Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertifications350-401ScenariosVLAN and Inter-VLAN Routing Scenarios
Scenario PracticeCisco · 350-401

350-401 VLAN and Inter-VLAN Routing Scenarios

VLAN misconfiguration is one of the top sources of connectivity failures in real networks and one of the most tested areas on the CCNA. These questions cover VLAN access ports, 802.1Q trunks, native VLANs, and router-on-a-stick or layer-3 switch inter-VLAN routing.

Start Scenario Practice

Other Scenarios

Refer to the ExhibitSW1 and SW2 VLAN TrunkingRouter R1 Cannot Reach R3Show IP Route OutputWhich Command Should the Administrator UseDrag and Drop Ordering QuestionsDrag and Drop Matching QuestionsSelect Two (Multi-Select) QuestionsPerformance-Based Questions (PBQs)Hard Difficulty QuestionsTroubleshooting Scenario QuestionsShow Command Output QuestionsOSPF Troubleshooting ScenariosSpanning Tree Protocol ScenariosNAT and PAT Configuration ScenariosAccess Control List (ACL) ScenariosDHCP Troubleshooting ScenariosEtherChannel and LACP ScenariosWireless LAN and WLC ScenariosIPv6 Configuration Scenarios

Study Tools

Practice TestTopic PracticeMock Exam

Common Traps on VLAN and Inter-VLAN Routing Scenarios

  • ·Forgetting to create the VLAN before assigning ports to it — ports stuck in 'inactive' state.
  • ·Confusing 'switchport mode trunk' (unconditional) with 'switchport mode dynamic desirable' (negotiated).
  • ·Setting a sub-interface IP but forgetting 'encapsulation dot1q [vlan-id]' on the sub-interface.
  • ·Leaving the native VLAN as VLAN 1 on one end but changing it on the other — this causes a mismatch.

Sample Questions

Practice all 15 →
1.

Drag and drop the steps to configure VLAN Trunking Protocol (VTP) on a Cisco switch in the correct order.

Explanation: VTP requires setting mode and domain before trunking works; verification confirms operation.

2.

A network administrator is troubleshooting a performance issue in a large enterprise campus network. The network consists of Cisco Catalyst 9300 switches acting as access switches and Cisco Catalyst 9500 switches as distribution. Users on VLAN 10 report intermittent slow file transfers to a server on VLAN 20. The administrator has verified that there are no errors on the links, CPU utilization is normal, and STP topology is stable. The administrator suspects a possible QoS issue. Upon checking the QoS configuration on the access switch, the administrator finds that the default QoS configuration is in place, which trusts the CoS value at the port level. The connected devices are IP phones and PCs; the IP phones mark voice traffic with CoS 5. The server on VLAN 20 is connected to a distribution switch. Which action should the administrator take to most likely resolve the issue?

A.Apply a policy map that polices voice traffic to 128 kbps to free bandwidth for data.
B.Disable QoS entirely on all switches to eliminate any potential QoS-related drops.
C.Configure auto QoS for VoIP on the access ports to ensure proper classification and queuing.
D.Configure trust DSCP on the access ports to prioritize all traffic based on DSCP values.

Explanation: Option C is correct because Auto QoS for VoIP automatically configures the necessary class maps, policy maps, and trust settings to properly classify and queue voice traffic (CoS 5) while ensuring data traffic is not starved. The default QoS configuration trusts CoS at the port level, but without proper queuing and scheduling, voice and data may compete for buffers, causing intermittent slow file transfers. Auto QoS sets up strict priority queuing for voice and allocates bandwidth for data, resolving the performance issue without manual misconfiguration.

3.

