Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertifications200-301DomainsNetwork Services and Security
200-30120% of examFree — No Signup

Network Services and Security

Practice 200-301 Network Services and Security questions with full explanations on every answer.

Exam weight20% of 200-301
460questions

Start practicing

Network Services and Security — choose a session length

10 questions~10 min20 questions~20 min30 questions~30 min50 questions~50 min

Free · No account required

200-301 Domains

Network Infrastructure and ConnectivitySwitching and Network AccessIP RoutingNetwork Services and SecurityAI and Network Operations

Practice Network Services and Security questions

10Q20Q30Q50Q

200-301 Network Services and Security questions (showing 300 of 460)

Start session

Click any question to see the full explanation and answer options, or start a focused practice session above.

1

A router interface applies this ACL inbound: 10 deny tcp any any eq 80 20 permit ip any any A user reports that web browsing to a server by IP address fails, but ping works. Which statement best explains the behavior?

2

A switch has DHCP snooping enabled, but users still experience IP-to-MAC spoofing attacks. Which additional feature should be considered to help address that specific problem?

3

What is a key difference between SNMPv3 and earlier SNMP versions?

4

In AAA, what does the second A stand for?

5

Which ACL type can filter using source and destination IP addresses as well as TCP or UDP port numbers?

6

Which wireless security method is considered strongest among these choices for modern enterprise WLAN deployments?

7

Which traffic type is typically most sensitive to delay and jitter and is commonly prioritized with QoS?

8

Why might voice traffic be placed in a priority queue on a WAN link?

9

Which feature helps prevent a rogue DHCP server from handing out addresses on a campus switch network?

10

A network engineer successfully logs in to a router, but cannot enter configuration mode because the command is rejected by policy. Which AAA function is controlling this behavior?

11

Which DHCP message does the client send to formally accept an offered address?

12

Which switch security feature uses DHCP snooping bindings to validate ARP packets and help stop ARP spoofing?

13

An ACL permits only tcp 10.10.10.0/24 host 192.0.2.10 eq 443 and has no other permit entries. What happens to an ICMP echo request from 10.10.10.5 to 192.0.2.10?

14

Which syslog severity is more critical: level 2 or level 5?

15

Users can reach a server by IP address but not by hostname. Which service should be checked first?

16

What problem does DHCP snooping help prevent?

17

A show ip nat translations command displays this entry: Inside global 203.0.113.10:30001 Inside local 192.168.10.25:51514 Outside local 198.51.100.20:443 Outside global 198.51.100.20:443 Which statement is correct?

18

Which port-security violation mode drops frames from unauthorized MAC addresses but keeps the interface up and does not send an SNMP trap or syslog message?

19

Why is SSH preferred over Telnet for remote device administration?

20

In AAA, which function determines what an authenticated user is allowed to do after login?

21

Which protocol is preferred over Telnet for remote CLI management because it encrypts the session?

22

A PC in VLAN 30 must obtain an address from a DHCP server in VLAN 99. Which feature is required on the Layer 3 interface for VLAN 30?

23

Why is Telnet generally discouraged for network device administration?

24

A DHCP server is located on a different VLAN from the clients. Which feature is required so the clients can still receive addresses?

25

As a general rule, where should an extended ACL be placed?

26

A switchport is configured for 802.1X authentication. What is the usual role of the RADIUS server in that design?

27

Why is an extended ACL usually placed close to the source of the traffic being filtered?

28

A client on VLAN 20 must obtain an IPv4 lease from a DHCP server located on VLAN 100. Which feature is required on the Layer 3 interface for VLAN 20?

29

A switch has DHCP snooping enabled and Dynamic ARP Inspection enabled on VLAN 30. A printer with a static IP on VLAN 30 cannot communicate because its ARP packets are being dropped. What is the best fix?

30

Which security concept gives a user only the permissions required to perform assigned tasks and nothing more?

31

Which two statements about NTP are correct? (Choose two.)

32

Which field is modified by each router hop in an IPv4 packet to prevent endless forwarding loops?

33

Dynamic ARP Inspection is most effective at preventing which attack?

34

A packet is larger than the outgoing interface MTU and the DF bit is set in the IPv4 header. What should the router do?

35

A router performing PAT is using a single public IPv4 address for many inside hosts. Which value most often distinguishes one inside flow from another on the same outside address?

36

Why is multifactor authentication generally stronger than password-only access?

37

Which two features commonly strengthen access-switch security for user-facing ports? (Choose two.)

