Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertifications300-410DomainsNAT and PAT
300-410Free — No Signup

NAT and PAT

Practice 300-410 NAT and PAT questions with full explanations on every answer.

76questions

Start practicing

NAT and PAT — choose a session length

10 questions~10 min20 questions~20 min30 questions~30 min50 questions~50 min

Free · No account required

300-410 Domains

Layer 3 TechnologiesEIGRP TroubleshootingOSPF Troubleshooting (v2/v3)BGP TroubleshootingRoute RedistributionPolicy-Based Routing (PBR)VRF-LiteRoute Maps and Route FilteringAdministrative DistanceRoute SummarizationBidirectional Forwarding Detection (BFD)VPN TechnologiesMPLS OperationsMPLS L3VPNDMVPNIPsec Site-to-Site VPNIPv6 Tunneling TechniquesInfrastructure SecurityDevice Access ControlIPv4 Access Control ListsIPv6 Traffic Filtering and uRPFControl Plane Policing (CoPP)IPv6 First Hop SecurityInfrastructure ServicesDevice ManagementSNMP TroubleshootingNetwork Logging and SyslogEmbedded Event Manager (EEM)IP SLANetFlow and Flexible NetFlowSPAN, RSPAN, and ERSPANDHCP (IPv4 and IPv6)NAT and PAT

Practice NAT and PAT questions

10Q20Q30Q50Q

All 300-410 NAT and PAT questions (76)

Start session

Click any question to see the full explanation and answer options, or start a focused practice session above.

1

A network engineer is troubleshooting connectivity from a host inside a corporate network to a public web server. The host has IP 10.1.1.10/24, and the router's outside interface is 203.0.113.1/24. The engineer configured a dynamic NAT pool (203.0.113.10-203.0.113.20) and an access list permitting 10.1.1.0/24. However, traffic from the host fails. A 'show ip nat translations' reveals no translations. What is the most likely cause?

2

A network engineer is troubleshooting PAT (overload) on a Cisco router. The inside network uses 192.168.1.0/24, and the outside interface has IP 198.51.100.1. The engineer configured 'ip nat inside source list 1 interface GigabitEthernet0/0 overload'. Traffic from inside hosts works initially, but after a few minutes, new connections fail. 'Show ip nat translations' shows many entries with the same outside global IP but different ports. 'Show ip nat statistics' indicates that the number of translations is near 500. What is the most likely cause?

3

An engineer configures static NAT on a router to map a public IP 203.0.113.5 to an internal server 10.0.0.5. The configuration includes 'ip nat inside source static 10.0.0.5 203.0.113.5'. The server is reachable from the outside, but the server cannot initiate connections to the outside network. 'Show ip nat translations' shows the static entry. What is the most likely cause?

4

A network engineer is troubleshooting NAT for a VoIP phone that uses SIP. The phone is at 192.168.2.10, and the router performs PAT to the outside interface 198.51.100.1. The phone can register with the SIP server, but calls fail after 30 seconds. The engineer notices that the SIP signaling includes the phone's private IP in the SDP body. What is the most likely cause?

5

An engineer configures NAT on a router with 'ip nat inside source list 1 interface GigabitEthernet0/0 overload'. The inside hosts are 10.0.0.0/24, and the outside interface is 203.0.113.1. Traffic works for most hosts, but one host at 10.0.0.50 cannot access the internet. 'Show ip nat translations' shows no entry for this host. 'Show access-lists' shows ACL 1 permits 10.0.0.0 0.0.0.255. What is the most likely cause?

6

A network engineer is troubleshooting NAT for a VPN tunnel. The router has a static NAT rule 'ip nat inside source static 10.0.0.10 203.0.113.10' for a server. The VPN traffic from the remote site to 203.0.113.10 is being NATed to 10.0.0.10, but the return traffic from the server to the remote site is not being translated back. The engineer sees that the server sends packets with source 10.0.0.10 to the remote site's public IP. What should the engineer do to fix this?

7

An engineer configures NAT overload on a router. The inside network uses 172.16.0.0/16, and the outside interface is 198.51.100.1. The engineer uses 'ip nat inside source list 1 interface GigabitEthernet0/0 overload'. ACL 1 permits 172.16.0.0 0.0.255.255. Traffic works, but the engineer notices that the router's CPU utilization is high, and 'show ip nat translations' shows thousands of entries. What is the most likely cause?

