Network Monitoring Flashcards
1
Q
Which three of the following actions are native log entry actions?
A
add a tag to the log entry
continue rule processing but do not save
halt further rule processing for the log entry
2
Q
If a NetFlow collector service is showing a “down” status, which two of the following steps are possible troubleshooting options?
A
Confirm the database connection is up and server has free resources.
Start or restart SolarWinds’ NetFlow service from Orion service manager.
3
Q
What is the minimum amount of RAM required for setting up log collection in hybrid cloud observability?
A
16 GB
4
Q
A universal device poller (UDP) was created on the main polling engine to collect CPU temperature for routers polled by the main polling engine and switches polled by the additional polling engine. It
is noted that statistics from the switches are missing. What is the likely cause of the missing statistics?
A
UDPs are tied to polling engine on which they are hosted
5
Q
A probe is to be built to test connections to Office 365 from two different locations. How would this be accomplished?
A
Create two probes and assign each to an agent in each location.
6
Q
Flow data is not generating from a device in the web console. Wireshark was used to confirm the flows are being sent from the device to the poller and not blocked by the firewall. Why is the data
not showing in the web console?
A
missing source address field in flow configurations
7
Q
Which two of the following tasks must be accomplished to monitor servers and connections in a load-balancing environment?
A
add Cisco Nexus device in network health / performance monitoring
enable F5 iControl polling
8
Q
What is a possible result of decreasing the top talking optimization value?
A
increased storage requirement
9
Q
Which two of the following troubleshooting steps can be performed when a node is “up” and the data cannot be found in SolarWinds’ platform web console?
A
Ping the device from the polling engine the device is assigned to using the command line.
Wait ten minutes after a device is added to the console. Refresh the screen.
10
Q
Which tool can be used to display the physical layout of interfaces on graphical stencils?
A
device view
11
Q
Which two of the following best practices are used when creating a universal device poller (UDP)?
A
Consult vendor documentation for OID.
Perform SNMPwalk to determine if OID exists.
12
Q
A poller is to be built that will add two values together to show a single value in the web console using the universal device poller (UDP) tool. How would this be accomplished?
A
build a poller for each OID then use transform results to combine values from the two pollers
13
Q
Which two of the following flow sources are supported by hybrid cloud observability?
A
Cisco
J-Flow
14
Q
Which two of the following statements explain creating alerts for NBAR2 applications?
A
Applications and NBAR2 applications in top applications are sorted by bytes.
It is possible to combine applications and NBAR2 applications.
15
Q
Which port allows log analysis in the SolarWinds platform to accept secure syslog messages?
A
TCP port 6514
16
Q
Which three of the following traffic flow protocols (supported by hybrid cloud observability’s flow monitoring) support flow sampling?
A
Cisco NetFlow
IPFIX
NetFlow Lite
17
Q
Which custom filter allows a user to view specific statistics about an entire network and its devices without having to navigate through the web console by single-device views?
A
flow navigator
18
Q
Which three of the following data points does NetFlow use to confirm traffic is in the same flow?
A
IP address
L3 protocol
port number
19
Q
Which custom poller supports multiple object IDs (OIDs)?
A
universal device poller (UDP)
20
Q
Which custom poller supports interface traffic, UPS battery status, and CPU temperature?
A
universal device poller (UDP)
21
Q
An unknown traffic event is noted in the web console. What is the likely cause?
A
receiving flows from a device not monitored by the network
22
Q
What can be done to show the description of an object ID (OID)?
A
Perform an SNMPwalk on the target device.
23
Q
Which NetFlow component can be applied to an interface to track IPv4 traffic?
A
flow monitor
24
Q
It is noted that the hardware health monitoring for a Cisco switch is generating false positives. It is verified that the alerted hardware issues are not occurring. What is causing the issue?
A
MIB on the device is not the preferred MIB that is being polled.
25
Which SNMP version allows usernames and passwords?
version 3
26
Which port needs to be open in order to analyze flow and monitor CBQoS?
