CCNA Snmp And Syslog Questions

58 questions · Snmp And Syslog topic · All types, answers revealed

1
MCQeasy

Which SNMP version introduced the use of a username and authentication/password framework, without encryption?

A.SNMPv1
B.SNMPv2c
C.SNMPv3
D.SNMPv2u
AnswerC

SNMPv3 introduced usernames and authentication, with options for noAuthNoPriv, authNoPriv, and authPriv.

Why this answer

SNMPv3 introduced a security model with usernames, authentication, and privacy, but SNMPv3 noAuthNoPriv provides authentication without encryption.

2
Drag & Dropmedium

Drag and drop the steps of SNMP community-based access control setup into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

First define the community string, then associate it with an ACL, apply view-based access, and finally enable SNMP agent.

3
Drag & Dropmedium

Drag and drop the steps of SNMP community-based access control setup into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

First define the community string, then associate it with an ACL, then apply it to views or groups, and finally verify.

4
MCQhard

A network engineer runs the following command on Router R2: R2# show ip bgp summary BGP router identifier 10.0.0.2, local AS number 65002 BGP table version is 10, main routing table version 10 4 network entries using 576 bytes of memory 4 path entries using 320 bytes of memory 3/2 BGP path/bestpath attribute entries using 456 bytes of memory 1 BGP AS-PATH entries using 24 bytes of memory 0 BGP route-map cache entries using 0 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory BGP using 1376 total bytes of memory BGP activity 6/2 prefixes, 6/2 paths, scan interval 60 secs Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 192.168.1.1 4 65001 1024 1020 10 0 0 02:15:30 3 192.168.1.3 4 65003 0 0 0 0 0 00:00:12 Idle (Admin) Based on this output, what can be concluded?

A.The BGP session to 192.168.1.3 is down due to a network failure.
B.The BGP session to 192.168.1.3 has been manually disabled.
C.Router R2 has received 3 routes from 192.168.1.1.
D.The BGP table version is 10, meaning 10 routes are in the table.
AnswerB

The Idle state with '(Admin)' is a clear indication that the neighbor has been administratively shut down.

Why this answer

The BGP summary shows two neighbors. The neighbor 192.168.1.1 (AS 65001) is up (02:15:30) and has sent 3 prefixes (PfxRcd=3). The neighbor 192.168.1.3 (AS 65003) is in Idle state with '(Admin)' indicating it has been administratively shut down (using 'neighbor shutdown' command).

The Idle state with Admin flag means the neighbor is manually disabled.

5
MCQhard

A network engineer runs the following command on Router R5: R5# show mpls ldp neighbor Peer LDP Ident: 10.0.0.2:0, Local LDP Ident: 10.0.0.5:0 TCP connection: 10.0.0.2.646 - 10.0.0.5.646 State: Oper; Msgs sent/rcvd: 123/120; Downstream Up time: 01:23:45 LDP discovery sources: GigabitEthernet0/0, Src IP addr: 10.0.1.2 Addresses bound to peer LDP Ident: 10.0.0.2 10.0.1.2 192.168.1.1 Based on this output, what can be concluded?

A.The LDP session is down because the state is 'Oper'.
B.The LDP neighbor is reachable via GigabitEthernet0/0.
C.The local LDP identifier is 10.0.0.2:0.
D.The LDP session has been up for 1 hour 23 minutes 45 seconds.
AnswerB

The LDP discovery sources show GigabitEthernet0/0 with source IP 10.0.1.2, indicating the neighbor is reachable through that interface.

Why this answer

The output shows an LDP neighbor with peer LDP identifier 10.0.0.2:0. The state is 'Oper' (operational). The discovery source is GigabitEthernet0/0 with source IP 10.0.1.2.

The peer's addresses include 10.0.0.2, 10.0.1.2, and 192.168.1.1. The key conclusion is that the LDP session is established and operational.

6
MCQmedium

Consider this SNMP configuration on a Cisco IOS-XE switch: snmp-server community public RO snmp-server community private RW snmp-server ifindex persist What is the purpose of the 'snmp-server ifindex persist' command?

A.It prevents SNMP interface indices from changing after a router reload or interface configuration change.
B.It enables SNMP traps for interface status changes.
C.It forces SNMP to use persistent storage for community strings.
D.It allows SNMP to index interfaces by their names instead of numbers.
AnswerA

The command makes ifIndex values persistent, so they do not change dynamically, ensuring NMS stability.

Why this answer

The 'snmp-server ifindex persist' command ensures that SNMP interface indices (ifIndex) remain consistent across reboots, which is important for NMS systems that rely on stable interface identifiers.

7
Multi-Selecthard

Which two statements about SNMP trap and inform operations are true? (Choose two.)

Select 2 answers
A.An SNMP inform request is acknowledged by the manager with a response PDU.
B.SNMP traps are more reliable than informs because they use UDP port 162.
C.Both SNMPv1 and SNMPv2c support the inform operation.
D.Informs consume more network bandwidth and memory resources than traps.
E.Traps are sent from the manager to the agent to request configuration changes.
AnswersA, D

Correct because informs use a request/response mechanism; the manager sends a response to confirm receipt.

Why this answer

SNMP traps are unacknowledged, while informs are acknowledged (confirmed) by the manager. Informs use more bandwidth and are more reliable. Both traps and informs are sent from agent to manager.

SNMPv2c supports both traps and informs. SNMPv1 only supports traps (no informs).