Your company has deployed a Cisco Catalyst 9300 switch stack as the distribution layer for a campus network. The network uses VLANs 10 (data), 20 (voice), and 30 (management). The switch stack is configured with DHCP snooping, Dynamic ARP Inspection (DAI), and IP Source Guard (IPSG) on access ports. Recently, users in VLAN 10 report intermittent connectivity issues. You notice that some users receive duplicate IP addresses from the DHCP server. The DHCP server is connected to a trunk port on the switch stack. After reviewing logs, you see that DHCPACK messages are being dropped on the trunk port. The DHCP snooping binding table shows entries for legitimate clients, but also some entries with MAC addresses from a different vendor. Which action should you take to resolve the issue?

A.Manually shut down the access ports that have unknown MAC addresses in the binding table.
B.Disable Dynamic ARP Inspection on VLAN 10.
C.Configure the trunk port connecting to the DHCP server as a trusted port for DHCP snooping.
D.Disable IP Source Guard on all access ports in VLAN 10.

Explanation: The DHCP snooping feature treats all ports as untrusted by default, which means DHCP server messages (DHCPOFFER, DHCPACK, DHCPNAK) are dropped on untrusted ports. Since the DHCP server is connected to a trunk port and DHCPACK messages are being dropped, that trunk port must be explicitly configured as a trusted port for DHCP snooping using the 'ip dhcp snooping trust' interface command. This allows legitimate DHCP server responses to reach clients, resolving the duplicate IP address issue caused by clients not receiving their assigned addresses.

4.

Which TWO of the following are valid methods to mitigate VLAN hopping attacks?

A.Configure switchport mode dynamic auto on all ports.
B.Disable Dynamic Trunking Protocol (DTP) on all access ports.
C.Set the native VLAN to VLAN 1 on all trunk ports.
D.Set the native VLAN to an unused VLAN ID on all trunk ports.

Explanation: Option B is correct because disabling Dynamic Trunking Protocol (DTP) on all access ports prevents a switch port from automatically negotiating a trunk, which is the primary vector for VLAN hopping attacks. An attacker can spoof DTP messages to force a port into trunking mode, gaining access to multiple VLANs; disabling DTP eliminates this risk.

5.

Examine the following configuration snippet: interface GigabitEthernet1/0/1 switchport mode access switchport access vlan 100 spanning-tree portfast spanning-tree bpduguard enable What is the effect of this configuration?

A.The port will immediately transition to forwarding state and will be error-disabled if a BPDU is received.
B.The port will remain in blocking state until a BPDU is received from the root bridge.
C.The port will only forward BPDUs and will not forward data traffic.
D.The port will participate in RSTP and will not be affected by BPDU reception.

Explanation: The configuration enables PortFast and BPDU Guard on an access port. PortFast immediately transitions the port to forwarding state, bypassing the usual STP listening and learning phases. BPDU Guard monitors for incoming BPDUs; if any are received, it error-disables the port to prevent a potential bridging loop from an unauthorized switch connection.

+10 more scenario questions available

Practice all VLAN and Inter-VLAN Routing Scenarios

Related Topics

vlan configurationinter-vlan routingtrunk links

Frequently asked questions

How do "VLAN and Inter-VLAN Routing Scenarios" appear on the real 350-401?

VLAN misconfiguration is one of the top sources of connectivity failures in real networks and one of the most tested areas on the CCNA. These questions cover VLAN access ports, 802.1Q trunks, native VLANs, and router-on-a-stick or layer-3 switch inter-VLAN routing. These appear throughout the 350-401 and require you to apply your knowledge, not just recall facts.

How many scenario questions are on the 350-401 exam?

Cisco doesn't publish an exact breakdown, but scenario-based questions (especially exhibit and command-output formats) make up a significant portion of the 350-401. Practicing each scenario type ensures you're ready for any format.

Are these 350-401 scenario practice questions free?

Yes. Courseiva provides free 350-401 scenario practice across all official exam domains. The platform includes scenario-based questions, command-output interpretation, topic-based practice, mock exams, and readiness tracking — no account required.

Ready to practice this scenario type?

Launch a full VLAN and Inter-VLAN Routing Scenarios session with instant scoring and detailed explanations.

Start Scenario Practice →

Scenario Info

Type

Scenario Practice

Exam

350-401

Questions

15+