CISCO CCNA Exam – Q273

In which circumstance are multiple copies of the same unicast frame likely to be transmitted in a switched LAN?

A. during high traffic periods
B. after broken links are re-established
C. when upper-layer protocols require high reliability
D. in an improperly implemented redundant topology
E. when a dual ring topology is in use

Correct Answer: D

Explanation:
If we connect two switches via 2 or more links and do not enable STP on these switches then a loop (which creates multiple copies of the same unicast frame) will occur. It is an example of an improperly implemented redundant topology.

CISCO CCNA Exam – Q272

What are three reasons to collect Netflow data on a company network? (Choose three.)

A. To identify applications causing congestion.
B. To authorize user network access.
C. To report and alert link up / down instances.
D. To diagnose slow network performance, bandwidth hogs, and bandwidth utilization.
E. To detect suboptimal routing in the network.
F. To confirm the appropriate amount of bandwidth that has been allocated to each Class of Service.

Correct Answers: A, D, F

Explanation:
NetFlow facilitates solutions to many common problems encountered by IT professionals.

+ Analyze new applications and their network impact
Identify new application network loads such as VoIP or remote site additions.
+ Reduction in peak WAN traffic
Use NetFlow statistics to measure WAN traffic improvement from application-policy changes; understand who is utilizing the network and the network top talkers.
+ Troubleshooting and understanding network pain points
Diagnose slow network performance, bandwidth hogs and bandwidth utilization quickly with command line interface or reporting tools. -> D is correct.
+ Detection of unauthorized WAN traffic
Avoid costly upgrades by identifying the applications causing congestion. -> A is correct.
+ Security and anomaly detection
NetFlow can be used for anomaly detection and worm diagnosis along with applications such as Cisco CS-Mars.
+ Validation of QoS parameters
Confirm that appropriate bandwidth has been allocated to each Class of Service (CoS) and that no CoS is over- or under-subscribed.-> F is correct.

CISCO CCNA Exam – Q271

What Netflow component can be applied to an interface to track IPv4 traffic?

A. flow monitor
B. flow record
C. flow sampler
D. flow exporter

Correct Answer: A

Explanation:
Flow monitors are the Flexible NetFlow component that is applied to interfaces to perform network traffic monitoring. Flow monitors consist of a record and a cache. You add the record to the flow monitor after you create the flow monitor. The flow monitor cache is automatically created at the time the flow monitor is applied to the first interface. Flow data is collected from the network traffic during the monitoring process based on the key and non-key fields in the record, which is configured for the flow monitor and stored in the flow monitor cache.

For example, the following example creates a flow monitor named FLOW-MONITOR-1 and enters Flexible NetFlow flow monitor configuration mode:

Router(config)# flow monitor FLOW-MONITOR-1
Router(config-flow-monitor)#

CISCO CCNA Exam – Q270

What Cisco IOS feature can be enabled to pinpoint an application that is causing slow network performance?

A. SNMP
B. Netflow
C. WCCP
D. IP SLA

Correct Answer: B

Explanation:
Netflow can be used to diagnose slow network performance, bandwidth hogs and bandwidth utilization quickly with command line interface or reporting tools.

Reference: http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-netflow/prod_white_paper0900aecd80406232.html

CISCO CCNA Exam – Q269

What command visualizes the general NetFlow data on the command line?

A. show ip flow export
B. show ip flow top-talkers
C. show ip cache flow
D. show mls sampling
E. show mls netflow ip

Correct Answer: C

Explanation:
The following is an example of how to visualize the NetFlow data using the CLI. There are three methods to visualize the data depending on the version of Cisco IOS Software.

The traditional show command for NetFlow is “show ip cache flow” also available are two forms of top talker commands. One of the top talkers commands uses a static configuration to view top talkers in the network and another command called dynamic top talkers allows real-time sorting and aggregation of NetFlow data. Also shown is a show MLS command to view the hardware cache on the Cisco Catalyst 6500 Series Switch.

The following is the original NetFlow show command used for many years in Cisco IOS Software. Information provided includes packet size distribution; basic statistics about number of flows and export timer setting, a view of the protocol distribution statistics and the NetFlow cache.

The “show ip cache flow” command displays a summary of the NetFlow accounting statistics.
CISCO CCNA Exam – Q269

Reference: http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-netflow/prod_white_paper0900aecd80406232.html

CISCO CCNA Exam – Q268

What are three values that must be the same within a sequence of packets for Netflow to consider them a network flow? (Choose three.)

A. source IP address
B. source MAC address
C. egress interface
D. ingress interface
E. destination IP address
F. IP next-hop

Correct Answers: A, D, E

Explanation:
Each packet that is forwarded within a router or switch is examined for a set of IP packet attributes. These attributes are the IP packet identity or fingerprint of the packet and determine if the packet is unique or similar to other packets.
Traditionally, an IP Flow is based on a set of 5 and up to 7 IP packet attributes.

