# show ip route ospf O E2 10.1.1.0/24 [110/20] via 10.2.1.1, 00:00:05, Serial0/0/0 O E2 10.2.1.0/24 [110/20] via 10.2.1.1, 00:00:05, Serial0/0/0 R2# traceroute 10.1.1.1 source 10.2.1.2 Type escape sequence to abort. Tracing the route to 10.1.1.1 1 10.2.1.1 4 msec 4 msec 4 msec 2 10.1.1.1 8 msec 8 msec 8 msec R2# traceroute 10.2.1.1 source 10.1.1.2 Type escape sequence to abort. Tracing the route to 10.2.1.1 1 10.1.1.1 4 msec 4 msec 4 msec 2 10.2.1.1 8 msec 8 msec 8 msec Traffic between the two domains is taking suboptimal paths. What is the root cause?

35

In an iBGP network, router R1 has: router bgp 65000 bgp bestpath as-path multipath-relax neighbor 10.1.1.2 route-map SET-MED in route-map SET-MED permit 10 set metric 50 neighbor 10.1.1.3 route-map SET-MED2 in route-map SET-MED2 permit 10 set metric 100 Router R2 shows: R2# show ip bgp 192.168.1.0/24 BGP routing table entry for 192.168.1.0/24, version 2 Paths: (2 available, best #2) Path #1: via 10.1.1.1, metric 50 Path #2: via 10.1.1.4, metric 100 R2# show ip route 192.168.1.0 Routing entry for 192.168.1.0/24 Known via "bgp 65000", distance 200, metric 100 Last update from 10.1.1.4 00:00:10 Serial0/0/1 R2 is choosing the path with higher metric. What is the root cause?

36

Two routers R1 and R2 are connected via Ethernet. R1 has: interface GigabitEthernet0/0 ip ospf network point-to-point R2 has default OSPF network type (broadcast). R1 shows: R1# show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 10.2.2.2 0 FULL/ - 00:00:35 10.1.1.2 GigabitEthernet0/0 R2 shows: R2# show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 10.1.1.1 1 FULL/DR 00:00:30 10.1.1.1 GigabitEthernet0/0 R1 is not installing OSPF routes from R2. What is the root cause?

37

EIGRP network with routers R1, R2, R3. R1 has: router eigrp 100 network 10.0.0.0 R2 has: router eigrp 100 network 10.0.0.0 R3 has: router eigrp 100 network 10.0.0.0 R1 shows: R1# show ip eigrp topology 10.1.1.0/24 EIGRP-IPv4 Topology Entry for 10.1.1.0/24 State is Passive, Query origin flag is 1, 1 Successor(s), FD is 128256 Routing Descriptor Blocks: 10.2.1.2 (Serial0/0/0), from 10.2.1.2, Send flag is 0x0 Composite metric is (128256/156160), Route is Internal 10.3.1.3 (Serial0/0/1), from 10.3.1.3, Send flag is 0x0 Composite metric is (156160/128256), Route is Internal R1# show ip route 10.1.1.0 Routing entry for 10.1.1.0/24 Known via "eigrp 100", distance 90, metric 128256 Last update from 10.2.1.2 on Serial0/0/0 R1 is using the path with higher feasible distance as successor. What is the root cause?

38

DMVPN network with hub R1 and spoke R2. R1 has: interface Tunnel0 ip address 172.16.1.1 255.255.255.0 tunnel source GigabitEthernet0/0 tunnel mode gre multipoint ip nhrp network-id 1 ip nhrp authentication cisco123 R2 has: interface Tunnel0 ip address 172.16.1.2 255.255.255.0 tunnel source GigabitEthernet0/0 tunnel mode gre multipoint ip nhrp network-id 1 ip nhrp nhs 172.16.1.1 ip nhrp authentication cisco123 R2 shows: R2# show dmvpn Legend: Attrb -> S: Static, D: Dynamic, I: Incomplete NHRP domain: 1 Interface: Tunnel0, IPv4 NHRP Details Type:Spoke, NHC:172.16.1.2, NBMA:10.2.2.2 (no NHRP mappings) R2# ping 172.16.1.1 source 172.16.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) What is the root cause?

