Practice 300-410 NAT and PAT questions with full explanations on every answer.
Start practicing
NAT and PAT — choose a session length
Free · No account required
Click any question to see the full explanation and answer options, or start a focused practice session above.
A network engineer is troubleshooting connectivity from a host inside a corporate network to a public web server. The host has IP 10.1.1.10/24, and the router's outside interface is 203.0.113.1/24. The engineer configured a dynamic NAT pool (203.0.113.10-203.0.113.20) and an access list permitting 10.1.1.0/24. However, traffic from the host fails. A 'show ip nat translations' reveals no translations. What is the most likely cause?
2A network engineer is troubleshooting PAT (overload) on a Cisco router. The inside network uses 192.168.1.0/24, and the outside interface has IP 198.51.100.1. The engineer configured 'ip nat inside source list 1 interface GigabitEthernet0/0 overload'. Traffic from inside hosts works initially, but after a few minutes, new connections fail. 'Show ip nat translations' shows many entries with the same outside global IP but different ports. 'Show ip nat statistics' indicates that the number of translations is near 500. What is the most likely cause?
3An engineer configures static NAT on a router to map a public IP 203.0.113.5 to an internal server 10.0.0.5. The configuration includes 'ip nat inside source static 10.0.0.5 203.0.113.5'. The server is reachable from the outside, but the server cannot initiate connections to the outside network. 'Show ip nat translations' shows the static entry. What is the most likely cause?
4A network engineer is troubleshooting NAT for a VoIP phone that uses SIP. The phone is at 192.168.2.10, and the router performs PAT to the outside interface 198.51.100.1. The phone can register with the SIP server, but calls fail after 30 seconds. The engineer notices that the SIP signaling includes the phone's private IP in the SDP body. What is the most likely cause?
5An engineer configures NAT on a router with 'ip nat inside source list 1 interface GigabitEthernet0/0 overload'. The inside hosts are 10.0.0.0/24, and the outside interface is 203.0.113.1. Traffic works for most hosts, but one host at 10.0.0.50 cannot access the internet. 'Show ip nat translations' shows no entry for this host. 'Show access-lists' shows ACL 1 permits 10.0.0.0 0.0.0.255. What is the most likely cause?
6A network engineer is troubleshooting NAT for a VPN tunnel. The router has a static NAT rule 'ip nat inside source static 10.0.0.10 203.0.113.10' for a server. The VPN traffic from the remote site to 203.0.113.10 is being NATed to 10.0.0.10, but the return traffic from the server to the remote site is not being translated back. The engineer sees that the server sends packets with source 10.0.0.10 to the remote site's public IP. What should the engineer do to fix this?
7An engineer configures NAT overload on a router. The inside network uses 172.16.0.0/16, and the outside interface is 198.51.100.1. The engineer uses 'ip nat inside source list 1 interface GigabitEthernet0/0 overload'. ACL 1 permits 172.16.0.0 0.0.255.255. Traffic works, but the engineer notices that the router's CPU utilization is high, and 'show ip nat translations' shows thousands of entries. What is the most likely cause?
8A network engineer is troubleshooting NAT for a web server that is reachable from the internet via a static NAT mapping 203.0.113.20 to 10.0.0.20. The server responds to HTTP requests, but the engineer cannot SSH to the server from the internet. 'Show ip nat translations' shows the static entry. The router's ACL on the outside interface permits TCP port 22 to 203.0.113.20. What is the most likely cause?
9An engineer configures NAT on a router with 'ip nat inside source list 1 pool POOL overload' where POOL contains 203.0.113.1-203.0.113.5. The inside hosts are 10.0.0.0/24. Traffic works, but the engineer notices that some hosts are assigned the same public IP and port, causing conflicts. 'Show ip nat translations' shows entries with the same inside global IP and port for different inside local hosts. What is the most likely cause?
10A network engineer runs the following command on Router R1: R1# show ip nat translations Pro Inside global Inside local Outside local Outside global --- 192.0.2.10 10.0.0.10 --- --- --- 192.0.2.11 10.0.0.11 --- --- --- 192.0.2.12 10.0.0.12 --- --- R1# show ip nat statistics Total active translations: 3 (0 static, 3 dynamic; 3 extended) Outside interfaces: GigabitEthernet0/1 Inside interfaces: GigabitEthernet0/0 Hits: 45 Misses: 0 CEF Translated packets: 45, CEF Punted packets: 0 Expired translations: 0 Dynamic mappings: -- Inside Source [Id] ip nat pool POOL1 192.0.2.10 192.0.2.20 netmask 255.255.255.240 refcount 3 map-id 1 overload [Id] ip nat inside source list ACL1 pool POOL1 overload refcount 3 Based on this output, which statement is correct?