8

A network engineer is troubleshooting NAT for a web server that is reachable from the internet via a static NAT mapping 203.0.113.20 to 10.0.0.20. The server responds to HTTP requests, but the engineer cannot SSH to the server from the internet. 'Show ip nat translations' shows the static entry. The router's ACL on the outside interface permits TCP port 22 to 203.0.113.20. What is the most likely cause?

9

An engineer configures NAT on a router with 'ip nat inside source list 1 pool POOL overload' where POOL contains 203.0.113.1-203.0.113.5. The inside hosts are 10.0.0.0/24. Traffic works, but the engineer notices that some hosts are assigned the same public IP and port, causing conflicts. 'Show ip nat translations' shows entries with the same inside global IP and port for different inside local hosts. What is the most likely cause?

10

A network engineer runs the following command on Router R1: R1# show ip nat translations Pro Inside global Inside local Outside local Outside global --- 192.0.2.10 10.0.0.10 --- --- --- 192.0.2.11 10.0.0.11 --- --- --- 192.0.2.12 10.0.0.12 --- --- R1# show ip nat statistics Total active translations: 3 (0 static, 3 dynamic; 3 extended) Outside interfaces: GigabitEthernet0/1 Inside interfaces: GigabitEthernet0/0 Hits: 45 Misses: 0 CEF Translated packets: 45, CEF Punted packets: 0 Expired translations: 0 Dynamic mappings: -- Inside Source [Id] ip nat pool POOL1 192.0.2.10 192.0.2.20 netmask 255.255.255.240 refcount 3 map-id 1 overload [Id] ip nat inside source list ACL1 pool POOL1 overload refcount 3 Based on this output, which statement is correct?

11

A network engineer runs the following command on Router R1: R1# show ip nat translations Pro Inside global Inside local Outside local Outside global udp 192.0.2.10:1234 10.0.0.10:1234 203.0.113.5:53 203.0.113.5:53 tcp 192.0.2.10:5678 10.0.0.10:5678 198.51.100.20:80 198.51.100.20:80 --- 192.0.2.11 10.0.0.11 --- --- R1# show ip nat statistics Total active translations: 3 (0 static, 3 dynamic; 3 extended) Outside interfaces: GigabitEthernet0/1 Inside interfaces: GigabitEthernet0/0 Hits: 100 Misses: 0 CEF Translated packets: 100, CEF Punted packets: 0 Expired translations: 0 Dynamic mappings: -- Inside Source [Id] ip nat pool POOL1 192.0.2.10 192.0.2.20 netmask 255.255.255.240 refcount 3 map-id 1 overload [Id] ip nat inside source list ACL1 pool POOL1 overload refcount 3 Based on this output, what is the problem?

12

A network engineer runs the following command on Router R1: R1# show ip nat translations Pro Inside global Inside local Outside local Outside global --- 192.0.2.10 10.0.0.10 203.0.113.5 203.0.113.5 --- 192.0.2.11 10.0.0.11 203.0.113.5 203.0.113.5 R1# show ip nat statistics Total active translations: 2 (0 static, 2 dynamic; 0 extended) Outside interfaces: GigabitEthernet0/1 Inside interfaces: GigabitEthernet0/0 Hits: 20 Misses: 0 CEF Translated packets: 20, CEF Punted packets: 0 Expired translations: 0 Dynamic mappings: -- Inside Source [Id] ip nat pool POOL1 192.0.2.10 192.0.2.20 netmask 255.255.255.240 refcount 2 map-id 1 [Id] ip nat inside source list ACL1 pool POOL1 refcount 2 Based on this output, which statement is correct?

13

A network engineer runs the following command on Router R1: R1# show ip nat translations Pro Inside global Inside local Outside local Outside global --- 192.0.2.10 10.0.0.10 --- --- R1# show ip nat statistics Total active translations: 1 (1 static, 0 dynamic; 0 extended) Outside interfaces: GigabitEthernet0/1 Inside interfaces: GigabitEthernet0/0 Hits: 5 Misses: 0 CEF Translated packets: 5, CEF Punted packets: 0 Expired translations: 0 Based on this output, which statement is correct?