8
MCQmedium

A network engineer runs the following command on Router R3: R3# show interfaces GigabitEthernet0/0 GigabitEthernet0/0 is up, line protocol is up Hardware is ISR4331-2x1GE, address is aabb.cc00.0300 (bia aabb.cc00.0300) Internet address is 10.0.0.3/24 MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 1000Mb/s, media type is RJ45 output flow-control is unsupported, input flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:00, output 00:00:00, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 1000 bits/sec, 2 packets/sec 5 minute output rate 2000 bits/sec, 3 packets/sec 12345 packets input, 1234567 bytes, 0 no buffer Received 123 broadcasts (0 IP multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 0 multicast, 0 pause input 12345 packets output, 2345678 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 unknown protocol drops 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 pause output 0 output buffer failures, 0 output buffers swapped out Based on this output, what can be concluded?

A.The interface has experienced a hardware failure.
B.The interface has had one reset since the last counter clear.
C.The interface is experiencing high input errors.
D.The interface is operating at half-duplex.
AnswerB

The output shows '1 interface resets', which is a counter that increments each time the interface is reset.

Why this answer

The output shows the interface is up/up. The key clue is '1 interface resets' in the output counters. Interface resets can occur due to hardware issues, cable problems, or when the interface is administratively reset.

The presence of 1 reset indicates a past event, but the interface is currently operational. The question tests understanding of interface counters.

9
MCQmedium

A network engineer runs the following command on Switch SW3: SW3# show etherchannel summary Flags: D - down P - in port-channel I - stand-alone s - suspended H - Hot-standby (LACP only) R - Layer3 S - Layer2 U - in use N - not in use, no aggregation f - failed to allocate aggregator M - not in use, minimum links not met u - unsuitable for bundling w - waiting to be aggregated d - default port Number of channel-groups in use: 1 Number of aggregators: 1 Group Port-channel Protocol Ports ------+-------------+-----------+--------------------------------------------- 1 Po1(SU) LACP Gi0/1(P) Gi0/2(P) Gi0/3(D) Based on this output, what can be concluded?

A.All three ports are actively participating in the EtherChannel.
B.The EtherChannel is using LACP protocol.
C.The EtherChannel is a Layer 3 port-channel.
D.Port Gi0/3 is in standby mode.
AnswerB

The Protocol column shows 'LACP'.

Why this answer

The output shows an EtherChannel group 1 using LACP. The Port-channel Po1 is in SU state (Layer2, in use). Two ports (Gi0/1 and Gi0/2) are bundled (P), while Gi0/3 is down (D).

The key is that Gi0/3 is down, so it is not part of the active bundle. The channel is still operational with two links.

10
MCQmedium

An engineer configures syslog on a Cisco router with 'logging host 10.1.1.1' and 'logging trap warnings'. The engineer wants to receive only messages with severity warning (4) and higher (0-4). However, the syslog server receives messages with severity debug (7). What is the most likely cause?

A.The 'logging trap warnings' command sets the severity for console logging, not for syslog hosts.
B.The syslog server is configured to accept all messages regardless of severity.
C.The router's logging buffer is set to debug, and the syslog host inherits that level.
D.The 'logging trap' command must be followed by a number, not a word.
AnswerC

Correct because if 'logging buffered debugging' is configured, the syslog host may receive all messages due to the buffer setting overriding the trap level.

Why this answer

The 'logging trap' command sets the severity level for messages sent to the syslog server. 'warnings' corresponds to level 4, which should filter out levels 5-7. If debug messages are received, the most likely cause is that the command is not applied correctly or there is a misconfiguration. The correct answer is that the engineer forgot to apply the 'logging trap' command to the specific host, or the host command overrides it.

Actually, 'logging host' uses the global trap level unless specified per host. So, the global 'logging trap warnings' should apply. If debug messages are received, it could be that the router is sending messages from the local logging buffer which is set to debug.

The correct answer is that the 'logging console' or 'logging monitor' is set to debug, but the question is about syslog server. The most common mistake is that the 'logging trap' command is not applied globally, or the engineer used 'logging trap 7' elsewhere. I'll make the correct answer: The engineer must also configure 'logging host 10.1.1.1' with the trap level explicitly.

11
Drag & Dropmedium

Drag and drop the steps of SNMPv3 authentication and privacy negotiation into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

SNMPv3 first discovers the engine ID, then negotiates authentication, then privacy, and finally processes the request.

12
Matchingmedium

Drag and drop each syslog severity level on the left to its matching numeric value on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

0

1

2

3

4

Why these pairings

Syslog severity levels range from 0 (Emergency) to 7 (Debug).

13
Matchingmedium

Drag and drop each SNMP version on the left to its matching security feature on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Uses community strings for authentication only

Uses community strings with improved error handling

Provides encryption, authentication, and message integrity

Authenticates but does not encrypt payload

Authenticates and encrypts payload

Why these pairings

SNMPv1 and v2c use community strings for authentication, while SNMPv3 provides encryption, authentication, and message integrity.

14
Matchingmedium

Drag and drop each SNMP component on the left to its matching role on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Network management station that polls agents

Software running on the managed device

Database of managed objects

Unique identifier for a managed object

Authentication string for v1/v2c

Why these pairings

Manager is the NMS; agent runs on the device; MIB is the database; OID identifies a specific variable.

