200-301 · topic practice

Syslog practice questions

Practise identifying, configuring, and troubleshooting core network services like DNS, DHCP, NAT, and NTP for the 200-301 exam.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
18 questionsDomain: Syslog

What the exam tests

What to know about Syslog

Tests your knowledge of DNS, DHCP, NAT, and other network services configuration and troubleshooting.

DNS record types and resolution process

DHCP lease, scope, and reservation configuration

NAT and PAT for IP address translation

Network time protocol (NTP) synchronization

Why learners struggle

Why Syslog questions are commonly missed

Network services questions are commonly missed because candidates confuse protocol roles and port numbers. The overlap between DNS, DHCP, and NAT functions creates specific mix-ups.

  • ·DNS vs DHCP — name resolution vs IP assignment
  • ·NAT vs PAT — address vs port translation
  • ·DHCP scope vs reservation — dynamic vs static
  • ·DNS A vs AAAA — IPv4 vs IPv6 records
  • ·NTP vs SNTP — accuracy vs simplicity
  • ·DHCP relay vs DHCP server — forwarding vs providing

Watch out for

Common Syslog exam traps

  • Confusing DNS A record with CNAME for hostname mapping
  • Thinking DHCP assigns static IPs instead of dynamic leases
  • Mixing up NAT and PAT port vs address translation
  • Assuming NTP only syncs time once, not periodically

Practice set

Syslog questions

18 questions · select your answer, then reveal the explanation

A switch shows a clock that is several minutes off from other devices even though an NTP server has been configured. Which issue is the most likely cause?

Exhibit

show ntp associations
 address         ref clock     st when poll reach delay offset disp
*~10.10.50.5     .INIT.        16   -   64    0  0.000  0.000 16000
Configured server: 10.10.50.5

Drag and drop the following steps into the correct order to configure HSRP on an interface and verify the active/standby election process, including failover and verification.

Why is NTP especially useful when devices send logs to a centralized Syslog server?

Question 4mediumdrag order
Read the full DHCP explanation →

Drag and drop the following steps into the correct order to configure a Cisco IOS-XE router as a DHCP relay agent and verify the DHCP DORA process for a client on a different subnet.

Match each security control or idea to its most accurate purpose.

Match each management or monitoring concept to its most accurate role.

Match each IP service symptom to the most likely service involved.

A network operations team is implementing an automated system to detect and remediate interface flapping on core switches. The system must be able to query the network device for interface status and execute commands to disable or reconfigure the interface if a pattern of flapping is detected. Which protocol or technology enables the system to programmatically interact with the network device for both monitoring and configuration changes?

After a hub was connected to interface Gi0/10, the interface immediately entered errdisable state. The following syslog message was generated: '%PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred on interface Gi0/10.' What is the strongest explanation for why Gi0/10 shut down?

Exhibit

interface GigabitEthernet0/10
 switchport mode access
 switchport port-security
 switchport port-security maximum 1
 switchport port-security violation shutdown

Event:
%PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC addresses ... on port Gi0/10.
Question 10mediummultiple choice
Read the full network assurance explanation →

Which port-security violation mode drops frames from unauthorized MAC addresses but keeps the interface up and does not send an SNMP trap or syslog message?

A user types www.example.com into a browser. Which service is used first to resolve that name into an IP address?

You are connected to R1 via console. R1's GigabitEthernet0/0 (10.0.0.1/30) connects to an ISP, and GigabitEthernet0/1 (192.168.1.1/24) connects to the internal LAN. The network administrator needs to monitor R1's system messages. Configure R1 to send syslog messages with severity level 5 (notifications) and above to the syslog server at 10.0.0.2. Also, ensure that logging is enabled and that messages include the timestamp and source interface.

Question 13mediummultiple choice
Read the full network assurance explanation →

A network team wants centralized logging and also wants log timestamps from different devices to line up accurately. Which combination best supports that goal?

Question 14mediummultiple choice
Read the full network assurance explanation →

A network team wants routers and switches to have consistent timestamps in logs so event correlation is accurate during an outage. Which service should they verify first?

Refer to the exhibit. A network engineer is troubleshooting an issue where syslog messages at severity 6 (informational) and severity 7 (debugging) are not being sent to the syslog server at 192.168.100.50, even though the device appears to generate these messages locally. Based on the exhibit, what is the most likely cause?

Exhibit

R1# show logging
Syslog logging: enabled (0 messages dropped, 0 messages rate-limited, 0 flushes, 0 overruns)
    Console logging: level debugging, 355 messages logged
    Monitor logging: level debugging, 0 messages logged
    Buffer logging: level debugging, 355 messages logged
    Trap logging: level errors (3), 150 messages logged
        Logging to 192.168.100.50
Log Buffer (4096 bytes):
*Feb 28 10:14:55.123: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/1, changed state to down
*Feb 28 10:15:22.123: %SYS-6-CLOCKUPDATE: System clock has been updated from 10:15:22 UTC Feb 28 2025 to 10:15:22 UTC Feb 28 2025, configured from console by vty0 (192.168.1.10)
*Feb 28 10:15:24.456: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/1, changed state to down
*Feb 28 10:16:01.789: %SYS-7-DEBUG: Message from debug command interface GigabitEthernet0/0/1 held down
*Feb 28 10:16:10.111: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/1, changed state to up
*Feb 28 10:16:15.222: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/1, changed state to up
*Feb 28 10:16:30.333: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 192.168.100.50 stopped
Question 16harddrag order
Read the full DHCP explanation →

Drag and drop the following steps into the correct order to configure a Cisco IOS-XE router as a DHCP relay agent and verify the DHCP DORA process for a client on a remote subnet.

Drag and drop the syslog severity levels on the left to their corresponding names and meanings on the right.

Which two statements accurately describe Syslog in a Cisco network environment?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Syslog sessions

Start a Syslog only practice session

Every question in these sessions is drawn from the Syslog domain — nothing else.

Related practice questions

Related 200-301 topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the 200-301 exam test about Syslog?
Tests your knowledge of DNS, DHCP, NAT, and other network services configuration and troubleshooting.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Syslog questions in a focused session?
Yes — the session launcher on this page draws every question from the Syslog domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other 200-301 topics?
Use the topic links above to move to related areas, or go back to the 200-301 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the 200-301 exam covers. They are not copied from any real exam or dump site.