39

MPLS network with LDP enabled. Routers R1 and R2 are directly connected. R1 has: mpls ip interface Serial0/0/0 mpls ip R2 has: mpls ip interface Serial0/0/0 mpls ip R1 shows: R1# show mpls ldp neighbor Peer LDP Ident: 10.2.2.2:0; Local LDP Ident: 10.1.1.1:0 TCP connection: 10.2.2.2.646 - 10.1.1.1.646 State: Oper; Msgs sent/rcvd: 10/10; Downstream Up time: 00:00:30 LDP discovery sources: Serial0/0/0, Src IP addr: 10.2.2.2 R1# show mpls forwarding-table Local tag Outgoing tag Prefix Bytes tag switched Outgoing interface 16 Untagged 10.3.3.0/24 0 Serial0/0/0 R2 shows: R2# show mpls forwarding-table Local tag Outgoing tag Prefix Bytes tag switched Outgoing interface 16 17 10.3.3.0/24 0 Serial0/0/0 R1 is not installing a label for 10.3.3.0/24 from R2. What is the root cause?

40

Router R1 has an ACL applied to its VTY lines for SSH access: access-list 10 permit 10.1.1.0 0.0.0.255 line vty 0 4 access-class 10 in transport input ssh R1 also has CoPP policy: class-map match-all SSH-CLASS match access-group name SSH-ACL policy-map COPP class SSH-CLASS police cir 8000 bc 1500 conform-action transmit exceed-action drop R2 (10.1.1.2) shows: R2# ssh -l admin 10.2.2.1 % Connection refused by remote host R2# telnet 10.2.2.1 Trying 10.2.2.1 ... % Connection timed out; remote host not responding What is the root cause?

41

Two VRFs on router R1: VRF A and VRF B. R1 has: ip vrf A rd 100:1 route-target export 100:1 route-target import 100:2 ip vrf B rd 100:2 route-target export 100:2 route-target import 100:1 R1 shows: R1# show ip route vrf A B 10.1.1.0/24 [200/0] via 10.2.2.2, 00:00:10 R1# show ip route vrf B B 10.1.1.0/24 [200/0] via 10.2.2.2, 00:00:10 Router R2 (in VRF A) can ping 10.1.1.1, but router R3 (in VRF B) cannot. What is the root cause?

42

A network engineer runs the following command to troubleshoot a Network Logging and Syslog issue: R1# debug ip packet Output: IP: s=10.1.1.1 (GigabitEthernet0/1), d=10.2.2.2, len 100, rcvd 3 IP: s=10.1.1.1 (GigabitEthernet0/1), d=10.2.2.2, len 100, rcvd 4 IP: s=10.1.1.1 (GigabitEthernet0/1), d=10.2.2.2, len 100, rcvd 5 What does this output indicate?

43

A network engineer runs the following command to troubleshoot a Network Logging and Syslog issue: R1# show logging Output: Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns) Console logging: level debugging, 100 messages logged Monitor logging: level debugging, 0 messages logged Buffer logging: level debugging, 100 messages logged Trap logging: level informational, 100 messages logged Logging to 192.168.1.100 (udp port 514, audit disabled) What does this output indicate?

44

A network engineer runs the following command to troubleshoot a Network Logging and Syslog issue: R1# debug ip ospf adj Output: OSPF: 2 Way Communication to 10.0.0.2 on GigabitEthernet0/0, state 2WAY OSPF: Send hello to 224.0.0.5 on GigabitEthernet0/0 OSPF: Rcv DBD from 10.0.0.2 on GigabitEthernet0/0 seq 0x1E opt 0x52 flag 0x7 len 32 OSPF: NBR negotiation done. We are the SLAVE OSPF: Exchange done with 10.0.0.2 on GigabitEthernet0/0 OSPF: Build router LSA for area 0, router ID 10.0.0.1 What does this output indicate?

45

A network engineer runs the following command to troubleshoot a Network Logging and Syslog issue: R1# debug ip bgp updates Output: BGP(0): 10.0.0.2 rcvd UPDATE w/ attr: nexthop 10.0.0.2, origin i, path 65002 BGP(0): 10.0.0.2 rcvd 10.1.1.0/24 BGP(0): 10.0.0.2 rcvd UPDATE w/ attr: nexthop 10.0.0.2, origin i, path 65002 65003 BGP(0): 10.0.0.2 rcvd 10.2.2.0/24 What does this output indicate?