Flow (UDP, 2055), CBQoS (SNMP, 161)
27
If the data collected for hardware health is incorrect, which step could rectify the issue?
Change the MIB tree used for polling.
28
If an IP address group is hidden in IP address groups management, what impact will it have on the data?
group will not be shown in charts or reports
29
In which two of the following cases does duplicate flow data occur?
both IP flow ingress and egress applied for all interfaces
both IP flow ingress and egress applied on one interface
30
Several resources are showing duplicate flow data. What is the most likely cause?
source devices are configured to export flow data on ingress and egress
31
SNMP get type defines the SNMP polling method used by a universal device poller (UDP) to get the device’s object ID (OID) values. Which SNMP get type retrieves values from a particular column?
table
32
It is noted in flow source view that some devices are showing “never received” in the last received flow column. It is verified that the flows are not being blocked by a firewall. What is the likely cause?
a primary field of data is missing and being dropped
33
Which two of the following flow technologies are supported?
J-Flow
sFlow
34
One NetPath probe is showing a “no data found” error, however other probes are returning data without issue. What is the most likely resolution?
delete the probe, reinstall the agent manually, and re-add the probe
35
Which two of the following Windows versions are supported for log collection in hybrid cloud observability?
Windows 10
Windows server 2019
36
From which two of the following locations can the status of the flow collector service be checked?
NetFlow collector services
NetFlow settings
37
Which two of the following processing policies are processed independently and at the same time?
syslog
traps
38
Which tool presents live flow traffic data sourced from / to a main polling engine server, providing basic insight into traffic on the main polling engine?
local NetFlow source
39
Which method is used to add new UPS battery status statistics onto an existing node that does not have the default value polled?
define custom statistic with universal device poller (UnDP)
40
SNMP traps are being received from several devices. While most of the traps are normal, traps from one of the devices contain fields that are unreadable. The device is not being monitored in any other way. Which two of the following points should be checked?
Verify the device supports SNMP and is added as a node.
Verify the device’s MIB file is in SolarWinds’ MIB database.
41
What is the unit of data used for alerting on flows?
bPs
42
On a single node, one or more interfaces are showing an “unknown” status. What is the best way to resolve the issue?
Delete and re-add the affected interfaces.
43
What is the correct sequence of steps to create a device studio poller?
Select the technology, specify the data source, save the poller, and assign the poller to node.
44
Network wide node and interface changes were recently made to several fields including names and IP addresses on nodes, captions, and aliases for their interfaces. Those changes are not updated in the hybrid cloud observability web console, even if a new polling is forced. What should be done to resolve the issue?
Run a rediscovery on both nodes and interfaces to refresh the data.
45
Which additional polling method is needed after adding Cisco ASA and Cisco Nexus for SNMP monitoring?
CLI
46
A universal device poller (UDP) is being built for a metric to monitor in a radial gauge of a web console. When a gauge resource in the poller is to be selected, it is found that the resource is grayed out. What could be causing this?
object ID (OID) polled does not support radial gauge.
47
Event logs are to be collected from Windows servers in order to be analyzed in hybrid cloud observability. Which two of the following actions must be taken in order to accomplish this ask?
configure server to send logs to another server running the platform
deploy and configure the platform agent to collect the logs
48
Which statement depicts the relationship between device studio pollers’ supported technologies and universal device pollers’ (UDPs) supported technologies?
UDPs can poll for hardware status of SNMP enabled devices, device studio pollers cannot
49
A NetPath probe is to be built to monitor the paths between two sites. No Windows servers are available to run the agent. Which two of the following options can be used to set up the probe?
Install the agent on a Windows 10 computer.
Run the probe from the hybrid cloud observability (HCO) server.
50
A universal device poller (UDP) and a transformer are built to display a transform value for a node’s CPU temperature, however the value is not transformed as displayed on the web console. Which two of the following reasons could have caused the issue?
custom poller used for transformation is not assigned to same node
custom poller and transformer are not using same polling interval
51
Which three of the following switch port report errors can cause a duplex mismatch?