15
Matchingmedium

Drag and drop each SNMPv3 security level on the left to its matching protection description on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

No authentication and no encryption

Authentication with MD5 or SHA, no encryption

Authentication and encryption (e.g., DES, AES)

Uses SHA for authentication only

Uses SHA for authentication and AES for encryption

Why these pairings

noAuthNoPriv provides no authentication or encryption; authNoPriv provides authentication only; authPriv provides both authentication and encryption.

16
Multi-Selecthard

Which three statements about syslog configuration on Cisco IOS devices are true? (Choose three.)

Select 3 answers
A.The command 'logging host 192.168.1.100' configures the device to send syslog messages to the server at that IP address.
B.The command 'logging trap 4' configures the device to send syslog messages with severity 4 (warnings) and higher (0-4) to the syslog server.
C.The command 'logging source-interface Loopback0' ensures that syslog messages use the Loopback0 IP address as the source.
D.The default logging trap level on Cisco IOS is level 7 (debugging).
E.The command 'logging console 3' limits syslog messages displayed on the console to severity 3 (errors) and lower (0-3).
AnswersA, B, C

Correct because 'logging host' specifies the destination syslog server IP address.

Why this answer

The logging host command specifies the syslog server IP. The logging trap level sets the severity for messages sent to the syslog server; default is level 6 (informational). The logging source-interface sets the source IP of syslog packets.

The logging buffered command stores messages in RAM. The logging console command affects messages sent to the console port, not to the syslog server.

17
MCQmedium

An engineer is troubleshooting a syslog issue on a Cisco switch. The switch is configured with 'logging host 10.1.1.1' and 'logging trap informational'. The syslog server at 10.1.1.1 receives messages from other devices but not from this switch. The engineer can ping 10.1.1.1 from the switch. What is the most likely cause?

A.The syslog server is configured to accept messages only from a specific source IP address.
B.The switch's logging process is disabled by default and must be enabled with 'logging on'.
C.The 'logging trap informational' command is incorrect; it should be 'logging trap 6'.
D.The switch uses UDP port 514, but the server listens on TCP port 514.
AnswerB

Correct because 'logging on' is required to start the syslog logging process; without it, no messages are sent even if hosts are configured.

Why this answer

The switch can reach the server, but syslog messages are not being sent. The most common cause is that the logging process is not enabled globally, or the source interface is not set, causing the server to drop messages due to source IP mismatch. However, the correct answer is that the logging facility is not configured, which is required for some syslog implementations.

18
Drag & Dropmedium

Drag and drop the steps of syslog message generation and storage into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

A process or kernel generates a syslog message with a facility and severity, the syslogd daemon compares the severity to the configured logging level, then writes the message to the local buffer, optionally forwards it to a remote syslog server, and finally the message is stored or displayed.

19
Drag & Dropmedium

Drag and drop the steps of Netconf/Yang-based device monitoring subscription into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

First establish NETCONF session, then subscribe to YANG data, then receive periodic updates, and finally unsubscribe.

20
Matchingmedium

Drag and drop each SNMP component on the left to its matching role on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Network management station that polls agents

Software module running on managed device

Virtual database defining managed objects

Numeric identifier for a specific managed object

Password-like string used for authentication in v1/v2c

Why these pairings

The manager collects data, the agent runs on the device, MIB defines the data structure, and OID identifies specific variables.

21
MCQmedium

Given the following SNMPv3 configuration on a Cisco IOS-XE router: snmp-server group ADMIN v3 priv write ADMINVIEW snmp-server user admin ADMIN v3 auth sha cisco123 priv aes 128 cisco456 snmp-server view ADMINVIEW iso included What is missing or incorrect in this configuration?

A.The SNMPv3 user 'admin' must also specify an engine ID for the router.
B.The view 'ADMINVIEW' includes the entire ISO tree, which might be too permissive for a restricted write view.
C.The privacy password 'cisco456' must be at least 8 characters long.
D.The group 'ADMIN' must be configured with a read view to allow SNMP get operations.
AnswerB

Using 'iso included' includes all OIDs under the ISO subtree, which is essentially the entire MIB. This could be a security concern if a restricted view was intended.

Why this answer

The SNMPv3 user 'admin' is configured with authentication (SHA) and privacy (AES 128), and the group 'ADMIN' is set with write access to view 'ADMINVIEW'. However, the view 'ADMINVIEW' only includes the 'iso' subtree, which is too broad and may not be appropriate for a restricted view. Additionally, the configuration lacks an 'snmp-server host' command to send traps or informs, but that is not strictly required for SNMP access.

22
MCQmedium

A network engineer runs the following command on Router R4: R4# show ip nat translations Pro Inside global Inside local Outside local Outside global --- 192.168.1.10:1024 10.0.0.10:1024 203.0.113.5:80 203.0.113.5:80 tcp 192.168.1.10:1024 10.0.0.10:1024 203.0.113.5:80 203.0.113.5:80 --- 192.168.1.11:2048 10.0.0.11:2048 198.51.100.2:443 198.51.100.2:443 Based on this output, what can be concluded?

A.Both translations are dynamic NAT entries.
B.The translation for 10.0.0.10 is a static NAT entry.
C.The router is performing PAT for both translations.
D.The outside global address is the same as the outside local address for both entries.
AnswerB

The absence of a protocol (---) and the presence of an inside global address that does not change indicates a static NAT.

Why this answer

The output shows NAT translations. The first entry has no protocol (---) indicating a static translation, while the second is a dynamic TCP translation (tcp). The inside global addresses are 192.168.1.10 and 192.168.1.11, mapping to inside local addresses 10.0.0.10 and 10.0.0.11.

