Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertifications350-401ScenariosDHCP Troubleshooting Scenarios
Scenario PracticeCisco · 350-401

350-401 DHCP Troubleshooting Scenarios

DHCP questions cover server configuration, relay agents (ip helper-address), DHCP snooping, and the four-step DORA handshake. Common exam scenarios: a host isn't getting an IP, a relay agent isn't forwarding requests, or a rogue DHCP server is handing out wrong addresses.

Start Scenario Practice

Other Scenarios

Refer to the ExhibitSW1 and SW2 VLAN TrunkingRouter R1 Cannot Reach R3Show IP Route OutputWhich Command Should the Administrator UseDrag and Drop Ordering QuestionsDrag and Drop Matching QuestionsSelect Two (Multi-Select) QuestionsPerformance-Based Questions (PBQs)Hard Difficulty QuestionsTroubleshooting Scenario QuestionsShow Command Output QuestionsOSPF Troubleshooting ScenariosVLAN and Inter-VLAN Routing ScenariosSpanning Tree Protocol ScenariosNAT and PAT Configuration ScenariosAccess Control List (ACL) ScenariosEtherChannel and LACP ScenariosWireless LAN and WLC ScenariosIPv6 Configuration Scenarios

Study Tools

Practice TestTopic PracticeMock Exam

Common Traps on DHCP Troubleshooting Scenarios

  • ·Applying 'ip helper-address' on the wrong interface — it goes on the interface FACING the clients, not the server.
  • ·Forgetting to exclude the gateway IP from the pool — DHCP might assign the router's own IP to a client.
  • ·Confusing DHCP snooping with DAI (Dynamic ARP Inspection) — snooping prevents rogue DHCP; DAI prevents ARP spoofing.
  • ·Expecting clients to get IPs from a server that shares their subnet without a relay — same subnet doesn't need a relay.

Sample Questions

Practice all 15 →
1.

Your company has deployed a Cisco Catalyst 9300 switch stack as the distribution layer for a campus network. The network uses VLANs 10 (data), 20 (voice), and 30 (management). The switch stack is configured with DHCP snooping, Dynamic ARP Inspection (DAI), and IP Source Guard (IPSG) on access ports. Recently, users in VLAN 10 report intermittent connectivity issues. You notice that some users receive duplicate IP addresses from the DHCP server. The DHCP server is connected to a trunk port on the switch stack. After reviewing logs, you see that DHCPACK messages are being dropped on the trunk port. The DHCP snooping binding table shows entries for legitimate clients, but also some entries with MAC addresses from a different vendor. Which action should you take to resolve the issue?

A.Manually shut down the access ports that have unknown MAC addresses in the binding table.
B.Disable Dynamic ARP Inspection on VLAN 10.
C.Configure the trunk port connecting to the DHCP server as a trusted port for DHCP snooping.
D.Disable IP Source Guard on all access ports in VLAN 10.

Explanation: The DHCP snooping feature treats all ports as untrusted by default, which means DHCP server messages (DHCPOFFER, DHCPACK, DHCPNAK) are dropped on untrusted ports. Since the DHCP server is connected to a trunk port and DHCPACK messages are being dropped, that trunk port must be explicitly configured as a trusted port for DHCP snooping using the 'ip dhcp snooping trust' interface command. This allows legitimate DHCP server responses to reach clients, resolving the duplicate IP address issue caused by clients not receiving their assigned addresses.

2.

A network administrator is troubleshooting a DHCP snooping issue on a Cisco switch. The switch is configured with DHCP snooping globally and on VLAN 10. The trusted interface is GigabitEthernet0/1 connected to the DHCP server. However, clients on VLAN 10 are not receiving IP addresses from the DHCP server. What is the most likely cause?

A.The switch has IP Source Guard enabled, blocking valid DHCP traffic.
B.The interface GigabitEthernet0/1 is not configured as a trusted port for DHCP snooping.
C.The DHCP server is on a different subnet and the switch lacks an IP helper address.
D.The DHCP server is sending offers too quickly, exceeding the rate-limit on the switch.

