Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Network Logging and Syslog practice sets

300-410 Network Logging and Syslog • Complete Question Bank

300-410 Network Logging and Syslog — All Questions With Answers

Complete 300-410 Network Logging and Syslog question bank — all 0 questions with answers and detailed explanations.

76
Questions
Free
No signup
Certifications/300-410/Practice Test/Network Logging and Syslog/All Questions
Question 1mediummultiple choice
Read the full network assurance explanation →

A network engineer notices that the syslog server at 10.1.1.100 is not receiving any log messages from a Cisco router running IOS-XE 16.9. The engineer has configured 'logging host 10.1.1.100' and 'logging trap debugging'. The router can ping the syslog server successfully. What is the most likely cause of the missing syslog messages?

Question 2mediummultiple choice
Read the full network assurance explanation →

An engineer is troubleshooting why syslog messages from a router are not being received by the syslog server at 192.168.1.10. The router configuration includes 'logging host 192.168.1.10' and 'logging trap 6'. The engineer runs 'debug ip packet' and sees packets destined for 192.168.1.10 being sent but no response. What should the engineer check first?

Question 3hardmultiple choice
Read the full network assurance explanation →

A network engineer is troubleshooting a router that is generating excessive syslog messages, filling up the local logging buffer and causing performance issues. The engineer wants to reduce the volume of messages sent to the remote syslog server while still capturing critical alerts locally. The current configuration includes 'logging buffered 4096 debugging' and 'logging host 10.1.1.100'. What is the best approach?

Question 4mediummultiple choice
Read the full network assurance explanation →

A router is configured with 'logging host 10.1.1.100' and 'logging trap informational'. The engineer notices that syslog messages with severity 5 (notice) are being sent, but messages with severity 6 (informational) are not. What is the most likely cause?

Question 5hardmultiple choice
Read the full network assurance explanation →

An engineer is troubleshooting a router that is not sending syslog messages to the remote server at 192.168.1.10. The configuration includes 'logging host 192.168.1.10' and 'logging trap 7'. The router can ping 192.168.1.10. The engineer runs 'show logging' and sees 'Syslog logging: enabled (0 messages dropped, 0 messages rate-limited, 0 flushes, 0 overruns)'. What is the most likely cause?

Question 6mediummultiple choice
Read the full network assurance explanation →

A router is configured to send syslog messages to two servers: 10.1.1.100 and 10.1.1.200. The engineer notices that only server 10.1.1.100 is receiving messages. The configuration shows 'logging host 10.1.1.100' and 'logging host 10.1.1.200'. Both servers are reachable via ping. What is the most likely cause?

Question 7mediummultiple choice
Read the full network assurance explanation →

An engineer is troubleshooting a router that is generating syslog messages with incorrect timestamps. The router has 'service timestamps log datetime msec' configured, but the timestamps show the wrong time zone. The router's clock is set correctly via NTP. What is the most likely cause?

Question 8hardmultiple choice
Read the full network assurance explanation →

A router is configured with 'logging host 10.1.1.100' and 'logging trap debugging'. The engineer notices that the router is sending a large number of debug messages to the syslog server, causing high CPU usage. The engineer wants to stop sending debug messages to the remote server but keep them in the local buffer. What is the best command to achieve this?

Question 9easymultiple choice
Read the full network assurance explanation →

A network engineer is troubleshooting a router that is not generating any syslog messages at all, even for critical events like interface flaps. The 'show logging' output shows 'Syslog logging: disabled'. What is the most likely cause?

Question 10mediummultiple choice
Read the full network assurance explanation →

A network engineer runs the following command on Router R1:

R1# show logging

Syslog logging: enabled (0 messages dropped, 3 messages rate-limited, 0 flushes, 0 overruns, xml disabled, small buffer) Console logging: level debugging, 37 messages logged, xml disabled, filtering disabled Monitor logging: level debugging, 0 messages logged, xml disabled, filtering disabled Buffer logging: level informational, 5 messages logged, xml disabled, filtering disabled

Logging Exception size (4096 bytes)

Count and timestamp logging messages: disabled Persistent logging: disabled

No active filter modules.

Trap logging: level informational, 0 message lines logged

Logging to 192.168.1.100 (udp port 514, audit disabled,

link up), 0 message lines logged, xml disabled, filtering disabled

Logging Source Interface: Loopback0

Log Buffer (4096 bytes):

*Mar  1 00:01:23.456: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to up
*Mar  1 00:02:34.567: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up

Based on this output, which statement is correct?