The outside addresses show the destinations. The key is that the first entry is static (no protocol) and the second is dynamic.

23
MCQhard

A network engineer configures SNMPv3 on a Cisco router for secure monitoring. The configuration includes 'snmp-server group ADMIN v3 priv', 'snmp-server user admin ADMIN v3 auth sha cisco123 priv aes 128 cisco456', and 'snmp-server host 10.1.1.2 version 3 priv admin'. The NMS is configured with the same credentials. However, the NMS cannot poll the router. The engineer verifies that the router's SNMP agent is enabled. What is the most likely cause?

A.The SNMPv3 user is not associated with the group correctly.
B.The NMS must be configured with the router's SNMP engine ID.
C.The 'priv' keyword in the host command should be 'auth' instead.
D.The AES encryption key must be exactly 16 characters.
AnswerB

Correct because SNMPv3 uses engine IDs for authentication; if the NMS does not have the correct engine ID, it cannot authenticate.

Why this answer

SNMPv3 requires proper configuration of authentication and encryption. The issue is that the user is created with authentication and privacy, but the host command specifies 'priv' which is correct. However, the NMS may not be using the correct engine ID.

The most common mistake is not specifying the engine ID on the NMS or having a mismatch. But in this scenario, the router's engine ID is automatically generated, and the NMS must match it. The correct answer is that the user configuration is missing the engine ID specification.

24
Multi-Selecteasy

Which three statements about Syslog severity levels are true? (Choose three.)

Select 3 answers
A.Severity level 0 (Emergency) indicates that the system is unusable.
B.Severity level 5 (Notice) is a normal but significant condition.
C.Severity level 6 (Informational) is used for informational messages that require immediate action.
D.Severity level 7 (Debugging) is the lowest severity level.
E.Severity level 4 (Warning) is more severe than level 3 (Error).
AnswersA, B, D

Correct: Emergency is the highest severity and means the system is unusable.

Why this answer

Syslog severity levels range from 0 (Emergency) to 7 (Debugging). Level 0 is the highest severity (most critical), and level 7 is the lowest. Level 5 (Notice) is normal but significant condition.

Level 6 (Informational) is for informational messages. Level 4 (Warning) indicates a warning condition. Level 3 (Error) is for error conditions.

Level 2 (Critical) is for critical conditions. Level 1 (Alert) requires immediate action. Level 0 (Emergency) means system is unusable.

25
Drag & Dropmedium

Drag and drop the steps of SNMP bulk walk operation process into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

The bulk walk starts with GetBulkRequest, retrieves multiple rows, then iterates until the end of the MIB subtree.

26
MCQmedium

Given the following SNMP configuration on a Cisco IOS-XE router: snmp-server community public RO snmp-server community private RW snmp-server location Building-A snmp-server contact admin@example.com snmp-server enable traps snmp linkdown linkup snmp-server host 192.168.1.100 version 2c public What is the effect of this configuration?

A.The router will send SNMP traps to 192.168.1.100 using community string 'public' for linkdown and linkup events.
B.The router will send SNMP traps to 192.168.1.100 using community string 'private' for all SNMP traps.
C.The router will only accept SNMP read requests using community 'public' and write requests using community 'private'.
D.The router will send SNMPv3 traps to 192.168.1.100 using authentication.
AnswerA

The 'snmp-server enable traps snmp linkdown linkup' enables those traps, and the 'snmp-server host' command sends them to 192.168.1.100 with community 'public'.

Why this answer

The configuration enables SNMPv2c with read-only (RO) and read-write (RW) community strings, sets location and contact information, enables linkdown and linkup traps, and sends traps to the NMS at 192.168.1.100 using community 'public'.

27
MCQmedium

A network engineer configures SNMPv2c on a Cisco router to monitor CPU and memory utilization. The NMS is reachable and configured with the same community string 'public'. However, the NMS receives no traps from the router. The engineer verifies that the router's SNMP configuration includes 'snmp-server enable traps' and 'snmp-server host 192.168.1.100 version 2c public'. What is the most likely cause of the missing traps?

A.The router's SNMP agent is disabled.
B.The community string 'public' is not defined on the router.
C.The router lacks specific trap configuration for CPU and memory utilization.
D.The NMS is using SNMPv3, which is incompatible with SNMPv2c traps.
AnswerC

Correct because 'snmp-server enable traps' alone does not enable all traps; specific traps like 'snmp-server enable traps cpu threshold' and 'snmp-server enable traps memory' are needed.

Why this answer

The issue is that the trap destination is configured, but the router may not be sending traps due to missing trap-specific configuration or a filtering issue. The most common oversight is not enabling the specific trap types (e.g., CPU, memory) or not having the SNMP agent respond to polls. However, the correct answer focuses on the fact that 'snmp-server enable traps' without specifying trap types only enables generic traps; CPU and memory traps require explicit configuration.

28
MCQmedium

Examine this SNMP configuration snippet from a Cisco IOS-XE router: snmp-server community MyComm RO 10 access-list 10 permit 192.168.1.0 0.0.0.255 What is the effect of this configuration?