Explanation: Option B is correct because the scenario states that DHCP snooping is configured globally and on VLAN 10, and that GigabitEthernet0/1 is connected to the DHCP server. However, for DHCP snooping to allow DHCP server messages (OFFER, ACK) to be forwarded, the interface connected to the legitimate DHCP server must be explicitly configured as a trusted port using the 'ip dhcp snooping trust' interface command. Without this, the switch treats all DHCP server responses as untrusted and drops them, preventing clients from receiving IP addresses.

3.

Refer to the exhibit. A network administrator notices that some DHCP packets are being dropped due to 'MAC Address Mismatch'. What is the most likely cause of this drop?

A.The DHCP server is sending packets with an incorrect server identifier option.
B.The DHCP client is using a different MAC address in the DHCP packet than the source MAC in the Ethernet frame.
C.The DHCP client is sending a request with an incorrect transaction ID.
D.The DHCP offer packet is arriving on an untrusted port.

Explanation: The DHCP snooping feature on a switch compares the source MAC address in the Ethernet frame with the chaddr (client hardware address) field inside the DHCP packet. When a DHCP client sends a packet with a different MAC in the frame than in the chaddr field, the switch considers it a 'MAC Address Mismatch' and drops the packet. This security mechanism prevents a rogue client from spoofing another device's MAC address to obtain a lease.

4.

A network engineer is configuring a Cisco router as a DHCP relay agent to forward DHCP requests from a client VLAN to a centralized DHCP server located in a different subnet. The engineer configures the ip helper-address command on the VLAN interface. However, clients in the VLAN are not receiving IP addresses. The DHCP server is reachable from the router. What is the most likely cause?

A.The ip helper-address command is applied on the wrong interface (e.g., the interface facing the DHCP server).
B.The DHCP server is not configured with a scope for the client subnet.
C.The router does not have a return route to the client subnet, so the DHCP server's reply is dropped.
D.The DHCP client is using DHCPv6 instead of DHCPv4.

Explanation: The ip helper-address command forwards DHCP broadcasts as unicasts to the specified server. If the DHCP server receives the request but the reply cannot be routed back to the client, the client will not get an address. This often happens when the router does not have a route back to the client subnet.

5.

A network engineer is troubleshooting a DHCP issue on a Cisco router configured as a DHCP server for a VLAN. Clients in the VLAN are able to obtain IP addresses from the DHCP server, but they are not receiving the correct DNS server address. The engineer checks the DHCP pool configuration and sees the dns-server command is configured with the correct IP address. What is the most likely cause of the problem?

A.The DHCP pool is not associated with the correct VLAN interface using the network command.
B.The DNS server is unreachable from the DHCP server.
C.The ip dhcp excluded-address command is blocking the DNS server IP.
D.The DHCP client is configured with a static DNS server address.

Explanation: The DHCP server configuration appears correct, but the clients are not receiving the DNS server address. This often happens when the DHCP server is not the default gateway and DHCP relay is involved, or when the DHCP pool is not bound to the correct interface.

+10 more scenario questions available

Practice all DHCP Troubleshooting Scenarios

Related Topics

dhcp serverdhcp relay agentdhcp snooping

Frequently asked questions

How do "DHCP Troubleshooting Scenarios" appear on the real 350-401?

DHCP questions cover server configuration, relay agents (ip helper-address), DHCP snooping, and the four-step DORA handshake. Common exam scenarios: a host isn't getting an IP, a relay agent isn't forwarding requests, or a rogue DHCP server is handing out wrong addresses. These appear throughout the 350-401 and require you to apply your knowledge, not just recall facts.

How many scenario questions are on the 350-401 exam?

Cisco doesn't publish an exact breakdown, but scenario-based questions (especially exhibit and command-output formats) make up a significant portion of the 350-401. Practicing each scenario type ensures you're ready for any format.

Are these 350-401 scenario practice questions free?

Yes. Courseiva provides free 350-401 scenario practice across all official exam domains. The platform includes scenario-based questions, command-output interpretation, topic-based practice, mock exams, and readiness tracking — no account required.

Ready to practice this scenario type?

Launch a full DHCP Troubleshooting Scenarios session with instant scoring and detailed explanations.

Start Scenario Practice →

Scenario Info

Type

Scenario Practice

Exam

350-401

Questions

15+