IP Packet attributes used by NetFlow:
• IP source address
• IP destination address
• Source port
• Destination port
• Layer 3 protocol type
• Class of Service
• Router or switch interface

All packets with the same source/destination IP address, source/destination ports, protocol interface and class of service are grouped into a flow and then packets and bytes are tallied. This methodology of fingerprinting or determining a flow is scalable because a large amount of network information is condensed into a database of NetFlow information called the NetFlow cache.

Reference: http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-netflow/prod_white_paper0900aecd80406232.html

CISCO CCNA Exam – Q267

What are three factors a network administrator must consider before implementing Netflow in the network? (Choose three.)

A. CPU utilization
B. where Netflow data will be sent
C. number of devices exporting Netflow data
D. port availability
E. SNMP version
F. WAN encapsulation

Correct Answers: A, B, C

Explanation:
NetFlow has a reputation for increasing CPU utilization on your network devices. Cisco’s performance testing seems to indicate that newer hardware can accommodate this load pretty well, but you will still want to check it out before you turn on the feature. Some symptoms of high CPU utilization are very large jitter and increased delay. Services running
on the device may also be affected.

Another thing to keep in mind is the amount of data you’re going to be sending across the network. Depending on how much traffic you have and how you configure it, the traffic can be substantial. For example, you may not want to send NetFlow data from a datacenter switch to a NetFlow collector on the other side of a small WAN circuit. Also bear in mind that the flows from aggregating large numbers of devices can add up.

Reference: http://searchenterprisewan.techtarget.com/tip/How-the-NetFlow-protocol-monitors-your-WAN

CISCO CCNA Exam – Q266

Refer to the exhibit.
CISCO CCNA Exam – Q266

If the devices produced the given output, what is the cause of the EtherChannel problem?

A. SW1’s Fa0/1 interface is administratively shut down.
B. There is an encapsulation mismatch between SW1’s Fa0/1 and SW2’s Fa0/1 interfaces.
C. There is an MTU mismatch between SW1’s Fa0/1 and SW2’s Fa0/1 interfaces.
D. There is a speed mismatch between SW1’s Fa0/1 and SW2’s Fa0/1 interfaces.

Correct Answer: D

Explanation:
You must configure all interfaces in an EtherChannel to operate at the same speeds and duplex modes. Based on the output shown, SW1 is configured to run at 10Mb while SW2 is operating at 100 Mb.

CISCO CCNA Exam – Q265

What are the benefits of using Netflow? (Choose three.)

A. Network, Application & User Monitoring
B. Network Planning
C. Security Analysis
D. Accounting/Billing

Correct Answers: A, C, D

Explanation:
NetFlow traditionally enables several key customer applications including:

+ Network Monitoring – NetFlow data enables extensive near real time network monitoring capabilities. Flow-based analysis techniques may be utilized to visualize traffic patterns associated with individual routers and switches as well as on a network-wide basis (providing aggregate traffic or application based views) to provide proactive problem detection, efficient troubleshooting, and rapid problem resolution.

+ Application Monitoring and Profiling – NetFlow data enables network managers to gain a detailed, time-based, view of application usage over the network. This information is used to plan, understand new services, and allocate network and application resources (e.g. Web server sizing and VoIP deployment) to responsively meet customer demands.

+ User Monitoring and Profiling – NetFlow data enables network engineers to gain detailed understanding of customer/user utilization of network and application resources. This information may then be utilized to efficiently plan and allocate access, backbone and application resources as well as to detect and resolve potential security and policy violations.

+ Network Planning – NetFlow can be used to capture data over a long period of time producing the opportunity to track and anticipate network growth and plan upgrades to increase the number of routing devices, ports, or higher- bandwidth interfaces. NetFlow services data optimizes network planning including peering, backbone upgrade planning,
and routing policy planning. NetFlow helps to minimize the total cost of network operations while maximizing network performance, capacity, and reliability. NetFlow detects unwanted WAN traffic, validates bandwidth and Quality of Service (QOS) and allows the analysis of new network applications. NetFlow will give you valuable information to reduce the cost of operating your network.

+ Security Analysis – NetFlow identifies and classifies DDOS attacks, viruses and worms in real-time. Changes in network behavior indicate anomalies that are clearly demonstrated in NetFlow data. The data is also a valuable forensic tool to understand and replay the history of security incidents.

+ Accounting/Billing – NetFlow data provides fine-grained metering (e.g. flow data includes details such as IP addresses, packet and byte counts, timestamps, type-of-service and application ports, etc.) for highly flexible and detailed resource utilization accounting. Service providers may utilize the information for billing based on time-of-day, bandwidth usage, application usage, quality of service, etc. Enterprise customers may utilize the information for departmental charge-back or cost allocation for resource utilization.

CISCO CCNA Exam – Q264

Which protocol can cause overload on a CPU of a managed device?

A. Netflow
B. WCCP
C. IP SLA
D. SNMP

Correct Answer: D

Explanation:
Sometimes, messages like this might appear in the router console:
%SNMP-3-CPUHOG: Processing [chars] of [chars]
They mean that the SNMP agent on the device has taken too much time to process a request.
You can determine the cause of high CPU use in a router by using the output of the show process cpu command.
Note: A managed device is a part of the network that requires some form of monitoring and management (routers, switches, servers, workstations, printers…).