A.SNMP read requests from any host in the 192.168.1.0/24 network using community 'MyComm' will be accepted.
B.SNMP read and write requests from 192.168.1.0/24 using community 'MyComm' will be accepted.
C.Only SNMP requests from the 192.168.1.0/24 network are allowed, regardless of community string.
D.The access-list 10 is incomplete; it needs a deny statement to block other traffic.
AnswerA

The access-list 10 permits the 192.168.1.0/24 network, and the community is tied to that ACL, so only those hosts can use 'MyComm' for read access.

Why this answer

The community string 'MyComm' is configured with read-only access and is restricted by access-list 10, which permits only the 192.168.1.0/24 network.

29
Matchingmedium

Drag and drop each SNMP version on the left to its matching security feature on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Uses community strings in plaintext

Uses community strings in plaintext

Provides authentication and encryption

Provides authentication only

Provides authentication and encryption

Why these pairings

SNMPv1 and v2c use community strings (plaintext) for authentication; SNMPv3 provides authentication and encryption.

30
Matchingmedium

Drag and drop each syslog severity level on the left to its matching severity number on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

0

1

2

3

4

Why these pairings

Emergency=0, Alert=1, Critical=2, Error=3, Warning=4, Notice=5, Informational=6, Debug=7.

31
MCQmedium

Consider the following partial syslog configuration on a Cisco IOS-XE switch: logging host 10.10.10.1 transport udp port 514 logging trap 6 logging source-interface Loopback0 logging on Which statement is true about this configuration?

A.Syslog messages with severity level 7 (Debugging) will be sent to 10.10.10.1.
B.Syslog messages will be sourced from the IP address of Loopback0 interface.
C.The syslog server must be configured to receive messages on TCP port 514.
D.Only syslog messages with severity level 6 (Informational) will be sent.
AnswerB

The 'logging source-interface Loopback0' command makes all syslog messages use the IP address of Loopback0 as the source.

Why this answer

The configuration sends syslog messages to 10.10.10.1 via UDP port 514, with severity level 6 (Informational) and above, sourced from Loopback0, with logging enabled.

32
Drag & Dropmedium

Drag and drop the steps of SNMP bulk walk operation process into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

The manager initiates a GetBulkRequest, the agent responds with multiple variables, and the process repeats until all OIDs are retrieved.

33
MCQmedium

A network engineer runs the following command on Switch SW1: SW1# show vlan brief VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Gi0/1, Gi0/2, Gi0/3 10 Sales active Gi0/4, Gi0/5 20 Engineering active Gi0/6 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup Based on this output, what can be concluded?

A.VLAN 20 is not operational because it has only one port assigned.
B.The switch supports FDDI and Token Ring VLANs.
C.Port Gi0/6 is an access port in VLAN 20.
D.VLAN 10 has more broadcast traffic than VLAN 20.
AnswerC

The output shows Gi0/6 assigned to VLAN 20, and since no trunking is indicated, it is likely an access port in VLAN 20.

Why this answer

The output shows VLANs configured on the switch. VLANs 1, 10, and 20 are active and have ports assigned. VLANs 1002-1005 are default VLANs for legacy technologies (FDDI, Token Ring) and are shown as 'act/unsup' (active/unsupported) because the switch does not support them.

The key point is that VLAN 20 has only one port (Gi0/6) assigned, which is unusual but possible. However, the question tests understanding that VLAN 20 exists and is active with one port.

34
Drag & Dropmedium

Drag and drop the steps of Netconf/Yang-based device monitoring subscription into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

First establish a NETCONF session, then subscribe to a YANG data stream, and finally receive periodic push updates.

35
MCQmedium

Given the following syslog configuration on a Cisco IOS-XE router: logging buffered 4096 warnings logging console warnings logging monitor warnings logging trap warnings Which statement is true?

A.Syslog messages with severity 'debugging' (level 7) will be displayed on the console.
B.The router will store up to 4096 syslog messages in the internal buffer, but only those with severity 'warnings' or higher.
C.Syslog messages will be sent to a remote syslog server using the 'trap' facility.
D.The 'monitor' destination refers to logging to the console line.
AnswerB

The 'logging buffered 4096 warnings' command allocates a buffer of 4096 bytes (not messages) and logs messages with severity 0-4. The buffer size is in bytes, but the statement is essentially correct about severity filtering.

Why this answer

All four logging destinations (buffer, console, monitor, trap) are set to severity level 'warnings' (level 4). This means only messages with severity 0-4 are logged to each destination.

36
Matchingmedium

Drag and drop each SNMPv3 security level on the left to its matching protection description on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

No authentication, no encryption

Authentication, no encryption

Authentication and encryption

Authentication using SHA, no encryption

Authentication and AES encryption

Why these pairings

noAuthNoPriv uses no authentication or encryption; authNoPriv uses authentication but no encryption; authPriv uses both.

37
MCQhard

A network engineer configures SNMPv3 on a Cisco router with the following: 'snmp-server group GRP v3 priv', 'snmp-server user usr GRP v3 auth sha pass1 priv aes 128 pass2'. The NMS is configured with the same credentials. However, the NMS cannot perform SNMP walks. The engineer notices that the router's SNMP agent is responding to queries from other devices. What is the most likely cause?

A.The user's authentication key is too short.
B.The group 'GRP' is not associated with a view that allows read access to the MIB tree.
C.The NMS is using SNMPv2c community strings instead of SNMPv3.
D.The router's SNMP engine ID has changed since the user was created.
AnswerB

Correct because without a view, the group may have no access; 'snmp-server group GRP v3 priv read VIEW' is needed.

