Home > ICND2 – NetFlow

ICND2 – NetFlow

May 15th, 2015 in ICND2 200-101 Go to comments

Question 1

Explanation

NetFlow traditionally enables several key customer applications including:

+ Network Monitoring – NetFlow data enables extensive near real time network monitoring capabilities. Flow-based analysis techniques may be utilized to visualize traffic patterns associated with individual routers and switches as well as on a network-wide basis (providing aggregate traffic or application based views) to provide proactive problem detection, efficient troubleshooting, and rapid problem resolution.

+ Application Monitoring and Profiling – NetFlow data enables network managers to gain a detailed, time-based, view of application usage over the network. This information is used to plan, understand new services, and allocate network and application resources (e.g. Web server sizing and VoIP deployment) to responsively meet customer demands.

+ User Monitoring and Profiling – NetFlow data enables network engineers to gain detailed understanding of customer/user utilization of network and application resources. This information may then be utilized to efficiently plan and allocate access, backbone and application resources as well as to detect and resolve potential security and policy violations.

+ Network Planning – NetFlow can be used to capture data over a long period of time producing the opportunity to track and anticipate network growth and plan upgrades to increase the number of routing devices, ports, or higher- bandwidth interfaces. NetFlow services data optimizes network planning including peering, backbone upgrade planning, and routing policy planning. NetFlow helps to minimize the total cost of network operations while maximizing network performance, capacity, and reliability. NetFlow detects unwanted WAN traffic, validates bandwidth and Quality of Service (QOS) and allows the analysis of new network applications. NetFlow will give you valuable information to reduce the cost of operating your network.

+ Security Analysis – NetFlow identifies and classifies DDOS attacks, viruses and worms in real-time. Changes in network behavior indicate anomalies that are clearly demonstrated in NetFlow data. The data is also a valuable forensic tool to understand and replay the history of security incidents.

+ Accounting/Billing – NetFlow data provides fine-grained metering (e.g. flow data includes details such as IP addresses, packet and byte counts, timestamps, type-of-service and application ports, etc.) for highly flexible and detailed resource utilization accounting. Service providers may utilize the information for billing based on time-of-day, bandwidth usage, application usage, quality of service, etc. Enterprise customers may utilize the information for departmental charge-back or cost allocation for resource utilization.

(Reference: http://www.cisco.com/en/US/products/sw/netmgtsw/ps1964/products_implementation_design_guide09186a00800d6a11.html#wp1030045)

Question 2

Explanation

What is an IP Flow?

Each packet that is forwarded within a router or switch is examined for a set of IP packet attributes. These attributes are the IP packet identity or fingerprint of the packet and determine if the packet is unique or similar to other packets.

Traditionally, an IP Flow is based on a set of 5 and up to 7 IP packet attributes.

IP Packet attributes used by NetFlow:

+ IP source address

+ IP destination address

+ Source port

+ Destination port

+ Layer 3 protocol type

+ Class of Service

+ Router or switch interface

(Reference: http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-netflow/prod_white_paper0900aecd80406232.html)

Question 3

Explanation

Flow monitors are the Flexible NetFlow component that is applied to interfaces to perform network traffic monitoring. Flow monitors consist of a record and a cache. You add the record to the flow monitor after you create the flow monitor. The flow monitor cache is automatically created at the time the flow monitor is applied to the first interface. Flow data is collected from the network traffic during the monitoring process based on the key and nonkey fields in the record, which is configured for the flow monitor and stored in the flow monitor cache.

For example, the following example creates a flow monitor named FLOW-MONITOR-1 and enters Flexible NetFlow flow monitor configuration mode:

Router(config)# flow monitor FLOW-MONITOR-1

Router(config-flow-monitor)#

(Reference: http://www.cisco.com/c/en/us/td/docs/ios/fnetflow/command/reference/fnf_book/fnf_01.html#wp1314030)

Question 4

Explanation

The “show ip cache flow” command displays a summary of the NetFlow accounting statistics.

show_ip_cache_flow.jpg

Question 5

Explanation

NetFlow facilitates solutions to many common problems encountered by IT professionals.

