Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

Certifications›300-410›Objectives›Device Access Control
Objective 301.0

Device Access Control

300-410 Practice Questions

Full Practice Test →All Objectives

300-410 Device Access Control — Practice Questions

30 questions from this objective

Question 2mediummultiple choice
Read the full VPN explanation →

A network engineer is troubleshooting a site-to-site VPN between two Cisco routers. The tunnel is up, but traffic is not passing. On R1, the engineer issues the command 'show crypto map' and sees that the crypto map is applied to the outbound interface. What is the most likely cause of the traffic failure?

Question 3mediummultiple choice
Study the full AAA explanation →

A network administrator is configuring AAA for device access on a Cisco router. After configuring the RADIUS server and AAA authentication login default group radius local, the engineer tests Telnet access and receives 'Access denied' even with correct credentials. The RADIUS server is reachable. What is the most likely cause?

Question 4hardmultiple choice
Review the full routing breakdown →

An engineer configures a Cisco router for SSH access. The router has an IP address on interface GigabitEthernet0/0, and the engineer generates RSA keys using the command 'crypto key generate rsa modulus 2048'. However, SSH connections fail with 'Connection refused'. What is the most likely cause?

Question 5mediummultiple choice
Read the full network assurance explanation →

A network engineer is troubleshooting a Cisco router that is not responding to SNMP polls from a management station. The router has 'snmp-server community public RO' configured. The management station can ping the router. What is the most likely cause?

Question 6hardmultiple choice
Study the full AAA explanation →

An engineer configures a Cisco router with 'aaa authentication login default local' and 'aaa authorization exec default local'. The engineer then attempts to log in via the console and is prompted for a username and password. The username 'admin' with password 'cisco' is configured locally. The login fails. What is the most likely cause?

Question 7mediummultiple choice
Study the full AAA explanation →

A network engineer is troubleshooting a Cisco router that is configured for RADIUS authentication. The engineer issues 'debug radius authentication' and sees that the RADIUS server is not responding. The router can ping the RADIUS server. What is the most likely cause?

Question 8hardmultiple choice
Review the full routing breakdown →

An engineer configures a Cisco router with 'ip http server' and 'ip http authentication local' for web-based management. The engineer creates a local username 'admin' with privilege level 15. However, when accessing the router via HTTP, the engineer is prompted for credentials but access is denied. What is the most likely cause?

Question 9mediummultiple choice
Study the full AAA explanation →

A network engineer is troubleshooting a Cisco router that is configured for TACACS+ authentication. The engineer issues 'test aaa group tacacs+ admin cisco123 new-code' and receives 'FAILED'. The router can ping the TACACS+ server. What is the most likely cause?

Question 10hardmultiple choice
Study the full AAA explanation →

An engineer configures a Cisco router with 'aaa authentication login default group radius local' and 'aaa authentication enable default group radius enable'. The engineer then attempts to enter enable mode and is prompted for a password. The RADIUS server is reachable, but the enable password is not accepted. What is the most likely cause?

Question 11mediummultiple choice
Study the full EIGRP explanation →

A network engineer runs the following command on Router R1:

R1# show ip eigrp neighbors

EIGRP-IPv4 Neighbors for AS(100) H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 0 10.1.1.2 Gi0/0 13 00:12:34 1 200 0 45 1 10.2.2.2 Gi0/1 12 00:11:20 2 200 0 67 2 10.3.3.2 Gi0/2 10 00:10:15 1 200 0 89

Based on this output, which statement is correct?

Question 12mediummultiple choice
Review the full OSPF breakdown →

A network engineer runs the following command on Router R1:

R1# show ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
192.168.1.2     1     FULL/DR        00:00:35    10.1.1.2        GigabitEthernet0/0
192.168.2.2     1     2WAY/DROTHER   00:00:32    10.2.2.2        GigabitEthernet0/1
192.168.3.2     1     FULL/BDR       00:00:38    10.3.3.2        GigabitEthernet0/2

Based on this output, what is a potential issue?

