Practice 300-410 NetFlow and Flexible NetFlow questions with full explanations on every answer.
Start practicing
NetFlow and Flexible NetFlow — choose a session length
Free · No account required
Click any question to see the full explanation and answer options, or start a focused practice session above.
A network engineer is troubleshooting a sudden drop in NetFlow data on a Cisco router running IOS-XE 17.x. The engineer verifies that 'ip flow-export destination 10.1.1.100 2055' is configured, and the collector is reachable. However, 'show ip flow export' shows zero packets exported. What is the most likely cause?
2An engineer configures Flexible NetFlow on a Cisco router to monitor traffic on GigabitEthernet0/1. The flow record is defined with 'match ipv4 source address' and 'collect counter bytes'. The flow exporter sends data to 192.168.1.10:2055. After applying the monitor to the interface, 'show flow monitor name MONITOR cache' shows zero entries. What is the most likely root cause?
3A network engineer configures Flexible NetFlow to export traffic statistics for a VRF named CUSTOMER_A. The configuration includes 'flow exporter EXPORTER' with destination 10.10.10.10:2055 and 'vrf CUSTOMER_A' under the exporter. The flow monitor is applied to the VRF interface. However, 'show flow monitor name MONITOR cache' shows no entries for VRF traffic. What is the most likely cause?
4An engineer notices that NetFlow export packets are being sent from a router but the collector reports missing data for certain flows. The engineer checks 'show ip flow export' and sees 'Exporting flows to 10.1.1.100 (2055)' with packets being sent. However, 'show flow monitor name MONITOR cache' shows many flows with zero byte counts. What is the most likely cause?
5A network engineer configures a Flexible NetFlow monitor to capture traffic on a router's WAN interface. The flow record includes 'match ipv4 source address', 'match ipv4 destination address', and 'collect counter bytes'. After applying the monitor, 'show flow monitor name MONITOR cache' shows flows, but the collector receives no data. 'show flow exporter name EXPORTER statistics' shows 'Export packets sent: 0'. What is the most likely cause?
6An engineer configures Flexible NetFlow on a router to monitor both IPv4 and IPv6 traffic. The flow record is defined with 'match ipv4 source address' and 'match ipv6 source address'. After applying the monitor to an interface, 'show flow monitor name MONITOR cache' shows only IPv4 flows. What is the most likely cause?
7A network engineer configures NetFlow on a router using the legacy 'ip flow-export' commands. After applying 'ip route-cache flow' on an interface, 'show ip flow export' shows packets being sent, but the collector reports that all flows have a source IP of the router's management interface instead of the actual source IPs. What is the most likely cause?
8An engineer configures Flexible NetFlow with a flow record that includes 'match ipv4 protocol' and 'collect counter packets'. The flow monitor is applied to an interface. 'show flow monitor name MONITOR cache' shows flows, but the packet counts are much lower than expected based on interface counters. What is the most likely cause?
9A network engineer configures Flexible NetFlow on a router to monitor traffic on a trunk interface with multiple VLANs. The flow monitor is applied to the physical interface. The engineer notices that all flows show the same VLAN ID in the collector, even though traffic from different VLANs is present. What is the most likely cause?
10A network engineer runs the following command on Router R1: R1# show flow exporter EXPORTER-1 Flow Exporter EXPORTER-1: Description: Exports to collector Export protocol: NetFlow Version 9 Transport Configuration: Destination IP address: 192.168.1.100 Source IP address: 10.0.0.1 Transport Protocol: UDP Destination Port: 2055 Source Port: 0 Collector Configuration: VRFs: Default Options Configuration: Sampler: Not configured Export Statistics: Number of Flows exported: 0 Number of Packets exported: 0 Number of Source IP address unreachable: 0 Number of Packets dropped: 0 Based on this output, what is the most likely reason that no flows are being exported?
11A network engineer runs the following command on Router R1: R1# show flow monitor FLOW-MONITOR-1 cache format table Cache type: Normal Cache size: 1000 Current entries: 0 High Watermark: 0 Flows added: 0 Flows aged: 0 - Active timeout (1800 secs) 0 - Inactive timeout (15 secs) 0 - Event aged 0 - Watermark aged 0 - Emergency aged 0 Based on this output, what is the most likely problem?