Question 11mediummultiple choice
Read the full network assurance explanation →

A network engineer runs the following command on Router R2:

R2# show logging | include %SYS-5-CONFIG_I

*Mar  1 00:10:15.123: %SYS-5-CONFIG_I: Configured from console by console
*Mar  1 00:12:45.678: %SYS-5-CONFIG_I: Configured from console by console
*Mar  1 00:15:30.001: %SYS-5-CONFIG_I: Configured from console by console
*Mar  1 00:20:00.999: %SYS-5-CONFIG_I: Configured from console by console

Based on this output, what is the most likely problem?

Question 12hardmultiple choice
Review the full OSPF breakdown →

A network engineer runs the following command on Router R3:

R3# show logging | include %OSPF-5-ADJCHG

*Mar  1 00:05:10.123: %OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.1 on GigabitEthernet0/0 from LOADING to FULL, Loading Done
*Mar  1 00:06:20.456: %OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.1 on GigabitEthernet0/0 from FULL to DOWN, Neighbor Down: Dead timer expired
*Mar  1 00:07:30.789: %OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.1 on GigabitEthernet0/0 from DOWN to INIT, Received Hello
*Mar  1 00:08:40.012: %OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.1 on GigabitEthernet0/0 from INIT to EXSTART, Event: start
*Mar  1 00:09:50.345: %OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.1 on GigabitEthernet0/0 from EXSTART to EXCHANGE, Event: Negotiation Done
*Mar  1 00:10:00.678: %OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.1 on GigabitEthernet0/0 from EXCHANGE to LOADING, Event: Exchange Done
*Mar  1 00:11:10.901: %OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.1 on GigabitEthernet0/0 from LOADING to FULL, Loading Done
*Mar  1 00:12:20.234: %OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.1 on GigabitEthernet0/0 from FULL to DOWN, Neighbor Down: Dead timer expired

Based on this output, what is the most likely problem?

Question 13mediummultiple choice
Open the full BGP breakdown →

A network engineer runs the following command on Router R4:

R4# show logging | include %BGP-3-NOTIFICATION

*Mar  1 00:01:05.123: %BGP-3-NOTIFICATION: sent to neighbor 10.0.0.2 4/0 (Hold Timer Expired) 0 bytes
*Mar  1 00:02:10.456: %BGP-3-NOTIFICATION: received from neighbor 10.0.0.2 4/0 (Hold Timer Expired) 0 bytes
*Mar  1 00:03:15.789: %BGP-3-NOTIFICATION: sent to neighbor 10.0.0.2 4/0 (Hold Timer Expired) 0 bytes

Based on this output, what is the most likely problem?

Question 14easymultiple choice
Read the full network assurance explanation →

A network engineer runs the following command on Router R5:

R5# show logging | include %LINEPROTO-5-UPDOWN

*Mar  1 00:00:10.123: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up
*Mar  1 00:00:20.456: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to down
*Mar  1 00:00:30.789: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up
*Mar  1 00:00:40.012: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to down
*Mar  1 00:00:50.345: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up
*Mar  1 00:01:00.678: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to down

Based on this output, what is the most likely problem?

Question 15mediummultiple choice
Study the full ACL explanation →

A network engineer runs the following command on Router R6:

R6# show logging | include %SEC-6-IPACCESSLOGP

*Mar  1 00:01:15.123: %SEC-6-IPACCESSLOGP: list ACL_INBOUND denied tcp 10.0.0.100(12345) -> 192.168.1.1(80), 1 packet
*Mar  1 00:01:20.456: %SEC-6-IPACCESSLOGP: list ACL_INBOUND denied tcp 10.0.0.100(12346) -> 192.168.1.1(80), 1 packet
*Mar  1 00:01:25.789: %SEC-6-IPACCESSLOGP: list ACL_INBOUND denied tcp 10.0.0.100(12347) -> 192.168.1.1(80), 1 packet
*Mar  1 00:01:30.012: %SEC-6-IPACCESSLOGP: list ACL_INBOUND denied tcp 10.0.0.100(12348) -> 192.168.1.1(80), 1 packet

Based on this output, what is the most likely problem?