38

A switch port is configured with port security using these commands: switchport port-security switchport port-security maximum 1 switchport port-security violation restrict switchport port-security mac-address sticky A user unplugs a company laptop and connects a different unauthorized device. The interface stays up/up, but the new device has no connectivity. Which statement best explains what happened?

39

A host sends a packet larger than the outgoing interface MTU, and the IPv4 header has the Don't Fragment bit set. What will a router do with the packet?

40

A router is configured as follows: interface g0/1 ip address 172.16.1.1 255.255.255.0 ip helper-address 10.20.20.10 Hosts on 172.16.1.0/24 are not receiving addresses from the DHCP server at 10.20.20.10. The server is reachable by ping from the router. What is the purpose of the ip helper-address command in this scenario?

41

An engineer wants users to get fast link-up on access ports but also wants the switch to disable a port if another switch is connected and sends BPDUs. Which combination of features best meets that requirement?

42

Which two statements accurately describe DNS and DHCP?

43

Users in 10.10.10.0/24 must be prevented from reaching the web server at 172.16.1.10 over HTTP, but all other traffic should be allowed. Which ACL entry should appear first in the ACL?

44

A host at 192.168.50.10/24 needs to send traffic to 192.168.60.20. Which MAC address will it normally place in the Ethernet destination field for the first frame?

45

Refer to the exhibit. Users on the inside network can browse the web, but return traffic is failing for some sessions. A partial configuration shows: interface GigabitEthernet0/0 ip address 192.168.10.1 255.255.255.0 ip nat outside ! interface GigabitEthernet0/1 ip address 203.0.113.10 255.255.255.0 ip nat inside ! ip nat inside source list 1 interface GigabitEthernet0/1 overload access-list 1 permit 192.168.10.0 0.0.0.255 Based on this configuration, which change is required to make PAT work correctly?

46

An administrator wants to permit SSH management access but block Telnet access to a device. Which statement best reflects that design goal?

47

Match each IP service to its primary function.

48

Match each security concept to its most accurate purpose.

49

Which protocol is most directly responsible for keeping device clocks synchronized across a network?

50

A network team wants centralized logging and also wants log timestamps from different devices to line up accurately. Which combination best supports that goal?

51

Users in a branch office can reach internal networks but cannot browse the Internet. The router has a correct default route and PAT is configured. Which missing item is the most likely cause if inside hosts are still using private source addresses on the WAN?

52

Which security concept is most closely associated with ensuring data has not been altered in an unauthorized way?

53

Which two statements accurately describe ACL behavior on Cisco devices?

54

Which two statements accurately describe Syslog in a Cisco network environment?

55

A company wants to reduce the chance that unused switch ports can be exploited. Which action best aligns with that goal?

56

Match each NAT or address-related term to its most accurate description.

57

A switch should disable an edge port immediately if a BPDU is received on it. Which feature is intended for that specific behavior?

58

A router has this command configured: `ip nat inside source static 192.168.1.50 203.0.113.50`. What is the main effect of this configuration?

59

Why is NTP especially valuable when a network uses centralized Syslog servers?

60

A router is performing PAT for inside users. Which detail allows multiple inside sessions to share one public IPv4 address at the same time?

61

Which two actions are reasonable examples of basic device-hardening practice?

62

Which service would a client most directly rely on to convert `server.example.com` into an IP address?

63

Match each service to the kind of problem it most directly helps solve.

64

Match each security term to its most accurate meaning.

65

Which term in the CIA triad refers to ensuring systems and data remain accessible when needed?

66

A host can reach local devices but cannot reach the Internet. The host has a correct IP address and subnet mask, but no default gateway. What is the best explanation?

67

Match each AAA component or related term to its most accurate meaning.

68

Which two statements accurately describe basic WLAN security at the CCNA level?

69

Match each common IP service to its primary purpose.

70

A network administrator wants to secure remote CLI access to a Cisco router, moving beyond simple username/password authentication. Which approach best achieves this goal?

71

Match each security concept to its most accurate role.

72

A company wants a server on the inside network to be reachable consistently from outside using one known public IP address. Which NAT approach best fits that goal?

73

Match each IP service symptom to the most likely service involved.

74

An engineer wants remote administrative access to remain available but also wants session contents protected in transit. Which management choice best supports that goal?

75

A router is configured for PAT using the WAN interface address. Which command element is most directly associated with allowing many internal users to share that single outside address?

76

A host reaches websites by IP address but fails when using hostnames. Which service is the strongest suspect?

77

Match each remote-management concept to its most accurate description.

78

Match each security term to the question it most directly answers.