CRC
> 0.5% receive
late collision
52
In device studio, which three of the following technologies are supported for custom polling?
multi-CPU / memory
node details
single CPU / memory
53
Which two of the following technologies are used when building device studio pollers?
machine type for node details widget
power supply status for vital statistics view
54
A new node has been added to hybrid cloud observability; however, certain data being polled on similar devices is not being polled on the new node. How can this be resolved?
assign existing universal device poller (UDP) to new node
55
Which three of the following setting can be used to customize the thresholds for an object in SolarWinds’ platform?
X concurrent polls
X consecutive polls
X of Y polls
56
Upon examining bandwidth utilization, it is confirmed that the total utilization and flow numbers do not match. What is the likely cause?
flows do not contain all traffic in bandwidth numbers
57
What network capacity planning method is suitable for important devices and connections?
peak calculation
58
A device studio poller is being built for the node details widget. The plan is to add a field for serial numbers. How would this be accomplished?
Create a serial number universal device poller (UDP) and link to the node details widget.
59
A node is being polled. The only data visible is response time and packet loss. Detailed statistics are needed. How should this issue be resolved?
switch polling method from ICMP to SNMP
60
Which tool in the web console will verify the object ID (OID) being used is a match for the node being created for a custom poller?
MIB browser
61
The below error message is received.
NetFlow Receiver Service [SERVERNAME] is receiving a NetFlow data stream from an unmanaged device (x.x.x.x). The NetFlow data stream from x.x.x.x will be discarded
How should this error be resolved?
change the IP address on the node or enable “allow matching nodes by another IP”
62
Which three of the following are effects of enabling the “resolve IPv4 and IPv6 addresses to DNS hostname” option and disabling the “resolve and store IPv4 hostname immediately when a flow record is received” option?
amount of database memory used to store DNS information is reduced
DNS names will not be displayed on top domain resources/reports
number of reads/writes on SQL server linked to name resolution is reduced
63
Which statement related to flow alerts is true?
based on custom SQL query
64
A custom application is to be monitored in hybrid cloud observability’s flow monitoring features. How is this application added for monitoring?
Add the source or destination machine, then map it to application ports.
65
A device studio poller is being built for node detail information. For the values supported, it has been decided to enter textual values instead of object IDs (OIDs). Which statements is true?
If the textual value changes on the node, the poller must be manually updated.
66
Which two of the following points can be checked when the node status is “unknown”?
ping response
polling method
67
NetFlow and CBQoS monitoring can be disabled through web console settings. If NetFlow monitoring is disabled for a node or interface, the data collection is stopped. Which two of the following statements are true regarding disabling NetFlow monitoring?
enabling and disabling flow collection can result in gaps within NTA graphs
historical data is retained within the database
68
A node has been added to hybrid cloud observability and shows an “unknown” status until the data is polled. The default interval for polling status is two minutes. If the node stays in the “unknown” status longer than the polling interval, which three of the following steps can be performed to resolve the issue?
Ping device from assigned polling engine.
Verify the appropriate polling method is set for this node.
Verify a ping response for this node is received through the ICMP.
69
Which Cisco IOS feature is enabled to pinpoint an application causing slow network performance?
NetFlow
70
The status of the parent node of several interfaces is showing red. It is determined that several operationally down and administratively shutdown interfaces are included for monitoring of the parent node.
Which menu in the node details summary page of SolarWinds’ platform allows users to remove interfaces that are operationally down and administratively shutdown?
list resources
71
Which status rollup mode displays groups defined as collections of redundant or backup devices?
show best
72
Which three of the following data points directly affect the precision of capacity forecasting?
amount of historical data used
exhaustion calculation method
polling interval
73
Which two of the following requirements apply to network capacity planning?
Enough historical data is available for the last 7 days.
Nodes, interfaces, and volumes must be managed in HCO.
74
Which two of the following tools are available for troubleshooting network node connectivity issues?
MIB browser
NetPath
75
The web console is showing the status of a network router as “down”, however the node is up and running. Which two of the following causes could be creating the issue?
