Question 1mediummultiple choice
Full question →mediummultiple choiceObjective-mapped
Exhibit
Requirement: report top applications and source-destination flows on WAN links
Exhibit: A network engineer wants to identify which applications are consuming most WAN bandwidth over time. Which feature should be enabled on the router?
Answer choices
Why each option matters
Good practice is not just finding the correct option. The wrong answers often show the exact trap the exam wants you to fall into.
A
Distractor review
NTP authentication
That protects time synchronization and does not profile traffic flows.
B
Best answer
NetFlow
NetFlow provides detailed flow-based traffic visibility.
C
Distractor review
DNS forwarding
DNS forwarding helps name resolution, not traffic accounting.
D
Distractor review
DHCP snooping
DHCP snooping is a Layer 2 security feature.
Common exam trap
Common exam trap: answer the scenario, not the keyword
A frequent exam trap is mistaking features like DHCP snooping or DNS forwarding as tools for bandwidth monitoring. DHCP snooping is a Layer 2 security mechanism that prevents unauthorized DHCP servers but does not provide traffic usage data. DNS forwarding helps resolve domain names faster but does not track or analyze bandwidth consumption. Another trap is confusing NTP authentication, which secures time synchronization, with traffic profiling tools. Candidates must recognize that only NetFlow collects detailed flow information necessary to identify which applications consume the most WAN bandwidth over time.
Technical deep dive
How to think about this question
NetFlow is a Cisco IOS feature that collects IP traffic information as it enters or exits an interface, providing detailed visibility into network traffic flows. It records metadata about conversations between devices, including source and destination IP addresses, ports, protocols, and timestamps. This data allows network engineers to analyze bandwidth usage patterns, identify top talkers, and understand application-level traffic behavior over WAN links. When deciding which feature to enable for monitoring WAN bandwidth consumption by applications, NetFlow is the appropriate choice because it captures flow-based data that can be exported to external collectors for detailed analysis. Unlike other features such as NTP authentication, DNS forwarding, or DHCP snooping, NetFlow specifically profiles traffic flows and usage trends, enabling effective bandwidth management and troubleshooting. A common exam trap is confusing NetFlow with other network services that do not provide traffic flow visibility. For example, NTP authentication secures time synchronization but does not monitor traffic, DNS forwarding aids in name resolution without accounting for bandwidth, and DHCP snooping protects against rogue DHCP servers but does not analyze traffic flows. Understanding these distinctions is critical for selecting the correct feature in CCNA scenarios involving traffic analysis.
KKey Concepts to Remember
- NetFlow collects detailed IP traffic flow data by recording metadata about conversations passing through router interfaces.
- NetFlow exports flow records to external collectors for analysis of bandwidth usage, top talkers, and application traffic patterns.
- NTP authentication secures time synchronization but does not provide any traffic flow or bandwidth consumption information.
- DNS forwarding assists with domain name resolution and does not track or analyze network traffic usage.
- DHCP snooping is a Layer 2 security feature that prevents rogue DHCP servers and does not monitor bandwidth or traffic flows.
- NetFlow is the preferred Cisco feature for profiling WAN traffic to identify which applications consume the most bandwidth over time.
- Understanding the purpose of each IP service feature helps avoid confusing traffic monitoring tools with security or name resolution functions.
- Enabling NetFlow on WAN interfaces allows network engineers to gather actionable data for capacity planning and troubleshooting.
TExam Day Tips
- Watch for words such as best, first, most likely and least administrative effort.
- Review why wrong options are wrong, not only why the correct option is correct.
Related practice questions
Related 200-301 practice-question pages
Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.
CCNA subnetting practice questions
Practise IPv4 subnetting, CIDR, masks, host ranges and subnet selection.
CCNA OSPF practice questions
Practise OSPF neighbours, router IDs, metrics, areas and routing-table interpretation.
CCNA VLAN practice questions
Practise VLANs, access ports, trunks, allowed VLANs and switching scenarios.
CCNA STP practice questions
Practise spanning tree, root bridge election, port roles and STP troubleshooting.
CCNA EtherChannel practice questions
Practise LACP, PAgP, port-channel behaviour and bundle requirements.
CCNA ACL practice questions
Practise standard and extended ACLs, permit/deny logic and traffic filtering.
CCNA NAT practice questions
Practise static NAT, dynamic NAT, PAT and inside/outside address translation.
CCNA DHCP practice questions
Practise DHCP scopes, relay, leases and troubleshooting.
CCNA show ip route practice questions
Practise routing-table output, longest-prefix match, AD and route selection.
CCNA show interfaces trunk practice questions
Practise trunk verification and VLAN forwarding across switches.
CCNA wireless security practice questions
Practise WLAN security, authentication and wireless architecture concepts.
CCNA IPv6 practice questions
Practise IPv6 addressing, routes, neighbour discovery and common IPv6 exam traps.
More questions from this exam
Keep practising from the same exam bank, or move into a focused topic page if this question exposed a weak area.
Question 1
A router learns the same prefix from both OSPF and EIGRP. Which route is installed by default?
Question 2
A router shows this output: R1#show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 10.1.1.2 1 FULL/DR 00:00:34 192.168.12.2 GigabitEthernet0/0 10.1.1.3 1 2WAY/DROTHER 00:00:39 192.168.12.3 GigabitEthernet0/0 Which statement is correct?
Question 3
What is the OSPF metric called?
Question 4
A non-root switch has two uplinks toward the root bridge. One path has a lower total STP cost than the other. What role will the lower-cost uplink have?
Question 5
A router interface applies this ACL inbound: 10 deny tcp any any eq 80 20 permit ip any any A user reports that web browsing to a server by IP address fails, but ping works. Which statement best explains the behavior?
Question 6
A router learns route 198.51.100.0/24 from OSPF with AD 110 and also has a static route to the same prefix configured with AD 150. Which route is installed?
FAQ
Questions learners often ask
What does this 200-301 question test?
NetFlow collects detailed IP traffic flow data by recording metadata about conversations passing through router interfaces.
What is the correct answer to this question?
The correct answer is: NetFlow — NetFlow records conversations and traffic characteristics so an external collector can analyze top talkers, protocols, and usage trends. Syslog and SNMP have different purposes.
What should I do if I get this 200-301 question wrong?
Then try more questions from the same exam bank and focus on understanding why the wrong options are tempting.
Discussion
Loading comments…
Sign in to join the discussion.