79

A branch router uses PAT for Internet access. Users can browse out, but the administrator wants a specific internal web server to be reachable from outside on a consistent public address. Which design fits that requirement best?

80

Match each NAT term to its most accurate description.

81

A host receives its IP address automatically but cannot resolve hostnames. Which additional service information is most likely missing from its configuration?

82

Match each security control idea to its most accurate purpose.

83

A router is configured with a static NAT mapping for an internal server. What is the main operational advantage of this design for outside clients?

84

Which two statements accurately describe DNS in normal network operation?

85

A switchport is configured with sticky MAC learning and a maximum secure MAC value of 2. What is the main benefit of sticky learning in this situation?

86

Match each service or protocol to the problem it most directly helps solve.

87

Why is NTP especially useful when devices send logs to a centralized Syslog server?

88

Match each access-control concept to its most accurate meaning.

89

An internal server must always be reachable from outside using the same public IP address. Which translation approach is most appropriate?

90

A small office uses PAT for user Internet access. What mechanism does PAT use to allow many users to share one public address while keeping their sessions distinct?

91

A user can reach a remote web server by IP address but not by hostname. Which service should be checked first?

92

Select the options that correctly pair the security principle or control with its meaning.

93

A company wants internal users to share one public IPv4 address for outbound Internet access, while keeping sessions separate. Which NAT approach best meets that requirement?

94

Match each security-related term to its most accurate meaning.

95

Match each infrastructure service to the operational problem it most directly addresses.

96

A host has a valid IP address and subnet mask from DHCP but cannot reach remote networks because no gateway was provided. What is the best explanation?

97

A router is configured with PAT for inside users. Which symptom most strongly suggests the NAT inside/outside roles are reversed on the interfaces?

98

Why is the combination of strong authentication and centralized logging generally better than using either one alone?

99

A host can reach remote websites by IP address but fails when using their hostnames. Which missing configuration item is the strongest suspect?

100

Which two statements accurately describe DNS in everyday network use?

101

Users on the inside network can browse the web, but the company now needs an internal web server at 192.168.10.50 to be reachable consistently from outside using one public IP address. Which design is most appropriate?

102

A company wants unauthorized devices plugged into unused wall ports to have as little chance of gaining access as possible. Which action most directly supports that goal?

103

Match each basic security term to its most accurate meaning.

104

Match each access-control term to its most accurate meaning.

105

Why is centralized logging especially useful when combined with NTP?

106

Why is administratively shutting down unused switch ports considered a useful hardening practice?

107

Why is DHCP often preferred over manual addressing on larger user networks?

108

If a host has a valid IP address and subnet mask but no default gateway, what is the most likely result?

109

A company wants an internal web server to be reachable consistently from the Internet using one known public IPv4 address. Which NAT approach best fits that requirement?

110

Why is the combination of strong authentication and centralized logging better than either control by itself?

111

Match each management or monitoring concept to its most accurate role.

112

A user reports that websites can be opened by IP address but not by hostname. Which service is the strongest suspect?

113

A branch office uses PAT for user Internet access. The administrator notices that inside users can browse out, but an internal server still cannot be reached consistently from outside. Which change is most appropriate?

114

A host can reach other devices on its local subnet, but it cannot reach remote networks. The host has a valid IP address and subnet mask. Which missing item is the strongest suspect?

115

Why is shutting down unused switch ports considered a useful hardening measure?

116

Which NAT design is most appropriate when many inside users need outbound Internet access through one public IPv4 address, but no inbound server publishing is required?

117

Which two statements accurately describe DHCP?

118

Match each service to the issue it most directly addresses.

119

Match each term to the question it most directly answers.

120

A host receives a correct IP address and subnet mask from DHCP but still cannot reach remote networks. Local subnet communication works. Which missing DHCP option is the strongest suspect?

121

Users on the inside network can browse the Internet through PAT, but an internal web server must now be reachable from outside on a predictable public IP. Which change best fits the requirement?

122

Why is administratively shutting down unused switch ports considered a useful hardening measure?

123

Why does DNS make networks easier for people to use?

124

Why is NTP especially valuable when a company uses a centralized Syslog server?

125

Match each operations or assurance technology to its most accurate purpose.

126

Users in 10.10.10.0/24 must be prevented from reaching the web server at 172.16.1.10 over HTTP, but all other traffic should be allowed. Which ACL entry best matches the requirement?

127

Match each ACL-related term to its most accurate description.

128

A network team wants visibility into which flows are consuming the most bandwidth between internal subnets. Which technology is most directly associated with that goal?

129

Match each security concept to its most accurate meaning.