ICMP is blocked between the device and the polling engine
SNMP is blocked between the device and the polling engine
76
How is HA mode monitored and configured for site-to-site VPN tunnels within a Cisco ASA firewall?
SNMP > CLI Polling
77
Which two of the following technologies does device studio support?
multi-CPU and memory
node details
78
Which two of the following requirements must be met to detect duplex mismatches?
nodes must be in “up” status
nodes must be monitored
79
A router has been added for health and performance monitoring in hybrid cloud observability, however default SNMP polling data is not visible. Additional network devices have been added and SNMP metrics for those devices are now visible. How should this issue be resolved?
Perform an SNMP walk and add the devices MIB file to SolarWinds’ MIB database.
80
To which port does log analyzer forward secure syslog when a log forwarding custom rule action is set to TCP?
6514
81
Which switch model is supported in network insight?
Cisco Nexus
82
Which three of the following devices are supported on SolarWinds’ hybrid cloud observability IP flow monitor?
IPFIX
J-Flow
sFlow
83
When creating a new rule action, what is the best option to enable if too many events trigger the rule within a short time?
flood protection
84
What is the maximum number of resources that can be displayed in flow charts created by SolarWinds’ platform views?
100
85
When a parent object goes down or becomes unresponsive, all interfaces on the switch will also be unresponsive. Though they may be working, “unreachable” status is used because the parent node
reports as “down” and a status cannot be determined. Any alerts where the trigger condition includes node status equal to “down” are not triggered. In which section of SolarWinds’ platform can an administrator configure the status of child objects as “unreachable” instead of “down” or “unknown”?
manage dependencies
86
Flow traffic in the web console is reviewed and it is noted that there is unclassified traffic. Which two of the following reasons are possible causes for the issue?
The flows from the device are generated by an application not mapped in hybrid cloud observability (HCO).
The flows from the device are generated by an application using a different port than what is mapped in HCO.
87
If an SNMP community string is changed on a device, which two of the following steps are required to re-establish successful polling on the node?
Edit the node properties and save the changes.
Update the community string in node properties.
88
NetPath can be used to diagnose a slow connection caused by an internal network. Details shown on the dashboard will be needed to help diagnose the problem. Which three of the following data points should be considered as possible causes?
Date, time, and duration of performance issue.
IP addresses of the nodes in question.
Latency and packet loss information.
89
Which three of the following flow protocols does hybrid cloud observability support?
J-Flow
NetFlow v9
sFlow
90
Which option is available when choosing the collect Windows events without an agent so that Windows event logs can be recognized?
Convert Windows events to syslog with SolarWinds event log forwarder.
91
Through which means does NetFlow traffic analysis (NTA) process flow data?
collector
92
Which two of the following advantages apply to choosing to resolve and store IPv4 hostnames immediately when a flow record is received?
domain widgets and reports with DNS names run
flow views and widgets load faster
93
Which two of the following actions can be taken to resolve unknown flow traffic events?
Add the devices and interfaces to SolarWinds’ database.
Ensure flow-enabled devices send data to appropriate port.
94
Which application classification system is used with deep packet inspection technologies to provide better visibility into network traffic and is a mechanism used by certain Cisco routers/switches to recognize dataflow by inspecting some of the packets sent?
NBAR2 applications
95
What can be done to display the average CPU utilization of a node in a web console widget, if the device studio poller returns a table of multi-core CPU utilizations?
Select the add calculated value option and use the average function for returned values.
96
A network router node using ICMP polling has a green status icon and shows basic information (i.e., status) but is not showing more detailed statistics. What might resolve this issue?
Switch polling to SNMP to gather additional polling statistics.