Question 16hardmultiple choice
Read the full network assurance explanation →

A network engineer runs the following command on Router R7:

R7# show logging | include %SYS-2-MALLOCFAIL

*Mar  1 00:05:10.123: %SYS-2-MALLOCFAIL: Memory allocation failed for size 1024, from process 0x12345678, pool Processor
*Mar  1 00:06:20.456: %SYS-2-MALLOCFAIL: Memory allocation failed for size 2048, from process 0x12345678, pool Processor
*Mar  1 00:07:30.789: %SYS-2-MALLOCFAIL: Memory allocation failed for size 512, from process 0x12345678, pool Processor

Based on this output, what is the most likely problem?

Question 17mediummultiple choice
Read the full network assurance explanation →

A network engineer runs the following command on Router R8:

R8# show logging | include %LDP-5-NBRCHG

*Mar  1 00:01:10.123: %LDP-5-NBRCHG: LDP Neighbor 10.0.0.2:0 (1) is UP
*Mar  1 00:02:20.456: %LDP-5-NBRCHG: LDP Neighbor 10.0.0.2:0 (1) is DOWN
*Mar  1 00:03:30.789: %LDP-5-NBRCHG: LDP Neighbor 10.0.0.2:0 (1) is UP
*Mar  1 00:04:40.012: %LDP-5-NBRCHG: LDP Neighbor 10.0.0.2:0 (1) is DOWN

Based on this output, what is the most likely problem?

Question 18mediummultiple choice
Read the full VPN explanation →

A network engineer runs the following command on Router R9:

R9# show logging | include %DMVPN-5-ADJCHG

*Mar  1 00:01:05.123: %DMVPN-5-ADJCHG: NHRP: Peer 10.0.0.1 on Tunnel0 is UP
*Mar  1 00:02:10.456: %DMVPN-5-ADJCHG: NHRP: Peer 10.0.0.1 on Tunnel0 is DOWN
*Mar  1 00:03:15.789: %DMVPN-5-ADJCHG: NHRP: Peer 10.0.0.1 on Tunnel0 is UP
*Mar  1 00:04:20.012: %DMVPN-5-ADJCHG: NHRP: Peer 10.0.0.1 on Tunnel0 is DOWN

Based on this output, what is the most likely problem?

Question 19mediummultiple choice
Read the full network assurance explanation →

Examine the following partial router configuration:

logging buffered 16384
logging console warnings
logging monitor notifications
logging trap debugging
logging source-interface Loopback0
logging 192.168.1.100

What is the effect of this configuration?

Question 20mediummultiple choice
Read the full network assurance explanation →

Given the following partial configuration on a Cisco IOS-XE router:

logging host 10.1.1.1 transport tcp port 514
logging source-interface GigabitEthernet0/1
logging on

What is missing or incorrect in this configuration?

Question 21mediummultiple choice
Read the full network assurance explanation →

Refer to the following partial configuration:

logging console informational
logging monitor debugging
logging trap errors
logging buffered 4096

Which statement is true about the logging levels?

Question 22easymultiple choice
Open the full VLAN trunking answer →

Consider the configuration snippet:

logging 192.168.1.10 vrf Mgmt-intf
logging source-interface Vlan1
logging trap 6

What is the effect of the 'logging trap 6' command?

Question 23mediummultiple choice
Read the full network assurance explanation →

Examine the following configuration:

logging host 10.1.1.1
logging host 10.1.1.2
logging host 10.1.1.3
logging origin-id hostname
logging facility local7

What is the purpose of the 'logging origin-id hostname' command?

Question 24easymultiple choice
Read the full network assurance explanation →

Given the configuration:

logging buffered 8192 warnings
logging console alerts
logging monitor critical

Which of the following is true?

Question 25easymultiple choice
Read the full network assurance explanation →

What is the default severity level for syslog messages sent to the console on a Cisco IOS device?

Question 26mediummultiple choice
Read the full network assurance explanation →

According to RFC 3164, which facility code is used by default for Cisco IOS syslog messages?

Question 27easymultiple choice
Read the full network assurance explanation →

What is the default size of the logging buffer on a Cisco IOS-XE router if not explicitly configured?

Question 28mediummulti select
Read the full network assurance explanation →

Which TWO commands would a network engineer use to verify that syslog messages are being sent to a remote syslog server? (Choose TWO.)

