Home > CCNA – NetFlow Questions

CCNA – NetFlow Questions

March 27th, 2015 Go to comments

If you are not sure about NetFlow, please read our NetFlow tutorial.

Question 1


NetFlow traditionally enables several key customer applications including:

+ Network Monitoring – NetFlow data enables extensive near real time network monitoring capabilities. Flow-based analysis techniques may be utilized to visualize traffic patterns associated with individual routers and switches as well as on a network-wide basis (providing aggregate traffic or application based views) to provide proactive problem detection, efficient troubleshooting, and rapid problem resolution.

+ Application Monitoring and Profiling – NetFlow data enables network managers to gain a detailed, time-based, view of application usage over the network. This information is used to plan, understand new services, and allocate network and application resources (e.g. Web server sizing and VoIP deployment) to responsively meet customer demands.

+ User Monitoring and Profiling – NetFlow data enables network engineers to gain detailed understanding of customer/user utilization of network and application resources. This information may then be utilized to efficiently plan and allocate access, backbone and application resources as well as to detect and resolve potential security and policy violations.

+ Network Planning – NetFlow can be used to capture data over a long period of time producing the opportunity to track and anticipate network growth and plan upgrades to increase the number of routing devices, ports, or higher- bandwidth interfaces. NetFlow services data optimizes network planning including peering, backbone upgrade planning, and routing policy planning. NetFlow helps to minimize the total cost of network operations while maximizing network performance, capacity, and reliability. NetFlow detects unwanted WAN traffic, validates bandwidth and Quality of Service (QOS) and allows the analysis of new network applications. NetFlow will give you valuable information to reduce the cost of operating your network.

+ Security Analysis – NetFlow identifies and classifies DDOS attacks, viruses and worms in real-time. Changes in network behavior indicate anomalies that are clearly demonstrated in NetFlow data. The data is also a valuable forensic tool to understand and replay the history of security incidents.

+ Accounting/Billing – NetFlow data provides fine-grained metering (e.g. flow data includes details such as IP addresses, packet and byte counts, timestamps, type-of-service and application ports, etc.) for highly flexible and detailed resource utilization accounting. Service providers may utilize the information for billing based on time-of-day, bandwidth usage, application usage, quality of service, etc. Enterprise customers may utilize the information for departmental charge-back or cost allocation for resource utilization.

(Reference: http://www.cisco.com/en/US/products/sw/netmgtsw/ps1964/products_implementation_design_guide09186a00800d6a11.html#wp1030045)

Question 2


What is an IP Flow?
Each packet that is forwarded within a router or switch is examined for a set of IP packet attributes. These attributes are the IP packet identity or fingerprint of the packet and determine if the packet is unique or similar to other packets.
Traditionally, an IP Flow is based on a set of 5 and up to 7 IP packet attributes.
IP Packet attributes used by NetFlow:
+ IP source address
+ IP destination address
+ Source port
+ Destination port
+ Layer 3 protocol type
+ Class of Service
+ Router or switch interface

(Reference: http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-netflow/prod_white_paper0900aecd80406232.html)

Question 3


Flow monitors are the Flexible NetFlow component that is applied to interfaces to perform network traffic monitoring. Flow monitors consist of a record and a cache. You add the record to the flow monitor after you create the flow monitor. The flow monitor cache is automatically created at the time the flow monitor is applied to the first interface. Flow data is collected from the network traffic during the monitoring process based on the key and nonkey fields in the record, which is configured for the flow monitor and stored in the flow monitor cache.
For example, the following example creates a flow monitor named FLOW-MONITOR-1 and enters Flexible NetFlow flow monitor configuration mode:
Router(config)# flow monitor FLOW-MONITOR-1

(Reference: http://www.cisco.com/c/en/us/td/docs/ios/fnetflow/command/reference/fnf_book/fnf_01.html#wp1314030)

Question 4


The “show ip cache flow” command displays a summary of the NetFlow accounting statistics.


Question 5


NetFlow facilitates solutions to many common problems encountered by IT professionals.
+ Analyze new applications and their network impact
Identify new application network loads such as VoIP or remote site additions.
+ Reduction in peak WAN traffic
Use NetFlow statistics to measure WAN traffic improvement from application-policy changes; understand who is utilizing the network and the network top talkers.
+ Troubleshooting and understanding network pain points
Diagnose slow network performance, bandwidth hogs and bandwidth utilization quickly with command line interface or reporting tools. -> D is correct.
+ Detection of unauthorized WAN traffic
Avoid costly upgrades by identifying the applications causing congestion. -> A is correct.
+ Security and anomaly detection
NetFlow can be used for anomaly detection and worm diagnosis along with applications such as Cisco CS-Mars.
+ Validation of QoS parameters
Confirm that appropriate bandwidth has been allocated to each Class of Service (CoS) and that no CoS is over- or under-subscribed.-> F is correct.

