CCNA Ntp Questions

33 questions · Ntp topic · All types, answers revealed

1
PBQhard

You are connected to R1, a branch router that must synchronize time with the NTP server at 198.51.100.1 (reachable via G0/0) and send critical syslog messages (severity 0-4) to the logging server at 203.0.113.10. The current configuration has NTP pointing to a wrong server and syslog set to debug level, flooding the server. Correct the NTP server, set the NTP source interface to Loopback0 (10.10.10.1/32), and adjust the syslog trap level so that only emergencies through warnings are logged.

Hints

  • Remove the incorrect NTP server before adding the correct one.
  • Use the 'ntp source' command to specify the Loopback interface.
  • The logging trap level 'warnings' corresponds to severity 4.
A.ntp server 198.51.100.1 source Loopback0; logging trap warnings
B.ntp server 198.51.100.1 source G0/0; logging trap errors
C.ntp server 192.0.2.1 source Loopback0; logging trap warnings
D.ntp server 198.51.100.1 source Loopback0; logging trap debugging
AnswerA
solution
! R1
no ntp server 192.0.2.1
ntp server 198.51.100.1
ntp source Loopback0
no logging trap debugging
logging trap warnings

Why this answer

The NTP server was misconfigured to 192.0.2.1, which is unreachable, leaving the router at stratum 16. The correct NTP server is 198.51.100.1, so the ntp server command must be updated. The source interface should be Loopback0 for reachability consistency.

The syslog trap level was set to debugging (level 7), which sends all messages; it should be changed to warnings (level 4) to filter only severity 0-4. Verification includes checking NTP synchronization and syslog configuration.

Exam trap

Watch out for two separate configuration items: NTP and syslog. Ensure you update both the NTP server IP and source interface, and set the correct syslog trap level. Common traps include forgetting to change the NTP server IP, using the wrong source interface, or setting the wrong syslog severity level.

Why the other options are wrong

B

The source interface must be Loopback0 for consistency, and the trap level should be warnings (4) to include warnings.

C

The NTP server address must be updated to 198.51.100.1; 192.0.2.1 is the misconfigured server.

D

The trap level should be warnings (4), not debugging (7). Debugging sends all messages, flooding the server.

2
MCQhard

A network engineer notices that the system clock on a Cisco IOS-XE router is incorrect, causing syslog timestamps to be unreliable. The router is configured as an NTP client to synchronize with a remote NTP server at 192.168.1.10. However, the show ntp status command indicates the clock is unsynchronized. What is the most likely cause of this issue?

A.The NTP server is using TCP instead of UDP for NTP communication.
B.The router cannot reach the NTP server due to a missing route or firewall blocking UDP port 123.
C.The NTP server has a higher stratum level than the router's local clock, so the router ignores it.
D.NTP authentication is misconfigured on the router.
AnswerB

The reach value of 0 indicates no NTP packets have been received, typically due to connectivity issues or ACL/firewall blocking UDP 123.

Why this answer

NTP operates over UDP port 123. If the router cannot reach the NTP server at 192.168.1.10 due to a missing route or a firewall blocking UDP 123, the NTP client will remain unsynchronized, as indicated by the 'show ntp status' command showing the clock as unsynchronized. This is the most common cause of NTP synchronization failure in a network.

Exam trap

Cisco often tests the misconception that NTP uses TCP or that authentication is the primary cause of synchronization failure, when in fact the most common issue is simple network reachability or firewall blocking of UDP port 123.

Why the other options are wrong

C

The NTP server having a higher stratum level than the local clock does not prevent synchronization outright; the router will still attempt to sync if the server is reachable and authenticates, so this is not the most likely cause.

3
MCQhard

A network administrator notices that the NTP server on Router R1 is not synchronizing with the upstream NTP server at 192.0.2.1. The router is configured as an NTP client, but show ntp status indicates the clock is unsynchronized and the stratum is 16. There is no firewall between R1 and 192.0.2.1. What is the most likely cause of this issue?

A.The NTP server at 192.0.2.1 is not configured as a peer on R1.
B.Router R1 does not have a route to reach 192.0.2.1.
C.The NTP server at 192.0.2.1 is not using NTP version 4.
D.The NTP server at 192.0.2.1 has a firewall blocking NTP traffic.
AnswerB

Without a route to the upstream NTP server, the NTP client cannot send or receive packets, leaving it unsynchronized at stratum 16.

Why this answer

The most likely cause is that Router R1 lacks a route to the upstream NTP server at 192.0.2.1. Without a valid IP route, NTP packets cannot reach the server, so the client remains unsynchronized with stratum 16. The other options are incorrect: A is not required for client operation, C is irrelevant because NTP version negotiation works across versions, and D is ruled out by the absence of a firewall.

Exam trap

Cisco often tests the misconception that NTP configuration alone ensures synchronization, but the trap here is that candidates overlook the prerequisite of IP reachability, assuming the ntp server command handles routing automatically.

Why the other options are wrong

A

Configuring the server as a peer is unnecessary for an NTP client; the client uses the ntp server command.

C

NTP version incompatibility does not prevent synchronization because devices negotiate versions automatically.

D

The problem states there is no firewall, so this cannot be the cause.

4
PBQhard

You are connected to R1 via the console. The network operations center (NOC) has asked you to configure R1 as an NTP client of the NTP server at 192.0.2.10 (reachable via VLAN 100, SVI 192.168.1.1/24). They also need all system messages of level 'debug' (level 7) and higher forwarded to the syslog server at 203.0.113.50. The current configuration shows that NTP is not working (stratum 16) and syslog is only sending critical and higher messages. Fix both issues.

Network Topology
G0/010.0.0.1/30G0/010.0.0.2/30linkR2R1switchNTP serverSyslog server

Hints

  • Check the source IP of NTP packets; the server may require a specific source address.
  • NTP synchronization fails if the router does not have a route to the NTP server; verify connectivity.
  • The logging trap level controls which severity messages are sent; 'critical' only sends levels 0-2.
A.Configure 'ntp source Vlan100' and 'logging trap debugging'.
B.Configure 'ntp server 192.0.2.10' and 'logging trap 7'.
C.Configure 'ntp source Vlan100' and 'logging trap warnings'.
D.Configure 'ntp update-calendar' and 'logging trap informational'.
AnswerA
solution
! R1
ntp source Vlan100
logging trap debugging

Why this answer

The NTP client is not synchronizing because there is no source interface specified; the NTP packets may be sourced from an unexpected interface and the server may ignore them. The solution is to configure 'ntp source Vlan100' to ensure NTP packets use the correct source IP. Additionally, the syslog trap level is set to 'critical', which filters out messages with severity lower than critical (like warnings, errors, etc.).

The NOC requires all messages up to debug level; therefore, change the logging trap level to 'debugging' with 'logging trap debugging'.

Exam trap

Do not confuse the NTP server command with the source interface command. The server command specifies the server, but the source interface ensures the correct source IP. For syslog, remember that 'debugging' is the keyword for the lowest severity level; using 'warnings' or 'informational' will exclude debug messages.