12A network engineer runs the following command on Router R1: R1# show flow monitor FLOW-MONITOR-1 cache format table Cache type: Normal Cache size: 1000 Current entries: 500 High Watermark: 800 Flows added: 15000 Flows aged: 14500 - Active timeout (1800 secs) 12000 - Inactive timeout (15 secs) 2500 - Event aged 0 - Watermark aged 0 - Emergency aged 0 Based on this output, what is a valid conclusion?
13A network engineer runs the following command on Router R1: R1# show flow monitor FLOW-MONITOR-1 statistics Monitor: FLOW-MONITOR-1 Record: netflow-original Exporter: EXPORTER-1 Cache size: 1000 Current entries: 0 Flows exported: 0 Packets exported: 0 Sampler: Not configured Flow Monitor is not attached to any interface Based on this output, what action should the engineer take to resolve the issue?
14A network engineer runs the following command on Router R1: R1# show flow exporter EXPORTER-1 statistics Flow Exporter: EXPORTER-1 Packet send statistics (last 30 seconds): Packets sent: 0 Packets dropped: 0 Packets unsent: 0 Client send statistics: Packets sent: 0 Packets dropped: 0 Packets unsent: 0 Export statistics: Number of Flows exported: 0 Number of Packets exported: 0 Number of Source IP address unreachable: 0 Number of Packets dropped (no route): 0 Number of Packets dropped (queue full): 0 Based on this output, what is the most likely cause of no exports?
15A network engineer runs the following command on Router R1: R1# show flow monitor FLOW-MONITOR-1 cache format table Cache type: Normal Cache size: 1000 Current entries: 1000 High Watermark: 1000 Flows added: 50000 Flows aged: 49000 - Active timeout (1800 secs) 40000 - Inactive timeout (15 secs) 8000 - Event aged 0 - Watermark aged 1000 - Emergency aged 0 Based on this output, what is the most likely issue?
16A network engineer runs the following command on Router R1: R1# show flow interface GigabitEthernet0/1 Interface GigabitEthernet0/1 FNF: monitor Monitor: FLOW-MONITOR-1 direction: Input traffic-statistics: enabled Based on this output, what can be concluded?
17A network engineer runs the following command on Router R1: R1# show flow monitor FLOW-MONITOR-1 cache format table Cache type: Normal Cache size: 1000 Current entries: 0 High Watermark: 0 Flows added: 0 Flows aged: 0 - Active timeout (1800 secs) 0 - Inactive timeout (15 secs) 0 - Event aged 0 - Watermark aged 0 - Emergency aged 0 R1# show flow interface GigabitEthernet0/1 Interface GigabitEthernet0/1 FNF: monitor Monitor: FLOW-MONITOR-1 direction: Input traffic-statistics: enabled Based on both outputs, what is the most likely problem?
18A network engineer runs the following command on Router R1: R1# show flow exporter EXPORTER-1 Flow Exporter EXPORTER-1: Description: Exports to collector Export protocol: NetFlow Version 9 Transport Configuration: Destination IP address: 192.168.1.100 Source IP address: 10.0.0.1 Transport Protocol: UDP Destination Port: 2055 Source Port: 0 Collector Configuration: VRFs: Default Options Configuration: Sampler: Not configured Export Statistics: Number of Flows exported: 5000 Number of Packets exported: 250 Number of Source IP address unreachable: 10 Number of Packets dropped: 0 Based on this output, what is the most likely issue?
19Examine the following partial configuration on router R1: flow record RECORD-1 match ipv4 source address match ipv4 destination address match ipv4 protocol collect counter bytes collect counter packets ! flow monitor MONITOR-1 record RECORD-1 cache timeout active 60 ! interface GigabitEthernet0/1 ip flow monitor MONITOR-1 input ! Which statement about this configuration is true?
20Consider the following partial configuration on router R2: flow exporter EXPORTER-1 destination 192.168.1.100 source Loopback0 transport udp 2055 ! flow monitor MONITOR-2 exporter EXPORTER-1 record netflow ipv4 original-input cache timeout active 30 ! interface GigabitEthernet0/2 ip flow monitor MONITOR-2 input ! What is the effect of this configuration?