Question 29mediummulti select
Read the full network assurance explanation →

Which TWO statements about syslog message severity levels are true? (Choose TWO.)

Question 30hardmulti select
Read the full network assurance explanation →

Which THREE configuration steps are required to send syslog messages from a Cisco router to a remote syslog server? (Choose THREE.)

Question 31mediummulti select
Read the full network assurance explanation →

Which TWO symptoms indicate that syslog messages are not being sent to the remote syslog server? (Choose TWO.)

Question 32hardmulti select
Read the full network assurance explanation →

Which THREE are valid syslog severity levels defined in RFC 5424? (Choose THREE.)

Question 33hardmultiple choice
Review the full OSPF breakdown →

A service provider network uses OSPF with route summarization on Area Border Routers (ABRs). Router R1 (ABR) has the configuration:

router ospf 1
 area 1 range 10.1.0.0 255.255.240.0
 area 1 range 10.1.16.0 255.255.240.0
Router R2 (internal to area 1) shows:
R2# show ip route ospf
     10.1.0.0/20 is subnetted, 1 subnets

O IA 10.1.0.0/20 [110/2] via 10.2.1.1, 00:00:15, Serial0/0/0

10.1.16.0/20 is subnetted, 1 subnets

O IA 10.1.16.0/20 [110/2] via 10.2.1.1, 00:00:10, Serial0/0/0

10.1.32.0/20 [110/3] via 10.2.1.2, 00:00:05, Serial0/0/1

R2 is missing a route to 10.1.48.0/20. What is the root cause?

Question 34hardmultiple choice
Review the full OSPF breakdown →

Two OSPF domains are redistributed into each other on router R1. R1 has:

router ospf 1

redistribute ospf 2 subnets

router ospf 2

redistribute ospf 1 subnets

Router R2 (in OSPF 1) shows:
R2# show ip route ospf

O E2 10.1.1.0/24 [110/20] via 10.2.1.1, 00:00:05, Serial0/0/0 O E2 10.2.1.0/24 [110/20] via 10.2.1.1, 00:00:05, Serial0/0/0

R2# traceroute 10.1.1.1 source 10.2.1.2

Type escape sequence to abort. Tracing the route to 10.1.1.1 1 10.2.1.1 4 msec 4 msec 4 msec 2 10.1.1.1 8 msec 8 msec 8 msec

R2# traceroute 10.2.1.1 source 10.1.1.2

Type escape sequence to abort. Tracing the route to 10.2.1.1 1 10.1.1.1 4 msec 4 msec 4 msec 2 10.2.1.1 8 msec 8 msec 8 msec Traffic between the two domains is taking suboptimal paths. What is the root cause?

Question 35hardmultiple choice
Open the full BGP breakdown →

In an iBGP network, router R1 has:

router bgp 65000

bgp bestpath as-path multipath-relax

neighbor 10.1.1.2 route-map SET-MED in

route-map SET-MED permit 10 set metric 50

neighbor 10.1.1.3 route-map SET-MED2 in

route-map SET-MED2 permit 10 set metric 100

Router R2 shows:
R2# show ip bgp 192.168.1.0/24

BGP routing table entry for 192.168.1.0/24, version 2 Paths: (2 available, best #2) Path #1: via 10.1.1.1, metric 50 Path #2: via 10.1.1.4, metric 100

R2# show ip route 192.168.1.0

Routing entry for 192.168.1.0/24 Known via "bgp 65000", distance 200, metric 100 Last update from 10.1.1.4 00:00:10 Serial0/0/1 R2 is choosing the path with higher metric. What is the root cause?

Question 36hardmultiple choice
Review the full OSPF breakdown →

Two routers R1 and R2 are connected via Ethernet. R1 has:

interface GigabitEthernet0/0
 ip ospf network point-to-point

R2 has default OSPF network type (broadcast). R1 shows:

R1# show ip ospf neighbor
Neighbor ID     Pri   State           Dead Time   Address         Interface
10.2.2.2          0   FULL/  -        00:00:35    10.1.1.2        GigabitEthernet0/0

R2 shows:

R2# show ip ospf neighbor
Neighbor ID     Pri   State           Dead Time   Address         Interface
10.1.1.1          1   FULL/DR        00:00:30    10.1.1.1        GigabitEthernet0/0

R1 is not installing OSPF routes from R2. What is the root cause?