11A network engineer runs the following command on Router R1: R1# show ip nat translations Pro Inside global Inside local Outside local Outside global udp 192.0.2.10:1234 10.0.0.10:1234 203.0.113.5:53 203.0.113.5:53 tcp 192.0.2.10:5678 10.0.0.10:5678 198.51.100.20:80 198.51.100.20:80 --- 192.0.2.11 10.0.0.11 --- --- R1# show ip nat statistics Total active translations: 3 (0 static, 3 dynamic; 3 extended) Outside interfaces: GigabitEthernet0/1 Inside interfaces: GigabitEthernet0/0 Hits: 100 Misses: 0 CEF Translated packets: 100, CEF Punted packets: 0 Expired translations: 0 Dynamic mappings: -- Inside Source [Id] ip nat pool POOL1 192.0.2.10 192.0.2.20 netmask 255.255.255.240 refcount 3 map-id 1 overload [Id] ip nat inside source list ACL1 pool POOL1 overload refcount 3 Based on this output, what is the problem?
12A network engineer runs the following command on Router R1: R1# show ip nat translations Pro Inside global Inside local Outside local Outside global --- 192.0.2.10 10.0.0.10 203.0.113.5 203.0.113.5 --- 192.0.2.11 10.0.0.11 203.0.113.5 203.0.113.5 R1# show ip nat statistics Total active translations: 2 (0 static, 2 dynamic; 0 extended) Outside interfaces: GigabitEthernet0/1 Inside interfaces: GigabitEthernet0/0 Hits: 20 Misses: 0 CEF Translated packets: 20, CEF Punted packets: 0 Expired translations: 0 Dynamic mappings: -- Inside Source [Id] ip nat pool POOL1 192.0.2.10 192.0.2.20 netmask 255.255.255.240 refcount 2 map-id 1 [Id] ip nat inside source list ACL1 pool POOL1 refcount 2 Based on this output, which statement is correct?
13A network engineer runs the following command on Router R1: R1# show ip nat translations Pro Inside global Inside local Outside local Outside global --- 192.0.2.10 10.0.0.10 --- --- R1# show ip nat statistics Total active translations: 1 (1 static, 0 dynamic; 0 extended) Outside interfaces: GigabitEthernet0/1 Inside interfaces: GigabitEthernet0/0 Hits: 5 Misses: 0 CEF Translated packets: 5, CEF Punted packets: 0 Expired translations: 0 Based on this output, which statement is correct?
14A network engineer runs the following command on Router R1: R1# show ip nat translations Pro Inside global Inside local Outside local Outside global tcp 192.0.2.10:80 10.0.0.10:80 203.0.113.5:12345 203.0.113.5:12345 tcp 192.0.2.10:80 10.0.0.11:80 203.0.113.5:67890 203.0.113.5:67890 R1# show ip nat statistics Total active translations: 2 (0 static, 2 dynamic; 2 extended) Outside interfaces: GigabitEthernet0/1 Inside interfaces: GigabitEthernet0/0 Hits: 50 Misses: 0 CEF Translated packets: 50, CEF Punted packets: 0 Expired translations: 0 Dynamic mappings: -- Inside Source [Id] ip nat inside source list ACL1 interface GigabitEthernet0/1 overload refcount 2 Based on this output, what is the problem?
15A network engineer runs the following command on Router R1: R1# show ip nat translations Pro Inside global Inside local Outside local Outside global --- 192.0.2.10 10.0.0.10 --- --- --- 192.0.2.11 10.0.0.11 --- --- R1# show ip nat statistics Total active translations: 2 (0 static, 2 dynamic; 0 extended) Outside interfaces: GigabitEthernet0/1 Inside interfaces: GigabitEthernet0/0 Hits: 0 Misses: 10 CEF Translated packets: 0, CEF Punted packets: 0 Expired translations: 0 Dynamic mappings: -- Inside Source [Id] ip nat pool POOL1 192.0.2.10 192.0.2.20 netmask 255.255.255.240 refcount 2 map-id 1 [Id] ip nat inside source list ACL1 pool POOL1 refcount 2 Based on this output, what is the problem?