97
Some of the flows received are mapping to an IP address that does not match any of the nodes being monitored. It has been verified that all flow sources are also being monitored by NPM and SNMP polling. The known source nodes for these flows have the correct IP address. What could be causing this issue?
flows are coming from a non-primary address and the setting to match the node by another IP is turned off
98
After creating a new device studio poller that appears to be returning values on a test device, it is then applied to additional nodes. One of these new devices is not returning the statistics of the test node. Which two of the following reasons might be the cause of the issue?
devices have different firmware versions
object IDs (OIDs) are not supported
99
Probing interval determines how often and how long information is polled from the network path. Which two of the following statements are true regarding probing intervals?
probing less frequently allows the data to update more slowly and increases data accuracy
probing more frequently allows the data to update faster but decreases data accuracy
100
How does data collection with a flow collector differ from data collection with a polling engine?
source devices must be configured to send their data to a flow collector
101
A network discovery profile for a network area completes with most devices discovered, except for a few SNMP enabled network devices. These undiscovered devices are verified to be operational and respond to SNMP queries. What could be the cause?
SNMP community strings in profile are invalid
102
Which two of the following statistics are available for network capacity planning?
memory usage data on nodes
receive utilization on interfaces
103
The unclassified traffic in the web console has been identified as MSSQL traffic. It is known as an application mapping that hybrid cloud observability maps by default. Which two of the following reasons explain why the traffic is showing as unclassified?
A different port is being used.
The source or the destination port field is not present.
104
In live mode, how frequently is log viewer data automatically refreshed?
10 seconds
105
Which statement is true regarding universal device pollers (UDP)?
perform operations / transformations on polled data
106
A “no data” message is displayed in NetFlow charts. How can this be resolved?
Confirm account has viewing permissions.
107
Which two of the following standards does hybrid cloud observability use to capture flow data and CBQoS data?
IPFix
NetFlow
108
Which tool is used to establish flow alerts?
create a flow alert panel
109
In setting up a storage and search retention period for log analyzer, what is the default retention period?
7 days
110
A brocade G620 switch is not able to poll for hardware health statistics after adding a node using SNMPv3 as the polling method.
Why are hardware health statistics not showing in the node details summary page?
switch is not supported for collection
111
A problem occurred on the main polling engine and the server fails. It is noted that statistics for the networking devices polled by a universal device poller (UDP) custom monitor are missing. Which two of the following reasons are possible causes of this event?
data collection for any UDPs stops on the server
UDPs are tied to the polling engine on which they are hosted
112
Which three of the following technologies are supported to create device studio pollers?
multi-CPU / memory
node details
single CPU / memory
113
Which additional polling method is needed after adding an F5 load balancing node for SNMP monitoring?
iControl
114
Which two of the following functions are tied to SolarWinds’ MIB database?
SolarWinds’ MIB database defines what kind of pollers can be built for the metric.
SolarWinds’ MIB database maps object IDs (OIDs) to their textual names.
115
Which custom poller can display the poller results as a chart, gauge, or table?
universal device poller (UnDP)
116
In customizing the flow direction of SolarWinds’ platform views, which statement is true?
Both ingress and egress views are available for the current session only.
117
Which two of the following actions are recommended for more precise forecasting of capacity trends on critical devices?
More historical data used in calculations.
Set calculation methods to use average daily values.
118
What is the default amount of historical data needed for calculating capacity forecast?
7 to 180 day
119
Upon logging into the web console to check node statuses, it is noted that several nodes display a “down” status when they are up and running. Which two of the following situations are the likely causes of this issue?
ICMP blocked from polling engine to target node
nodes using incorrect SNMP credentials
120
Which two of the following components are required to successfully create a NetPath probe?
connection port
Windows agent
121
In device studio, the test node being built for a new custom poller is returning four usage values for the CPU (one for each CPU core). If the goal is to have one value for the entire CPU, how can that be accomplished?
create a new calculated value to average the four individual values
122
Which two of the following locations can hardware health be enabled?
list resources
123
What is needed to edit trigger conditions in flow alerts?
SWQL
124
What is the most efficient way to create a custom NetFlow view to access at a later time?
Create the view from flow navigator and save to the menu bar.
125
Which two of the following actions can be taken to resolve duplicate flows?
Enable the flow de-duplication feature.
Ensure NetFlow is enabled for ingress interfaces.