Question 37hardmultiple choice
Study the full EIGRP explanation →

EIGRP network with routers R1, R2, R3. R1 has:

router eigrp 100
 network 10.0.0.0

R2 has:

router eigrp 100
 network 10.0.0.0

R3 has:

router eigrp 100
 network 10.0.0.0

R1 shows:

R1# show ip eigrp topology 10.1.1.0/24

EIGRP-IPv4 Topology Entry for 10.1.1.0/24 State is Passive, Query origin flag is 1, 1 Successor(s), FD is 128256 Routing Descriptor Blocks:

10.2.1.2 (Serial0/0/0), from 10.2.1.2, Send flag is 0x0

Composite metric is (128256/156160), Route is Internal

10.3.1.3 (Serial0/0/1), from 10.3.1.3, Send flag is 0x0

Composite metric is (156160/128256), Route is Internal

R1# show ip route 10.1.1.0

Routing entry for 10.1.1.0/24 Known via "eigrp 100", distance 90, metric 128256 Last update from 10.2.1.2 on Serial0/0/0 R1 is using the path with higher feasible distance as successor. What is the root cause?

Question 38hardmultiple choice
Read the full VPN explanation →

DMVPN network with hub R1 and spoke R2. R1 has:

interface Tunnel0
 ip address 172.16.1.1 255.255.255.0

tunnel source GigabitEthernet0/0 tunnel mode gre multipoint

ip nhrp network-id 1
 ip nhrp authentication cisco123

R2 has:

interface Tunnel0
 ip address 172.16.1.2 255.255.255.0

tunnel source GigabitEthernet0/0 tunnel mode gre multipoint

ip nhrp network-id 1
 ip nhrp nhs 172.16.1.1
 ip nhrp authentication cisco123

R2 shows:

R2# show dmvpn

Legend: Attrb -> S: Static, D: Dynamic, I: Incomplete NHRP domain: 1

Interface: Tunnel0, IPv4 NHRP Details

Type:Spoke, NHC:172.16.1.2, NBMA:10.2.2.2 (no NHRP mappings)

R2# ping 172.16.1.1 source 172.16.1.2

Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) What is the root cause?

Question 39hardmultiple choice
Read the full MPLS explanation →

MPLS network with LDP enabled. Routers R1 and R2 are directly connected. R1 has: mpls ip

interface Serial0/0/0

mpls ip R2 has: mpls ip

interface Serial0/0/0

mpls ip R1 shows:

R1# show mpls ldp neighbor

Peer LDP Ident: 10.2.2.2:0; Local LDP Ident: 10.1.1.1:0 TCP connection: 10.2.2.2.646 - 10.1.1.1.646 State: Oper; Msgs sent/rcvd: 10/10; Downstream Up time: 00:00:30 LDP discovery sources: Serial0/0/0, Src IP addr: 10.2.2.2

R1# show mpls forwarding-table

Local tag Outgoing tag Prefix Bytes tag switched Outgoing interface 16 Untagged 10.3.3.0/24 0 Serial0/0/0 R2 shows:

R2# show mpls forwarding-table

Local tag Outgoing tag Prefix Bytes tag switched Outgoing interface 16 17 10.3.3.0/24 0 Serial0/0/0 R1 is not installing a label for 10.3.3.0/24 from R2. What is the root cause?

Question 40hardmultiple choice
Study the full ACL explanation →
Router R1 has an ACL applied to its VTY lines for SSH access:
access-list 10 permit 10.1.1.0 0.0.0.255
line vty 0 4

access-class 10 in transport input ssh R1 also has CoPP policy: class-map match-all SSH-CLASS match access-group name SSH-ACL policy-map COPP

class SSH-CLASS

police cir 8000 bc 1500 conform-action transmit exceed-action drop R2 (10.1.1.2) shows:

R2# ssh -l admin 10.2.2.1

% Connection refused by remote host

R2# telnet 10.2.2.1

Trying 10.2.2.1 ... % Connection timed out; remote host not responding What is the root cause?

