ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 350-701 All Questions

View all questions & answers for the 350-701 exam
Go to Exam

Exam 350-701 topic 1 question 141 discussion

Actual exam question from Cisco's 350-701
Question #: 141
Topic #: 1
[All 350-701 Questions]

An engineer is configuring their router to send NetfFow data to Stealthwatch which has an IP address of 1.1.1.1 using the flow record Stealthwatch406143794 command. Which additional command is required to complete the flow record?

  • A. cache timeout active 60
  • B. destination 1.1.1.1
  • C. match ipv4 ttl
  • D. transport udp 2055
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Smileebloke at April 25, 2022, 9:20 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
psuoh
10 months, 1 week ago
Selected Answer: C
https://www.networkingwithehsan.com/cisco-stealthwatch-netflow-configuration https://i.imgur.com/xKO1BYq.png FLOW RECORD command allows MATCH https://i.imgur.com/eCXKsRm.png
upvoted 2 times
...
nomanlands
1 year, 4 months ago
Selected Answer: C
May have a mistype in the answer but flow records are made of match and collect commands
upvoted 3 times
NikoNiko
1 year, 4 months ago
Example shows how to configure version 9 export for Flexible NetFlow. ! flow exporter EXPORTER-1 destination 172.16.10.2 export-protocol netflow-v9 transport udp 90 exit ! flow record v4_r1 match ipv4 tos match ipv4 protocol match ipv4 source address match ipv4 destination address match transport source-port match transport destination-port collect counter bytes long collect counter packets long ! flow monitor FLOW-MONITOR-1 record v4_r1 exporter EXPORTER-1 ! ip cef ! interface GigabitEthernet 0/0/0 ip address 172.16.6.2 255.255.255.0 ip flow monitor FLOW-MONITOR-1 input https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fnetflow/configuration/15-mt/fnf-15-mt-book/fnf-v9-export.html
upvoted 3 times
NikoNiko
1 year, 4 months ago
So C is correct: match ipv4 ttl Exporter = specifications of NetFlow protocol parameters and dest. IP of Collector. Record = specifications of information that NetFlow gathers, such as packets in the flow and the types of counters gathered per flow. “match” and “collect” commands tell which fields to include in the outgoing NetFlow PDU. “match” = key fields used to determine the uniqueness of the flow. “collect” = extra fields to include for more detail to the collector for reporting and analysis. Monitor = pairs Record with Exporter and is applied to network interface from which we want to collect NetFlow statistics & data. https://www.cisco.com/c/dam/en/us/td/docs/security/stealthwatch/netflow/Cisco_NetFlow_Configuration.pdf
upvoted 2 times
...
...
...
otzu1
1 year, 6 months ago
is ttl a legit parameter tho?
upvoted 1 times
NikoNiko
1 year, 4 months ago
yes, it is valid sw3X50(config)# flow record LANCOPE1 sw3X50(config-flow-record)# description NetFlow record for StealthWatch sw3X50(config-flow-record)# match datalink mac source address input sw3X50(config-flow-record)# match datalink mac destination address input sw3X50(config-flow-record)# match ipv4 ttl https://www.cisco.com/c/dam/en/us/td/docs/security/stealthwatch/netflow/Cisco_NetFlow_Configuration.pdf
upvoted 2 times
...
...
Smileebloke
1 year, 7 months ago
B Once the Flow Record has been created you would tie it to a Flow Exporter. Flow Exporter configuration defines the physical or virtual Flow Collector IP Address to which NetFlow data is sent. It also defines the source interface from which the Flow Exporter device will send NetFlow data, this can be a physical or logical address; it is also worth considering using a Loopback interface to source NetFlow data from as a Loopback typically will remain up even when other interfaces fail therefore enabling continuous transport (where routing permits) This is also where the transport protocol (TCP or UDP) and destination port is defined; the destination port is specific to the NetFlow Collector and in this case refers to the port used by the Stealthwatch Flow Collector. To define a Flow Exporter, follow these steps: flow exporter Stealthwatch_Exporter description Stealthwatch Export to Flow Collector destination [Collector_IP_Address] source [Physical_Interface | Logical_Interface] transport udp 2055 https://www.cisco.com/c/dam/en/us/td/docs/security/stealthwatch/netflow/config-trouble-netflow-stealth.pdf
upvoted 2 times
Smileebloke
1 year, 7 months ago
Ignore previous comment C: flow record Stealthwatch_FlowRecord description Flow Record for Export to Stealthwatch (optional) match ipv4 source address match ipv4 destination address match ipv4 protocol match ipv4 tos match transport source-port match transport destination-port match interface input match flow direction collect routing next-hop address ipv4 collect ipv4 dscp collect ipv4 ttl minimum collect ipv4 ttl maximum collect transport tcp flags collect interface output collect counter bytes collect counter packets collect timestamp sys-uptime first collect timestamp sys-uptime last
upvoted 5 times
Smileebloke
1 year, 7 months ago
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fnetflow/command/fnf-cr-book/fnf-m1.html#wp8173096590
upvoted 4 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel