Question 1hardmultiple choice
Full question →hardmultiple choiceObjective-mapped
A network team wants visibility into which flows are consuming the most bandwidth between internal subnets. Which technology is most directly associated with that goal?
Answer choices
Why each option matters
Good practice is not just finding the correct option. The wrong answers often show the exact trap the exam wants you to fall into.
A
Best answer
NetFlow
This is correct because NetFlow is specifically associated with traffic-flow visibility and analysis.
B
Distractor review
Syslog
This is wrong because Syslog reports events and messages rather than detailed traffic-flow analysis.
C
Distractor review
DHCP relay
This is wrong because DHCP relay forwards client broadcast requests to DHCP servers and has nothing to do with traffic analytics.
D
Distractor review
PortFast
This is wrong because PortFast is an STP edge-port feature, not a traffic-analysis technology.
Common exam trap
Common exam trap: answer the scenario, not the keyword
A frequent exam trap is mistaking Syslog or DHCP relay as solutions for traffic flow visibility. Syslog only records system events and error messages, not detailed traffic usage. DHCP relay simply forwards DHCP requests and does not analyze bandwidth. Another trap is confusing PortFast, which is an STP feature to speed up port activation, with traffic monitoring technologies. Candidates must recognize that only NetFlow provides granular flow data needed to identify bandwidth consumption between internal subnets, making it the correct choice.
Technical deep dive
How to think about this question
NetFlow is a Cisco-developed network protocol that collects IP traffic information as it enters or exits an interface. It provides detailed visibility into traffic flows by capturing metadata such as source and destination IP addresses, ports, protocols, and byte counts. This data allows network administrators to analyze bandwidth consumption, identify top talkers, and understand traffic patterns between internal subnets, which is critical for capacity planning and troubleshooting. In the context of Cisco devices and the CCNA exam, NetFlow operates by exporting flow records to a collector for analysis. It is specifically designed for traffic-flow visibility rather than event logging or packet forwarding. Unlike Syslog, which records system messages and events, NetFlow focuses on traffic-level data. DHCP relay and PortFast are unrelated to traffic analysis; DHCP relay forwards DHCP requests across subnets, and PortFast optimizes Spanning Tree Protocol convergence on edge ports. A common exam trap is confusing NetFlow with general monitoring tools like Syslog or SNMP. While Syslog logs device events and SNMP monitors device status and interface statistics, neither provides detailed flow-level traffic analysis. Understanding that NetFlow uniquely captures and exports flow data helps avoid this confusion. Practically, enabling NetFlow on Cisco routers or switches gives precise insight into which internal subnets or hosts consume the most bandwidth, supporting effective network management.
KKey Concepts to Remember
- NetFlow collects detailed IP traffic flow data including source/destination addresses, ports, and protocols to analyze bandwidth usage between subnets.
- NetFlow exports flow records from Cisco devices to a collector, enabling administrators to identify top talkers and traffic patterns.
- Syslog records system events and error messages but does not provide traffic flow or bandwidth consumption data.
- DHCP relay forwards DHCP client requests across subnets and does not perform any traffic analysis or flow monitoring.
- PortFast is a Spanning Tree Protocol feature that accelerates port activation and does not relate to traffic visibility or bandwidth monitoring.
- NetFlow is essential for capacity planning and troubleshooting by providing granular visibility into which flows consume the most bandwidth.
- Confusing NetFlow with Syslog or DHCP relay is a common exam trap due to their different purposes in network management.
- Cisco devices use NetFlow to monitor traffic flows, which helps in identifying bandwidth-heavy applications and internal subnet communication.
TExam Day Tips
- Watch for words such as best, first, most likely and least administrative effort.
- Review why wrong options are wrong, not only why the correct option is correct.
Related practice questions
Related 200-301 practice-question pages
Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.
CCNA subnetting practice questions
Practise IPv4 subnetting, CIDR, masks, host ranges and subnet selection.
CCNA OSPF practice questions
Practise OSPF neighbours, router IDs, metrics, areas and routing-table interpretation.
CCNA VLAN practice questions
Practise VLANs, access ports, trunks, allowed VLANs and switching scenarios.
CCNA STP practice questions
Practise spanning tree, root bridge election, port roles and STP troubleshooting.
CCNA EtherChannel practice questions
Practise LACP, PAgP, port-channel behaviour and bundle requirements.
CCNA ACL practice questions
Practise standard and extended ACLs, permit/deny logic and traffic filtering.
CCNA NAT practice questions
Practise static NAT, dynamic NAT, PAT and inside/outside address translation.
CCNA DHCP practice questions
Practise DHCP scopes, relay, leases and troubleshooting.
CCNA show ip route practice questions
Practise routing-table output, longest-prefix match, AD and route selection.
CCNA show interfaces trunk practice questions
Practise trunk verification and VLAN forwarding across switches.
CCNA wireless security practice questions
Practise WLAN security, authentication and wireless architecture concepts.
CCNA IPv6 practice questions
Practise IPv6 addressing, routes, neighbour discovery and common IPv6 exam traps.
More questions from this exam
Keep practising from the same exam bank, or move into a focused topic page if this question exposed a weak area.
Question 1
A router learns the same prefix from both OSPF and EIGRP. Which route is installed by default?
Question 2
A router shows this output: R1#show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 10.1.1.2 1 FULL/DR 00:00:34 192.168.12.2 GigabitEthernet0/0 10.1.1.3 1 2WAY/DROTHER 00:00:39 192.168.12.3 GigabitEthernet0/0 Which statement is correct?
Question 3
What is the OSPF metric called?
Question 4
A non-root switch has two uplinks toward the root bridge. One path has a lower total STP cost than the other. What role will the lower-cost uplink have?
Question 5
A router interface applies this ACL inbound: 10 deny tcp any any eq 80 20 permit ip any any A user reports that web browsing to a server by IP address fails, but ping works. Which statement best explains the behavior?
Question 6
A router learns route 198.51.100.0/24 from OSPF with AD 110 and also has a static route to the same prefix configured with AD 150. Which route is installed?
FAQ
Questions learners often ask
What does this 200-301 question test?
NetFlow collects detailed IP traffic flow data including source/destination addresses, ports, and protocols to analyze bandwidth usage between subnets.
What is the correct answer to this question?
The correct answer is: NetFlow — NetFlow is the technology most directly associated with that goal. In practical terms, NetFlow provides visibility into traffic flows, allowing administrators to identify who is talking to whom, over which protocols and ports, and how much traffic is involved. That makes it very useful for traffic analysis, capacity planning, and investigating unusual bandwidth use. This is different from Syslog, which is about event messages, and SNMP, which is more general device and interface monitoring. The question is specifically about flow visibility.
What should I do if I get this 200-301 question wrong?
Then try more questions from the same exam bank and focus on understanding why the wrong options are tempting.
Discussion
Loading comments…
Sign in to join the discussion.