16A network engineer runs the following command on Router R1: R1# show ip nat translations Pro Inside global Inside local Outside local Outside global --- 192.0.2.10 10.0.0.10 --- --- --- 192.0.2.11 10.0.0.11 --- --- --- 192.0.2.12 10.0.0.12 --- --- --- 192.0.2.13 10.0.0.13 --- --- --- 192.0.2.14 10.0.0.14 --- --- --- 192.0.2.15 10.0.0.15 --- --- --- 192.0.2.16 10.0.0.16 --- --- --- 192.0.2.17 10.0.0.17 --- --- --- 192.0.2.18 10.0.0.18 --- --- --- 192.0.2.19 10.0.0.19 --- --- --- 192.0.2.20 10.0.0.20 --- --- R1# show ip nat statistics Total active translations: 11 (0 static, 11 dynamic; 0 extended) Outside interfaces: GigabitEthernet0/1 Inside interfaces: GigabitEthernet0/0 Hits: 200 Misses: 0 CEF Translated packets: 200, CEF Punted packets: 0 Expired translations: 0 Dynamic mappings: -- Inside Source [Id] ip nat pool POOL1 192.0.2.10 192.0.2.20 netmask 255.255.255.240 refcount 11 map-id 1 [Id] ip nat inside source list ACL1 pool POOL1 refcount 11 Based on this output, what is the problem?
17A network engineer runs the following command on Router R1: R1# show ip nat translations Pro Inside global Inside local Outside local Outside global --- 192.0.2.10 10.0.0.10 --- --- R1# show ip nat statistics Total active translations: 1 (0 static, 1 dynamic; 0 extended) Outside interfaces: GigabitEthernet0/1 Inside interfaces: GigabitEthernet0/0 Hits: 0 Misses: 0 CEF Translated packets: 0, CEF Punted packets: 0 Expired translations: 0 Dynamic mappings: -- Inside Source [Id] ip nat pool POOL1 192.0.2.10 192.0.2.20 netmask 255.255.255.240 refcount 1 map-id 1 [Id] ip nat inside source list ACL1 pool POOL1 refcount 1 Based on this output, what is the problem?
18A network engineer runs the following command on Router R1: R1# show ip nat translations Pro Inside global Inside local Outside local Outside global udp 192.0.2.10:10000 10.0.0.10:10000 203.0.113.5:53 203.0.113.5:53 udp 192.0.2.10:10001 10.0.0.11:10000 203.0.113.5:53 203.0.113.5:53 udp 192.0.2.10:10002 10.0.0.12:10000 203.0.113.5:53 203.0.113.5:53 R1# show ip nat statistics Total active translations: 3 (0 static, 3 dynamic; 3 extended) Outside interfaces: GigabitEthernet0/1 Inside interfaces: GigabitEthernet0/0 Hits: 150 Misses: 0 CEF Translated packets: 150, CEF Punted packets: 0 Expired translations: 0 Dynamic mappings: -- Inside Source [Id] ip nat inside source list ACL1 interface GigabitEthernet0/1 overload refcount 3 Based on this output, which statement is correct?
19Consider the following partial configuration on a Cisco IOS-XE router: interface GigabitEthernet0/0 ip address 192.168.1.1 255.255.255.0 ip nat inside ! interface GigabitEthernet0/1 ip address 203.0.113.1 255.255.255.0 ip nat outside ! ip nat inside source list 1 interface GigabitEthernet0/1 overload access-list 1 permit 192.168.1.0 0.0.0.255 What is the effect of this configuration?
20Given this partial configuration: ip nat pool MYPOOL 203.0.113.10 203.0.113.20 netmask 255.255.255.0 ip nat inside source list 1 pool MYPOOL access-list 1 permit 192.168.1.0 0.0.0.255 What is the effect?
21Examine this configuration: interface GigabitEthernet0/0 ip address 10.0.0.1 255.255.255.0 ip nat inside ! interface GigabitEthernet0/1 ip address 198.51.100.1 255.255.255.0 ip nat outside ! ip nat inside source static tcp 10.0.0.10 80 198.51.100.10 8080 extendable Which statement is true?
22What is the problem with this NAT configuration? interface GigabitEthernet0/0 ip address 192.168.1.1 255.255.255.0 ip nat inside ! interface GigabitEthernet0/1 ip address 203.0.113.1 255.255.255.0 ! ip nat inside source list 1 interface GigabitEthernet0/1 overload access-list 1 permit 192.168.1.0 0.0.0.255
23Given this configuration: ip nat pool GLOBAL 203.0.113.1 203.0.113.10 prefix-length 28 ip nat inside source list 10 pool GLOBAL overload access-list 10 permit 10.0.0.0 0.255.255.255 What is the effect?
24Consider this partial configuration: ip nat inside source list 1 interface GigabitEthernet0/1 overload access-list 1 permit 192.168.1.0 0.0.0.255 ! interface GigabitEthernet0/0 ip address 192.168.1.1 255.255.255.0 ip nat inside ! interface GigabitEthernet0/1 ip address 203.0.113.1 255.255.255.0 ip nat outside ! interface GigabitEthernet0/2 ip address 172.16.0.1 255.255.255.0 ip nat inside What is true about traffic from the 172.16.0.0/24 network?
25What is the default timeout for NAT translation entries in Cisco IOS?
26Which TCP flag combination triggers the NAT translation timeout to change from the default to the 'ip nat translation tcp-timeout' value?
27According to RFC 2663, what is the term for the process of translating both the source and destination IP addresses in a packet?
28Which TWO commands would a network engineer use to verify NAT translations and their statistics on a Cisco IOS router? (Choose TWO.)
29Which TWO statements about NAT overload (PAT) are true? (Choose TWO.)
30Which TWO configuration steps are required to implement static NAT on a Cisco IOS router? (Choose TWO.)
31Which THREE symptoms indicate that NAT is misconfigured or failing on a Cisco router? (Choose THREE.)
32Which THREE commands can be used to troubleshoot NAT issues on a Cisco IOS router? (Choose THREE.)
33A large enterprise network is experiencing intermittent connectivity failures for VoIP traffic traversing a DMVPN hub-and-spoke topology. Hub router R1 has the following relevant configuration: ip nat inside source list 100 interface Tunnel0 overload. Spoke router R2 shows: show ip nat translations: Pro Inside global Inside local Outside local Outside global --- 10.1.1.1 192.168.1.1 203.0.113.1 203.0.113.1. VoIP calls drop after 30 seconds. What is the root cause?
34Router R1 is performing NAT for internal users to access the internet. The configuration includes: ip nat inside source list 100 interface GigabitEthernet0/1 overload. Internal hosts cannot reach a specific external server at 203.0.113.50. Router R1 shows: show ip nat translations: Pro Inside global Inside local Outside local Outside global --- 10.1.1.1 192.168.1.1 203.0.113.50 203.0.113.50. Debug ip nat shows 'NAT: translation failed (no buffer)'. What is the root cause?
35In a multi-VRF environment, Router R1 is leaking routes between VRF A and VRF B using route-target import/export. Hosts in VRF A can ping hosts in VRF B, but traffic from VRF B to VRF A fails when NAT is applied on the VRF A egress interface. Configuration: ip nat inside source list 100 interface GigabitEthernet0/1 vrf A overload. Router R1 shows: show ip nat translations vrf A: no entries. What is the root cause?
36Router R1 is configured with ip nat inside source list 100 interface Loopback0 overload. Internal hosts at 192.168.1.0/24 can access the internet, but external hosts cannot initiate connections to an internal server at 10.1.1.10 that is also behind NAT. The server is supposed to be reachable via static NAT. Configuration: ip nat inside source static tcp 10.1.1.10 80 interface Loopback0 80. Router R1 shows: show ip nat translations: Pro Inside global Inside local Outside local Outside global tcp 10.1.1.10:80 10.1.1.10:80 --- ---. External users get connection timeouts. What is the root cause?
37Router R1 is configured with ip nat inside source list 100 interface GigabitEthernet0/1 overload. Users report that some websites load slowly or partially. Router R1 shows: show ip nat statistics: Total active translations: 65535 (0 static, 65535 dynamic; 65535 extended). The NAT pool is exhausted. What is the root cause?
38Router R1 is configured with ip nat inside source list 100 interface GigabitEthernet0/1 overload. Internal host 192.168.1.10 can ping external host 203.0.113.50, but cannot establish a TCP connection to port 443. Router R1 shows: debug ip nat: NAT: s=192.168.1.10->203.0.113.1, d=203.0.113.50 [0]. The external host shows no received packets. What is the root cause?
39Router R1 is configured with ip nat inside source list 100 interface GigabitEthernet0/1 overload. Internal hosts can access the internet, but traffic to a specific external server at 203.0.113.100 is being translated to a different source IP than expected. Router R1 shows: show ip nat translations: Pro Inside global Inside local Outside local Outside global --- 10.1.1.1 192.168.1.1 203.0.113.100 203.0.113.100. The server logs show connections from 10.1.1.1 instead of 203.0.113.1. What is the root cause?
