I think it would be A, i believe this is referring to the netflow template format which has a field for source interface. Not to be confused with the output from "show ip cache flow" on a device.
I found this link to be helpful, based on the information it would seem C is correct.
https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-netflow/prod_white_paper0900aecd80406232.html
So I would suppose that "information provided for traceback analysis" means netflow export data, not the output of the "show ip cache flow" (wich is a traceback analysis of the raw netflow data that the router itself generates). Is this right ?
Packet size distribution and IP sub flow cache are visible in the show ip cache flow output, generated by the router, based on netflow data and they should not be part of the netflow export data. BGP version is not used in netflow export, but source interface it is.
I would go with answer A
The IP sub flow cache is a feature in Cisco IOS that allows you to store additional information about IP flows. The IP sub flow cache is a separate cache from the main NetFlow cache. This means that the IP sub flow cache can store information about flows that are not being exported using NetFlow.
The IP sub flow cache can be enabled on a per-interface basis. To enable the IP sub flow cache on an interface, you can use the following command:
ip flow-cache sub on
I'm voting for A based on this paragraph from Cisco. It specifically talks about tracing the source of an attack and using NetFlow to know the source interface. Keywords are in all caps.
"The originator of DoS attacks cannot be easily identified because the IP source address of the device sending the traffic is usually forged. However, you can easily TRACE the traffic BACK through the network to the router on which it is arriving by using the NetFlow Layer 2 and Security Monitoring Exports feature to capture the MAC address and VLAN-ID fields. If the router on which traffic is arriving supports NetFlow, you can configure the NetFlow Layer 2 and Security Monitoring Exports feature on it to identify the INTERFACE on which the traffic is ARRIVING."
https://www.cisco.com/en/US/docs/ios-xml/ios/netflow/configuration/15-2s/nf-detct-analy-thrts.html
Based on the following link https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/netflow/configuration/15-mt/nf-15-mt-book/get-start-cfg-nflow.html.
I would the answer should be C
I think it C is correct because of A,B,D are not applicable for the question.
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.350-501 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
KNOPPER
Highly Voted 4 years, 6 months agoEdgardoAC
4 years, 6 months agorans3001
Highly Voted 3 years, 9 months agochst
3 years, 1 month agoLandawap
Most Recent 7 months agokaren1337
7 months agoariasse
1 year, 2 months agoMubdir
1 year, 4 months agoces123ces
2 years, 6 months agolasalsa
3 years, 8 months agoTHU
4 years, 5 months ago