130

An ACL is intended to block Telnet from 10.1.1.0/24 to router VTY access while still allowing SSH from the same subnet. Which statement best explains why an extended ACL is appropriate here?

131

Match each network-assurance item to its most accurate role.

132

A network administrator wants to receive an immediate notification from a device when a significant event occurs, rather than polling the device repeatedly. Which SNMP feature is most associated with that requirement?

133

A standard ACL and an extended ACL are both available for a design. Which requirement most strongly indicates that an extended ACL is needed?

134

A security policy requires that only one management subnet be able to initiate SSH to a router. Which approach most directly supports that requirement?

135

Why is disabling unused services on network devices considered a sound security practice?

136

An administrator wants to block all Telnet access to a router’s VTY lines and allow only SSH. Which change most directly supports that goal?

137

Match each service to the symptom it most directly relates to when troubleshooting.

138

Match each management-plane security item to its most accurate purpose.

139

An operations team wants a monitoring platform to periodically read interface counters and CPU statistics from routers. Which technology is most closely associated with that requirement?

140

Match each operations term to its most accurate meaning.

141

An administrator wants to allow HTTPS traffic from a source subnet to a server but deny all Telnet traffic from that same subnet to the same server. Which ACL capability is required to express that policy accurately?

142

A router allows SSH management from anywhere on the internal network. A new policy requires that only the management subnet 10.50.50.0/24 be allowed to initiate SSH to the device. Which approach best enforces that requirement?

143

Match each service or visibility technology to the most appropriate use case.

144

A team wants to know which internal hosts are sending the most traffic to a specific data center subnet. Which technology is most directly associated with that visibility goal?

145

An administrator sees high interface utilization through SNMP graphs but wants to identify which conversations are responsible. Which addition best closes that visibility gap?

146

Match each operational symptom to the technology most likely associated with investigating it.

147

Which two statements accurately describe good management-plane security practice on network devices?

148

An administrator wants to prevent a specific subnet from using Telnet to reach network devices, while still allowing SSH from that same subnet. What is the strongest reason a standard ACL is not enough by itself?

149

A security team wants device administrators to log in with individual named accounts instead of sharing one generic admin account. Which security objective does that most directly improve?

150

Match each security control or idea to its most accurate purpose.

151

An administrator wants to prevent users from browsing to one specific web server while still allowing them to reach other web destinations. Which ACL design principle is most important here?

152

Which two statements accurately describe common uses of NTP in network operations?

153

Match each technology to the kind of visibility or function it most directly provides.

154

A monitoring system already collects Syslog and SNMP data. The network team now wants visibility into which applications or host conversations are driving link utilization. What is the strongest addition?

155

Which two statements accurately describe why NetFlow is useful for operations teams?

156

Users can reach an internal server by IP address but not by hostname. What is the most likely cause?

157

A host receives an IP address, subnet mask, default gateway, and DNS server automatically when it joins the network. Which service is most directly responsible for delivering that bundle of settings?

158

Which two statements accurately describe why SSH is preferred over Telnet for device administration?

159

A switch is configured with DHCP snooping and Dynamic ARP Inspection. Hosts suddenly lose connectivity after changing IP settings manually. Which explanation is strongest?

160

An engineer is allowed to log in to a router but cannot enter configuration mode. Which AAA function most directly explains that outcome?

161

Which two statements accurately describe why DNS issues can look like general connectivity problems to users?

162

Match each service to the problem it most directly helps solve.

163

Which two statements accurately describe why logs and accounting records both matter in secure operations?

164

A device administrator can log in securely over SSH, but the organization still insists on restricting source IP ranges and keeping detailed logs. Which statement best explains that decision?

165

Based on the exhibit, which configuration should be added to restore DHCP service for clients in VLAN 30?

166

Based on the exhibit, what is the most likely reason PAT is not working correctly?

167

Match each troubleshooting observation to the most likely primary area to investigate first.

168

Which two statements accurately describe the purpose of least privilege in administration and operations?

169

An administrator needs to configure an ACL to block HTTP traffic from subnet 10.10.10.0/24 to the web server at 172.16.1.10 while permitting all other traffic. Which ACL entry should be placed first?

170

Match each symptom to the first service area most likely involved.

171

Based on the exhibit, what is the strongest explanation for why clients can browse by IP address but not by hostname?

172

Based on the exhibit, why is the ACL not meeting the requirement to block only HTTPS traffic to the server?

173

Which two statements accurately describe the value of source restriction on administrative access?

174

Based on the exhibit, what is the strongest next troubleshooting focus?

175

Which two statements accurately describe why least privilege and source restriction work well together for administrative access?