+ Analyze new applications and their network impact

Identify new application network loads such as VoIP or remote site additions.

+ Reduction in peak WAN traffic

Use NetFlow statistics to measure WAN traffic improvement from application-policy changes; understand who is utilizing the network and the network top talkers.

+ Troubleshooting and understanding network pain points

Diagnose slow network performance, bandwidth hogs and bandwidth utilization quickly with command line interface or reporting tools. -> D is correct.

+ Detection of unauthorized WAN traffic

Avoid costly upgrades by identifying the applications causing congestion. -> A is correct.

+ Security and anomaly detection

NetFlow can be used for anomaly detection and worm diagnosis along with applications such as Cisco CS-Mars.

+ Validation of QoS parameters

Confirm that appropriate bandwidth has been allocated to each Class of Service (CoS) and that no CoS is over- or under-subscribed.-> F is correct.

(Reference: http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-netflow/prod_white_paper0900aecd80406232.html)

Question 6

Question 7

Comments (63) Comments
  1. dylachloz
    May 18th, 2014

    I don’t understand: Q1 ==> why isn’t B one of the answers?

  2. Malik
    May 25th, 2014

    Dylachloz you are right we can plan our network by studying the logs but its not the main reason of using it so B cant be correct for the exam purpose….

  3. Anonymous
    June 9th, 2014

    http://www.cisco.com/en/US/products/sw/netmgtsw/ps1964/products_implementation_design_guide09186a00800d6a11.html#wp1030045

    States it is used for planning Network Planning

    —NetFlow can be used to capture data over a long period of time producing the opportunity to track and anticipate network growth and plan upgrades to increase the number of routing devices, ports, or higher- bandwidth interfaces. NetFlow services data optimizes network planning including peering, backbone upgrade planning, and routing policy planning. NetFlow helps to minimize the total cost of network operations while maximizing network performance, capacity, and reliability. NetFlow detects unwanted WAN traffic, validates bandwidth and Quality of Service (QOS) and allows the analysis of new network applications. NetFlow will give you valuable information to reduce the cost of operating your network.

  4. Anonymous
    June 14th, 2014

    Q1 A should be correct

  5. izzarazzu
    June 27th, 2014

    Took the exam today. Pass 986/1000. Q3 was here.

  6. ALI
    July 7th, 2014

    Q1 and Q7 was in there

  7. CCNA
    July 21st, 2014

    Q4 on Today exam & a New one.

    What are three values that must be the same within a sequence of packets for Netflow to consider them a network flow? (Choose three.)

    A. source IP address
    B. source MAC address
    C. egress interface
    D. ingress interface
    E. destination IP address
    F. IP next-hop

    Ans:- A,C,E

  8. Pedro
    July 29th, 2014

    @CCNA Actually the correct answer is A,D,E. It’s INGRESS interface not egress.

    Got that question in ICND2 that I did recently

  9. BrOwNiEee
    July 30th, 2014

    I am learning the course of ICND 2 (year 2008) and i can’t find any chapter where Netflow is explained. Is this course too old or can it be that they r asking questions that r not mentioned in the course? thanks

  10. Muzz
    August 1st, 2014

    BrOwNiEee –
    The test was redesigned in Fall of 2013. Old test material such as from 2008 will not be current.
    Look for test Number 100-101 (ICND1) & 200-101 (ICND2)

  11. AK
    August 15th, 2014

    For question 1: “A. Network, Application & User Monitoring” is not correct, the reason is that it uses “&User Monitoring”, which is not part of the benefits of netflow.

  12. Jack
    August 19th, 2014

    Question 3 was definitely on my exam.

  13. Ant
    August 20th, 2014

    Tested today, 8/20. #6 was on there.

  14. ICND-2
    August 23rd, 2014

    Took the test yesterday and passed.
    #2 was on the test.