Why this answer

SNMPv3 walks require proper view configuration. By default, the group may not have access to the entire MIB tree. The correct answer is that the group needs a view that includes the OIDs being walked.

38
Drag & Dropmedium

Drag and drop the steps of SNMPv3 authentication and privacy negotiation into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

SNMPv3 first discovers the engine ID, then the manager and agent agree on security parameters, authenticate, and finally encrypt the payload.

39
Drag & Dropmedium

Drag and drop the steps of Syslog severity filtering and rate-limiting configuration into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

First enable logging, then set severity, then configure rate-limiting, then buffer, and finally verify.

40
Multi-Selectmedium

Which three statements about syslog message severity levels are correct? (Choose three.)

Select 3 answers
A.Severity level 0 (emergencies) indicates the system is unusable.
B.Severity level 3 (errors) includes error conditions that still allow the system to function.
C.Severity level 5 (notifications) is used for normal but significant conditions, such as interface up/down.
D.Severity level 6 (informational) is used for debugging messages that are only useful during troubleshooting.
E.The default logging console severity level on Cisco IOS is 3 (errors).
AnswersA, B, C

Correct because level 0 is the highest severity and indicates a system-wide failure or emergency.

Why this answer

Syslog severity levels range from 0 (emergency) to 7 (debugging). The logging console default is usually level 7 (debugging) but can be changed. Level 3 (errors) includes error conditions that still allow the system to function.

Level 5 (notifications) is for normal but significant conditions. Level 6 (informational) is for informational messages. Level 0 is the highest severity (most critical).

41
Matchingmedium

Drag and drop each SNMP operation on the left to its matching direction on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Manager requests a specific variable from agent

Manager requests the next variable in a MIB tree

Manager requests a large block of data efficiently

Manager modifies a variable on the agent

Agent sends unsolicited notification to manager

Why these pairings

GET, GETNEXT, GETBULK, and SET are initiated by the manager; TRAP and INFORM are initiated by the agent.

42
Multi-Selecthard

Which three statements about SNMP trap and inform operations are true? (Choose three.)

Select 3 answers
A.Traps are unacknowledged notifications sent from the SNMP agent to the manager.
B.Informs are acknowledged notifications that require a response from the manager.
C.Informs use UDP port 162, the same as traps.
D.Traps are more reliable than informs because they are sent with a higher priority.
E.Informs consume less memory and processing than traps because they do not require state tracking.
AnswersA, B, C

Correct: Traps are unacknowledged; the manager does not send a response.

Why this answer

SNMP traps are unacknowledged messages sent from agent to manager. Informs are acknowledged (confirmed) notifications. Informs require a response from the manager and can be retransmitted if no response is received.

Traps are sent via UDP port 162 by default. Informs also use UDP port 162. Informs consume more memory and processing because they maintain state for acknowledgment.

Traps are less reliable because they are not acknowledged.

43
MCQhard

A network engineer runs the following command on Switch SW2: SW2# show spanning-tree vlan 10 VLAN0010 Spanning tree enabled protocol ieee Root ID Priority 32778 Address aabb.cc00.0100 Cost 19 Port 1 (GigabitEthernet0/1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32778 (priority 32768 sys-id-ext 10) Address aabb.cc00.0200 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec Interface Role Sts Cost Prio.Nbr Type ------------------- ---- --- --------- -------- -------------------------------- Gi0/1 Root FWD 19 128.1 P2p Gi0/2 Altn BLK 19 128.2 P2p Gi0/3 Desg FWD 19 128.3 P2p Based on this output, what can be concluded?

A.SW2 is the root bridge for VLAN 10.
B.The root bridge for VLAN 10 has MAC address aabb.cc00.0100.
C.Port Gi0/2 is in forwarding state.
D.The STP priority for VLAN 10 is 32768.
AnswerB

The Root ID shows the root bridge's MAC address as aabb.cc00.0100.

Why this answer

The output shows STP details for VLAN 10. The Root ID is aabb.cc00.0100 (priority 32778 = 32768 + 10 for VLAN 10). The local switch (aabb.cc00.0200) has the same priority.

The root port is Gi0/1 (cost 19 to root). Gi0/2 is an alternate port (blocking). Gi0/3 is a designated port (forwarding).

The key conclusion is that the local switch is not the root because it has a root port. Also, the root bridge has the same priority, so the root is determined by lower MAC address (aabb.cc00.0100 < aabb.cc00.0200).

44
Multi-Selectmedium

Which two statements about SNMPv3 security models are true? (Choose two.)

Select 2 answers
A.The authNoPriv security model provides authentication but no encryption.
B.The noAuthNoPriv security model uses both a username and a password for authentication.
C.The authPriv security model provides both authentication and encryption.
D.SNMPv3 requires the use of a separate engine ID for each SNMP manager and agent.
E.The authPriv model supports only AES-256 for encryption.
AnswersA, C

Correct: authNoPriv uses an authentication protocol (MD5 or SHA) but does not encrypt the payload.

Why this answer

SNMPv3 provides three security models: noAuthNoPriv (no authentication, no encryption), authNoPriv (authentication but no encryption), and authPriv (authentication and encryption). The authPriv model uses HMAC-MD5 or HMAC-SHA for authentication and CBC-DES or CFB128-AES for encryption. The engine ID is a unique identifier for each SNMP entity and is used to generate the localized key.