176

A user can authenticate successfully to a network device but is denied access to certain commands. Which statement best explains the situation?

177

Match each operational tool to the kind of question it most directly helps answer.

178

Based on the exhibit, why is the ACL blocking more traffic than intended?

179

Based on the exhibit, why does the ACL still allow HTTPS traffic from the branch subnet to the server?

180

Match each observation to the service area it most strongly suggests first.

181

Which two statements accurately describe the value of named administrative accounts?

182

Based on the exhibit, why are clients in VLAN 70 failing to resolve hostnames even though they can reach remote IP addresses?

183

Which two statements accurately describe why NTP and Syslog are often configured together?

184

Which two statements accurately describe why source restriction and logging are often used together for administrative access?

185

Match each user or host symptom to the service most directly suggested first.

186

What is the strongest explanation for why hosts in VLAN 40 are receiving addresses from the wrong DHCP scope?

187

Two switches are connected by an 802.1Q trunk. CDP reports a native VLAN mismatch. Which issue is most likely to appear because of this?

188

Match each REST API method to the action it most closely represents in a typical network automation workflow.

189

R1 has the following routes installed: O 10.10.10.0/24 via 192.0.2.2 S 10.10.10.128/25 via 198.51.100.2 S* 0.0.0.0/0 via 203.0.113.1 A packet destined for 10.10.10.200 arrives at R1. Which route is used?

190

A branch router has only one WAN link connected to an Ethernet handoff from the provider. Which static default route is generally the better choice?

191

Match each DHCPv4 message in the DORA process to its role.

192

An engineer successfully authenticates to a controller and receives a token. What is the usual reason for including that token in later API requests?

193

A user reports that their desk port stopped working immediately after they connected a small switch. The interface shows err-disabled, and the log mentions BPDU Guard. What most likely happened?

194

On a user access port, port security is configured with a maximum of 2 MAC addresses and violation mode restrict. A third unauthorized device is connected through a small unmanaged switch. What happens?

195

An ACL entry reads: access-list 25 permit 192.168.8.0 0.0.0.15 Which address range does this statement match?

196

R1 has these static routes configured. When the primary WAN path is up, which route will be installed in the routing table for traffic to 172.16.50.0/24?

197

SW2 receives the following STP details for VLAN 10: The root bridge ID is 32768:0001.0001.0001 (SW1), and SW2's bridge ID is 32768:0002.0002.0002. Its interface Gi0/1 has a path cost of 4 to the root, while Gi0/2 has a path cost of 19. Based on this information, which statement is correct?

198

R1 and R2 should form an OSPF adjacency on their shared GigabitEthernet link, but they remain stuck in EXSTART. What is the most likely cause?

199

R1 learns three OSPF routes to different destinations: O 10.10.10.0/24 O IA 10.20.20.0/24 O E2 10.30.30.0/24 Which statement is correct about these route types?

200

A wireless site reports that users can connect to the SSID, but performance drops sharply around the conference area whenever the room fills up. Based on the exhibit, what is the most likely cause?

201

Based on the JSON snippet below, which statement is correct? { "device": { "hostname": "R1", "interfaces": [ {"name": "Gig0/0", "status": "up"}, {"name": "Gig0/1", "status": "down"} ] } }

202

Hosts on the inside network can reach the internet, but return traffic is failing after a new router was installed. The router's configuration shows that the LAN-facing interface has been configured with 'ip nat outside' and the WAN-facing interface with 'ip nat inside'. What configuration mistake is the most likely cause?

203

An ACL on R1 contains only these entries: access-list 101 permit tcp 10.10.10.0 0.0.0.255 any eq 443 access-list 101 permit icmp any any What happens to an HTTP packet sourced from 10.10.10.25 and destined for 198.51.100.10 if ACL 101 is applied in the traffic path?

204

Which Syslog severity level represents an emergency condition, the most critical level?

205

Match each IP service to the transport protocol and default port it commonly uses in a basic CCNA context.

206

Clients can join the Guest SSID and authenticate successfully, but they never receive an IP address. The DHCP scope for the guest network exists on the server. Based on the exhibit, what is the most likely cause?

207

Users on VLAN 20 are not receiving IPv4 addresses from the centralized DHCP server at 10.50.0.10. Users in other VLANs are working normally. Based on the exhibit, which change should fix the issue for VLAN 20 clients?

208

Two switches are configured to form an EtherChannel, but the bundle never comes up. Which explanation best describes this scenario?

209

Which OSPF neighbor state indicates that the routers have already exchanged full link-state databases?