21Examine this partial configuration on router R3: flow record RECORD-2 match ipv4 source address match ipv4 destination address match ipv4 protocol match transport source-port match transport destination-port collect counter bytes collect counter packets ! flow monitor MONITOR-3 record RECORD-2 cache timeout active 60 cache timeout inactive 15 ! interface GigabitEthernet0/3 ip flow monitor MONITOR-3 input ip flow monitor MONITOR-3 output ! Which statement is true about this configuration?
22Consider the following partial configuration on router R4: flow exporter EXPORTER-2 destination 10.10.10.1 source Loopback0 transport udp 9996 option interface-table option sampler-table ! flow monitor MONITOR-4 exporter EXPORTER-2 record netflow ipv4 original-input ! interface GigabitEthernet0/4 ip flow monitor MONITOR-4 input ! What is the purpose of the 'option interface-table' and 'option sampler-table' commands under the exporter?
23Examine this partial configuration on router R5: flow record RECORD-3 match ipv4 source address match ipv4 destination address match ipv4 protocol collect routing source as collect routing destination as ! flow monitor MONITOR-5 record RECORD-3 cache timeout active 60 ! interface GigabitEthernet0/5 ip flow monitor MONITOR-5 input ! What is missing or incorrect in this configuration?
24Consider the following partial configuration on router R6: flow exporter EXPORTER-3 destination 192.168.2.200 source Loopback0 transport udp 2055 template data timeout 120 ! flow monitor MONITOR-6 exporter EXPORTER-3 record netflow ipv4 original-input ! interface GigabitEthernet0/6 ip flow monitor MONITOR-6 input ! What is the effect of the 'template data timeout 120' command?
25What is the default active flow timeout value in Cisco IOS Flexible NetFlow?
26In Flexible NetFlow, which of the following is true regarding the 'match' and 'collect' commands in a flow record?
27Which NetFlow version is the default export format when using Flexible NetFlow with the 'record netflow ipv4 original-input' command?
28Which TWO commands would a network engineer use to verify NetFlow data export and flow monitor statistics on a Cisco IOS-XE router? (Choose TWO.)
29Which TWO statements about Flexible NetFlow flow records are true? (Choose TWO.)
30Which TWO configuration steps are required to enable Flexible NetFlow on a Cisco IOS-XE interface? (Choose TWO.)
31Which THREE symptoms indicate that NetFlow data export is failing or misconfigured? (Choose THREE.)
32Which TWO statements about NetFlow version 9 and Flexible NetFlow are true? (Choose TWO.)
33A large enterprise network is experiencing intermittent loss of NetFlow data from multiple routers. Router R1 has the following relevant configuration: flow exporter EXPORTER-1 destination 10.1.1.1 source Loopback0 transport udp 2055 export-protocol netflow-v9. Router R2 shows: R2# show flow exporter EXPORTER-1 statistics | include (Packets|Errors) Packets exported: 0, Errors: 0. The network uses OSPF, and R1's Loopback0 is reachable via a summary route. What is the root cause?
34A company uses EIGRP with route redistribution from OSPF. After configuring Flexible NetFlow to monitor traffic, engineers notice that some routes are missing from the routing table. Router R1 has: router eigrp 100 redistribute ospf 1 metric 10000 100 255 1 1500 route-map FILTER-OSPF. The route-map FILTER-OSPF uses a match ip address prefix-list ALLOWED. The prefix-list ALLOWED permits 10.0.0.0/8 le 24. However, a specific route 10.1.0.0/16 is not being redistributed. What is the root cause?
35A DMVPN network uses FlexVPN with BGP as the routing protocol. Spoke routers are configured with Flexible NetFlow to monitor traffic. After a configuration change, spoke-to-spoke tunnels fail to establish. Router R1 (spoke) shows: show dmvpn detail | include (State|Tunnel) State: NHRP, Tunnel: Tunnel0. The BGP neighbor to the hub is up, but no BGP routes are received for the remote spoke's LAN. What is the root cause?