46

A network engineer runs the following command to troubleshoot a Network Logging and Syslog issue: R1# show ip route summary Output: Route Source Networks Subnets Overhead Memory (bytes) connected 0 2 0 0 static 0 0 0 0 ospf 1 5 10 0 0 bgp 65001 3 5 0 0 Total 8 17 0 0 What does this output indicate?

47

A network engineer runs the following command to troubleshoot a Network Logging and Syslog issue: R1# show mpls ldp neighbor detail Output: Peer LDP Ident: 10.0.0.2:0, Local LDP Ident: 10.0.0.1:0 TCP connection: 10.0.0.2.646 - 10.0.0.1.646 State: Oper; Msgs sent/rcvd: 100/100; Downstream Up time: 00:10:00 LDP discovery sources: GigabitEthernet0/0, Src IP addr: 10.0.0.2 Addresses bound to peer LDP Ident: 10.0.0.2 10.1.1.2 10.2.2.2 What does this output indicate?

48

A network engineer runs the following command to troubleshoot a Network Logging and Syslog issue: R1# show ip nhrp detail Output: 10.1.1.1/32 via 10.0.0.2, Tunnel0 created 00:05:00, expire 01:55:00 Type: dynamic, Flags: authoritative NBMA address: 192.168.1.2 10.2.2.2/32 via 10.0.0.3, Tunnel0 created 00:04:00, expire 01:56:00 Type: dynamic, Flags: authoritative NBMA address: 192.168.1.3 What does this output indicate?

49

A network engineer runs the following command to troubleshoot a Network Logging and Syslog issue: R1# show crypto engine connections active Output: Crypto Engine Connections ID Type Algorithm State Connection-ID 1 IPsec AES256-SHA Active 100 2 IPsec AES256-SHA Active 101 3 ISAKMP SHA Active 200 What does this output indicate?

50

A network engineer runs the following command to troubleshoot a Network Logging and Syslog issue: R1# show policy-map control-plane input class class-default Output: Class-map: class-default (match-any) 0 packets, 0 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: any police: cir 1000000 bps, bc 31250 bytes conformed 0 packets, 0 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop violated 0 packets, 0 bytes; actions: drop What does this output indicate?

51

What is the default logging severity level for messages sent to the console in Cisco IOS-XE?

52

According to RFC 5424, which syslog severity level corresponds to 'Critical' conditions?

53

What is the default behavior of the 'logging buffered' command in Cisco IOS-XE when no severity level is specified?

54

Which syslog facility code is used by default for Cisco IOS messages when sent to a syslog server?

55

What is the default rate-limit interval for the 'logging rate-limit' command in Cisco IOS-XE?

56

Which statement correctly describes the behavior of the 'logging synchronous' command on a Cisco IOS device?

57

What is the default size of the logging buffer in Cisco IOS-XE when 'logging buffered' is enabled without specifying a size?

58

Which syslog severity level is used for informational messages that are not errors but may be useful for monitoring?

59

What is the default port number used by syslog servers to receive UDP syslog messages?

60

Drag and drop the steps to configure conditional debugging and syslog forwarding into the correct order, from first to last.

61

Drag and drop the steps to troubleshoot syslog connectivity failures into the correct order, from first to last.

62

Drag and drop the steps to verify and validate syslog operational state into the correct order, from first to last.

63

Which TWO statements about the syslog message format and its fields are correct? (Choose TWO.)

64

An engineer must ensure that all syslog messages with severity level 4 (warning) and higher are sent to a remote syslog server at 10.1.1.100, while also logging messages of severity 6 (informational) to the console. Which TWO configuration commands are required? (Choose TWO.)

65

Which TWO statements about the 'logging rate-limit' command and its effects are correct? (Choose TWO.)

66

Which TWO statements about the 'logging buffered' command and its interaction with other logging commands are correct? (Choose TWO.)

67

Which THREE commands can be used to verify the current syslog configuration and message flow on a Cisco IOS device? (Choose THREE.)

68

An engineer configures OSPF on two routers connected via a serial link. Both routers show the neighbor state as EXSTART/EXSTART, and no LSAs are exchanged. The engineer verifies that the OSPF process IDs are the same, areas match, and authentication is correct. Which is the most likely explanation?