Why the other options are wrong

B

The specific factual error: 'logging trap 7' is not a valid Cisco IOS command; the correct command uses the keyword 'debugging'. Also, the NTP server command alone does not fix the source interface issue.

C

The specific factual error: 'logging trap warnings' only sends messages with severity 0-4, missing severity 5-7 (notifications, informational, debug).

D

The specific factual error: 'ntp update-calendar' is not needed for NTP synchronization; the source interface is the key missing piece. 'logging trap informational' does not include debug messages.

5
Drag & Dropmedium

Drag and drop the following steps into the correct order to configure an IOS-XE device as an NTP client and ensure its syslog messages are sent to a remote server with correct timestamps.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4

Why this order

First, enter global config, then set the NTP server, configure syslog destination and source interface, and finally verify both services.

Exam trap

A common trap is to configure syslog before NTP, but NTP should be set first so that syslog messages have correct timestamps. Also, candidates may forget that global config mode must be entered before any configuration commands.

6
Multi-Selecteasy

A company wants all routers and switches to use a common time source so log timestamps line up during incident review. Which two statements about NTP are correct?

Select 2 answers
A.It helps synchronize device clocks
B.Consistent time improves correlation of syslog and other event data
C.It advertises Layer 3 reachability between routers
D.It encrypts data traffic between endpoints by default
AnswersA, B

NTP is used to align time across systems.

Why this answer

NTP (Network Time Protocol) is used to synchronize device clocks (option A) so that event timestamps are consistent across network devices, which improves correlation of syslog and other event data (option B). Option C is incorrect because NTP does not advertise Layer 3 reachability; that is a function of routing protocols like OSPF or EIGRP. Option D is incorrect because NTP does not encrypt data traffic by default; it only synchronizes time and does not provide encryption.

Exam trap

A common exam trap is mistaking NTP for a routing or security protocol. Some candidates incorrectly believe NTP advertises Layer 3 reachability like routing protocols (e.g., OSPF or EIGRP) or that it encrypts data traffic by default. This confusion arises because NTP is often mentioned alongside other network services, but its sole purpose is to synchronize device clocks.

Selecting options related to routing or encryption when the question focuses on time synchronization leads to incorrect answers. Understanding that NTP only aligns time across devices helps avoid this trap.

Why the other options are wrong

C

This option is incorrect because advertising Layer 3 reachability is the role of routing protocols like OSPF or EIGRP, not NTP, which only synchronizes time.

D

This option is incorrect as NTP does not encrypt data traffic by default; it is a time synchronization protocol and does not provide encryption services.

7
Drag & Dropmedium

Drag and drop the following steps into the correct order to configure NTP with authentication on a Cisco router.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

First, define the NTP authentication key using the ntp authentication-key command to create the key that will be used. Second, enable NTP authentication globally with ntp authenticate so that the router requires keys for NTP associations. Third, specify which keys are trusted with ntp trusted-key so the router accepts those keys.

Fourth, associate the NTP server with the key using the ntp server command with the key option, linking the server to the trusted key. Finally, verify the authenticated association using show ntp associations to confirm the configuration is working. This order is required because the key must exist before it can be trusted, authentication must be enabled before keys are checked, and the server must be configured with the key only after it is trusted.

8
Drag & Dropmedium

Drag and drop the following steps into the correct order to configure an IOS-XE device as an NTP client and set up syslog reporting of NTP events to a remote log server.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4

Why this order

First, enter global configuration mode. Then configure the NTP server to define the time source. Next, configure the logging host to specify the remote syslog server.

After that, enable logging of NTP events so that NTP-related syslog messages are generated and sent to the configured host. Finally, verify the configuration. Option B is wrong because configuring the logging host before the NTP server would attempt to send logs before time synchronization is set up, and the NTP server must be configured first to generate NTP events.

Option C is incorrect because enabling NTP event logging before configuring both the NTP server and the logging host means there is no NTP server to generate events and no logging destination to send them to. Option D is wrong because enabling logging of NTP events before configuring the logging host would cause generated messages to be dropped if the logging host is not yet set; the logging host must be configured before enabling NTP event logging.

Exam trap

The trap is that candidates may confuse the order of enabling NTP event logging and configuring the logging host. Remember: configure the logging host before enabling NTP event logging, and always configure the NTP server first.

9
MCQmedium

Why is NTP especially valuable when a network uses centralized Syslog servers?

A.Because synchronized clocks make log timestamps easier to correlate across devices
B.Because NTP converts Syslog into a routing protocol
C.Because NTP automatically creates DHCP pools
D.Because NTP eliminates the need for a Syslog server
AnswerA

This is correct because NTP improves the usefulness of centralized logs by aligning time.

Why this answer

NTP is especially valuable because centralized logs are much easier to interpret when device clocks are synchronized. In plain language, if multiple routers and switches send messages to one logging server but each device believes a different time, the event sequence becomes confusing. NTP helps align those clocks so the timestamps in the logs are consistent and the team can reconstruct incidents more accurately.

This is a practical operations concept rather than a syntax question. Syslog solves the collection problem, and NTP solves the time-correlation problem. Together they make logs more useful than either one alone. That is why the best answer focuses on timestamp consistency rather than on routing, VLAN, or NAT behavior.

Exam trap

A common exam trap is selecting an answer that incorrectly attributes routing or DHCP functions to NTP, such as thinking NTP converts Syslog into a routing protocol or automatically creates DHCP pools. These options confuse NTP’s fundamental role in time synchronization with unrelated network services. Another trap is assuming NTP eliminates the need for a Syslog server, which is false because NTP only provides accurate timestamps; it does not collect or store logs.

Understanding that NTP’s value lies in timestamp consistency, not in changing or replacing other protocols, is critical to avoid these mistakes.

Why the other options are wrong

B

Incorrect because NTP does not convert Syslog into a routing protocol; NTP’s function is strictly time synchronization, unrelated to routing protocols.

C

Incorrect because NTP does not create DHCP pools; DHCP pool creation is unrelated to time synchronization and is managed by DHCP services.

D

Incorrect because NTP does not eliminate the need for a Syslog server; it complements Syslog by providing accurate timestamps but does not replace log collection.

10
PBQmedium

You are connected to R1 via the console. R1 is an NTP client that should synchronize its clock with NTP server 192.168.1.100. The timezone is UTC-5 (Eastern Standard Time). Configure NTP on R1 so that it becomes an NTP client. Additionally, configure the router to log NTP synchronization status messages to the console and buffer logging using the numeric severity level 6 (informational).

Network Topology
G0/0192.168.1.1/24LANR1NTP server

Hints

  • Use ntp server command to point to the NTP server.
  • Logging level 6 corresponds to informational.
  • Buffered and console logging commands are separate.
A.ntp server 192.168.1.100 logging console informational logging buffered informational
B.ntp peer 192.168.1.100 logging console 6 logging buffered 6
C.ntp server 192.168.1.100 logging console 6 logging buffered 6
D.ntp server 192.168.1.100 logging console informational logging buffered 6
AnswerC
solution
! R1
ntp server 192.168.1.100
logging buffered 6
logging console 6

Why this answer

The correct NTP client command is 'ntp server 192.168.1.100', not 'ntp peer'. The logging commands must use the numeric level 6 to match the requirement. 'logging console 6' and 'logging buffered 6' achieve this; keyword 'informational' is technically valid but does not follow the explicit numeric specification. Mixing numeric and keyword is also incorrect under the given requirement.