36An MPLS network uses LDP for label distribution. After enabling Flexible NetFlow on the core routers, some LDP sessions fail to establish. Router R1 shows: show mpls ldp neighbor | include (Peer|State) Peer LDP Ident: 10.0.0.2:0, State: OPERATIONAL. Router R2 shows: show mpls ldp neighbor | include (Peer|State) Peer LDP Ident: 10.0.0.1:0, State: INIT. What is the root cause?
37A network engineer configures Flexible NetFlow on a router that also runs CoPP (Control Plane Policing). After applying the flow monitor to the ingress interface, the router's CPU spikes and management traffic (SSH, SNMP) becomes intermittent. Router R1 shows: show policy-map control-plane | include (class|police) class CoPP-MGMT police rate 10000 pps. show flow monitor FLOW-MONITOR statistics | include (Packets|Dropped) Packets dropped: 5000. What is the root cause?
38A VRF-aware network uses route leaking between VRF A and VRF B. After configuring Flexible NetFlow to monitor traffic in VRF A, some routes that were previously leaked to VRF B disappear. Router R1 has: ip route vrf A 10.0.0.0 255.0.0.0 Null0. route-map LEAK permit 10 match ip address prefix-list GLOBAL. The prefix-list GLOBAL permits 10.0.0.0/8. The flow monitor is applied to the VRF A interface. What is the root cause?
39A BGP-based network uses route reflectors and Flexible NetFlow to monitor traffic. After applying a flow monitor to the route reflector's interface, some BGP routes are not being reflected to clients. Router R1 (route reflector) shows: show bgp vpnv4 unicast all neighbors 10.0.0.2 advertised-routes | include (10.1.1.0/24) No entries. The BGP session is up, and the route 10.1.1.0/24 is in the BGP table. What is the root cause?
40An OSPF network has multiple areas and uses Flexible NetFlow to monitor inter-area traffic. After applying a flow monitor to the ABR's interface, OSPF neighbor relationships fail to form. Router R1 (ABR) shows: show ip ospf neighbor | include (FULL|DOWN) Neighbor 10.0.0.2, interface GigabitEthernet0/0, state DOWN. show flow monitor FLOW-MONITOR statistics | include (Packets|Errors) Packets exported: 1000, Errors: 0. What is the root cause?
41A network uses route summarization to reduce routing table size. After enabling Flexible NetFlow, some routes that were previously summarized are now being advertised individually. Router R1 has: interface GigabitEthernet0/0 ip summary-address eigrp 100 10.0.0.0 255.0.0.0. The flow monitor is applied to the same interface. show ip route eigrp | include (10.0.0.0/8) shows the summary route, but also shows more specific routes like 10.1.0.0/16. What is the root cause?
42A network engineer runs the following command to troubleshoot a Flexible NetFlow issue: R1# show flow monitor FLOW-MONITOR-1 cache format table Cache type: Normal Cache size: 1000 Current entries: 25 High Watermark: 50 Flows added: 1234 Flows aged: 1209 - Active timeout ( 1800 secs): 100 - Inactive timeout ( 15 secs): 1100 - Event aged: 9 - Watermark aged: 0 - Emergency aged: 0 What does the output indicate?
43A network engineer runs the following command to verify NetFlow export on an interface: R1# show ip flow interface GigabitEthernet0/0 ip flow ingress ip flow egress GigabitEthernet0/1 ip flow ingress What does this output indicate?
44A network engineer runs the following command to debug NetFlow export: R1# debug ip flow export IP Flow export debugging is on R1# *Mar 1 00:05:23.123: FLOW: export v9 flow 1 with 30 packets *Mar 1 00:05:23.124: FLOW: export v9 flow 2 with 15 packets *Mar 1 00:05:23.125: FLOW: export v9 flow 3 with 22 packets *Mar 1 00:05:23.126: FLOW: export v9 flow 4 with 8 packets *Mar 1 00:05:23.127: FLOW: export v9 flow 5 with 12 packets What does this output indicate?
