Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertifications350-401TopicsNAT and DHCP
Free · No Signup RequiredCisco · 350-401

350-401 NAT and DHCP Practice Questions

20+ practice questions focused on NAT and DHCP — one of the most tested topics on the ENCOR 350-401 exam. Each question includes a detailed explanation so you learn why the right answer is correct.

Start NAT and DHCP Practice

Exam Domains

ArchitectureEnterprise Network DesignSD-Access ArchitectureSD-WAN ArchitectureQoS ArchitectureVirtualizationNetwork Function VirtualizationAll domains →

Study Tools

Practice TestMock ExamFlashcardsAll Topics

Sample NAT and DHCP Questions

Practice all 20+ →
1.

A network engineer is configuring a Cisco router to provide internet access to a small office using a single public IP address assigned by the ISP. The engineer wants to allow internal hosts to initiate connections to the internet, but also needs to make a web server on the internal network reachable from the internet. The engineer configures a standard access list for NAT and an ip nat inside source list command. However, external users cannot reach the internal web server. What is the most likely cause?

A.The access list used for NAT does not permit the web server's IP address.
B.The engineer forgot to add the ip nat inside source static command for the web server.
C.The ip nat inside and ip nat outside commands are applied on the wrong interfaces.
D.The global configuration mode is missing the ip nat pool command.

Explanation: The scenario requires both dynamic NAT (for outbound traffic) and static NAT (for inbound access to the web server). Using only a dynamic NAT configuration with an access list will not provide a permanent mapping for the web server.

2.

A network engineer is troubleshooting a DHCP issue on a Cisco router configured as a DHCP server for a VLAN. Clients in the VLAN are able to obtain IP addresses from the DHCP server, but they are not receiving the correct DNS server address. The engineer checks the DHCP pool configuration and sees the dns-server command is configured with the correct IP address. What is the most likely cause of the problem?

A.The DHCP pool is not associated with the correct VLAN interface using the network command.
B.The DNS server is unreachable from the DHCP server.
C.The ip dhcp excluded-address command is blocking the DNS server IP.
D.The DHCP client is configured with a static DNS server address.

Explanation: The DHCP server configuration appears correct, but the clients are not receiving the DNS server address. This often happens when the DHCP server is not the default gateway and DHCP relay is involved, or when the DHCP pool is not bound to the correct interface.

3.

A network engineer is configuring NAT overload (PAT) on a Cisco router to allow multiple internal hosts to share a single public IP address. The engineer uses the command ip nat inside source list 1 interface GigabitEthernet0/0 overload. After testing, internal hosts can access the internet, but some applications fail intermittently. The engineer suspects a NAT issue. What is the most likely cause?

A.The access list 1 is too permissive and includes the public IP address of the router.
B.The NAT translation table is filling up due to a large number of concurrent sessions, causing new translations to be denied.
C.The router is not configured with ip nat inside on the internal interface.
D.The overload keyword is misspelled or not supported on this IOS version.

Explanation: PAT uses port numbers to multiplex multiple sessions over a single public IP. If the port range is exhausted or if the NAT translation table is full, new sessions will fail.

4.

A network engineer is configuring a Cisco router as a DHCP relay agent to forward DHCP requests from a client VLAN to a centralized DHCP server located in a different subnet. The engineer configures the ip helper-address command on the VLAN interface. However, clients in the VLAN are not receiving IP addresses. The DHCP server is reachable from the router. What is the most likely cause?

A.The ip helper-address command is applied on the wrong interface (e.g., the interface facing the DHCP server).
B.The DHCP server is not configured with a scope for the client subnet.
C.The router does not have a return route to the client subnet, so the DHCP server's reply is dropped.
D.The DHCP client is using DHCPv6 instead of DHCPv4.

Explanation: The ip helper-address command forwards DHCP broadcasts as unicasts to the specified server. If the DHCP server receives the request but the reply cannot be routed back to the client, the client will not get an address. This often happens when the router does not have a route back to the client subnet.

5.

A network engineer is troubleshooting a NAT issue where an internal host cannot establish an SSH session to a remote server on the internet. The engineer checks the NAT translations on the border router and sees that the translation for the host's source IP is present. However, the SSH session times out. The engineer also notices that the remote server's IP is not in the NAT translation table. What is the most likely cause?

A.The router is performing NAT only for the source IP, but the return traffic is taking a different path that does not go through the NAT router.
B.The SSH server is blocking connections from the public IP address.
C.The NAT overload is causing port conflicts for SSH.
D.The access list used for NAT is denying the SSH traffic.

Explanation: For a successful NAT session, both the outbound and inbound translations must be present. If only the outbound translation exists, the return traffic is not being translated back correctly, possibly due to asymmetric routing or a missing route.

+15 more NAT and DHCP questions available

Practice all NAT and DHCP questions

How to master NAT and DHCP for 350-401

1. Baseline your knowledge

Start with 10 questions to gauge your current understanding of NAT and DHCP. This tells you whether you need a concept refresher or just practice.

2. Review every explanation

For each question — right or wrong — read the full explanation. Understanding why an answer is correct is more valuable than knowing the answer itself.

3. Focus on exam traps

NAT and DHCP questions on the 350-401 frequently use trap wording. Look for subtle differences in answers that test your precision, not just general knowledge.

4. Reach 80% consistently

Do repeated sessions until you score 80%+ three times in a row. Then move to mixed-mode practice to test cross-topic recall under realistic conditions.

Frequently asked questions

How many 350-401 NAT and DHCP questions are on the real exam?

The exact number varies per candidate. NAT and DHCP is tested as part of the ENCOR 350-401 blueprint. Practicing with targeted NAT and DHCP questions ensures you can handle any format or difficulty that appears.

Are these 350-401 NAT and DHCP practice questions free?

Yes. Courseiva provides free 350-401 practice questions across all exam topics and domains. The platform includes topic-based practice, mock exams, missed-question review, bookmarked questions, and readiness tracking — no account required.

Is NAT and DHCP one of the harder 350-401 topics?

Difficulty is subjective, but NAT and DHCP is a high-priority exam concept tested in multiple ways — direct recall, scenario analysis, and command-output interpretation. Consistent practice is the best way to build confidence.

Ready to practice?

Launch a full NAT and DHCP practice session with instant scoring and detailed explanations.

Start NAT and DHCP Practice →

Topic Info

Topic

NAT and DHCP

Exam

350-401

Questions available

20+