Exam trap

Candidates often overlook the explicit requirement to use the numeric severity level and may choose options with the keyword 'informational', which are technically valid but do not meet the specified condition.

Why the other options are wrong

A

Uses the keyword 'informational' instead of the required numeric level 6.

B

Uses 'ntp peer' instead of 'ntp server', and uses numeric levels but the primary command is wrong.

D

Mixes numeric and keyword severity levels; must use numeric 6 for both console and buffer.

11
MCQmedium

Why is NTP especially valuable when a company uses a centralized Syslog server?

A.It synchronizes device clocks so centralized log timestamps can be correlated accurately.
B.It assigns the Syslog server its IP address.
C.It replaces the need for Syslog entirely.
D.It encrypts all Syslog messages automatically.
AnswerA

This is correct because time alignment improves the usefulness of centralized logs.

Why this answer

NTP is especially valuable because it aligns device clocks, which makes centralized log timestamps much easier to interpret. In practical terms, if devices disagree on time, the combined log stream becomes harder to trust and correlate. NTP improves the timeline accuracy of operational and security analysis.

This is why NTP and Syslog are often discussed together. One centralizes events, and the other makes those events easier to line up correctly.

Exam trap

A common exam trap is to confuse NTP’s role with other network functions such as IP addressing or encryption. Some candidates incorrectly think NTP assigns IP addresses to devices or encrypts Syslog messages. This misunderstanding leads to selecting options that describe unrelated functions.

NTP’s sole purpose is to synchronize clocks across devices, enabling accurate timestamping of logs. Misinterpreting this can cause candidates to overlook the critical importance of time alignment in centralized logging environments, which is the core reason NTP is valuable when using a centralized Syslog server.

Why the other options are wrong

B

Incorrect because NTP does not assign IP addresses; IP addressing is handled by DHCP or manual configuration, not time synchronization protocols.

C

Incorrect because NTP does not replace Syslog; NTP provides time synchronization, while Syslog collects and centralizes log messages from devices.

D

Incorrect because NTP does not encrypt Syslog messages; encryption requires separate protocols such as TLS or IPsec, not time synchronization services.

12
PBQhard

You are connected to R1, a branch router connected to a central NTP server at 203.0.113.10 and a syslog server at 198.51.100.20. Configure R1 as an NTP client using its Loopback0 interface (192.168.1.1/32) as the source, and ensure syslog messages of severity 'informational' and above are sent to the syslog server. Currently, R1 shows 'Clock is unsynchronized, stratum 16'. Identify and fix the NTP issue, then apply the syslog configuration.

Network Topology
G0/010.0.0.2/30linkR1R2

Hints

  • NTP shows stratum 16 and uses a local pseudo-clock — the server is configured but not used.
  • Check if the NTP source interface is set to a reachable IP.
  • Syslog is only sending warnings and above — change the trap level to allow informational.
A.Configure 'ntp source Loopback0' and 'logging trap informational'.
B.Configure 'ntp server 203.0.113.10 source Loopback0' and 'logging trap warnings'.
C.Configure 'ntp source Loopback0' and 'logging trap debugging'.
D.Configure 'ntp source Loopback0' and 'logging host 198.51.100.20' without changing the trap level.
AnswerA
solution
! R1
configure terminal
ntp source Loopback0
logging trap informational
end
write memory

Why this answer

The NTP client was configured but the source interface was not specified, causing the router to use a default source that may not be reachable. Additionally, the syslog trap level was set to 'warnings' (severity 4), which filters out informational (severity 6) messages. To fix: configure 'ntp source Loopback0' to use a consistent source IP, and change 'logging trap informational' to allow all messages severity 6 and above.

Exam trap

Trap: Candidates may confuse the 'ntp server' command syntax with the global 'ntp source' command, or assume the default syslog trap level already includes informational messages. Remember: NTP source is set globally, and syslog trap levels must be explicitly configured to match the required severity.

Why the other options are wrong

B

The specific factual error: The 'ntp server' command does not have a 'source' parameter; source is set globally. Also, 'logging trap warnings' does not meet the requirement to send informational messages.

C

The specific factual error: 'logging trap debugging' sends all messages, including debugging (severity 7), which is unnecessary and can cause excessive log traffic. The requirement is for informational and above, which is severity 6, not 7.

D

The specific factual error: The default trap level may not be 'informational'; it is often 'warnings' or 'debugging' depending on the IOS version. The requirement to send informational messages necessitates explicit configuration of 'logging trap informational'.

13
Multi-Selectmedium

Which four of the following are characteristics or configuration requirements of NTP client/server operation in a secure enterprise network? (Choose all that apply. There are four correct answers.)

Select 4 answers
.An NTP client can synchronize time with multiple NTP servers for redundancy.
.NTP uses UDP port 123 for communication between clients and servers.
.NTP authentication can be used to verify that time updates come from a trusted source.
.The NTP server must be in the same subnet as the NTP client to synchronize.
.NTP stratum levels indicate the distance from the reference clock; a lower stratum number is more accurate.
.A Cisco device configured as an NTP server will automatically become the stratum 1 server for all clients.

Why this answer

NTP clients can synchronize with multiple servers to provide redundancy and improve accuracy through algorithms like Marzullo's algorithm. NTP uses UDP port 123 for all communication, as specified in RFC 5905. NTP authentication (using symmetric keys or MD5 hashes) ensures that time updates originate from a trusted source, preventing spoofing attacks.

The stratum level indicates the distance from the primary reference clock; a lower stratum number (e.g., 1) is closer to the authoritative time source and thus more accurate.

Exam trap

Cisco often tests the misconception that NTP requires same-subnet connectivity or that a Cisco router can automatically become stratum 1, when in fact NTP works across routed networks and stratum 1 requires a dedicated reference clock.

14
MCQmedium

Why is centralized logging especially useful when combined with NTP?

A.Because synchronized clocks make centralized log timelines easier to analyze accurately.
B.Because NTP assigns the Syslog server its IP address.
C.Because Syslog replaces authentication when NTP is present.
D.Because centralized logging blocks unauthorized traffic automatically.
AnswerA

This is correct because NTP improves the usefulness of centralized logs by aligning timestamps.

Why this answer

Centralized logging is much more useful when device clocks are synchronized because the timestamps can be correlated properly. In practical terms, collecting messages in one place is valuable, but if one router thinks it is 9:00 and another thinks it is 9:17, the event sequence becomes confusing. NTP solves that time-alignment problem.

This is a common operations best practice. Syslog provides the central visibility, and NTP makes the timeline trustworthy.

Exam trap

A common exam trap is to mistakenly believe that NTP provides IP addressing or security functions such as blocking unauthorized traffic. Some may also incorrectly assume that syslog replaces authentication mechanisms when NTP is present. These misconceptions arise because candidates confuse the distinct roles of NTP and syslog.