45A network engineer runs the following command to verify Flexible NetFlow record configuration: R1# show flow record FLOW-RECORD-1 flow record FLOW-RECORD-1 match ipv4 source address match ipv4 destination address match ip protocol collect counter bytes collect counter packets collect timestamp sys-uptime first collect timestamp sys-uptime last What does this output indicate?
46A network engineer runs the following command to verify NetFlow export destination: R1# show ip flow export Flow export v9 is enabled for main cache Export source and destination details : VRF ID : Default Destination(1) 192.168.1.100 (2055) Source IP 10.0.0.1 Origin AS 65000 Peer AS 65001 Mask for source 255.255.255.255 Mask for destination 255.255.255.255 Version 9 flow records 1234 flows exported in 567 udp datagrams 0 flows failed due to lack of export packet 0 export packets were sent up to process level 0 export packets were dropped due to no fib 0 export packets were dropped due to adjacency issues 0 export packets were dropped due to fragmentation failures 0 export packets were dropped due to encapsulation fixup failures What does this output indicate?
47A network engineer runs the following command to troubleshoot Flexible NetFlow cache usage: R1# show flow monitor FLOW-MONITOR-1 statistics Cache type: Normal Cache size: 1000 Current entries: 900 High Watermark: 950 Flows added: 50000 Flows aged: 49100 - Active timeout ( 1800 secs): 40000 - Inactive timeout ( 15 secs): 9000 - Event aged: 100 - Watermark aged: 0 - Emergency aged: 0 What does this output indicate?
48A network engineer runs the following command to verify NetFlow data export format: R1# show flow exporter EXPORTER-1 Flow Exporter: EXPORTER-1 Transport Configuration: Destination IP address: 192.168.1.100 Source IP address: 10.0.0.1 Transport Protocol: UDP Destination Port: 2055 Source Port: 51234 DSCP: 0x00 TTL: 255 Output Features: Used Export Protocol: NetFlow Version 9 Template Data Export Timeout: 1800 seconds Option Data Export Timeout: 1800 seconds Option Data Configured: application-table sub-application-table application-attributes What does this output indicate?
49A network engineer runs the following command to verify Flexible NetFlow cache entries: R1# show flow monitor FLOW-MONITOR-1 cache format record Cache entry for flow 1: ipv4 source address: 10.0.0.1 ipv4 destination address: 192.168.1.100 ip protocol: 6 counter bytes: 1500 counter packets: 10 timestamp sys-uptime first: 123456 timestamp sys-uptime last: 123556 Cache entry for flow 2: ipv4 source address: 10.0.0.2 ipv4 destination address: 192.168.1.101 ip protocol: 17 counter bytes: 500 counter packets: 5 timestamp sys-uptime first: 123457 timestamp sys-uptime last: 123557 What does this output indicate?
50A network engineer runs the following command to debug Flexible NetFlow cache events: R1# debug flow monitor FLOW-MONITOR-1 Flow Monitor FLOW-MONITOR-1 debugging is on R1# *Mar 1 00:10:15.123: FLOW MONITOR: Cache entry created for flow 10.0.0.1:1234 -> 192.168.1.100:80 (TCP) *Mar 1 00:10:15.124: FLOW MONITOR: Cache entry updated for flow 10.0.0.1:1234 -> 192.168.1.100:80 (TCP) - bytes: 1460, packets: 1 *Mar 1 00:10:15.125: FLOW MONITOR: Cache entry updated for flow 10.0.0.1:1234 -> 192.168.1.100:80 (TCP) - bytes: 2920, packets: 2 *Mar 1 00:10:45.123: FLOW MONITOR: Cache entry aged for flow 10.0.0.1:1234 -> 192.168.1.100:80 (TCP) - reason: inactive timeout What does this output indicate?
51What is the default flow-cache timeout for NetFlow version 9 on Cisco IOS-XE?
52Which statement correctly describes the default behavior of the 'flow monitor' in Flexible NetFlow regarding the collection of BGP next-hop information?
53What is the default export interval for NetFlow data when using the 'flow exporter' with UDP as the transport protocol?
54Which of the following is a mandatory field in a Flexible NetFlow flow record for IPv4 traffic?