Question 41hardmultiple choice
Read the full network assurance explanation →

Two VRFs on router R1: VRF A and VRF B. R1 has:

ip vrf A

rd 100:1 route-target export 100:1 route-target import 100:2

ip vrf B

rd 100:2 route-target export 100:2 route-target import 100:1 R1 shows:

R1# show ip route vrf A
B       10.1.1.0/24 [200/0] via 10.2.2.2, 00:00:10
R1# show ip route vrf B
B       10.1.1.0/24 [200/0] via 10.2.2.2, 00:00:10
Router R2 (in VRF A) can ping 10.1.1.1, but router R3 (in VRF B) cannot. What is the root cause?
Question 42mediummultiple choice
Read the full network assurance explanation →

A network engineer runs the following command to troubleshoot a Network Logging and Syslog issue:

R1# debug ip packet

Output: IP: s=10.1.1.1 (GigabitEthernet0/1), d=10.2.2.2, len 100, rcvd 3 IP: s=10.1.1.1 (GigabitEthernet0/1), d=10.2.2.2, len 100, rcvd 4 IP: s=10.1.1.1 (GigabitEthernet0/1), d=10.2.2.2, len 100, rcvd 5

What does this output indicate?

Question 43mediummultiple choice
Read the full network assurance explanation →

A network engineer runs the following command to troubleshoot a Network Logging and Syslog issue:

R1# show logging

Output: Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns) Console logging: level debugging, 100 messages logged Monitor logging: level debugging, 0 messages logged Buffer logging: level debugging, 100 messages logged Trap logging: level informational, 100 messages logged

Logging to 192.168.1.100 (udp port 514, audit disabled)

What does this output indicate?

Question 44mediummultiple choice
Review the full OSPF breakdown →

A network engineer runs the following command to troubleshoot a Network Logging and Syslog issue:

R1# debug ip ospf adj

Output: OSPF: 2 Way Communication to 10.0.0.2 on GigabitEthernet0/0, state 2WAY OSPF: Send hello to 224.0.0.5 on GigabitEthernet0/0 OSPF: Rcv DBD from 10.0.0.2 on GigabitEthernet0/0 seq 0x1E opt 0x52 flag 0x7 len 32 OSPF: NBR negotiation done. We are the SLAVE OSPF: Exchange done with 10.0.0.2 on GigabitEthernet0/0 OSPF: Build router LSA for area 0, router ID 10.0.0.1

What does this output indicate?

Question 45mediummultiple choice
Open the full BGP breakdown →

A network engineer runs the following command to troubleshoot a Network Logging and Syslog issue:

R1# debug ip bgp updates

Output: BGP(0): 10.0.0.2 rcvd UPDATE w/ attr: nexthop 10.0.0.2, origin i, path 65002 BGP(0): 10.0.0.2 rcvd 10.1.1.0/24 BGP(0): 10.0.0.2 rcvd UPDATE w/ attr: nexthop 10.0.0.2, origin i, path 65002 65003 BGP(0): 10.0.0.2 rcvd 10.2.2.0/24

What does this output indicate?

Question 46mediummultiple choice
Review the full OSPF breakdown →

A network engineer runs the following command to troubleshoot a Network Logging and Syslog issue:

R1# show ip route summary

Output: Route Source Networks Subnets Overhead Memory (bytes) connected 0 2 0 0 static 0 0 0 0 ospf 1 5 10 0 0 bgp 65001 3 5 0 0

Total 8 17 0 0

What does this output indicate?

Question 47mediummultiple choice
Read the full MPLS explanation →

A network engineer runs the following command to troubleshoot a Network Logging and Syslog issue:

R1# show mpls ldp neighbor detail

Output: Peer LDP Ident: 10.0.0.2:0, Local LDP Ident: 10.0.0.1:0 TCP connection: 10.0.0.2.646 - 10.0.0.1.646 State: Oper; Msgs sent/rcvd: 100/100; Downstream Up time: 00:10:00 LDP discovery sources: GigabitEthernet0/0, Src IP addr: 10.0.0.2 Addresses bound to peer LDP Ident:

10.0.0.2        10.1.1.2        10.2.2.2

What does this output indicate?

Question 48mediummultiple choice
Read the full network assurance explanation →

A network engineer runs the following command to troubleshoot a Network Logging and Syslog issue:

R1# show ip nhrp detail

Output:

10.1.1.1/32 via 10.0.0.2, Tunnel0 created 00:05:00, expire 01:55:00

Type: dynamic, Flags: authoritative NBMA address: 192.168.1.2

10.2.2.2/32 via 10.0.0.3, Tunnel0 created 00:04:00, expire 01:56:00

Type: dynamic, Flags: authoritative NBMA address: 192.168.1.3

What does this output indicate?