(Reference: http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-netflow/prod_white_paper0900aecd80406232.html)

Question 6

Question 7

Comments (23) Comments
Comment pages
1 3 4 5 2099
  1. Ussy
    September 28th, 2015

    Hi @9tut Do you have a NetFlow Tutorial. Thanks

  2. hieu tran
    October 14th, 2015

    Hi @9tut Do you have a NetFlow Tutorial? Thanks

    October 22nd, 2015

    Below reference link is good for netflow topic:


  4. THE RIGHT Answer!!!
    November 10th, 2015

    Network Planning, like creating the network design isn’t even close for CCNA noob entry levels.

  5. THE RIGHT Answer!!!
    November 10th, 2015

    CCDA Exams & Recommended Training

    Required Exam(s) Recommended Training
    640-864 DESGN
    Last day to test: December 14, 2015 Designing for Cisco Internetwork Solutions (DESGN) v2.1

  6. DungeonDenizen
    December 23rd, 2015

    I had Q1, 3, 5 & 6 ON 12/22/2015

  7. NonameCR
    January 19th, 2016

    Hi 9tut guys first of all tks for your help … I found a new question similiar to the number 2. It was like this:

    Question 2

    What are the three things that the NetFlow uses to consider the traffic to be in a same flow?
    A. Source IP address
    B. Destination IP address
    C. Egress Interface
    D. Ingress Interface
    E. MAC address

    I don’t remember quite well maybe someone can remember better. I know Netflow use L3 and ports for pickup info but got confuse with the options egress/ingress interface…

  8. NonameCR
    January 19th, 2016

    I found this at vlan questions…
    Questions Today June 24th, 2015
    Q7,Q8 and Q10 was in exam. Praise The Lord and thnx 9tut passed on 24th june 986/1000.
    Some new questions to be observed:
    What will happen if a private IP address is assigned to a public interface connected to an ISP?
    A. Addresses in a private range will be not be routed on the Internet backbone.
    B. Only the ISP router will have the capability to access the public network.
    C. The NAT process will be used to translate this address to a valid IP address.
    D. A conflict of IP addresses happens, because other public routers can use the same range.
    Answer: A
    What are three values that must be the same within a sequence of packets for Netflow to consider
    them a network flow? (Choose three.)
    A. source IP address
    B. source MAC address
    C. egress interface
    D. ingress interface
    E. destination IP address
    F. IP next-hop
    Answer: A,D,E

  9. Anonymous
    February 24th, 2016


  10. sara
    March 4th, 2016

    are these questions valid yet ?

  11. Sam
    March 12th, 2016

    I think they are still valid. My friend took exam last week and he passed with 950 marks. Most of them were from dumps he said.

  12. Her
    April 2nd, 2016

    Please someone can email me a last dumps for icnd1 please

  13. Her
    April 2nd, 2016

    At {email not allowed}

  14. lost
    May 18th, 2016

    please help where do I find the questions Im only seeing explanations?

  15. Kali
    May 23rd, 2016

    Q1: ┬┐Why not network planning”

  16. Marco
    May 27th, 2016

    About question number 1, Why not network planning? In the explanation, clearly it mentions as one benefit.

  17. Anonymous
    May 30th, 2016

    What are the benefit of using Netflow? (Choose three)
    A. Network, Application & User Monitoring
    B. Network Planning
    C. Security Analysis
    D. Accounting/Billing

    I think the four answers are correct, please confirm

  18. Anonymous
    June 3rd, 2016

    planning to take my exam soon. Kindly email me dumps please? paolodexteratyahoo.com (@) thanks guys :)

  19. Ted
    July 15th, 2016

    google gratis exam 200-120

  20. CCNA
    July 23rd, 2016

    Hi, are SNMP, NetFlow questions valid? Because I cant answer to this questions from Official CCNA Guide.

  21. AOT
    September 2nd, 2016

    Kindly email me the latest dumps please? syndy005(@)yahoo.com
    Thanks guys

  22. adday
    November 15th, 2016

    anyone who needs latest and valid 210-065 dumps kindly call +254705475375

  23. Stepahanie
    June 12th, 2017

    Any idea which would be the best site for forensics cert prep ?

Comment pages
1 3 4 5 2099
Add a Comment