NTP strictly synchronizes time, while syslog collects logs. Neither assigns IP addresses nor enforces access control. Understanding this separation is crucial to avoid selecting incorrect answers that attribute unrelated functions to NTP or centralized logging.

Why the other options are wrong

B

Option B is incorrect because NTP does not assign IP addresses to syslog servers or any devices. IP addressing is handled by DHCP or manual configuration, not by NTP.

C

Option C is incorrect because syslog does not replace authentication mechanisms. NTP and syslog are unrelated to access control or authentication processes in Cisco networks.

D

Option D is incorrect because centralized logging improves visibility into network events but does not block unauthorized traffic. Traffic enforcement is managed by firewalls, ACLs, or other security features.

15
Matchingmedium

Drag and drop the syslog severity levels and NTP concepts on the left to their correct descriptions on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Emergency: system is unusable

Debugging: detailed debug messages

Reference clock (e.g., atomic clock or GPS)

Unsynchronized or maximum usable stratum

Configures an IOS-XE device as an NTP client

Displays NTP synchronization state and stratum

Why these pairings

Syslog severity levels range from 0 (Emergency) to 7 (Debug), with 0 being the most critical. NTP stratum indicates clock accuracy: stratum 0 is the reference clock, stratum 1 is directly connected to a reference, and so on up to stratum 15, which is the maximum usable synchronized stratum. Stratum 16 means the device is unsynchronized.

The ntp server command configures a device as a client, and show ntp status displays synchronization state and current stratum.

Exam trap

Be careful not to confuse the severity order of syslog levels: lower numbers (0) are more severe, higher numbers (7) are less severe. Also, remember that NTP stratum numbers work inversely to accuracy: lower stratum numbers indicate higher accuracy, with Stratum 0 being the most accurate reference clock.

16
MCQmedium

Why is NTP especially useful when devices send logs to a centralized Syslog server?

A.It helps align device clocks so centralized log timestamps can be correlated more accurately.
B.It assigns the Syslog server an IP address.
C.It replaces the need for a Syslog server.
D.It encrypts every Syslog message automatically.
AnswerA

This is correct because consistent time improves the usefulness of centralized logs.

Why this answer

NTP is especially useful because synchronized clocks make the log timestamps more meaningful and easier to correlate. In plain language, if each device thinks the current time is different, the sequence of events in the centralized log becomes confusing. NTP helps align time across devices so the logs tell a more accurate story.

This is an operational best practice. Syslog collects the messages, and NTP makes their timing consistent. The correct answer is the one focused on timestamp correlation.

Exam trap

Avoid confusing NTP's function with security or data optimization features; focus on its role in time synchronization.

Why the other options are wrong

B

NTP is a protocol for clock synchronization, not for IP address assignment. IP addresses are assigned via DHCP or static configuration, and NTP operates at the application layer to synchronize time over the network. Therefore, NTP does not assign IP addresses to any device, including Syslog servers.

C

NTP and Syslog serve entirely different purposes. NTP synchronizes clocks, while Syslog is a protocol for sending log messages to a centralized server. NTP cannot replace Syslog because it does not collect, store, or forward log messages.

Both are often used together but are independent services.

D

NTP does not provide encryption for Syslog messages or any other data. NTP is solely responsible for time synchronization and does not include security features like encryption. Syslog messages are typically sent in clear text unless additional security measures like TLS or SSH are implemented.

17
PBQhard

You are connected to R1 via the console. R1 is configured as an NTP client that should synchronize with the NTP server at 203.0.113.1. You need to verify that R1 is synchronizing correctly and also ensure that the system clock is updated. Additionally, configure R1 to act as an NTP server for downstream devices on the internal network 192.168.1.0/24.

Network Topology
G0/0192.168.1.1/24G0/110.0.0.1/30PCsInternalR1WANNTP server

Hints

  • Check if the NTP server is reachable and the clock is synchronized.
  • The 'master' command sets the stratum level for downstream clients.
  • Use broadcast on the internal interface to distribute time.
A.Use 'show ntp status' to verify synchronization, 'clock set' to update the system clock, and configure 'ntp master' and 'ntp broadcast' on the interface facing 192.168.1.0/24.
B.Use 'show ntp associations' to verify synchronization, 'clock update' to update the system clock, and configure 'ntp server' and 'ntp broadcast' on the interface facing 192.168.1.0/24.
C.Use 'show ntp status' to verify synchronization, 'clock set' to update the system clock, and configure 'ntp server' and 'ntp broadcast' on the interface facing 192.168.1.0/24.
D.Use 'show ntp associations' to verify synchronization, 'clock set' to update the system clock, and configure 'ntp master' and 'ntp broadcast' on the interface facing 192.168.1.0/24.
AnswerA
solution
! R1
ntp server 203.0.113.1
ntp master 4
interface GigabitEthernet0/0
ntp broadcast

Why this answer

The correct verification command is 'show ntp status' because it displays the synchronization state and stratum level. 'show ntp associations' shows configured peers but not the sync state. After NTP sync is established, the system clock is automatically updated; 'clock set' is not typically required but remains a valid command to manually adjust the clock. 'clock update' is not a valid IOS command. To make R1 an NTP server for downstream devices, use the global command 'ntp master 4', not 'ntp server' (which makes the router a client).

Then, on the interface facing 192.168.1.0/24 (G0/0), apply 'ntp broadcast' to send NTP broadcasts so clients can synchronize without polling. Option A correctly combines these steps while other options mix incorrect commands or verification methods.

Exam trap

Be careful to distinguish 'show ntp status' (synchronization state) from 'show ntp associations' (peer list); also remember that 'ntp master' is a global command, while 'ntp broadcast' is applied per interface.

Why the other options are wrong

B

Uses invalid 'clock update' command and incorrectly uses 'ntp server' instead of 'ntp master' to make R1 an NTP server for downstream.

C

Uses 'ntp server' instead of 'ntp master' to make R1 an NTP server; 'ntp server' configures R1 as a client, not a server.

D

Uses 'show ntp associations' which does not show synchronization status; 'show ntp status' is needed for that.

18
PBQhard

You are connected to R1. Configure NTP client so that R1 synchronizes with the NTP server at 198.51.100.10, using its Loopback0 (10.0.0.1/32) as the source interface. Also configure syslog to send messages of severity 5 (notifications) and above to 192.0.2.20. The current configuration shows a misconfigured NTP server address and an incorrect logging trap level. Verify with 'show ntp status' (stratum should not be 16) and 'show logging'.

Hints

  • Check the NTP server address in running-config — it might point to a wrong IP.
  • Verify that the source interface for NTP is configured; otherwise R1 may use an unreachable interface.
  • The logging trap level is set too high (debugging) — change it to notifications (level 5) to filter out lower severity messages.
A.ntp server 198.51.100.10 source Loopback0 logging trap notifications
B.ntp server 198.51.100.10 source Loopback0 logging trap 4
C.ntp server 198.51.100.10 logging trap notifications
D.ntp server 203.0.113.5 source Loopback0 logging trap 7
AnswerA
solution
! R1
configure terminal
no ntp server 203.0.113.5
ntp server 198.51.100.10
ntp source Loopback0
no logging trap debugging
logging trap notifications
end
write memory

Why this answer

The misconfigured NTP server address (203.0.113.5) and the debug-level logging trap (7) must be corrected to meet requirements. The correct commands are 'ntp server 198.51.100.10 source Loopback0' to use the specified server and Loopback0 as source, and 'logging trap notifications' (severity 5) to send only notifications and more severe messages. Option B is wrong because 'logging trap 4' sets the trap level to warning, which would not forward notifications.