Question 49mediummultiple choice
Read the full VPN explanation →

A network engineer runs the following command to troubleshoot a Network Logging and Syslog issue:

R1# show crypto engine connections active

Output:

Crypto Engine Connections

ID Type Algorithm State Connection-ID 1 IPsec AES256-SHA Active 100 2 IPsec AES256-SHA Active 101 3 ISAKMP SHA Active 200

What does this output indicate?

Question 50mediummultiple choice
Read the full network assurance explanation →

A network engineer runs the following command to troubleshoot a Network Logging and Syslog issue:

R1# show policy-map control-plane input class class-default

Output: Class-map: class-default (match-any) 0 packets, 0 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: any police: cir 1000000 bps, bc 31250 bytes conformed 0 packets, 0 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop violated 0 packets, 0 bytes; actions: drop

What does this output indicate?

Question 51mediummultiple choice
Read the full network assurance explanation →

What is the default logging severity level for messages sent to the console in Cisco IOS-XE?

Question 52easymultiple choice
Read the full network assurance explanation →

According to RFC 5424, which syslog severity level corresponds to 'Critical' conditions?

Question 53mediummultiple choice
Read the full network assurance explanation →

What is the default behavior of the 'logging buffered' command in Cisco IOS-XE when no severity level is specified?

Question 54hardmultiple choice
Read the full network assurance explanation →

Which syslog facility code is used by default for Cisco IOS messages when sent to a syslog server?

Question 55hardmultiple choice
Read the full network assurance explanation →

What is the default rate-limit interval for the 'logging rate-limit' command in Cisco IOS-XE?

Question 56mediummultiple choice
Read the full network assurance explanation →

Which statement correctly describes the behavior of the 'logging synchronous' command on a Cisco IOS device?

Question 57mediummultiple choice
Read the full network assurance explanation →

What is the default size of the logging buffer in Cisco IOS-XE when 'logging buffered' is enabled without specifying a size?

Question 58easymultiple choice
Read the full network assurance explanation →

Which syslog severity level is used for informational messages that are not errors but may be useful for monitoring?

Question 59easymultiple choice
Read the full network assurance explanation →

What is the default port number used by syslog servers to receive UDP syslog messages?

Question 60mediumdrag order
Read the full network assurance explanation →

Drag and drop the steps to configure conditional debugging and syslog forwarding into the correct order, from first to last.

Question 61harddrag order
Read the full network assurance explanation →

Drag and drop the steps to troubleshoot syslog connectivity failures into the correct order, from first to last.

Question 62mediumdrag order
Read the full network assurance explanation →

Drag and drop the steps to verify and validate syslog operational state into the correct order, from first to last.

Question 63hardmulti select
Read the full network assurance explanation →

Which TWO statements about the syslog message format and its fields are correct? (Choose TWO.)

Question 64hardmulti select
Read the full network assurance explanation →

An engineer must ensure that all syslog messages with severity level 4 (warning) and higher are sent to a remote syslog server at 10.1.1.100, while also logging messages of severity 6 (informational) to the console. Which TWO configuration commands are required? (Choose TWO.)

Question 65hardmulti select
Read the full network assurance explanation →

Which TWO statements about the 'logging rate-limit' command and its effects are correct? (Choose TWO.)

Question 66hardmulti select
Read the full network assurance explanation →

Which TWO statements about the 'logging buffered' command and its interaction with other logging commands are correct? (Choose TWO.)

Question 67hardmulti select
Read the full network assurance explanation →

Which THREE commands can be used to verify the current syslog configuration and message flow on a Cisco IOS device? (Choose THREE.)

Question 68hardmultiple choice
Review the full OSPF breakdown →

An engineer configures OSPF on two routers connected via a serial link. Both routers show the neighbor state as EXSTART/EXSTART, and no LSAs are exchanged. The engineer verifies that the OSPF process IDs are the same, areas match, and authentication is correct. Which is the most likely explanation?

Question 69hardmultiple choice
Study the full EIGRP explanation →

An engineer configures EIGRP named mode on two routers. The engineer notices that route summarization configured under the interface does not generate a summary route in the routing table, even though the component routes are present. The engineer confirms that the summary address is correct and the interface is up. Which is the most likely explanation?