  15. Newly
    August 27th, 2014

    ohhh my my, I’m so happy, passed with 986/1000 about an hour ago, thank you so much 9tut for the help, I will definitely make the donation.

  16. asen
    September 12th, 2014

    thanks 9tut

  17. Georges
    September 27th, 2014

    took the exam today and pass with 907. Question 1, 5 and 6 were on there, the others werent. location United States Florida.

    Thanks 9tut

  18. Georges
    September 27th, 2014

    ICND 2

  19. N8
    September 30th, 2014

    Took ICND2 today 986/100. 1, 2, & 5 were on there. Thanks 9TUT

  20. Uamir
    October 14th, 2014

    can anyone tell me that How Many Labs In Icnd2 Exam?

  21. Potato
    October 26th, 2014

    Can anybody clear up Q1? All four answers are valid according to the Cisco site…. In the dumps Ive seen either network monitoring or security analysis are NOT correct, however both are listed as a benefit on the cisco site.

  22. Dustin
    November 1st, 2014

    The Cisco Press books and the CBT Nugget videos describe how to use the ‘ip flow ingress/egress’ and the ‘ip flow-export’ commands.

    Yet these test questions are on the ‘flow monitor’ commands.

    Why do each cover different commands? :-/

  23. question on the password again
    November 2nd, 2014

    q1according to the explanation, all four choices should be correct. why wan’t B network planning considered with it can be used to do this

  24. Batman
    November 5th, 2014

    Netflow is discussed in Chapter 19 of Wendell-Odom.

  25. Joker
    November 18th, 2014

    took ICND2 today, 1000/1000. Q6 I had different answers. I did some vce’s where the answer was already different (number of devices vs port availability). I didn’t agree with either. So I picked A,B and E (SNMP Version).

  26. Batman
    November 25th, 2014

    How do we get the new question added?

    What are three values that must be the same within a sequence of packets for Netflow to consider them a network flow? (Choose three.)
    A. source IP address
    B. source MAC address
    C. egress interface
    D. ingress interface
    E. destination IP address
    F. IP next-hop
    Ans:- A,D,E

    Reference: http://en.wikipedia.org/wiki/NetFlow

  27. SkinniePhatDude
    December 3rd, 2014

    Is the answer to question 6 correct? I have a dump that says D (Port availability) is the correct answer and not C (number of devices exporting Netflow data). However, both answers seem correct. What does the official ICND2 exam say?

  28. Jay Jay
    December 10th, 2014

    ciscovce.com is a scam. They are thiefs. Do NOT buy there. They provided old versions of the exams.

  29. Anonymous
    December 10th, 2014

    Following on from Batman: Note that the Egress interface, IP Nexthop or BGP Nexthops are not part of the key, and may not be accurate if the route changes before the expiration of the flow, or if load-balancing is done per-packet.

  30. Jay Jay
    December 11th, 2014

    I would like to apologize with ciscovce.com. They are not a scam or thiefs. I was just angry.
    They contacted me stating that they had a rollback problem on their servers and the 200-101 information for ICND2 was somehow lost. They are currently working on this and will have a resolution tomorrow Friday. They apologized for the inconvenience and provided a full refund of my money.

    Great guys, just try to contact them before purchasing to make sure they have what you want.
    Excellent service and the info was great, it’s just it was the old ICND2 information which is was not valid for me, but they promised they will resolve it tomorrow.

  31. Jp
    December 21st, 2014

    Q3 and Q6 in my exam today…passed it!

  32. surfsup
    January 24th, 2015

    Q 6????? a b d!!! or a b c??? debra is a b d.

  33. Lisa
    January 30th, 2015

    2, 6 and 7 was there…..passed today with a 947

  34. Essam Ahmad
    March 3rd, 2015

    I think the correct answer of Q1 is: A B C

    Who agree with me?

  35. BAMS
    March 5th, 2015

    Q3 today

  36. Jose F
    March 10th, 2015

    Q1 must be missing information. It does not make sense since all the answers are correct.