Option C misses the source interface, and Option D uses the wrong NTP server and an overly verbose trap level.

Exam trap

Candidates often confuse the numeric severity levels with the keyword equivalents for logging trap. Also, they may forget to specify the source interface for NTP, assuming the router will use the loopback automatically. Always verify that the NTP source interface is explicitly configured when required.

Why the other options are wrong

B

logging trap 4 sets the severity to warning (4), so it does not include notifications (5).

C

The missing source interface causes NTP to use an incorrect source address, likely resulting in unsynchronized status.

D

The NTP server address is incorrect and 'logging trap 7' sends all debug messages instead of limiting to notifications and above.

19
Multi-Selectmedium

Which two statements accurately describe why NTP and Syslog are often configured together?

Select 2 answers
A.Syslog provides event visibility, while NTP helps keep timestamps consistent across devices.
B.Consistent time improves the usefulness of centralized logs and event correlation.
C.NTP replaces the need for any event logging.
D.Syslog automatically assigns the NTP server address to all devices.
E.Both services can be used only on routers, not switches.
AnswersA, B

This is correct because the two services complement each other operationally.

Why this answer

NTP and Syslog are often configured together because logs become much more useful when the device clocks are aligned. In practical terms, Syslog provides the event messages, while NTP helps ensure that the timestamps on those messages are consistent across the environment. That makes troubleshooting and incident analysis more reliable.

This is a very practical operations concept and comes up often in real troubleshooting workflows.

Exam trap

A common exam trap is selecting the option that NTP replaces the need for event logging or that Syslog automatically configures NTP server addresses. Candidates might confuse time synchronization with logging functionality, but NTP only provides accurate time, not event data. Similarly, Syslog collects logs but does not manage NTP settings.

Misunderstanding these roles can lead to incorrect answers, as the two services complement each other but serve distinct purposes in network management.

Why the other options are wrong

C

This option is incorrect because NTP only synchronizes time and does not replace the need for event logging, which is handled by Syslog or other logging mechanisms.

D

This option is incorrect because Syslog does not configure NTP server addresses or manage time synchronization; these are separate configuration tasks.

E

This option is incorrect because both NTP and Syslog are widely used on various network devices, including routers and switches, not limited to routers alone.

20
PBQhard

You are connected to R1. Configure NTP client to synchronize with the NTP server at 203.0.113.10, using the loopback0 interface (192.168.1.1/32) as the source. Also configure syslog to send messages of severity level 5 (notifications) and below to the syslog server at 198.51.100.20. Currently, NTP shows stratum 16 (unsynchronized) and important syslog messages are being missed.

Network Topology
G0/010.0.0.1/30G0/010.0.0.2/30linkR1R2Syslog server 198.51.100.20 via R2

Hints

  • NTP uses the source IP address of outgoing packets; ensure the NTP server can reach your source IP.
  • Syslog trap levels are hierarchical; 'informational' includes all messages. 'notifications' excludes debug and informational.
  • Use 'show ntp associations' to see if the server is reachable and its stratum.
A.ntp server 203.0.113.10 source Loopback0 logging trap notifications
B.ntp server 203.0.113.10 source Loopback0 logging trap informational
C.ntp server 203.0.113.10 logging trap notifications
D.ntp server 203.0.113.10 source Loopback0 logging trap debugging
AnswerA
solution
! R1
configure terminal
ntp source Loopback0
logging trap notifications
end
copy running-config startup-config

Why this answer

The NTP client is not synchronizing because the source interface is not specified; by default, the router uses the outgoing interface IP which may not be reachable by the NTP server for replies. Adding 'ntp source Loopback0' ensures NTP packets have a consistent source IP. The syslog trap level was set to 'informational' (level 6), which includes too many messages; to capture only notifications (level 5) and below (i.e., severity 0–5), change the trap level to 'notifications' using 'logging trap notifications'.

This filters out lower-severity messages while retaining those that are notifications or more critical.

Exam trap

Watch out for two common traps: 1) Forgetting to specify the NTP source interface when the router has multiple interfaces, leading to synchronization failure. 2) Confusing syslog severity levels: 'informational' (level 6) does NOT include 'notifications' (level 5); you need 'notifications' to capture level 5 and above. Always remember that lower severity numbers mean higher importance.

Why the other options are wrong

B

The trap level 'informational' captures messages of severity 6 and lower, but notifications are severity 5, which is higher and thus not included.

C

The NTP source interface must be explicitly set to ensure the server can reply to the correct IP; omitting it can lead to unsynchronized state.

D

The debugging level includes all severities, which is too broad; the requirement is to capture only notifications (level 5) and above, which requires 'notifications' level.

21
Matchingmedium

Drag and drop the syslog and NTP items on the left to the correct descriptions on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Alert: immediate action needed

Notification: normal but significant condition

Reference clock (e.g., atomic clock or GPS)

NTP client synchronized to a stratum 1 server

Configures the device as an NTP client

Displays syslog messages in the buffer

Why these pairings

These pairings match syslog and NTP items to their correct descriptions.

Exam trap

Watch out for mixing up syslog severity levels (0-7) and their descriptions. Also, ensure you are matching the correct category (syslog vs NTP) to the description provided.

22
MCQhard

Refer to the exhibit. A network administrator is troubleshooting an NTP synchronization issue on R1. The router is configured with the command ntp server 10.1.1.100, but the clock remains unsynchronized. The administrator issues the show ntp status command. What is the most likely cause of the problem?

A.The NTP authentication key configured on R1 does not match the one on the server.
B.The system time on R1 is set to an epoch that is too far from the server's time, causing NTP to refuse to synchronize.
C.The NTP service is not enabled on R1; the 'ntp server' command only defines a server but does not start the NTP process.
D.The router cannot reach the NTP server 10.1.1.100 at UDP port 123 due to a routing issue or an access list.
AnswerD

The exhibit clearly shows 'no reference clock' and stratum 16, which indicates that R1 has not received any NTP packets from the configured server. This is a classic symptom of network unreachability—the router’s NTP requests are not making it to the server or responses are not coming back, often caused by a missing route or an ACL filtering UDP 123.

Why this answer

The output shows 'Clock is unsynchronized, stratum 16, no reference clock,' which means the router has not received any valid NTP updates from the configured server. This state is typical when the NTP server 10.1.1.100 is unreachable at the network layer—either because of a missing route or an ACL blocking UDP port 123. If the server were reachable but authentication failed, the output might still show a reference clock (but unsynchronized) or show reachability in the NTP associations table, which is absent here.

Exam trap

Many candidates mistakenly believe that any NTP unsynchronized state is caused by authentication mismatch. However, authentication failures allow packets to be received; they are dropped after auth check, so the router might still see the server as reachable (but not usable) in show ntp associations. The complete absence of a reference clock strongly suggests a reachability issue, not an authentication problem.

