20+ practice questions focused on ACL — one of the most tested topics on the CCNA 200-301 v2 exam. Each question includes a detailed explanation so you learn why the right answer is correct.
Start ACL PracticeA switch shows a clock that is several minutes off from other devices even though an NTP server has been configured. Which issue is the most likely cause?
Explanation: NTP requires IP reachability to the time source. If the NTP server is unreachable due to routing or ACL issues, the switch falls back to its local clock, causing drift. Option A is correct. Option B is wrong because Syslog has no effect on NTP synchronization. Option C is incorrect because NTP does not require a trunk port; it can operate over any VLAN with IP connectivity. Option D is false because DNS is only needed if the NTP server is specified by hostname; the server can be reached by IP address without DNS.
Exhibit: Users report no internet access after PAT was configured. The inside and outside interfaces are marked correctly. Which missing configuration is the most likely cause?
Explanation: PAT needs both the inside and outside interface roles and a NAT statement referencing an ACL that identifies the inside local addresses. Without the ACL match and NAT overload rule, translation does not occur for user traffic.
A network administrator wants to secure remote CLI access to a Cisco router, moving beyond simple username/password authentication. Which approach best achieves this goal?
Explanation: The goal is to strengthen authentication beyond a simple password. Cisco AAA (Authentication, Authorization, and Accounting) using TACACS+ or RADIUS provides stronger, centralized authentication. Secure Shell (SSH) with key-based or two-factor authentication also enhances security. Option A correctly describes this concept, while the other options either weaken security (B, D) or address access control via ACLs, which does not improve the authentication factor itself (C).
You are connected to R1 in a small office network. Configure PAT (NAT overload) so that hosts on the 192.168.1.0/24 LAN can access the Internet via the public IP 203.0.113.1 (the IP assigned to interface G0/0). Also configure a static NAT for the internal web server at 192.168.1.10 to the public IP 203.0.113.6. The current configuration has errors: the inside/outside interface assignments are swapped, the ACL for PAT does not match the inside subnet, and the PAT rule points to the wrong ACL. Fix all issues so that both PAT and static NAT work correctly.
Explanation: The main issues: (1) Interfaces were swapped — G0/0 (public) was inside and G0/1 (private) was outside. They should be reversed: G0/0 outside, G0/1 inside. (2) ACL 1 (used in the PAT command) permitted 192.168.2.0/24 instead of 192.168.1.0/24. (3) The PAT command for G0/0 used ACL 2, which was correct for the subnet but the interface was wrong. After fixing interface assignments and correcting ACL 1 to permit the inside subnet, the PAT command must use ACL 1 and the correct outside interface. The static NAT was correctly configured but needed the correct inside interface. The PAT translation uses the IP address of the outside interface (interface overload), so after fixing the configuration, inside hosts will be translated to 203.0.113.1, the primary IP of G0/0, not 203.0.113.5.
A network engineer configures an EtherChannel between two Cisco switches SW1 and SW2 using LACP. After configuration, hosts connected to SW1 report intermittent connectivity to hosts on SW2. The engineer checks the EtherChannel status and sees that the trunk is up but only allows VLAN 1, while the hosts communicate across VLANs 10 and 20. Which command should the engineer apply to both switches to resolve the issue?
Explanation: The output shows the EtherChannel is up but only VLAN 1 is allowed on the trunk, while the hosts on SW1 and SW2 communicate across VLANs 10 and 20. Applying 'switchport trunk allowed vlan 1,10,20' on both switches ensures all necessary VLANs are permitted over the EtherChannel, resolving the intermittent connectivity caused by dropped traffic for VLANs 10 and 20.
+15 more ACL questions available
Practice all ACL questions1. Baseline your knowledge
Start with 10 questions to gauge your current understanding of ACL. This tells you whether you need a concept refresher or just practice.
2. Review every explanation
For each question — right or wrong — read the full explanation. Understanding why an answer is correct is more valuable than knowing the answer itself.
3. Focus on exam traps
ACL questions on the 200-301 frequently use trap wording. Look for subtle differences in answers that test your precision, not just general knowledge.
4. Reach 80% consistently
Do repeated sessions until you score 80%+ three times in a row. Then move to mixed-mode practice to test cross-topic recall under realistic conditions.
The exact number varies per candidate. ACL is tested as part of the CCNA 200-301 v2 blueprint. Practicing with targeted ACL questions ensures you can handle any format or difficulty that appears.
Yes. Courseiva provides free 200-301 practice questions across all exam topics and domains. The platform includes topic-based practice, mock exams, missed-question review, bookmarked questions, and readiness tracking — no account required.
Difficulty is subjective, but ACL is a high-priority exam concept tested in multiple ways — direct recall, scenario analysis, and command-output interpretation. Consistent practice is the best way to build confidence.
Launch a full ACL practice session with instant scoring and detailed explanations.
Start ACL Practice →