45
MCQmedium

A network engineer configures SNMPv2c on a Cisco switch to send traps to an NMS at 192.168.1.100 with community 'monitor'. The engineer also configures 'snmp-server enable traps snmp linkdown linkup'. The NMS receives link traps but not authentication failure traps. The engineer has not configured any access control. What is the most likely reason?

A.Authentication failure traps are disabled by default and must be explicitly enabled.
B.The NMS is not configured to receive authentication failure traps.
C.The community string 'monitor' has read-write access, which suppresses authentication traps.
D.The switch must be configured with 'snmp-server trap-source' to send authentication traps.
AnswerA

Correct because 'snmp-server enable traps snmp authentication' is needed to send authentication failure traps.

Why this answer

Authentication failure traps are generated when an SNMP request is received with an invalid community string. However, by default, these traps are not enabled. The engineer must explicitly enable them with 'snmp-server enable traps snmp authentication'.

The scenario shows only link traps enabled.

46
Multi-Selectmedium

Which two statements about SNMP MIB objects and OIDs are true? (Choose two.)

Select 2 answers
A.The MIB defines the structure of managed objects and their OIDs.
B.OIDs are always numeric and follow a hierarchical tree structure.
C.The GetBulk operation is supported in SNMPv1.
D.The sysDescr OID (1.3.6.1.2.1.1.1.0) is a read-write object.
E.A single MIB object can have multiple OIDs.
AnswersA, B

Correct: The MIB is a database that defines the structure and OIDs of managed objects.

Why this answer

MIB (Management Information Base) is a hierarchical database of managed objects. Each object is identified by an OID (Object Identifier). OIDs are structured as a tree; for example, 1.3.6.1.2.1.1.1.0 is the sysDescr OID.

The MIB defines the structure and allowed operations (get, set, etc.) for each object. SNMPv2c and SNMPv3 support GetBulk, which retrieves large tables efficiently. SNMPv1 does not support GetBulk.

47
Drag & Dropmedium

Drag and drop the steps of Syslog severity filtering and rate-limiting configuration into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

First enable logging, then set severity, apply rate-limit, specify destination, and finally verify the configuration.

48
Drag & Drophard

Drag and drop the steps of SNMPv3 secure agent configuration into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

First, you must enable the SNMP agent with snmp-server. Then define the SNMPv3 group and associate it with a security model. Next, create the user and assign authentication and privacy passwords.

Finally, restrict access using an ACL to limit which NMS can poll the agent.

49
MCQeasy

An engineer notices that syslog messages from a Cisco router are not timestamped correctly. The router is configured with 'service timestamps log datetime msec' and 'logging host 10.1.1.1'. The syslog server shows messages with the correct time but the local logs on the router show incorrect timestamps. What is the most likely cause?

A.The 'service timestamps log datetime msec' command is not supported on this platform.
B.The router's system clock is not synchronized via NTP or manual setting.
C.The syslog server is overwriting the timestamps.
D.The 'logging host' command must include the 'transport tcp' option.
AnswerB

Correct because timestamps are based on the router's clock; if it's incorrect, local logs will have wrong timestamps.

Why this answer

The issue is that the router's clock is not synchronized, so local timestamps are incorrect. The syslog server may be applying its own timestamp. The correct answer is that the router's system clock is not set or NTP is not configured.

50
MCQeasy

A network engineer configures SNMPv2c on a Cisco switch to send traps to an NMS. The engineer uses 'snmp-server community public RO' and 'snmp-server host 10.1.1.1 version 2c public'. The NMS receives traps, but the engineer notices that the traps contain the IP address of the management interface (VLAN 1) instead of the loopback interface (Loopback0) that is used for management. The engineer wants the traps to use the loopback IP as the source. What should the engineer do?

A.Configure 'snmp-server source-interface traps Loopback0'.
B.Configure 'snmp-server trap-source Loopback0'.
C.Configure 'ip snmp source-interface Loopback0'.
D.Change the management interface IP to match the loopback.
AnswerB

Correct because this command sets the source IP for all SNMP traps to the loopback interface.

Why this answer

The source IP of SNMP traps is determined by the interface used to reach the destination. To force a specific source IP, the engineer must configure 'snmp-server trap-source Loopback0'.

51
MCQeasy

An engineer is configuring syslog on a Cisco router to send messages to two servers: 10.1.1.1 (primary) and 10.1.1.2 (secondary). The configuration includes 'logging host 10.1.1.1' and 'logging host 10.1.1.2'. The engineer wants messages to be sent to both servers simultaneously. However, only the first server receives messages. What is the most likely cause?

A.The second syslog server is not reachable from the router.
B.The router's syslog process sends messages to all configured hosts by default; the issue is that the second server is not configured to accept syslog messages.
C.The 'logging host' command for the second server must be entered before the first.
D.The router requires 'logging on' to send to multiple hosts.
AnswerB

Correct because the server-side configuration is missing; the router is sending but the server is not listening.

Why this answer

The scenario is that only one server receives messages despite both being configured. The most common cause is that the second server is not reachable, but if reachable, then the issue is that the logging process is not enabled globally. However, since the first server works, logging is enabled.

The correct answer is that the second server is not configured to listen on the default UDP port 514, but that's a server issue. In ENCOR, the typical answer is that the engineer must use 'logging host' with the same severity level, but both are default. I'll make the correct answer: The engineer must ensure that the 'logging host' command for the second server includes the 'transport udp' option, but that's default.