55What is the default value for the 'active flow timeout' in a Flexible NetFlow monitor on Cisco IOS-XE?
56Which NetFlow version introduced the concept of templates to support variable-length flow records?
57In Flexible NetFlow, what is the default 'collect counter bytes' setting for a flow record?
58What is the default transport protocol used by NetFlow exporters on Cisco IOS-XE?
59Which statement correctly describes the default 'match' direction in a Flexible NetFlow flow record?
60Drag and drop the steps to configure Flexible NetFlow with a custom flow record into the correct order, from first to last.
61Drag and drop the steps to troubleshoot NetFlow and Flexible NetFlow connectivity failures into the correct order, from first to last.
62Drag and drop the steps to verify and validate NetFlow and Flexible NetFlow operational state into the correct order, from first to last.
63Which TWO statements about Flexible NetFlow flow monitors and flow exporters are true? (Choose TWO.)
64An engineer needs to troubleshoot a NetFlow deployment where flow data is not being exported to the collector. Which TWO commands can be used to verify the operational status of NetFlow on a Cisco IOS-XE device? (Choose TWO.)
65Which THREE statements about the NetFlow flow cache and export timing are correct? (Choose THREE.)
66An engineer configures Flexible NetFlow with a user-defined flow record that includes 'match ipv4 source address' and 'collect counter bytes'. Which TWO additional statements about this configuration are true? (Choose TWO.)
67Which TWO statements about NetFlow version 9 and Flexible NetFlow export format are true? (Choose TWO.)
68An engineer configures Flexible NetFlow on a router to monitor traffic. Unexpectedly, the NetFlow exporter does not send any flow records to the collector. The engineer verifies that the monitor is applied to the correct interface and that the collector is reachable. Which is the most likely explanation?
69An engineer configures OSPF on two directly connected routers with MTU 1500 on one interface and MTU 1400 on the other. The OSPF adjacency forms but remains in EXSTART state. Which is the most likely explanation?
70An engineer configures EIGRP named mode on a router. After a link failure, a route becomes stuck-in-active (SIA). The engineer checks the EIGRP topology and notices that the route has a feasible successor. Which is the most likely explanation?
71An engineer configures BGP between two routers in the same AS. The iBGP session is established, but the routes learned from eBGP are not being advertised to the iBGP neighbor. The engineer verifies that the next-hop is reachable via IGP. Which is the most likely explanation?
72An engineer configures mutual redistribution between OSPF and EIGRP. After the configuration, routing loops occur. The engineer checks the routing tables and sees that the same prefix is learned from both protocols with different administrative distances. Which is the most likely explanation?
73An engineer configures a DMVPN Phase 2 network. Spoke-to-spoke tunnels are expected to form dynamically. However, when a spoke tries to reach another spoke, traffic is still sent through the hub. The engineer verifies that NHRP is working and that the spoke-to-spoke tunnel is up. Which is the most likely explanation?
74An engineer configures IPsec between two routers using a site-to-site VPN. The tunnel is established, but traffic is not encrypted. The engineer checks the crypto map and sees that the ACL for interesting traffic is configured correctly. Which is the most likely explanation?
75An engineer configures Control Plane Policing (CoPP) on a router to protect the management plane. After applying the policy, the router becomes unreachable via SSH, but the console is still accessible. The engineer checks the CoPP policy and sees that SSH traffic is permitted. Which is the most likely explanation?
76An engineer configures unicast Reverse Path Forwarding (uRPF) in strict mode on an interface. After the configuration, legitimate traffic from a customer network is being dropped. The engineer verifies that the customer's IP prefix is in the routing table. Which is the most likely explanation?
The NetFlow and Flexible NetFlow domain covers the key concepts tested in this area of the 300-410 exam blueprint published by Cisco. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all 300-410 domains — no account required.
The Courseiva 300-410 question bank contains 76 questions in the NetFlow and Flexible NetFlow domain. Click any question to see the full explanation and answer breakdown.
Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.
Yes — the session launcher on this page draws questions exclusively from the NetFlow and Flexible NetFlow domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.
Save your results, see per-domain analytics, and get readiness scores — free, for every certification.
Sign Up FreeFree forever · Every certification included