69

An engineer configures EIGRP named mode on two routers. The engineer notices that route summarization configured under the interface does not generate a summary route in the routing table, even though the component routes are present. The engineer confirms that the summary address is correct and the interface is up. Which is the most likely explanation?

70

An engineer configures iBGP between two routers in the same AS. The engineer notices that routes learned from one iBGP neighbor are not being advertised to another iBGP neighbor, even though the next-hop is reachable. The engineer verifies that the BGP session is established and that the routes are present in the BGP table. Which is the most likely explanation?

71

An engineer configures mutual redistribution between OSPF and EIGRP. After a few minutes, the network becomes unstable with routing loops. The engineer checks the routing tables and notices that the same prefix is being learned from both protocols with different administrative distances. Which is the most likely explanation?

72

An engineer configures a DMVPN Phase 2 network. Spoke routers can communicate with the hub, but spoke-to-spoke traffic is not establishing dynamically. The engineer verifies that NHRP is configured and that the hub is configured as an NHRP server. Which is the most likely explanation?

73

An engineer configures an IPsec site-to-site VPN between two routers. The tunnel comes up, but no traffic is encrypted. The engineer verifies that the crypto map is applied to the outgoing interface and that the ACL defining interesting traffic is correct. Which is the most likely explanation?

74

An engineer configures Control Plane Policing (CoPP) on a router to protect the control plane. After applying the policy, the router becomes unreachable via SSH, and OSPF neighbor adjacencies go down. The engineer checks the CoPP policy and sees that the class-map for SSH and OSPF traffic is configured with a police rate. Which is the most likely explanation?

75

An engineer configures uRPF (Unicast Reverse Path Forwarding) in strict mode on a router interface facing the Internet. After configuration, legitimate traffic from customers is being dropped. The engineer verifies that the routing table has a route back to the source IP address. Which is the most likely explanation?

76

An engineer configures syslog logging to a remote server using the 'logging host' command. The engineer notices that syslog messages are not being received on the server, but the router can ping the server successfully. The engineer verifies that the logging level is set to debugging and that the server is configured to receive syslog messages. Which is the most likely explanation?

Practice all 76 Network Logging and Syslog questions

Other 300-410 exam domains

Layer 3 TechnologiesEIGRP TroubleshootingOSPF Troubleshooting (v2/v3)BGP TroubleshootingRoute RedistributionPolicy-Based Routing (PBR)VRF-LiteRoute Maps and Route FilteringAdministrative DistanceRoute SummarizationBidirectional Forwarding Detection (BFD)VPN TechnologiesMPLS OperationsMPLS L3VPNDMVPNIPsec Site-to-Site VPNIPv6 Tunneling TechniquesInfrastructure SecurityDevice Access ControlIPv4 Access Control ListsIPv6 Traffic Filtering and uRPFControl Plane Policing (CoPP)IPv6 First Hop SecurityInfrastructure ServicesDevice ManagementSNMP TroubleshootingEmbedded Event Manager (EEM)IP SLANetFlow and Flexible NetFlowSPAN, RSPAN, and ERSPANDHCP (IPv4 and IPv6)NAT and PAT

Frequently asked questions

What does the Network Logging and Syslog domain cover on the 300-410 exam?

The Network Logging and Syslog domain covers the key concepts tested in this area of the 300-410 exam blueprint published by Cisco. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all 300-410 domains — no account required.

How many Network Logging and Syslog questions are in the 300-410 question bank?

The Courseiva 300-410 question bank contains 76 questions in the Network Logging and Syslog domain. Click any question to see the full explanation and answer breakdown.

What is the best way to practice Network Logging and Syslog for 300-410?

Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.

Can I practice only Network Logging and Syslog questions for 300-410?

Yes — the session launcher on this page draws questions exclusively from the Network Logging and Syslog domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.

Free forever · No credit card required

Track your 300-410 domain progress

Save your results, see per-domain analytics, and get readiness scores — free, for every certification.

Sign Up Free

Free forever · Every certification included

Practice Session

10 questions20 questions30 questions50 questions

Study Resources

All DomainsPractice TestMock ExamFlashcardsStudy Guide