14

A network engineer runs the following command on Router R1: R1# show ip nat translations Pro Inside global Inside local Outside local Outside global tcp 192.0.2.10:80 10.0.0.10:80 203.0.113.5:12345 203.0.113.5:12345 tcp 192.0.2.10:80 10.0.0.11:80 203.0.113.5:67890 203.0.113.5:67890 R1# show ip nat statistics Total active translations: 2 (0 static, 2 dynamic; 2 extended) Outside interfaces: GigabitEthernet0/1 Inside interfaces: GigabitEthernet0/0 Hits: 50 Misses: 0 CEF Translated packets: 50, CEF Punted packets: 0 Expired translations: 0 Dynamic mappings: -- Inside Source [Id] ip nat inside source list ACL1 interface GigabitEthernet0/1 overload refcount 2 Based on this output, what is the problem?

15

A network engineer runs the following command on Router R1: R1# show ip nat translations Pro Inside global Inside local Outside local Outside global --- 192.0.2.10 10.0.0.10 --- --- --- 192.0.2.11 10.0.0.11 --- --- R1# show ip nat statistics Total active translations: 2 (0 static, 2 dynamic; 0 extended) Outside interfaces: GigabitEthernet0/1 Inside interfaces: GigabitEthernet0/0 Hits: 0 Misses: 10 CEF Translated packets: 0, CEF Punted packets: 0 Expired translations: 0 Dynamic mappings: -- Inside Source [Id] ip nat pool POOL1 192.0.2.10 192.0.2.20 netmask 255.255.255.240 refcount 2 map-id 1 [Id] ip nat inside source list ACL1 pool POOL1 refcount 2 Based on this output, what is the problem?

16

A network engineer runs the following command on Router R1: R1# show ip nat translations Pro Inside global Inside local Outside local Outside global --- 192.0.2.10 10.0.0.10 --- --- --- 192.0.2.11 10.0.0.11 --- --- --- 192.0.2.12 10.0.0.12 --- --- --- 192.0.2.13 10.0.0.13 --- --- --- 192.0.2.14 10.0.0.14 --- --- --- 192.0.2.15 10.0.0.15 --- --- --- 192.0.2.16 10.0.0.16 --- --- --- 192.0.2.17 10.0.0.17 --- --- --- 192.0.2.18 10.0.0.18 --- --- --- 192.0.2.19 10.0.0.19 --- --- --- 192.0.2.20 10.0.0.20 --- --- R1# show ip nat statistics Total active translations: 11 (0 static, 11 dynamic; 0 extended) Outside interfaces: GigabitEthernet0/1 Inside interfaces: GigabitEthernet0/0 Hits: 200 Misses: 0 CEF Translated packets: 200, CEF Punted packets: 0 Expired translations: 0 Dynamic mappings: -- Inside Source [Id] ip nat pool POOL1 192.0.2.10 192.0.2.20 netmask 255.255.255.240 refcount 11 map-id 1 [Id] ip nat inside source list ACL1 pool POOL1 refcount 11 Based on this output, what is the problem?

17

A network engineer runs the following command on Router R1: R1# show ip nat translations Pro Inside global Inside local Outside local Outside global --- 192.0.2.10 10.0.0.10 --- --- R1# show ip nat statistics Total active translations: 1 (0 static, 1 dynamic; 0 extended) Outside interfaces: GigabitEthernet0/1 Inside interfaces: GigabitEthernet0/0 Hits: 0 Misses: 0 CEF Translated packets: 0, CEF Punted packets: 0 Expired translations: 0 Dynamic mappings: -- Inside Source [Id] ip nat pool POOL1 192.0.2.10 192.0.2.20 netmask 255.255.255.240 refcount 1 map-id 1 [Id] ip nat inside source list ACL1 pool POOL1 refcount 1 Based on this output, what is the problem?

18

A network engineer runs the following command on Router R1: R1# show ip nat translations Pro Inside global Inside local Outside local Outside global udp 192.0.2.10:10000 10.0.0.10:10000 203.0.113.5:53 203.0.113.5:53 udp 192.0.2.10:10001 10.0.0.11:10000 203.0.113.5:53 203.0.113.5:53 udp 192.0.2.10:10002 10.0.0.12:10000 203.0.113.5:53 203.0.113.5:53 R1# show ip nat statistics Total active translations: 3 (0 static, 3 dynamic; 3 extended) Outside interfaces: GigabitEthernet0/1 Inside interfaces: GigabitEthernet0/0 Hits: 150 Misses: 0 CEF Translated packets: 150, CEF Punted packets: 0 Expired translations: 0 Dynamic mappings: -- Inside Source [Id] ip nat inside source list ACL1 interface GigabitEthernet0/1 overload refcount 3 Based on this output, which statement is correct?