Question 13mediummultiple choice
Open the full BGP breakdown →

A network engineer runs the following command on Router R1:

R1# show bgp ipv4 unicast summary

BGP router identifier 192.168.1.1, local AS number 65001 BGP table version is 10, main routing table version 10

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
10.1.1.2        4          65002    1200    1200       10    0    0 01:00:00        5
10.2.2.2        4          65003    0       0          0    0    0 never    Active

Based on this output, what is the problem with the neighbor 10.2.2.2?

Question 14mediummultiple choice
Review the full routing breakdown →

A network engineer runs the following command on Router R1:

R1# show route-map TEST

route-map TEST, permit, sequence 10 Match clauses:

ip address (access-lists): 100

Set clauses: metric 50 Policy routing matches: 0 packets, 0 bytes route-map TEST, deny, sequence 20 Match clauses:

ip address (access-lists): 101

Set clauses: Policy routing matches: 0 packets, 0 bytes

Based on this output, which statement is correct?

Question 15mediummultiple choice
Read the full MPLS explanation →

A network engineer runs the following command on Router R1:

R1# show mpls ldp neighbor

Peer LDP Ident: 192.168.2.2:0, Local LDP Ident: 192.168.1.1:0 TCP connection: 10.1.1.2.646 - 10.1.1.1.646 State: Oper; Msgs sent/rcvd: 100/100; Downstream Up time: 00:45:00 LDP discovery sources: GigabitEthernet0/0, Src IP addr: 10.1.1.2 Addresses bound to peer LDP Ident:

10.1.1.2     192.168.2.2

Based on this output, what is the state of the LDP session?

Question 16mediummultiple choice
Read the full VPN explanation →

A network engineer runs the following command on Router R1:

R1# show dmvpn
Interface: Tunnel0, IPv4 NHRP Details

Type:Hub, NHRP Peers:2,

# Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb

----- ----------------- --------------- ----- -------- ----- 1 10.0.0.2 10.1.1.2 UP 00:10:00 D 2 10.0.0.3 10.1.1.3 UP 00:05:00 D

Based on this output, what is the role of Router R1 in the DMVPN network?

Question 17mediummultiple choice
Study the full ACL explanation →

A network engineer runs the following command on Router R1:

R1# show policy-map control-plane

Control Plane

Service-policy input: CoPP class-map: MANAGEMENT (match-all) 100 packets, 10000 bytes 5 minute offered rate 0 bps police: cir 8000 bps, bc 1500 bytes conformed 100 packets, 10000 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop conformed 0 bps, exceed 0 bps

Based on this output, which statement is correct?

Question 18mediummultiple choice
Read the full VRF explanation →

A network engineer runs the following command on Router R1:

R1# show ip vrf CUSTOMER

Name Default RD Interfaces CUSTOMER 65001:100 Gi0/0.100 Gi0/1.100

Based on this output, which statement is correct?

Question 19mediummultiple choice
Review the full routing breakdown →

A network engineer runs the following command on Router R1:

R1# show ip sla statistics

IPSLAs Latest Operation Statistics

IPSLA operation id: 1 Type of operation: icmp-echo Latest RTT: 20 milliseconds Latest operation start time: 12:00:00 UTC Mon Mar 1 2021 Latest operation return code: OK Number of successes: 100 Number of failures: 0

Based on this output, which statement is correct?

Question 20mediummultiple choice
Review the full routing breakdown →

Examine the following partial configuration on a Cisco IOS-XE router:

interface GigabitEthernet0/1
 ip address 192.168.1.1 255.255.255.0
 ip access-group MY_ACL in

!

access-list 100 permit tcp any host 192.168.1.1 eq 22
access-list 
100 deny ip any any

!

line vty 0 4

transport input ssh login local !

username admin privilege 15 secret cisco

What is the effect of this configuration?

Question 21mediummultiple choice
Review the full routing breakdown →

Consider the following partial configuration on a Cisco router:

ip access-list extended BLOCK_TELNET
 deny tcp any any eq 23
 permit ip any any

!

interface Serial0/0/0
 ip access-group BLOCK_TELNET out

!

line vty 0 4

transport input telnet password cisco login

What is the effect of this configuration?