Why the other options are wrong

A

Candidates often confuse unsynchronized status with authentication issues, but authentication failures do not prevent reception of packets; they just discard them after arrival.

B

A common myth is that NTP cannot sync if the clocks are too far apart. While extreme offsets may delay sync, they do not prevent the router from hearing the server, so the reference clock field would still show the server’s IP or clock ID.

C

Some candidates mistakenly believe that a separate 'ntp enable' command is required. In IOS, configuring an ntp server automatically enables NTP, so the service is active.

23
Multi-Selectmedium

Which two statements about NTP are correct? (Choose two.)

Select 2 answers
A.Accurate time helps correlate log messages across multiple devices.
B.NTP replaces the need for DNS in enterprise networks.
C.NTP synchronizes clocks between network devices and time sources.
D.NTP is used to negotiate EtherChannel parameters.
AnswersA, C

Correct. Synchronized timestamps improve troubleshooting.

Why this answer

NTP synchronizes time across devices, which is important for logging, certificates, and event correlation.

Exam trap

A common exam trap is mistaking NTP for a service that replaces DNS or manages link aggregation like EtherChannel. Some candidates incorrectly believe NTP handles domain name resolution or negotiates EtherChannel parameters because these are also fundamental network services. However, NTP’s sole purpose is to synchronize time across devices.

Selecting options that confuse NTP with DNS or EtherChannel leads to incorrect answers. Understanding that NTP only manages time synchronization helps avoid this trap and ensures accurate selection of correct options related to time correlation and clock synchronization.

Why the other options are wrong

B

This option is incorrect because NTP does not replace DNS. DNS resolves domain names to IP addresses, while NTP only synchronizes time across devices.

D

This option is incorrect because NTP does not negotiate EtherChannel parameters. EtherChannel negotiation is handled by protocols like PAgP or LACP, unrelated to time synchronization.

24
Drag & Dropmedium

Drag and drop the following steps into the correct order to sequence NTP stratum hierarchy and configure an IOS-XE NTP client with syslog message processing from event to log server.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4

Why this order

NTP time flows from lower stratum numbers (most accurate) to higher stratum numbers. The correct order is Stratum 0 (atomic clock) → Stratum 1 (primary server) → Stratum 2 (secondary server). After configuring the NTP client and enabling logging, syslog messages are accurately timestamped with the synchronized time.

Exam trap

Do not confuse the direction of stratum numbers: lower stratum number means higher accuracy. Also, remember that NTP configuration must precede logging to ensure accurate timestamps.

25
PBQmedium

You are connected to R1 via the console. R1's GigabitEthernet0/0 (10.0.0.1/30) connects to the ISP. GigabitEthernet0/1 (192.168.1.1/24) connects to the internal LAN. The network has an NTP server at 192.168.1.200. R1 must be configured as an NTP client to synchronize its time with the server. Additionally, R1 should serve as an NTP server for internal devices on the LAN with a stratum of 5 to maintain proper hierarchy. The time zone is UTC. No NTP configuration exists. Configure NTP on R1 as specified.

Network Topology
G0/1192.168.1.1/24192.168.1.200G0/010.0.0.1/30NTP ServerLANR1WANISP

Hints

  • The ntp server command configures the router as a client.
  • The ntp master command enables the router to act as a server for other devices.
  • Time zone should be set before NTP synchronization.
A.R1(config)# ntp server 192.168.1.200 R1(config)# ntp master 5 R1(config)# clock timezone UTC 0
B.R1(config)# ntp server 192.168.1.200 R1(config)# ntp master R1(config)# clock timezone UTC 0
C.R1(config)# ntp server 192.168.1.200 R1(config)# ntp master 5 R1(config)# clock timezone EST 5
D.R1(config)# ntp server 10.0.0.2 R1(config)# ntp master 5 R1(config)# clock timezone UTC 0
AnswerA
solution
! R1
ntp server 192.168.1.200
ntp master
clock timezone UTC 0

Why this answer

Option A correctly configures R1 as an NTP client pointing to the NTP server at 192.168.1.200, enables R1 to serve time to LAN devices using `ntp master 5` which sets the required stratum to 5, and sets the accurate UTC time zone. Option B fails because `ntp master` without a stratum number defaults to stratum 8, which does not satisfy the explicit stratum 5 requirement. Option C uses an incorrect time zone (EST) instead of the required UTC.

Option D points to an IP (10.0.0.2) that is not the NTP server—the correct server is at 192.168.1.200.

Exam trap

Watch for forgetting to specify the stratum number when the `ntp master` command is required; without it, the router defaults to stratum 8, which may not meet design requirements.

Why the other options are wrong

B

Uses `ntp master` without a stratum number, defaulting to stratum 8 instead of the required stratum 5.

C

Sets the wrong time zone (EST) instead of UTC.

D

Points to the ISP IP 10.0.0.2 instead of the actual NTP server at 192.168.1.200.

26
Multi-Selectmedium

Which two statements accurately describe common uses of NTP in network operations?

Select 2 answers
A.It helps align device clocks across the network.
B.It improves the reliability of event timelines and log correlation.
C.It replaces the need for Syslog.
D.It assigns IP addresses to hosts.
E.It provides WLAN encryption.
AnswersA, B

This is correct because clock synchronization is NTP's core role.

Why this answer

NTP is widely used to keep device clocks aligned, which improves the reliability of event timelines and log correlation because timestamps from different systems can be compared meaningfully. NTP does not replace Syslog, assign IP addresses (DHCP), or provide WLAN encryption; those are separate functions. Its sole purpose is time synchronization.

Exam trap

A frequent exam trap is assuming that NTP performs functions beyond time synchronization, such as replacing Syslog or assigning IP addresses. Candidates might incorrectly select options suggesting NTP handles logging or DHCP tasks because these services are all related to network management. However, NTP’s sole purpose is to synchronize device clocks.

Confusing NTP with DHCP or Syslog overlooks their distinct roles and can lead to selecting incorrect answers. Understanding that NTP supports but does not replace logging or address assignment is crucial to avoid this trap.

Why the other options are wrong

C

This option is incorrect because NTP does not replace Syslog; Syslog is responsible for logging events, while NTP only synchronizes time.

D

This option is incorrect because IP address assignment is handled by DHCP, not NTP, which only manages time synchronization.

E

This option is incorrect because NTP has no role in providing WLAN encryption; encryption is managed by wireless security protocols like WPA2 or WPA3.

27
PBQhard

You are connected to R1 via the console. R1 is a router acting as an NTP client to an external NTP server at 203.0.113.10. The NTP source interface must be Loopback0 (192.0.2.1/32). Additionally, configure R1 to send syslog messages of severity 'critical' and higher to a syslog server at 198.51.100.50. Currently, R1 shows 'Clock is unsynchronized, stratum 16'. Verify that NTP synchronizes and that only critical syslog messages are sent. The existing running configuration already has some NTP and syslog commands that need correction.