19

Consider the following partial configuration on a Cisco IOS-XE router: interface GigabitEthernet0/0 ip address 192.168.1.1 255.255.255.0 ip nat inside ! interface GigabitEthernet0/1 ip address 203.0.113.1 255.255.255.0 ip nat outside ! ip nat inside source list 1 interface GigabitEthernet0/1 overload access-list 1 permit 192.168.1.0 0.0.0.255 What is the effect of this configuration?

20

Given this partial configuration: ip nat pool MYPOOL 203.0.113.10 203.0.113.20 netmask 255.255.255.0 ip nat inside source list 1 pool MYPOOL access-list 1 permit 192.168.1.0 0.0.0.255 What is the effect?

21

Examine this configuration: interface GigabitEthernet0/0 ip address 10.0.0.1 255.255.255.0 ip nat inside ! interface GigabitEthernet0/1 ip address 198.51.100.1 255.255.255.0 ip nat outside ! ip nat inside source static tcp 10.0.0.10 80 198.51.100.10 8080 extendable Which statement is true?

22

What is the problem with this NAT configuration? interface GigabitEthernet0/0 ip address 192.168.1.1 255.255.255.0 ip nat inside ! interface GigabitEthernet0/1 ip address 203.0.113.1 255.255.255.0 ! ip nat inside source list 1 interface GigabitEthernet0/1 overload access-list 1 permit 192.168.1.0 0.0.0.255

23

Given this configuration: ip nat pool GLOBAL 203.0.113.1 203.0.113.10 prefix-length 28 ip nat inside source list 10 pool GLOBAL overload access-list 10 permit 10.0.0.0 0.255.255.255 What is the effect?

24

Consider this partial configuration: ip nat inside source list 1 interface GigabitEthernet0/1 overload access-list 1 permit 192.168.1.0 0.0.0.255 ! interface GigabitEthernet0/0 ip address 192.168.1.1 255.255.255.0 ip nat inside ! interface GigabitEthernet0/1 ip address 203.0.113.1 255.255.255.0 ip nat outside ! interface GigabitEthernet0/2 ip address 172.16.0.1 255.255.255.0 ip nat inside What is true about traffic from the 172.16.0.0/24 network?

25

What is the default timeout for NAT translation entries in Cisco IOS?

26

Which TCP flag combination triggers the NAT translation timeout to change from the default to the 'ip nat translation tcp-timeout' value?

27

According to RFC 2663, what is the term for the process of translating both the source and destination IP addresses in a packet?

28

Which TWO commands would a network engineer use to verify NAT translations and their statistics on a Cisco IOS router? (Choose TWO.)

29

Which TWO statements about NAT overload (PAT) are true? (Choose TWO.)

30

Which TWO configuration steps are required to implement static NAT on a Cisco IOS router? (Choose TWO.)

31

Which THREE symptoms indicate that NAT is misconfigured or failing on a Cisco router? (Choose THREE.)

32

Which THREE commands can be used to troubleshoot NAT issues on a Cisco IOS router? (Choose THREE.)

33

A large enterprise network is experiencing intermittent connectivity failures for VoIP traffic traversing a DMVPN hub-and-spoke topology. Hub router R1 has the following relevant configuration: ip nat inside source list 100 interface Tunnel0 overload. Spoke router R2 shows: show ip nat translations: Pro Inside global Inside local Outside local Outside global --- 10.1.1.1 192.168.1.1 203.0.113.1 203.0.113.1. VoIP calls drop after 30 seconds. What is the root cause?

34

Router R1 is performing NAT for internal users to access the internet. The configuration includes: ip nat inside source list 100 interface GigabitEthernet0/1 overload. Internal hosts cannot reach a specific external server at 203.0.113.50. Router R1 shows: show ip nat translations: Pro Inside global Inside local Outside local Outside global --- 10.1.1.1 192.168.1.1 203.0.113.50 203.0.113.50. Debug ip nat shows 'NAT: translation failed (no buffer)'. What is the root cause?

35

In a multi-VRF environment, Router R1 is leaking routes between VRF A and VRF B using route-target import/export. Hosts in VRF A can ping hosts in VRF B, but traffic from VRF B to VRF A fails when NAT is applied on the VRF A egress interface. Configuration: ip nat inside source list 100 interface GigabitEthernet0/1 vrf A overload. Router R1 shows: show ip nat translations vrf A: no entries. What is the root cause?

36

Router R1 is configured with ip nat inside source list 100 interface Loopback0 overload. Internal hosts at 192.168.1.0/24 can access the internet, but external hosts cannot initiate connections to an internal server at 10.1.1.10 that is also behind NAT. The server is supposed to be reachable via static NAT. Configuration: ip nat inside source static tcp 10.1.1.10 80 interface Loopback0 80. Router R1 shows: show ip nat translations: Pro Inside global Inside local Outside local Outside global tcp 10.1.1.10:80 10.1.1.10:80 --- ---. External users get connection timeouts. What is the root cause?

37

Router R1 is configured with ip nat inside source list 100 interface GigabitEthernet0/1 overload. Users report that some websites load slowly or partially. Router R1 shows: show ip nat statistics: Total active translations: 65535 (0 static, 65535 dynamic; 65535 extended). The NAT pool is exhausted. What is the root cause?

38

Router R1 is configured with ip nat inside source list 100 interface GigabitEthernet0/1 overload. Internal host 192.168.1.10 can ping external host 203.0.113.50, but cannot establish a TCP connection to port 443. Router R1 shows: debug ip nat: NAT: s=192.168.1.10->203.0.113.1, d=203.0.113.50 [0]. The external host shows no received packets. What is the root cause?

39

Router R1 is configured with ip nat inside source list 100 interface GigabitEthernet0/1 overload. Internal hosts can access the internet, but traffic to a specific external server at 203.0.113.100 is being translated to a different source IP than expected. Router R1 shows: show ip nat translations: Pro Inside global Inside local Outside local Outside global --- 10.1.1.1 192.168.1.1 203.0.113.100 203.0.113.100. The server logs show connections from 10.1.1.1 instead of 203.0.113.1. What is the root cause?

40

Router R1 is configured with ip nat inside source list 100 interface GigabitEthernet0/1 overload. Internal host 192.168.1.10 can access the internet, but when it tries to connect to an internal server at 10.1.1.10 via its public IP 203.0.113.10, the connection fails. Router R1 shows: show ip nat translations: Pro Inside global Inside local Outside local Outside global --- 203.0.113.10 10.1.1.10 --- ---. The host's traffic is being NATed to 203.0.113.1, but the server's response is sent to 203.0.113.1. What is the root cause?

41

Router R1 is configured with ip nat inside source list 100 interface GigabitEthernet0/1 overload. Internal hosts can access the internet, but traffic to a specific external server at 203.0.113.200 is being dropped. Router R1 shows: show ip nat statistics: Total active translations: 1000. Debug ip nat: NAT: s=192.168.1.1->203.0.113.1, d=203.0.113.200 [0]. The external server shows no received packets. What is the root cause?

42

A network engineer runs the following command to troubleshoot a NAT issue: R1# debug ip nat detailed NAT: s=10.1.1.1->10.2.2.2, d=192.168.1.1 [45] NAT: s=10.1.1.1->10.2.2.2, d=192.168.1.1 [46] NAT: s=10.1.1.1->10.2.2.2, d=192.168.1.1 [47] NAT*: s=192.168.1.1, d=10.2.2.2->10.1.1.1 [48] NAT: s=10.1.1.1->10.2.2.2, d=192.168.1.1 [49] What does this output indicate?

43

A network engineer runs the following command to verify NAT translations: R1# show ip nat translations verbose Pro Inside global Inside local Outside local Outside global --- 10.2.2.2 10.1.1.1 192.168.1.1 192.168.1.1 create 00:00:15, use 00:00:05, flags: extended, timing-out What does the 'extended' flag indicate?

44

A network engineer runs the following command to troubleshoot PAT exhaustion: R1# show ip nat statistics Total active translations: 1024 (0 static, 1024 dynamic; 1024 extended) Outside interfaces: GigabitEthernet0/1 Inside interfaces: GigabitEthernet0/0 Hits: 50000 Misses: 10 CEF Translated packets: 45000, CEF Punted packets: 5000 Expired translations: 2000 Dynamic mappings: -- Inside Source [Id: 1] access-list NAT permit ip 10.0.0.0 0.255.255.255 any refcount 1024, pool MyPool pool MyPool: netmask 255.255.255.240 start 203.0.113.1 end 203.0.113.14 type generic, total addresses 14, allocated 14 (100%), misses 0 What is the most likely issue?

45

A network engineer runs the following command to debug NAT with access lists: R1# debug ip nat access-list 100 NAT: access list 100 matched ip 10.1.1.1 -> 192.168.1.1 NAT: access list 100 matched ip 10.1.1.2 -> 192.168.1.1 NAT: access list 100 matched ip 10.1.1.3 -> 192.168.1.1 NAT: access list 100 matched ip 10.1.1.4 -> 192.168.1.1 What does this output indicate?

46

A network engineer runs the following command to verify NAT on a VRF: R1# show ip nat translations vrf CUSTOMER Pro Inside global Inside local Outside local Outside global --- 10.2.2.2 10.1.1.1 192.168.1.1 192.168.1.1 What is the purpose of the 'vrf CUSTOMER' parameter?

47

A network engineer runs the following command to debug NAT with overload: R1# debug ip nat overload NAT: overload: s=10.1.1.1:1234->203.0.113.1:5678, d=192.168.1.1:80 [50] NAT: overload: s=10.1.1.1:1235->203.0.113.1:5679, d=192.168.1.1:80 [51] NAT: overload: s=10.1.1.2:80->203.0.113.1:5680, d=192.168.1.1:1024 [52] What does this output indicate?

48

A network engineer runs the following command to verify NAT after a fix: R1# show ip nat translations Pro Inside global Inside local Outside local Outside global --- 203.0.113.1 10.1.1.1 192.168.1.1 192.168.1.1 --- 203.0.113.2 10.1.1.2 192.168.1.2 192.168.1.2 What is the most likely configuration?

49

A network engineer runs the following command to debug NAT with route maps: R1# debug ip nat policy NAT: policy: match ip address 100 NAT: policy: match ip address 100 NAT: policy: match ip address 100 NAT: policy: route-map RM-NAT permit 10 match ip address 100 set ip next-hop 10.0.0.1 What does this output indicate?

50

A network engineer runs the following command to verify NAT on an interface: R1# show ip nat interface GigabitEthernet0/1 GigabitEthernet0/1 is up, line protocol is up NAT: inside, active NAT: outside, active NAT: overload, active What is the issue with this configuration?

51

What is the default timeout value for a NAT translation entry that is not using Port Address Translation (PAT) in Cisco IOS?

52

Which statement accurately describes the behavior of the ip nat inside source static command when configuring static NAT for a single inside host?

53

According to RFC 4787 (NAT Behavioral Requirements for UDP), what is the recommended default timeout for UDP NAT mappings?

54

In Cisco IOS, what is the default timeout for TCP NAT translations when the TCP session is idle?

55

Which of the following is true regarding the default behavior of NAT in Cisco IOS when handling ICMP traffic?

56

In the context of NAT and PAT, what is the purpose of the ip nat translation timeout command?

57

Which of the following is a limitation of NAT as defined in RFC 2663?

58

In Cisco IOS, what is the default behavior of the ip nat service command?

59

What is the default maximum number of NAT translations that can be created in Cisco IOS?

60

Drag and drop the steps to configure PAT (overload) for dynamic source NAT into the correct order, from first to last.

61

Drag and drop the steps to troubleshoot NAT and PAT adjacency or connectivity failures into the correct order, from first to last.

62

Drag and drop the steps to verify and validate NAT and PAT operational state into the correct order, from first to last.

63

Which TWO statements correctly describe the behavior of NAT with route maps and ACLs when using the 'ip nat inside source route-map' feature? (Choose TWO.)

64

An engineer must configure NAT so that inside hosts (192.168.1.0/24) are translated to a public IP pool (203.0.113.1-203.0.113.10) when accessing the Internet, but must NOT translate traffic destined to a VPN subnet (10.10.10.0/24) reachable via the same outside interface. Which TWO configuration steps are required? (Choose TWO.)

65

Which TWO statements about the 'ip nat outside source' feature are true? (Choose TWO.)

66

An engineer is troubleshooting a PAT overload configuration on a Cisco router. Inside hosts can access the Internet, but some applications (e.g., FTP, SIP) fail. Which TWO commands can be used to verify the NAT translations and identify the issue? (Choose TWO.)

67

Which THREE statements about NAT and PAT behavior in Cisco IOS are true? (Choose THREE.)

68

An engineer configures OSPF on two routers connected via a serial link. Both routers have 'ip ospf network point-to-point' configured, but the link is actually a Frame Relay multipoint subinterface. The OSPF neighbors remain stuck in EXSTART state. Which is the most likely explanation?

69

An engineer configures EIGRP named mode on a router and uses an offset-list to increase the feasible distance (FD) of a specific route. Unexpectedly, the route is still installed in the routing table with the original metric. Which is the most likely explanation?

70

An engineer configures iBGP between two routers in the same AS. The BGP table shows the prefix, but it is not installed in the routing table. The next-hop is reachable via an IGP route. Which is the most likely explanation?

71

An engineer configures mutual redistribution between OSPF and EIGRP on a router. After a few minutes, the router's CPU spikes and routes start flapping. Which is the most likely explanation?

72

An engineer configures a DMVPN Phase 2 network. Spoke routers can communicate with the hub, but spoke-to-spoke traffic does not trigger a direct tunnel. Which is the most likely explanation?

73

An engineer configures an IPsec site-to-site VPN between two routers. The tunnel comes up, but traffic is not encrypted. Which is the most likely explanation?

74

An engineer configures Control Plane Policing (CoPP) on a router to protect the control plane. After applying the policy, OSPF neighbors go down. The CoPP policy has a class that matches OSPF traffic with a rate-limit of 100 pps. Which is the most likely explanation?

75

An engineer configures unicast Reverse Path Forwarding (uRPF) in strict mode on an interface connected to a network with asymmetric routing. Users report intermittent connectivity issues. Which is the most likely explanation?

76

An engineer configures NAT overload (PAT) on a router to translate internal addresses to a single public IP. Users can browse the web, but some applications that use non-standard ports fail. Which is the most likely explanation?

Practice all 76 NAT and PAT questions

Other 300-410 exam domains

Layer 3 TechnologiesEIGRP TroubleshootingOSPF Troubleshooting (v2/v3)BGP TroubleshootingRoute RedistributionPolicy-Based Routing (PBR)VRF-LiteRoute Maps and Route FilteringAdministrative DistanceRoute SummarizationBidirectional Forwarding Detection (BFD)VPN TechnologiesMPLS OperationsMPLS L3VPNDMVPNIPsec Site-to-Site VPNIPv6 Tunneling TechniquesInfrastructure SecurityDevice Access ControlIPv4 Access Control ListsIPv6 Traffic Filtering and uRPFControl Plane Policing (CoPP)IPv6 First Hop SecurityInfrastructure ServicesDevice ManagementSNMP TroubleshootingNetwork Logging and SyslogEmbedded Event Manager (EEM)IP SLANetFlow and Flexible NetFlowSPAN, RSPAN, and ERSPANDHCP (IPv4 and IPv6)

Frequently asked questions

What does the NAT and PAT domain cover on the 300-410 exam?

The NAT and PAT domain covers the key concepts tested in this area of the 300-410 exam blueprint published by Cisco. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all 300-410 domains — no account required.

How many NAT and PAT questions are in the 300-410 question bank?

The Courseiva 300-410 question bank contains 76 questions in the NAT and PAT domain. Click any question to see the full explanation and answer breakdown.

What is the best way to practice NAT and PAT for 300-410?

Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.

Can I practice only NAT and PAT questions for 300-410?

Yes — the session launcher on this page draws questions exclusively from the NAT and PAT domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.

Free forever · No credit card required

Track your 300-410 domain progress

Save your results, see per-domain analytics, and get readiness scores — free, for every certification.

Sign Up Free

Free forever · Every certification included

Practice Session

10 questions20 questions30 questions50 questions

Study Resources

All DomainsPractice TestMock ExamFlashcardsStudy Guide