18+ practice questions focused on Aaa — one of the most tested topics on the CCNA 200-301 v2 exam. Each question includes a detailed explanation so you learn why the right answer is correct.
Start Aaa PracticeA switchport is configured for 802.1X authentication. What is the usual role of the RADIUS server in that design?
Explanation: The switch acts as the authenticator and forwards authentication requests to the RADIUS server, which validates the user or device credentials.
Drag and drop the AAA terms on the left to their correct definitions on the right.
Explanation: AAA components: Authentication verifies identity, Authorization controls access, Accounting logs activities. RADIUS is an open standard that combines authentication and authorization, while TACACS+ is a Cisco proprietary protocol that separates all three functions.
A network administrator wants to secure remote CLI access to a Cisco router, moving beyond simple username/password authentication. Which approach best achieves this goal?
Explanation: The goal is to strengthen authentication beyond a simple password. Cisco AAA (Authentication, Authorization, and Accounting) using TACACS+ or RADIUS provides stronger, centralized authentication. Secure Shell (SSH) with key-based or two-factor authentication also enhances security. Option A correctly describes this concept, while the other options either weaken security (B, D) or address access control via ACLs, which does not improve the authentication factor itself (C).
A network administrator has configured 802.1X port-based authentication on a Cisco IOS-XE switch for a new access port connected to a user workstation. The workstation is failing to gain network access. The switch port is in the 'authorized' state, but the workstation cannot ping the default gateway. The administrator checks the running configuration and the authentication session details. What is the most likely cause of the issue?
Explanation: The switch port is in the 'authorized' state, indicating that 802.1X authentication succeeded and the RADIUS server sent an Access-Accept. However, the workstation cannot ping the default gateway, pointing to a connectivity issue after authentication. The most likely cause is that the RADIUS server returned a VLAN assignment (via the Tunnel-Private-Group-ID attribute) that placed the port in a VLAN that is not the intended one, such as a management VLAN without a gateway, or a VLAN missing a routed SVI, leaving the workstation isolated despite successful authentication.
A client connects to an employee WLAN using 802.1X authentication. The authentication process completes successfully, but the client fails to obtain an IP address via DHCP. What is the most likely cause?
Explanation: Even after successful 802.1X authentication, the client may be assigned to the wrong VLAN or policy through RADIUS attributes (such as Tunnel-Type or Cisco AV-pair). If that VLAN lacks a DHCP server or correct subnet, the client will not receive an IP address. The other options describe issues that either prevent association entirely (wrong SSID) or are not typical causes in controller-based WLANs (static IP, AP gateway misconfiguration).
+13 more Aaa questions available
Practice all Aaa questions1. Baseline your knowledge
Start with 10 questions to gauge your current understanding of Aaa. This tells you whether you need a concept refresher or just practice.
2. Review every explanation
For each question — right or wrong — read the full explanation. Understanding why an answer is correct is more valuable than knowing the answer itself.
3. Focus on exam traps
Aaa questions on the 200-301 frequently use trap wording. Look for subtle differences in answers that test your precision, not just general knowledge.
4. Reach 80% consistently
Do repeated sessions until you score 80%+ three times in a row. Then move to mixed-mode practice to test cross-topic recall under realistic conditions.
The exact number varies per candidate. Aaa is tested as part of the CCNA 200-301 v2 blueprint. Practicing with targeted Aaa questions ensures you can handle any format or difficulty that appears.
Yes. Courseiva provides free 200-301 practice questions across all exam topics and domains. The platform includes topic-based practice, mock exams, missed-question review, bookmarked questions, and readiness tracking — no account required.
Difficulty is subjective, but Aaa is a high-priority exam concept tested in multiple ways — direct recall, scenario analysis, and command-output interpretation. Consistent practice is the best way to build confidence.
Launch a full Aaa practice session with instant scoring and detailed explanations.
Start Aaa Practice →