Network Topology
203.0.113.10198.51.100.50NetworkR1NTP ServerSyslog Server

Hints

  • The NTP source interface is not set; the router may be using an unreachable interface.
  • Check the logging trap level; it is currently set to 'debugging', which sends all messages.
  • Use 'ntp source' followed by the loopback interface name.
A.Configure 'ntp source Loopback0' and 'logging trap critical'
B.Configure 'ntp server 203.0.113.10 source Loopback0' and 'logging trap 2'
C.Configure 'ntp source Loopback0' and 'logging trap 7'
D.Configure 'ntp server 203.0.113.10' and 'logging host 198.51.100.50'
AnswerA
solution
! R1
ntp source Loopback0
logging trap critical

Why this answer

The NTP client was not synchronizing because the NTP source interface was not specified; the router uses the outgoing interface which may not be reachable or consistent. The 'ntp source Loopback0' command ensures NTP packets use a stable, routable IP address. For syslog, the logging trap was set to 'debugging', which sends all messages (severity 7).

The requirement is to send only 'critical' (severity 2) and higher. The command 'logging trap critical' changes the filter. After both fixes, 'show ntp status' should show synchronized, stratum <16, and 'show logging' should show 'level critical' for trap logging.

Exam trap

Be careful: NTP source interface is configured with a separate 'ntp source' command, not as a parameter of 'ntp server'. Also, remember syslog severity levels: lower numbers are more severe (0=emergency, 1=alert, 2=critical, 3=error, 4=warning, 5=notice, 6=informational, 7=debugging). 'logging trap critical' is equivalent to 'logging trap 2'.

Why the other options are wrong

B

The NTP command syntax is incorrect; 'ntp server' does not accept a 'source' parameter. The correct approach is a separate 'ntp source' command.

C

The logging trap level 7 corresponds to debugging, which is the most verbose level. The requirement is for critical (severity 2) and higher, so this would send too many messages.

D

The commands listed are already configured and do not fix the synchronization issue or the syslog filtering. The NTP source interface is missing, and the logging trap level is still debugging.

28
Multi-Selectmedium

Which TWO statements correctly describe NTP stratum levels and syslog severity levels in a Cisco IOS-XE environment?

Select 2 answers
A.An NTP stratum value of 1 indicates a higher accuracy than a stratum value of 3.
B.A syslog severity level of 5 (notice) is more severe than a level of 4 (warning).
C.The 'ntp server' command under global configuration configures the device as an NTP client.
D.Syslog severity level 0 (emergency) indicates a normal operational message.
E.NTP stratum 0 is assigned to devices that are directly connected to an authoritative time source.
AnswersA, C

Stratum 1 is directly synchronized to a stratum 0 reference clock (like GPS), while stratum 3 is two hops away, making stratum 1 more accurate.

Why this answer

Option A is correct because a lower NTP stratum number indicates higher accuracy; stratum 1 is directly synchronized to a precise reference clock (e.g., GPS) and is thus more accurate than stratum 3, which is two hops away. Option C is correct because the 'ntp server' command configures a device to synchronize its clock to a specified NTP server, making it an NTP client. Option B is incorrect: syslog severity level 4 (warning) is more severe than level 5 (notice) because lower severity numbers indicate higher severity.

Option D is incorrect: severity level 0 (emergency) is the most severe level, indicating a system-wide critical event, not a normal operational message. Option E is incorrect: NTP stratum 0 is assigned to an authoritative time source itself (e.g., atomic clock), not to devices directly connected to it; devices connected to stratum 0 sources are stratum 1.

Exam trap

Candidates often mistakenly equate lower syslog severity numbers with lower importance, not realizing that a smaller number means a higher severity; similarly, they may think higher NTP stratum numbers mean higher accuracy.

Why the other options are wrong

B

Syslog severity levels use inverse numbering: level 4 (warning) is more severe than level 5 (notice), so the statement is false.

D

Syslog level 0 (emergency) is the highest severity, indicating a catastrophic system failure, not a normal operational message.

E

NTP stratum 0 is the reference clock itself; devices synchronized directly to it are stratum 1, not stratum 0.

29
MCQmedium

Exhibit: A branch router receives time from an NTP server, but the show output marks the server with a tilde instead of an asterisk. What does that mean?

A.That server is the current system clock source
B.The server is reachable but not the one currently selected for synchronization
C.NTP authentication has disabled the server permanently
D.The router is acting as an NTP master for that server
AnswerB

It is seen by the router, but it is not the chosen source.

Why this answer

In Cisco NTP output, the asterisk (*) indicates the current synchronization source. The tilde (~) specifically means the server is statically configured and reachable but has not been selected for synchronization. This differs from the plus sign (+), which denotes a candidate for synchronization.

Therefore, the router is not using that server as its active time source.

Exam trap

Be careful not to confuse the tilde (~) with the asterisk (*) or other symbols that indicate different statuses in NTP output.

Why the other options are wrong

A

In NTP, an asterisk (*) indicates the selected time source, while a tilde (~) means the server is reachable but not selected. Option A describes the asterisk, not the tilde.

C

A tilde (~) indicates the server is reachable but not synchronized; a permanently disabled server due to authentication would show a period (.) or not appear at all.

D

In the context of NTP, a tilde (~) indicates the server is reachable but not selected as the synchronization source. The router acting as an NTP master would be indicated by the 'master' command or stratum level, not by the tilde symbol.

30
PBQhard

You are connected to R1 via console. The NTP server 198.51.100.10 is already configured on R1, but R1 is not synchronizing because the NTP packets are sourced from the wrong interface. Configure R1 to source NTP packets from its loopback0 interface (IP 10.0.0.1/32). Additionally, configure syslog logging to the remote server 203.0.113.5, ensuring that only messages at severity 'notifications' (level 5) and above are sent. The current configuration shows that syslog is sending all messages (including debug-level) to the server, wasting bandwidth. Fix both issues.

Network Topology
G0/0:192.0.2.2/30linkG0/0:192.0.2.2/30R2R1NTP server

Hints

  • NTP packets must have a consistent source IP that the server can reach; check the source interface.
  • The 'logging trap' command controls which severity levels are sent to the syslog server.
  • Use 'show ntp status' and 'show ntp associations' to confirm synchronization; use 'show logging' to verify the trap level.
A.Configure 'ntp source Loopback0' and 'logging trap notifications'.
B.Configure 'ntp server 198.51.100.10 source Loopback0' and 'logging trap warnings'.
C.Configure 'ntp source Loopback0' and 'logging trap debugging'.
D.Configure 'ntp server 198.51.100.10' and 'logging trap notifications'.
AnswerA
solution
! R1
configure terminal
ntp source Loopback0
logging trap notifications
end
write memory

Why this answer

The NTP client is not synchronizing because the NTP packets are not sourced from an interface that the server can reach and reply to; the default source is the outgoing interface, but the server sees a different source IP. The `ntp server 198.51.100.10` command is already configured (not shown), so you only need to specify the source interface with `ntp source Loopback0`. Also, the syslog trap level is set to 'debugging', which sends all messages; change it to 'notifications' to filter out lower-severity messages.