Question 22mediummultiple choice
Full question →

Examine the following partial configuration:

username admin privilege 15 secret 5 $1$abcdefg$hashedvalue
username operator privilege 1 password cisco

!

line console 0

login local !

line vty 0 4

login local transport input ssh

What is a potential security issue with this configuration?

Question 23mediummultiple choice
Read the full network assurance explanation →

Given the following partial configuration on a router:

ip access-list standard FILTER_SNMP
 permit 192.168.1.0 0.0.0.255
 deny any

!

snmp-server community public RO FILTER_SNMP
snmp-server location DataCenter
snmp-server contact admin@example.com

What is the effect of this configuration?

Question 24mediummultiple choice
Full question →

Examine the following partial configuration:

ip access-list extended MGMT_ACCESS
 permit tcp 10.0.0.0 0.255.255.255 any eq 22
 permit tcp 10.0.0.0 0.255.255.255 any eq

443

deny ip any any

!

line vty 0 4

access-class MGMT_ACCESS in transport input ssh login local

What is the effect of the 'access-class' command?

Question 25mediummultiple choice
Study the full ACL explanation →

Consider the following partial configuration:

ip access-list extended SECURE_ACCESS
 permit icmp any any echo
 permit icmp any any echo-reply
 permit tcp any host 192.168.1.1 eq 22
 permit tcp any host 192.168.1.1 eq

443

deny ip any any

!

interface GigabitEthernet0/0
 ip access-group SECURE_ACCESS in

!

interface GigabitEthernet0/1
 ip access-group SECURE_ACCESS out

What is a potential issue with this ACL placement?

Question 26easymultiple choice
Review the full OSPF breakdown →

What is the default OSPF dead interval on a broadcast multi-access network (e.g., Ethernet) when the hello interval is 10 seconds?

Question 27mediummultiple choice
Study the full EIGRP explanation →

In EIGRP, which metric component is disabled by default and must be explicitly enabled using the 'metric weights' command?

Question 28easymultiple choice
Full question →

Which of the following is true regarding the use of the 'transport input' command on a VTY line?

Question 29mediummulti select
Review the full routing breakdown →

Which TWO commands would a network engineer use to verify the status of local authentication and authorization for device access control on a Cisco IOS router? (Choose TWO.)

Question 30mediummulti select
Review the full routing breakdown →

Which TWO statements about configuring login enhancements for device access control on a Cisco IOS router are true? (Choose TWO.)

Question 31mediummulti select
Study the full AAA explanation →

Which TWO configuration steps are required to enable TACACS+ authentication for device access control on a Cisco IOS router, assuming the TACACS+ server is already reachable? (Choose TWO.)

More Device Access Control questions available in the full practice test.

Continue Practising →
←

Previous objective

Infrastructure Security

Next objective

IPv4 Access Control Lists

→

All 300-410 Objectives

  • 100.Layer 3 Technologies35%
  • 101.EIGRP Troubleshooting
  • 102.OSPF Troubleshooting (v2/v3)
  • 103.BGP Troubleshooting
  • 104.Route Redistribution
  • 105.Policy-Based Routing (PBR)
  • 106.VRF-Lite
  • 107.Route Maps and Route Filtering
  • 108.Administrative Distance
  • 109.Route Summarization
  • 110.Bidirectional Forwarding Detection (BFD)
  • 200.VPN Technologies20%
  • 201.MPLS Operations
  • 202.MPLS L3VPN
  • 203.DMVPN
  • 204.IPsec Site-to-Site VPN
  • 205.IPv6 Tunneling Techniques
  • 300.Infrastructure Security20%
  • 301.Device Access Control
  • 302.IPv4 Access Control Lists
  • 303.IPv6 Traffic Filtering and uRPF
  • 304.Control Plane Policing (CoPP)
  • 305.IPv6 First Hop Security
  • 400.Infrastructure Services25%
  • 401.Device Management
  • 402.SNMP Troubleshooting
  • 403.Network Logging and Syslog
  • 404.Embedded Event Manager (EEM)
  • 405.IP SLA
  • 406.NetFlow and Flexible NetFlow
  • 407.SPAN, RSPAN, and ERSPAN
  • 408.DHCP (IPv4 and IPv6)
  • 409.NAT and PAT