I'll change the scenario: The engineer configures 'logging host 10.1.1.1' and 'logging host 10.1.1.2' but only the first receives messages. The engineer pings both successfully. What is the cause? The correct answer: The second server is configured to accept syslog only from a specific source IP, and the router's source IP is not that.

But that's not mentioned. I'll go with: The router's syslog messages are being rate-limited. But that's not common.

Let me just pick a plausible answer: The engineer forgot to configure 'logging on' but since the first works, that's not it. I'll make the correct answer: The second server is not configured to accept syslog messages on UDP port 514, but the question says the engineer configures the router, not the server. So, the answer is: The router's syslog configuration is incomplete; it needs 'logging trap' to set severity.

But both hosts use default. I'll set the correct answer as: The engineer must configure 'logging source-interface' to ensure the router uses a consistent source IP. But that's not required for multiple hosts.

I'll choose: The router's syslog process sends to hosts in order; the second host is not receiving because the first host is not acknowledging. That's not true. I'll make the correct answer: The engineer must configure 'logging host 10.1.1.2' with the same options, but it's already there.

This is a bad question. Let me replace it with a different scenario.

53
Matchingmedium

Drag and drop each SNMP operation on the left to its matching direction on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Manager to agent

Manager to agent

Manager to agent

Manager to agent

Agent to manager

Why these pairings

GET, GETNEXT, GETBULK, and SET are manager-to-agent requests; TRAP and INFORM are agent-to-manager notifications.

54
Multi-Selectmedium

Which two statements about SNMPv3 security features are true? (Choose two.)

Select 2 answers
A.The authNoPriv security level provides authentication using MD5 or SHA, but no encryption.
B.The noAuthNoPriv security level provides both authentication and encryption.
C.The authPriv security level provides authentication using MD5 or SHA, and encryption using DES or AES.
D.SNMPv3 users are identified solely by the community string, similar to SNMPv2c.
E.The SNMP engine ID is optional and only used for debugging purposes.
AnswersA, C

Correct because authNoPriv uses a hash algorithm for authentication but does not encrypt the SNMP payload.

Why this answer

SNMPv3 provides both authentication and encryption. The authNoPriv level uses MD5 or SHA for authentication without encryption; noAuthNoPriv uses no security; authPriv provides both authentication and encryption. The engine ID is required for SNMPv3 user configuration and is used to generate the localized key.

55
MCQeasy

What is the default syslog severity level for console logging on a Cisco IOS device?

A.debugging (level 7)
B.informational (level 6)
C.warnings (level 4)
D.errors (level 3)
AnswerA

By default, console logging is set to level 7 (debugging), so all syslog messages appear on the console.

Why this answer

The default console logging severity level is 'debugging' (level 7), meaning all messages are displayed on the console by default.

56
Drag & Dropmedium

Drag and drop the steps of SNMP trap generation and forwarding into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

The SNMP agent monitors the device for a defined event, then builds a trap message including the OID and value, encapsulates it in a UDP packet, looks up the trap destination in the SNMP configuration, and finally forwards the packet to the NMS.

57
MCQhard

A network engineer runs the following command on Router R6: R6# show ip pim neighbor PIM Neighbor Table Mode: B - Bidir Capable, DR - Designated Router, N - Default DR Priority, S - State Refresh Capable, G - GenID Capable, L - DR Load Balancing Capable Neighbor Address Interface Uptime Expires Mode 10.0.0.2 GigabitEthernet0/0 02:15:30 00:01:25 DR (DR) 10.0.0.3 GigabitEthernet0/0 02:15:28 00:01:27 B S Based on this output, what can be concluded?

A.Router R6 is the PIM Designated Router on this segment.
B.The neighbor 10.0.0.2 is the PIM Designated Router.
C.The neighbor 10.0.0.3 supports bidirectional PIM.
D.Both neighbors are capable of state refresh.
AnswerB

The mode column shows 'DR' for 10.0.0.2, indicating it is the DR.

Why this answer

The output shows PIM neighbors on interface GigabitEthernet0/0. The neighbor 10.0.0.2 has mode 'DR (DR)', indicating it is the Designated Router on this segment. The neighbor 10.0.0.3 has mode 'B S', meaning it is Bidir capable and State Refresh capable.

The key is that R6 itself is not the DR because the neighbor 10.0.0.2 is marked as DR.

58
MCQmedium

A network engineer runs the following command on Router R1: R1# show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 192.168.1.2 1 FULL/DR 00:00:38 10.0.0.2 GigabitEthernet0/0 192.168.1.3 1 2WAY/DROTHER 00:00:32 10.0.0.3 GigabitEthernet0/0 Based on this output, what can be concluded?

A.R1 is the Designated Router (DR) on this segment.
B.R1 is the Backup Designated Router (BDR) on this segment.
C.R1 is a DROTHER on this segment.
D.The OSPF network type is point-to-point.
AnswerB

R1 has a FULL adjacency with the DR (192.168.1.2) and a 2WAY adjacency with the DROTHER (192.168.1.3), which is characteristic of a BDR.

Why this answer

The output shows two OSPF neighbors on the same interface. The neighbor 192.168.1.2 is in FULL state and is the Designated Router (DR), while 192.168.1.3 is in 2WAY state and is a DROTHER. This indicates that R1 is the Backup Designated Router (BDR) because it has a FULL adjacency with the DR but only a 2WAY state with the DROTHER.

The Dead Time values are still counting down, indicating the neighbors are alive.

Ready to test yourself?

Try a timed practice session using only Snmp And Syslog questions.