  37. barney
    March 20th, 2015

    passed on 3/13. questions 3 and 4 on there. tks 9tut

  38. S
    March 21st, 2015

    6 was there today

  39. Shafiq
    April 29th, 2015

    Passed today, Q5 & 6 was there

  40. Khan
    May 1st, 2015

    I wrote my ICND2 exam yesterday & all questions (Q1 to 7) were there.

  41. Marco
    May 13th, 2015

    I got Q3 and Q4 today.
    Thanks 9tut.

  42. ttn
    May 16th, 2015

    Q3,Q4
    exam time was 75min, I thought it was 90 when I test ICND1.

  43. mboya
    June 6th, 2015

    hi my good people kindly send me the latest dumps please please gmboya12@yahoo.com

  44. Grisha82
    June 22nd, 2015

    Got Q5 today in Moscow. Passed 841 from 825 🙂

  45. Anonymous
    June 26th, 2015

    guys download free dumps with nuggets from this following link
    wurl. cc/dumps

  46. anon
    June 29th, 2015

    Can anyone clarify question 1 answer?

  47. anon
    July 1st, 2015

    Where in CBT or Wendell is the information to answer question 3. I dont see information on flow monitor anywhere?

  48. Anne Normous
    July 1st, 2015

    Just took the test today – 980/1000 Questions 1 and 2 were from this page. Thanks 9tuts! Also got Frame Relay, EIGRP and OSPF labs- a lot of OSPF & quite a few EIGRP questions!

  49. mike
    July 7th, 2015

    took the exam 895/1000 question 3, 4 was there. thanks 9tuts

  50. 9tut
    July 13th, 2015

    @all: We had to move all the questions and answers out of 9tut. We can only keep the explanation. You can download the questions and answers at: https://mega.co.nz/#!oIdESYbD!yyu33vygrfKPy4rcmcbV6qW2fxINNoTokuDM3CjA_og

  51. Abdul
    August 10th, 2015

    are the questions still relevant?

  52. mikis
    August 17th, 2015

    why i can’t see questions 6 & 7 ?

  53. Sasha(Russia)
    August 18th, 2015

    @Abdul

    I think,yes.

  54. Frodo Baggins
    September 11th, 2015

    https://web.archive.org

    If you all want to see the questions and answers at the same time use the “way back machine”.

    Just make sure the date is before July 1st 2015.

  55. joe blow
    October 8th, 2015

    where icnd2 questions and answers?

  56. stivostine
    March 3rd, 2016

    @ Joe blow : see post 13th july 2015

    For Q1 : Network Planning – NetFlow can be used : it is not written enables, identifies or provides….only “can be used” so its just an “option” but not a real benefit or purpose of the tool.

  57. Melly
    May 13th, 2016

    This post has helped me think things thorguh

  58. Jones
    July 4th, 2016

    Yes, Q1 all answers are correct! As long as you know that, don’t worry.

  59. Ieat Itnoobs
    July 7th, 2016

    Q1, I think the answer is B,C and D. 9tut can you please clarify?

    I agree that AK is correct ‘For question 1: “A. Network, Application & User Monitoring” is not correct, the reason is that it uses “&User Monitoring”, which is not part of the benefits of netflow.’

  60. Another Jones
    July 18th, 2016

    So do we all agree that all answers for Q1 are correct and maybe the question is not correct?

  61. Suntzu @Another Jones
    August 7th, 2016

    No. The reason why it is written like that is so it doesn’t have to be written out several times.
    The benefits are as listed from that one selection A”

    Network Monitoring
    Application Monitoring
    User Monitoring
    ^The above is the same as writing it as Network, Application & User Monitoring.

    The “&” is actually AND. It was just written wrong.

  62. Beready
    September 22nd, 2016

    Taking the test in 2 days! Have been studying non stop. Can anyone please send icnd2 dump vce to bronsonforce at gmail .com?

  63. abbey
    January 9th, 2017

    Suntzu is right and B cannot be part of the answer. so, A,C, & D are right.