210

Match each route source to its default administrative distance on a Cisco router.

211

R1 learns the route 192.0.2.0/24 via OSPF, RIP, and a static route configured with an administrative distance of 130. Based on this information, which two statements are correct?

212

Match each management or monitoring technology to its primary purpose.

213

A switch interface connected to a Cisco IP phone with a PC behind it must carry voice and data correctly. Which two switchport commands are appropriate on that access port?

214

An automation script needs to send a bearer token when calling a controller REST API over HTTPS. Where is that token most commonly included?

215

A switch stack is running PVST+. Users on VLAN 40 lose connectivity for roughly 30 seconds every time the uplink on SW2 flaps. Based on the exhibit, which change would most directly improve convergence for this VLAN?

216

Two static routes exist for the 203.0.113.0/24 network: one pointing to ISP-A with an administrative distance of 10, and another pointing to ISP-B with an administrative distance of 5. Packets for that subnet are leaving through ISP-B. What explains this behavior?

217

A controller-based WLAN uses 5 GHz in an open office. Clients keep disconnecting when users roam between APs, but signal strength remains strong. Based on the exhibit, what is the most likely problem?

218

A collector is not receiving flow records from a branch router. Based on the exhibit, what is the most likely issue?

219

A branch router is configured for NAT overload. The inside interface Gi0/0 is correctly marked ip nat inside, and the outside interface Gi0/1 is ip nat outside. The NAT statement uses access-list 1 permit 10.1.1.0 0.0.0.255 with ip nat inside source list 1 interface Gi0/1 overload. Inside hosts are in the 192.168.1.0/24 subnet and still reach the ISP with their private addresses. What is the most likely reason?

220

Which two statements about standard and extended IPv4 ACLs are correct?

221

Clients on a network can browse the internet by IP address but fail when using hostnames. What is the most likely problem?

222

A switch should automatically disable any access port that receives a BPDU from an attached device. Which feature directly provides that behavior?

223

A network administrator is configuring a Layer 2 EtherChannel between two switches. Switch A uses 'channel-group 1 mode active', and Switch B uses 'channel-group 1 mode desirable'. All member interfaces are trunk ports with identical allowed VLANs. The EtherChannel fails to form. What is the most likely cause?

224

A network team wants all devices to timestamp logs consistently so event correlation works across routers, switches, and firewalls. Which service should they configure first?

225

Match each security concept to its description.

226

An engineer applies this command on an access interface connected to a user PC: switchport port-security violation restrict. What happens if a second unauthorized MAC address appears on the port?

227

Match each HTTP method to its common REST API action.

228

R1 receives an OSPF route to 10.55.0.0/16 and already has a static route to 10.55.10.0/24. Which route will be used for traffic sent to 10.55.10.25?

229

Which STP role identifies the port on a non-root switch that has the best path back to the root bridge?

230

Users on a new access switch can reach devices in their own VLAN but cannot reach the default gateway on the distribution switch. Based on the exhibit, what is the most likely cause?

231

PCs in VLAN 40 are not receiving addresses from the centralized DHCP server at 172.16.1.10. What should be configured on the VLAN 40 default gateway interface?

232

An administrator wants an access-layer interface to shut down immediately if another switch is connected accidentally. Which feature best meets that requirement?

233

An engineer configures NAT overload on a router for inside users. Which resource is primarily used to let many internal hosts share one public IPv4 address?

234

A network team wants routers and switches to have consistent timestamps in logs so event correlation is accurate during an outage. Which service should they verify first?

235

Exhibit: A standard ACL meant to block host 10.10.10.50 from reaching any remote network was applied inbound on the branch router's LAN interface, but users report that all local traffic from that host is now blocked. What is the better placement?

236

Exhibit: A client can ping 8.8.8.8 but cannot browse to www.example.com. Which service is most likely failing?

237

An administrator wants to permit HTTP and HTTPS from 10.1.10.0/24 to a web server at 198.51.100.20 and deny everything else from that subnet. Which ACL type is required?

238

Exhibit: Users report no internet access after PAT was configured. The inside and outside interfaces are marked correctly. Which missing configuration is the most likely cause?

239

Exhibit: A collector is receiving traffic metadata from a router, including source IP, destination IP, protocol, and byte counts. Which feature is being used?

240

A user types www.example.com into a browser. Which service is used first to resolve that name into an IP address?

241

Which ACL statement permits only SSH from host 10.10.10.50 to server 192.168.1.10?

242

Match each network service to its primary purpose.