126
Which two of the following services can be monitored in network insight with network health, performance monitor, and NCM features installed in hybrid cloud observability?
global protect VPN
high availability details
127
It is taking longer than normal for a single mission critical node to poll for data. Where would the polling interval for the node be changed?
Node Details Summary > Edit Node > Polling
128
A node is not able to calculate CPU load threshold. Where in SolarWinds’ platform can a user confirm CPU load is included in the node status calculation?
node status contributors
129
Which two of the following locations can be checked for network hardware health functionality?
node properties
list resources
130
The fan of a network device has failed; however, the status shows as “up” on the current hardware health resource in the node details view. Which two of the following causes could be creating the issue?
resource is showing outdated information
wrong MIB being used for polling
131
How is an object ID (OID) verified as included in SolarWinds’ MIB database and polled on a device?
verify the OID using the MIB browser
132
A device studio poller is being built for a router statistic. It is determined that its object ID (OID) does not exist in SolarWinds’ MIB database. What is the best workaround for this situation?
select manually define object identifier and specify SNMP
133
On which two of the following occasions do custom pollers need to be created?
monitor special equipment
monitor specific metric that is not out-of-the-box
134
Which two of the following data sources can be used for polling devices in device studio?
calculated result from transformation of polled values
polled value by a device on an object ID (OID)
135
Which SNMP version will support MD5, SHA1, SHA256, and SHA512 authentication in SolarWinds’ platform?
version 3
136
How are additional collection ports added?
separate listed ports with a comma in the NetFlow collector services widget
137
Which two of the following effects would apply to a situation where a NetPath probe polling interval is increased to 15 minutes from the default value of 10 minutes?
accuracy is decreased
probe is more likely to show all routes
138
An agent is deployed to the Windows server in order to monitor logs, however logs are not coming in from the related agent. It is confirmed that the agent software is deployed and installed on the
target machine. What additional setting needs to be checked?
correct rule to read logs is configured
139
Which two of the following requirements are needed to set up network devices and export NetFlow data?
Each device that exports NetFlow data to SolarWinds’ NTA must be monitored in NPM.
The interface through which a device exports NetFlow data must be monitored in NPM.
140
When attempting to add universal device poller (UDP) results to a new chart widget, none of the custom poller results are displayed. If the web console switches to another view, the data appears in the chart. What is the most likely resolution?
UDP application under web display, chart box must be checked for each view to be used
141
An existing NetPath probe is examined, and it is noted that the thickness of connection lines is different on various routes between devices. What does this indicate?
The thicker line indicates the more likely path of traffic from source to destination.
142
In which scenario would the device studio poller tool be considered the best tool for building a required poller?
Building a poller to add missing information to node details.
143
What is required to submit an MIB database update request to SolarWinds?
SNMP or MIB walk from the device
144
Which three of the following steps should be taken to troubleshoot a ‘test failed’ result for SNMP nodes in hybrid cloud observability?
Add remote site node and confirm firewall rules are configured to allow SNMP traffic.
Verify the node can be pinged from the application server.
Verify the SNMP service on the node has been restarted after changing the community string.
145
Which two of the following reasons should NetFlow data be collected on a company network?
diagnose slow network performance
identify applications causing congestion
146
Which two of the following reasons explain why device MIB files are important for SNMP polling in hybrid cloud observability?
MIB files contain all metrics available for polling on the device.
MIB files enable hybrid cloud observability to display the metric in a user-friendly format.
147
Which two of the following requirements are needed to monitor an application on a server?
Add application and ports using server as source and destination IP addresses.
Find the application to monitor in the list of available applications and enable it.
148
Which two of the following authentication methods are supported when configuring a database log collection in hybrid cloud observability?
Kerberos
Windows
149
To drill down into a log summary for a specific node, where in SolarWinds’ platform can a user view these logs?
Node Details Summary > Management > Analyze Logs
150
On which two of the following port does log analyzer listen for TCP syslog messages?
514
1468
151
The status of the interfaces for a network switch shows as “unknown” in SolarWinds’ platform web console, although the node status is “up”. What could be the reason?
interface details have changed on the device