Question 70hardmultiple choice
Open the full BGP breakdown →

An engineer configures iBGP between two routers in the same AS. The engineer notices that routes learned from one iBGP neighbor are not being advertised to another iBGP neighbor, even though the next-hop is reachable. The engineer verifies that the BGP session is established and that the routes are present in the BGP table. Which is the most likely explanation?

Question 71hardmultiple choice
Review the full OSPF breakdown →

An engineer configures mutual redistribution between OSPF and EIGRP. After a few minutes, the network becomes unstable with routing loops. The engineer checks the routing tables and notices that the same prefix is being learned from both protocols with different administrative distances. Which is the most likely explanation?

Question 72hardmultiple choice
Read the full VPN explanation →

An engineer configures a DMVPN Phase 2 network. Spoke routers can communicate with the hub, but spoke-to-spoke traffic is not establishing dynamically. The engineer verifies that NHRP is configured and that the hub is configured as an NHRP server. Which is the most likely explanation?

Question 73hardmultiple choice
Study the full ACL explanation →

An engineer configures an IPsec site-to-site VPN between two routers. The tunnel comes up, but no traffic is encrypted. The engineer verifies that the crypto map is applied to the outgoing interface and that the ACL defining interesting traffic is correct. Which is the most likely explanation?

Question 74hardmultiple choice
Review the full OSPF breakdown →

An engineer configures Control Plane Policing (CoPP) on a router to protect the control plane. After applying the policy, the router becomes unreachable via SSH, and OSPF neighbor adjacencies go down. The engineer checks the CoPP policy and sees that the class-map for SSH and OSPF traffic is configured with a police rate. Which is the most likely explanation?

Question 75hardmultiple choice
Read the full network assurance explanation →

An engineer configures uRPF (Unicast Reverse Path Forwarding) in strict mode on a router interface facing the Internet. After configuration, legitimate traffic from customers is being dropped. The engineer verifies that the routing table has a route back to the source IP address. Which is the most likely explanation?

Question 76hardmultiple choice
Read the full network assurance explanation →

An engineer configures syslog logging to a remote server using the 'logging host' command. The engineer notices that syslog messages are not being received on the server, but the router can ping the server successfully. The engineer verifies that the logging level is set to debugging and that the server is configured to receive syslog messages. Which is the most likely explanation?

Practice tests

Scored 10-question sessions with instant feedback and explanations.

300-410 Practice Test 1 — 10 Questions→300-410 Practice Test 2 — 10 Questions→300-410 Practice Test 3 — 10 Questions→300-410 Practice Test 4 — 10 Questions→300-410 Practice Test 5 — 10 Questions→300-410 Practice Exam 1 — 20 Questions→300-410 Practice Exam 2 — 20 Questions→300-410 Practice Exam 3 — 20 Questions→300-410 Practice Exam 4 — 20 Questions→Free 300-410 Practice Test 1 — 30 Questions→Free 300-410 Practice Test 2 — 30 Questions→Free 300-410 Practice Test 3 — 30 Questions→300-410 Practice Questions 1 — 50 Questions→300-410 Practice Questions 2 — 50 Questions→300-410 Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Layer 3 TechnologiesEIGRP TroubleshootingOSPF Troubleshooting (v2/v3)BGP TroubleshootingRoute RedistributionPolicy-Based Routing (PBR)VRF-LiteRoute Maps and Route FilteringAdministrative DistanceRoute SummarizationBidirectional Forwarding Detection (BFD)VPN TechnologiesMPLS OperationsMPLS L3VPNDMVPNIPsec Site-to-Site VPNIPv6 Tunneling TechniquesInfrastructure SecurityDevice Access ControlIPv4 Access Control ListsIPv6 Traffic Filtering and uRPFControl Plane Policing (CoPP)IPv6 First Hop SecurityInfrastructure ServicesDevice ManagementSNMP TroubleshootingNetwork Logging and SyslogEmbedded Event Manager (EEM)IP SLANetFlow and Flexible NetFlowSPAN, RSPAN, and ERSPANDHCP (IPv4 and IPv6)NAT and PAT

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Network Logging and Syslog setsAll Network Logging and Syslog questions300-410 Practice Hub