243

The SVI for VLAN 20 has `ip nat outside` and the WAN interface has `ip nat inside`. Hosts in VLAN 20 must reach the internet through PAT, but users report no external connectivity. Which configuration issue best explains the problem?

244

Exhibit: After PAT is configured, inside users can browse the internet, but the engineer wants to verify that translations are actually being created. Which command is the best choice?

245

A client receives an IP address but cannot reach remote networks. Which DHCP option is most likely missing or incorrect?

246

Exhibit: Users on the inside network can open connections to a web server in the DMZ, but return traffic is denied by an ACL on the outside interface. Which statement best explains the issue?

247

Users in 10.20.30.0/24 should be allowed to browse the web but should not be able to open Telnet sessions to any remote device. Which access list entry best meets the requirement?

248

Match each network service to its primary function.

249

Inside hosts can reach the internet only one at a time. What is the most likely NAT issue?

250

Why is SSH preferred over Telnet for device management?

251

Exhibit: PCs in VLAN 20 are not receiving addresses from a DHCP server in another subnet. The switch SVI for VLAN 20 is up, and routing is working. Which configuration is most likely missing on the gateway for VLAN 20?

252

On a router performing NAT, where should ip nat inside be applied?

253

A switch shows a clock that is several minutes off from other devices even though an NTP server has been configured. Which issue is the most likely cause?

254

Exhibit: An engineer wants a device to send only warning messages and more critical events to a syslog server. Which logging level should be configured?

255

Exhibit: An engineer applies an ACL inbound on the VTY lines to permit SSH only from 10.5.5.0/24. Users from that subnet still cannot connect. What is the most likely reason?

256

Exhibit: A user can ping 8.8.8.8 successfully but cannot browse to www.example.com by name. Which service is the most likely failing component?

257

Exhibit: An administrator wants inside hosts in 192.168.10.0/24 to reach the internet using one public IP address on the edge router. Which feature is being used?

258

An engineer wants all devices to send logs to 10.10.10.50 and also stamp those logs with consistent time from 10.10.10.60. Which two configurations are required on a Cisco device?

259

Match each service with the best operational purpose.

260

A DHCP client on VLAN 30 is not receiving an IP address from a DHCP server (10.99.99.20) on another subnet. The SVI for VLAN 30 is configured with an IP address and is up, but the DHCP relay command is missing. Which command should be added to the SVI configuration?

261

A branch router should automatically learn the IP address of a time source so logs from all devices show matching timestamps. Which service provides that function?

262

A network team wants an ACL that permits HTTPS from 10.1.50.0/24 to a web server at 203.0.113.10 and denies all Telnet traffic from that subnet to any destination. Which two ACEs are required?

263

Exhibit: Hosts on the inside network can reach the internet, but inbound connections to a published web server fail. Static NAT is configured. What is the most likely missing piece?

264

Exhibit: A network engineer wants to identify which applications are consuming most WAN bandwidth over time. Which feature should be enabled on the router?

265

Port security is enabled with a maximum of 2 MAC addresses, but a third device connected through a small hub causes a violation. Which result is expected in restrict mode?

266

An access switch port shuts down as soon as a user connects a small unmanaged switch under the desk. Which feature caused that behavior?

267

A router is configured for NAT overload, but translations never appear when inside users browse the internet. Which issue is most likely?

268

A router is configured with an access list intended to block Telnet from 192.168.10.0/24 to 10.1.1.10, but Telnet still works. What is the most likely reason?

269

Users receive addresses from the correct subnet and can reach destinations by IP address, but they cannot browse by hostname.

270

A small office wants branch routers to automatically hand out IP addresses, default gateway values, and DNS servers to clients. Which service should be configured?

271

Which two statements about AAA on Cisco devices are correct? Choose two.

272

Match each service to its primary function.

273

Exhibit: A branch router receives time from an NTP server, but the show output marks the server with a tilde instead of an asterisk. What does that mean?

274

Which NAT feature allows many inside hosts to share one public IPv4 address by using unique source port numbers?

275

A switch port is configured with port-security violation mode restrict. Which two statements are true when an unauthorized MAC address appears?

276

A named standard ACL is configured to permit only the 192.168.30.0/24 subnet, but users from 192.168.31.0/24 are still passing traffic. What is the most likely reason?

277

A router is configured for PAT overload. What does the inside global address represent for an internal PC?

278

Users complain that log timestamps from several routers do not line up with one another. Which two actions are most appropriate?

279

Exhibit: A company wants to export traffic statistics from routers to a collector for visibility into top talkers and application usage. Which two statements are accurate?

280

Which two statements correctly describe syslog severity levels?