After these changes, verify with 'show ntp status' (should show stratum less than 16 and 'synchronized') and 'show ntp associations' (should show a reach count > 0 and a valid ref clock). Check syslog with 'show logging' to confirm trap level is 'notifications'.

Exam trap

Cisco often tests the difference between 'ntp server' and 'ntp source' — remember that 'ntp source' is a global command that sets the source for all NTP packets. Also, syslog severity levels are often confused; know that 'debugging' (7) is the lowest severity and sends everything, while 'notifications' (5) is higher and filters out levels 6 and 7.

Why the other options are wrong

B

The specific factual error: The 'ntp server' command cannot specify a source interface; that is done with 'ntp source'. Additionally, 'warnings' (level 4) is more severe than 'notifications' (level 5), but the requirement is to send only notifications and above, which includes levels 0-5. 'warnings' includes levels 0-4, missing level 5 (notifications).

C

The specific factual error: 'logging trap debugging' sends all syslog messages (levels 0-7), which is the default and does not filter out lower-severity messages. The correct level for notifications and above is 'notifications' (level 5).

D

The specific factual error: The NTP client is not configured to source packets from Loopback0. The 'ntp server' command alone does not set the source interface; an additional 'ntp source' command is required.

31
MCQhard

A switch shows a clock that is several minutes off from other devices even though an NTP server has been configured. Which issue is the most likely cause?

A.The NTP server is unsynchronized or unreachable
B.The device must run Syslog before NTP can sync
C.NTP requires a trunk port on the management VLAN
D.The clock can sync only if DNS is configured
AnswerA

This is correct because NTP requires a reachable, synchronized time source. If the server is unreachable or not synchronized, the switch cannot update its clock, leading to drift.

Why this answer

NTP requires IP reachability to the time source. If the NTP server is unreachable due to routing or ACL issues, the switch falls back to its local clock, causing drift. Option A is correct.

Option B is wrong because Syslog has no effect on NTP synchronization. Option C is incorrect because NTP does not require a trunk port; it can operate over any VLAN with IP connectivity. Option D is false because DNS is only needed if the NTP server is specified by hostname; the server can be reached by IP address without DNS.

Exam trap

A common mistake is thinking that unrelated services like Syslog, trunk ports, or DNS are prerequisites for NTP; only IP connectivity to a synchronized NTP server matters.

Why the other options are wrong

B

Syslog and NTP are independent protocols; Syslog does not need to run before NTP can synchronize.

C

NTP works over any IP network; there is no requirement for a trunk port on the management VLAN.

D

DNS is only needed if the NTP server is referenced by hostname rather than IP address; many configurations use IP addresses directly.

32
PBQhard

You are connected to R1. Configure R1 as an NTP client to synchronize with NTP server 203.0.113.10, using its Loopback0 interface (192.168.1.1/32) as the source for NTP packets. Additionally, configure logging to syslog server 192.0.2.100 with a trap level that captures events from level 5 (notice) and above. The current configuration shows that NTP is not synchronized (stratum 16) and only debugging messages are being sent to the syslog server. Correct these issues so that R1 is synchronized and important system messages are logged.

Network Topology
G0/010.0.0.2/30linkG0/010.0.0.2/30R2R1NTP server

Hints

  • Use 'ntp server' command to point to the NTP server IP.
  • Use 'ntp source' to specify the Loopback0 interface as the source.
  • Change the logging trap level from 'debugging' to 'notifications' to filter important messages.
A.ntp server 203.0.113.10 source Loopback0 logging trap notifications
B.ntp server 203.0.113.10 ntp source Loopback0 logging trap notifications
C.ntp server 203.0.113.10 source Loopback0 logging trap debugging
D.ntp server 203.0.113.10 logging host 192.0.2.100 logging trap notifications
AnswerB
solution
! R1
configure terminal
ntp server 203.0.113.10
ntp source Loopback0
logging trap notifications
end

Why this answer

The correct configuration is to add the NTP server with 'ntp server 203.0.113.10' and set the source interface separately with 'ntp source Loopback0'. For syslog, the command 'logging trap notifications' sets the trap level to 5 (notice), ensuring that critical and important messages are logged while excluding debugging output. Option A uses the combined 'ntp server ... source Loopback0' and does not match the separate source configuration required.

Option C keeps logging at debugging level (7), which is too verbose. Option D lacks the NTP source configuration entirely.

Exam trap

Candidates often mistake syslog severity numbers: lower is more severe, so 'logging trap notifications' captures levels 0–5. Also, the NTP source must be configured with a separate 'ntp source Loopback0' command, not just as an inline source on the server command.

Why the other options are wrong

A

Combines the NTP source directly in the server command, but the required configuration uses a separate 'ntp source Loopback0' command.

C

Sets logging trap to debugging (level 7), not the required notifications (level 5).

D

Missing the 'ntp source Loopback0' command, so NTP will not use the Loopback0 interface as source.

33
PBQhard

You are connected to R1 via the console. R1 should synchronize its clock with the NTP server 192.0.2.10 using its loopback0 interface (IP 10.0.0.1) as the source. Additionally, syslog messages of severity 'notification' (level 5) and above must be sent to the syslog server at 198.51.100.20. Currently, R1 shows NTP stratum 16 (unsynchronized) and syslog messages are not being forwarded. Identify and resolve the issues.

Hints

  • Check if a server is configured under 'ntp server'.
  • The current trap level is 'informational' (level 6). Which level includes notifications (level 5)?
  • Use 'show run | section ntp' to see NTP configuration.
A.Add 'ntp server 192.0.2.10' and change 'logging trap informational' to 'logging trap notifications'.
B.Add 'ntp server 192.0.2.10' and change 'logging trap notifications' to 'logging trap informational'.
C.Add 'ntp server 192.0.2.10' and change 'logging trap notifications' to 'logging trap debugging'.
D.Add 'ntp server 192.0.2.10' and change 'logging trap informational' to 'logging trap emergencies'.
AnswerA
solution
! R1
ntp server 192.0.2.10
logging trap notifications

Why this answer

The NTP is unsynchronized because the 'ntp server' command is missing; only 'ntp source' is configured. Add 'ntp server 192.0.2.10' to point to the NTP server. The syslog trap level is set to 'informational' (level 6), which is too low—messages of level 5 (notification) are not sent because the trap level must be equal to or higher severity than the messages to be forwarded.

Change the trap level to 'notifications' (level 5) to ensure level 0-5 messages are forwarded.

Exam trap

Remember that syslog trap levels use lower numbers for higher severity. To forward messages of a given severity, the trap level must be set to that severity or higher (lower number). Also, NTP requires both 'ntp server' and optionally 'ntp source' to specify the source interface.

Why the other options are wrong

B

The trap level should be set to 'notifications' (level 5) or higher severity to forward level 5 messages; 'informational' is lower severity and would not forward level 5 messages.

C

The trap level is currently 'informational' (6), not 'notifications'. Changing to 'debugging' would forward all messages, but the requirement is to forward level 5 and above, which is achieved by setting trap level to 'notifications' (5).

D

Setting the trap level to 'emergencies' would filter out all messages except level 0, so level 5 messages would not be forwarded.

Ready to test yourself?

Try a timed practice session using only Ntp questions.