40Router R1 is configured with ip nat inside source list 100 interface GigabitEthernet0/1 overload. Internal host 192.168.1.10 can access the internet, but when it tries to connect to an internal server at 10.1.1.10 via its public IP 203.0.113.10, the connection fails. Router R1 shows: show ip nat translations: Pro Inside global Inside local Outside local Outside global --- 203.0.113.10 10.1.1.10 --- ---. The host's traffic is being NATed to 203.0.113.1, but the server's response is sent to 203.0.113.1. What is the root cause?
41Router R1 is configured with ip nat inside source list 100 interface GigabitEthernet0/1 overload. Internal hosts can access the internet, but traffic to a specific external server at 203.0.113.200 is being dropped. Router R1 shows: show ip nat statistics: Total active translations: 1000. Debug ip nat: NAT: s=192.168.1.1->203.0.113.1, d=203.0.113.200 [0]. The external server shows no received packets. What is the root cause?
42A network engineer runs the following command to troubleshoot a NAT issue: R1# debug ip nat detailed NAT: s=10.1.1.1->10.2.2.2, d=192.168.1.1 [45] NAT: s=10.1.1.1->10.2.2.2, d=192.168.1.1 [46] NAT: s=10.1.1.1->10.2.2.2, d=192.168.1.1 [47] NAT*: s=192.168.1.1, d=10.2.2.2->10.1.1.1 [48] NAT: s=10.1.1.1->10.2.2.2, d=192.168.1.1 [49] What does this output indicate?
43A network engineer runs the following command to verify NAT translations: R1# show ip nat translations verbose Pro Inside global Inside local Outside local Outside global --- 10.2.2.2 10.1.1.1 192.168.1.1 192.168.1.1 create 00:00:15, use 00:00:05, flags: extended, timing-out What does the 'extended' flag indicate?
44A network engineer runs the following command to troubleshoot PAT exhaustion: R1# show ip nat statistics Total active translations: 1024 (0 static, 1024 dynamic; 1024 extended) Outside interfaces: GigabitEthernet0/1 Inside interfaces: GigabitEthernet0/0 Hits: 50000 Misses: 10 CEF Translated packets: 45000, CEF Punted packets: 5000 Expired translations: 2000 Dynamic mappings: -- Inside Source [Id: 1] access-list NAT permit ip 10.0.0.0 0.255.255.255 any refcount 1024, pool MyPool pool MyPool: netmask 255.255.255.240 start 203.0.113.1 end 203.0.113.14 type generic, total addresses 14, allocated 14 (100%), misses 0 What is the most likely issue?
45A network engineer runs the following command to debug NAT with access lists: R1# debug ip nat access-list 100 NAT: access list 100 matched ip 10.1.1.1 -> 192.168.1.1 NAT: access list 100 matched ip 10.1.1.2 -> 192.168.1.1 NAT: access list 100 matched ip 10.1.1.3 -> 192.168.1.1 NAT: access list 100 matched ip 10.1.1.4 -> 192.168.1.1 What does this output indicate?
46A network engineer runs the following command to verify NAT on a VRF: R1# show ip nat translations vrf CUSTOMER Pro Inside global Inside local Outside local Outside global --- 10.2.2.2 10.1.1.1 192.168.1.1 192.168.1.1 What is the purpose of the 'vrf CUSTOMER' parameter?
47A network engineer runs the following command to debug NAT with overload: R1# debug ip nat overload NAT: overload: s=10.1.1.1:1234->203.0.113.1:5678, d=192.168.1.1:80 [50] NAT: overload: s=10.1.1.1:1235->203.0.113.1:5679, d=192.168.1.1:80 [51] NAT: overload: s=10.1.1.2:80->203.0.113.1:5680, d=192.168.1.1:1024 [52] What does this output indicate?
48A network engineer runs the following command to verify NAT after a fix: R1# show ip nat translations Pro Inside global Inside local Outside local Outside global --- 203.0.113.1 10.1.1.1 192.168.1.1 192.168.1.1 --- 203.0.113.2 10.1.1.2 192.168.1.2 192.168.1.2 What is the most likely configuration?
49A network engineer runs the following command to debug NAT with route maps: R1# debug ip nat policy NAT: policy: match ip address 100 NAT: policy: match ip address 100 NAT: policy: match ip address 100 NAT: policy: route-map RM-NAT permit 10 match ip address 100 set ip next-hop 10.0.0.1 What does this output indicate?
