300-410 · topic practice

Network Logging and Syslog practice questions

Practise identifying, configuring, and troubleshooting core network services like DNS, DHCP, NAT, and NTP for the 300-410 exam.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Network Logging and Syslog

What the exam tests

What to know about Network Logging and Syslog

Tests your knowledge of DNS, DHCP, NAT, and other network services configuration and troubleshooting.

DNS record types and resolution process

DHCP lease, scope, and reservation configuration

NAT and PAT for IP address translation

Network time protocol (NTP) synchronization

Why learners struggle

Why Network Logging and Syslog questions are commonly missed

Network services questions are commonly missed because candidates confuse protocol roles and port numbers. The overlap between DNS, DHCP, and NAT functions creates specific mix-ups.

  • ·DNS vs DHCP — name resolution vs IP assignment
  • ·NAT vs PAT — address vs port translation
  • ·DHCP scope vs reservation — dynamic vs static
  • ·DNS A vs AAAA — IPv4 vs IPv6 records
  • ·NTP vs SNTP — accuracy vs simplicity
  • ·DHCP relay vs DHCP server — forwarding vs providing

Watch out for

Common Network Logging and Syslog exam traps

  • Confusing DNS A record with CNAME for hostname mapping
  • Thinking DHCP assigns static IPs instead of dynamic leases
  • Mixing up NAT and PAT port vs address translation
  • Assuming NTP only syncs time once, not periodically

Practice set

Network Logging and Syslog questions

20 questions · select your answer, then reveal the explanation

A network engineer notices that the syslog server at 10.1.1.100 is not receiving any log messages from a Cisco router running IOS-XE 16.9. The engineer has configured 'logging host 10.1.1.100' and 'logging trap debugging'. The router can ping the syslog server successfully. What is the most likely cause of the missing syslog messages?

An engineer is troubleshooting why syslog messages from a router are not being received by the syslog server at 192.168.1.10. The router configuration includes 'logging host 192.168.1.10' and 'logging trap 6'. The engineer runs 'debug ip packet' and sees packets destined for 192.168.1.10 being sent but no response. What should the engineer check first?

A network engineer is troubleshooting a router that is generating excessive syslog messages, filling up the local logging buffer and causing performance issues. The engineer wants to reduce the volume of messages sent to the remote syslog server while still capturing critical alerts locally. The current configuration includes 'logging buffered 4096 debugging' and 'logging host 10.1.1.100'. What is the best approach?

A router is configured with 'logging host 10.1.1.100' and 'logging trap informational'. The engineer notices that syslog messages with severity 5 (notice) are being sent, but messages with severity 6 (informational) are not. What is the most likely cause?

An engineer is troubleshooting a router that is not sending syslog messages to the remote server at 192.168.1.10. The configuration includes 'logging host 192.168.1.10' and 'logging trap 7'. The router can ping 192.168.1.10. The engineer runs 'show logging' and sees 'Syslog logging: enabled (0 messages dropped, 0 messages rate-limited, 0 flushes, 0 overruns)'. What is the most likely cause?

A router is configured to send syslog messages to two servers: 10.1.1.100 and 10.1.1.200. The engineer notices that only server 10.1.1.100 is receiving messages. The configuration shows 'logging host 10.1.1.100' and 'logging host 10.1.1.200'. Both servers are reachable via ping. What is the most likely cause?

An engineer is troubleshooting a router that is generating syslog messages with incorrect timestamps. The router has 'service timestamps log datetime msec' configured, but the timestamps show the wrong time zone. The router's clock is set correctly via NTP. What is the most likely cause?

A router is configured with 'logging host 10.1.1.100' and 'logging trap debugging'. The engineer notices that the router is sending a large number of debug messages to the syslog server, causing high CPU usage. The engineer wants to stop sending debug messages to the remote server but keep them in the local buffer. What is the best command to achieve this?

A network engineer is troubleshooting a router that is not generating any syslog messages at all, even for critical events like interface flaps. The 'show logging' output shows 'Syslog logging: disabled'. What is the most likely cause?