281

Which two actions help protect access-layer switch ports from rogue DHCP servers?

282

Which protocol is used to resolve a hostname such as www.example.com into an IP address?

283

A branch router is acting as a DHCP server. Which two parameters can it provide directly to clients through DHCP?

284

A router is configured as a DHCP server for VLAN 20. Clients on the VLAN can reach the default gateway, but they do not receive leases. Which two configuration issues on the router would directly prevent successful address assignment?

285

A company wants all routers and switches to use a common time source so log timestamps line up during incident review. Which two statements about NTP are correct?

286

A security policy requires administrators to permit SSH to network devices but block insecure remote CLI access. Which two actions support that goal?

287

A switchport connected to an employee PC must allow the normal endpoint to connect but immediately err-disable the port if a switch is plugged in. Which two features should be configured on that access port?

288

Users can browse websites by IP address but not by hostname. The default gateway is reachable and general internet connectivity works. Which two causes are the most likely?

289

A standard numbered ACL is applied close to the destination, but it is blocking traffic from one host while still allowing all other users on the subnet. Which two facts about standard ACLs are relevant in this design?

290

A technician reports that users on a guest wireless SSID can reach the internet but can also browse internal file shares, which should be blocked. Which two design actions most directly address that issue?

291

A network team wants to collect flow-level traffic statistics from routers to identify top talkers and bandwidth consumers. Which two statements about NetFlow are correct?

292

A branch office uses PAT overload on the edge router. Inside users can reach the internet, but return traffic for a newly deployed server must be mapped to a specific inside host. Which two statements are correct?

293

A network operations team wants centralized logging from routers and switches and also wants meaningful severity filtering. Which two statements about syslog are correct?

294

An engineer configures 802.1X port-based authentication on a Cisco IOS-XE switch for a voice VLAN deployment. After applying the configuration, IP phones on interface GigabitEthernet1/0/1 fail to receive a voice VLAN and remain in an unauthenticated state. The switchport is configured as an access port with voice VLAN 10. What is the most likely cause of the failure?

295

A network administrator has configured 802.1X port-based authentication on a Cisco IOS-XE switch for a new access port connected to a user workstation. The workstation is failing to gain network access. The switch port is in the 'authorized' state, but the workstation cannot ping the default gateway. The administrator checks the running configuration and the authentication session details. What is the most likely cause of the issue?

296

A network administrator has configured 802.1X port-based authentication on a Cisco IOS-XE switch port connected to a single PC. The port is in the 'authorized' state, but the PC cannot reach any network resources beyond its directly connected switch. The switch is configured to use RADIUS for authentication. What is the most likely cause of this issue?

297

Which TWO statements correctly describe the differences between RADIUS and TACACS+ when configuring AAA on IOS-XE?

298

Which TWO statements correctly describe the configuration and verification of AAA with RADIUS/TACACS+ and 802.1X port-based authentication on IOS-XE?

299

Drag and drop the AAA and 802.1X terms on the left to the correct descriptions on the right.

300

A network administrator is troubleshooting connectivity from the 192.168.10.0/24 subnet to the server at 10.10.10.10. Users report that they can reach the server initially, but after a few minutes, connectivity drops and only returns after the interface is cleared. The administrator reviews the router's running configuration and ACL configuration. What is the most likely cause of the intermittent connectivity loss?

Practice all 300 Network Services and Security questions

Other 200-301 exam domains

Network Infrastructure and ConnectivitySwitching and Network AccessIP RoutingAI and Network Operations

Frequently asked questions

What does the Network Services and Security domain cover on the 200-301 exam?

The Network Services and Security domain covers the key concepts tested in this area of the 200-301 exam blueprint published by Cisco. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all 200-301 domains — no account required.

How many Network Services and Security questions are in the 200-301 question bank?

The Courseiva 200-301 question bank contains 300 questions in the Network Services and Security domain, covering the 20% of the exam attributed to this domain in the official Cisco blueprint. Click any question to see the full explanation and answer breakdown.

What is the best way to practice Network Services and Security for 200-301?

Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.

Can I practice only Network Services and Security questions for 200-301?

Yes — the session launcher on this page draws questions exclusively from the Network Services and Security domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.

Free forever · No credit card required

Track your 200-301 domain progress

Save your results, see per-domain analytics, and get readiness scores — free, for every certification.

Sign Up Free

Free forever · Every certification included

Practice Session

10 questions20 questions30 questions50 questions

Study Resources

All DomainsPractice TestMock ExamFlashcardsStudy Guide

Related Exams

350-401200-201N10-009SY0-701