50A network engineer runs the following command to verify NAT on an interface: R1# show ip nat interface GigabitEthernet0/1 GigabitEthernet0/1 is up, line protocol is up NAT: inside, active NAT: outside, active NAT: overload, active What is the issue with this configuration?
51What is the default timeout value for a NAT translation entry that is not using Port Address Translation (PAT) in Cisco IOS?
52Which statement accurately describes the behavior of the ip nat inside source static command when configuring static NAT for a single inside host?
53According to RFC 4787 (NAT Behavioral Requirements for UDP), what is the recommended default timeout for UDP NAT mappings?
54In Cisco IOS, what is the default timeout for TCP NAT translations when the TCP session is idle?
55Which of the following is true regarding the default behavior of NAT in Cisco IOS when handling ICMP traffic?
56In the context of NAT and PAT, what is the purpose of the ip nat translation timeout command?
57Which of the following is a limitation of NAT as defined in RFC 2663?
58In Cisco IOS, what is the default behavior of the ip nat service command?
59What is the default maximum number of NAT translations that can be created in Cisco IOS?
60Drag and drop the steps to configure PAT (overload) for dynamic source NAT into the correct order, from first to last.
61Drag and drop the steps to troubleshoot NAT and PAT adjacency or connectivity failures into the correct order, from first to last.
62Drag and drop the steps to verify and validate NAT and PAT operational state into the correct order, from first to last.
63Which TWO statements correctly describe the behavior of NAT with route maps and ACLs when using the 'ip nat inside source route-map' feature? (Choose TWO.)
64An engineer must configure NAT so that inside hosts (192.168.1.0/24) are translated to a public IP pool (203.0.113.1-203.0.113.10) when accessing the Internet, but must NOT translate traffic destined to a VPN subnet (10.10.10.0/24) reachable via the same outside interface. Which TWO configuration steps are required? (Choose TWO.)
65Which TWO statements about the 'ip nat outside source' feature are true? (Choose TWO.)
66An engineer is troubleshooting a PAT overload configuration on a Cisco router. Inside hosts can access the Internet, but some applications (e.g., FTP, SIP) fail. Which TWO commands can be used to verify the NAT translations and identify the issue? (Choose TWO.)
67Which THREE statements about NAT and PAT behavior in Cisco IOS are true? (Choose THREE.)
68An engineer configures OSPF on two routers connected via a serial link. Both routers have 'ip ospf network point-to-point' configured, but the link is actually a Frame Relay multipoint subinterface. The OSPF neighbors remain stuck in EXSTART state. Which is the most likely explanation?
69An engineer configures EIGRP named mode on a router and uses an offset-list to increase the feasible distance (FD) of a specific route. Unexpectedly, the route is still installed in the routing table with the original metric. Which is the most likely explanation?
70An engineer configures iBGP between two routers in the same AS. The BGP table shows the prefix, but it is not installed in the routing table. The next-hop is reachable via an IGP route. Which is the most likely explanation?
71An engineer configures mutual redistribution between OSPF and EIGRP on a router. After a few minutes, the router's CPU spikes and routes start flapping. Which is the most likely explanation?
72An engineer configures a DMVPN Phase 2 network. Spoke routers can communicate with the hub, but spoke-to-spoke traffic does not trigger a direct tunnel. Which is the most likely explanation?
73An engineer configures an IPsec site-to-site VPN between two routers. The tunnel comes up, but traffic is not encrypted. Which is the most likely explanation?
74An engineer configures Control Plane Policing (CoPP) on a router to protect the control plane. After applying the policy, OSPF neighbors go down. The CoPP policy has a class that matches OSPF traffic with a rate-limit of 100 pps. Which is the most likely explanation?
75An engineer configures unicast Reverse Path Forwarding (uRPF) in strict mode on an interface connected to a network with asymmetric routing. Users report intermittent connectivity issues. Which is the most likely explanation?
76An engineer configures NAT overload (PAT) on a router to translate internal addresses to a single public IP. Users can browse the web, but some applications that use non-standard ports fail. Which is the most likely explanation?
The NAT and PAT domain covers the key concepts tested in this area of the 300-410 exam blueprint published by Cisco. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all 300-410 domains — no account required.
The Courseiva 300-410 question bank contains 76 questions in the NAT and PAT domain. Click any question to see the full explanation and answer breakdown.
Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.
Yes — the session launcher on this page draws questions exclusively from the NAT and PAT domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.
Save your results, see per-domain analytics, and get readiness scores — free, for every certification.
Sign Up FreeFree forever · Every certification included