Question 10mediummultiple choice
Read the full network assurance explanation →

A network engineer runs the following command on Router R1:

R1# show logging

Syslog logging: enabled (0 messages dropped, 3 messages rate-limited, 0 flushes, 0 overruns, xml disabled, small buffer) Console logging: level debugging, 37 messages logged, xml disabled, filtering disabled Monitor logging: level debugging, 0 messages logged, xml disabled, filtering disabled Buffer logging: level informational, 5 messages logged, xml disabled, filtering disabled

Logging Exception size (4096 bytes)

Count and timestamp logging messages: disabled Persistent logging: disabled

No active filter modules.

Trap logging: level informational, 0 message lines logged

Logging to 192.168.1.100 (udp port 514, audit disabled,

link up), 0 message lines logged, xml disabled, filtering disabled

Logging Source Interface: Loopback0

Log Buffer (4096 bytes):

*Mar  1 00:01:23.456: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to up
*Mar  1 00:02:34.567: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up

Based on this output, which statement is correct?

Question 11mediummultiple choice
Read the full network assurance explanation →

A network engineer runs the following command on Router R2:

R2# show logging | include %SYS-5-CONFIG_I

*Mar  1 00:10:15.123: %SYS-5-CONFIG_I: Configured from console by console
*Mar  1 00:12:45.678: %SYS-5-CONFIG_I: Configured from console by console
*Mar  1 00:15:30.001: %SYS-5-CONFIG_I: Configured from console by console
*Mar  1 00:20:00.999: %SYS-5-CONFIG_I: Configured from console by console

Based on this output, what is the most likely problem?

Question 12hardmultiple choice
Review the full OSPF breakdown →

A network engineer runs the following command on Router R3:

R3# show logging | include %OSPF-5-ADJCHG

*Mar  1 00:05:10.123: %OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.1 on GigabitEthernet0/0 from LOADING to FULL, Loading Done
*Mar  1 00:06:20.456: %OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.1 on GigabitEthernet0/0 from FULL to DOWN, Neighbor Down: Dead timer expired
*Mar  1 00:07:30.789: %OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.1 on GigabitEthernet0/0 from DOWN to INIT, Received Hello
*Mar  1 00:08:40.012: %OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.1 on GigabitEthernet0/0 from INIT to EXSTART, Event: start
*Mar  1 00:09:50.345: %OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.1 on GigabitEthernet0/0 from EXSTART to EXCHANGE, Event: Negotiation Done
*Mar  1 00:10:00.678: %OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.1 on GigabitEthernet0/0 from EXCHANGE to LOADING, Event: Exchange Done
*Mar  1 00:11:10.901: %OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.1 on GigabitEthernet0/0 from LOADING to FULL, Loading Done
*Mar  1 00:12:20.234: %OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.1 on GigabitEthernet0/0 from FULL to DOWN, Neighbor Down: Dead timer expired

Based on this output, what is the most likely problem?

Question 13mediummultiple choice
Open the full BGP breakdown →

A network engineer runs the following command on Router R4:

R4# show logging | include %BGP-3-NOTIFICATION

*Mar  1 00:01:05.123: %BGP-3-NOTIFICATION: sent to neighbor 10.0.0.2 4/0 (Hold Timer Expired) 0 bytes
*Mar  1 00:02:10.456: %BGP-3-NOTIFICATION: received from neighbor 10.0.0.2 4/0 (Hold Timer Expired) 0 bytes
*Mar  1 00:03:15.789: %BGP-3-NOTIFICATION: sent to neighbor 10.0.0.2 4/0 (Hold Timer Expired) 0 bytes

Based on this output, what is the most likely problem?

A network engineer runs the following command on Router R5:

R5# show logging | include %LINEPROTO-5-UPDOWN

*Mar  1 00:00:10.123: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up
*Mar  1 00:00:20.456: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to down
*Mar  1 00:00:30.789: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up
*Mar  1 00:00:40.012: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to down
*Mar  1 00:00:50.345: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up
*Mar  1 00:01:00.678: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to down

Based on this output, what is the most likely problem?

Question 15mediummultiple choice
Study the full ACL explanation →

A network engineer runs the following command on Router R6:

R6# show logging | include %SEC-6-IPACCESSLOGP

*Mar  1 00:01:15.123: %SEC-6-IPACCESSLOGP: list ACL_INBOUND denied tcp 10.0.0.100(12345) -> 192.168.1.1(80), 1 packet
*Mar  1 00:01:20.456: %SEC-6-IPACCESSLOGP: list ACL_INBOUND denied tcp 10.0.0.100(12346) -> 192.168.1.1(80), 1 packet
*Mar  1 00:01:25.789: %SEC-6-IPACCESSLOGP: list ACL_INBOUND denied tcp 10.0.0.100(12347) -> 192.168.1.1(80), 1 packet
*Mar  1 00:01:30.012: %SEC-6-IPACCESSLOGP: list ACL_INBOUND denied tcp 10.0.0.100(12348) -> 192.168.1.1(80), 1 packet

Based on this output, what is the most likely problem?

A network engineer runs the following command on Router R7:

R7# show logging | include %SYS-2-MALLOCFAIL

*Mar  1 00:05:10.123: %SYS-2-MALLOCFAIL: Memory allocation failed for size 1024, from process 0x12345678, pool Processor
*Mar  1 00:06:20.456: %SYS-2-MALLOCFAIL: Memory allocation failed for size 2048, from process 0x12345678, pool Processor
*Mar  1 00:07:30.789: %SYS-2-MALLOCFAIL: Memory allocation failed for size 512, from process 0x12345678, pool Processor

Based on this output, what is the most likely problem?

Question 17mediummultiple choice
Read the full network assurance explanation →

A network engineer runs the following command on Router R8:

R8# show logging | include %LDP-5-NBRCHG

*Mar  1 00:01:10.123: %LDP-5-NBRCHG: LDP Neighbor 10.0.0.2:0 (1) is UP
*Mar  1 00:02:20.456: %LDP-5-NBRCHG: LDP Neighbor 10.0.0.2:0 (1) is DOWN
*Mar  1 00:03:30.789: %LDP-5-NBRCHG: LDP Neighbor 10.0.0.2:0 (1) is UP
*Mar  1 00:04:40.012: %LDP-5-NBRCHG: LDP Neighbor 10.0.0.2:0 (1) is DOWN

Based on this output, what is the most likely problem?

Question 18mediummultiple choice
Read the full VPN explanation →

A network engineer runs the following command on Router R9:

R9# show logging | include %DMVPN-5-ADJCHG

*Mar  1 00:01:05.123: %DMVPN-5-ADJCHG: NHRP: Peer 10.0.0.1 on Tunnel0 is UP
*Mar  1 00:02:10.456: %DMVPN-5-ADJCHG: NHRP: Peer 10.0.0.1 on Tunnel0 is DOWN
*Mar  1 00:03:15.789: %DMVPN-5-ADJCHG: NHRP: Peer 10.0.0.1 on Tunnel0 is UP
*Mar  1 00:04:20.012: %DMVPN-5-ADJCHG: NHRP: Peer 10.0.0.1 on Tunnel0 is DOWN

Based on this output, what is the most likely problem?

Question 19mediummultiple choice
Read the full network assurance explanation →

Examine the following partial router configuration:

logging buffered 16384
logging console warnings
logging monitor notifications
logging trap debugging
logging source-interface Loopback0
logging 192.168.1.100

What is the effect of this configuration?

Question 20mediummultiple choice
Read the full network assurance explanation →

Given the following partial configuration on a Cisco IOS-XE router:

logging host 10.1.1.1 transport tcp port 514
logging source-interface GigabitEthernet0/1
logging on

What is missing or incorrect in this configuration?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Network Logging and Syslog sessions

Start a Network Logging and Syslog only practice session

Every question in these sessions is drawn from the Network Logging and Syslog domain — nothing else.

Related practice questions

Related 300-410 topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the 300-410 exam test about Network Logging and Syslog?
Tests your knowledge of DNS, DHCP, NAT, and other network services configuration and troubleshooting.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Network Logging and Syslog questions in a focused session?
Yes — the session launcher on this page draws every question from the Network Logging and Syslog domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other 300-410 topics?
Use the topic links above to move to related areas, or go back to the 300-410 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the 300-410 exam covers. They are not copied from any real exam or dump site.