Practice LPIC-2 Advanced Networking Configuration questions with full explanations on every answer.
Start practicing
Advanced Networking Configuration — choose a session length
Free · No account required
Click any question to see the full explanation and answer options, or start a focused practice session above.
An administrator wants to configure a virtual IP address on interface eth0 with IP 192.168.1.100/24. Which command correctly adds the virtual IP as an alias?
2A system administrator notices that the default gateway is missing after a reboot. The network configuration uses ifup/ifdown scripts. Which file should be modified to ensure the default gateway is persistent?
3A server with IP 10.0.0.1 needs to forward packets from network 192.168.1.0/24 to 10.0.0.0/24. The administrator runs: 'iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -d 10.0.0.0/24 -j MASQUERADE'. However, traffic from 192.168.1.0/24 cannot reach 10.0.0.0/24. What is the most likely missing configuration?
4An administrator needs to configure a wireless interface wlan0 with WPA2-PSK authentication and a static IP address 192.168.2.50/24. Which tool should be used to configure the wireless settings?
5After adding a new network interface, the system assigns it the name 'enp0s3' instead of 'eth0'. Which of the following best describes the reason for this change?
6An administrator wants to check the ARP cache for a specific IP address 192.168.1.1. Which command will display the ARP entry for that address?
7A company has a server with two network interfaces: eth0 (public IP) and eth1 (private IP). The administrator wants to allow SSH from the public network only. Which iptables rule set achieves this?
8Which TWO commands can be used to display the routing table on a Linux system?
9Which THREE conditions must be met for a Linux system to act as a router between two networks?
10Which TWO statements about the /etc/hosts file are true?
11Refer to the exhibit. A packet is sent from 192.168.1.100 to 10.0.0.5. Which interface will the packet exit?
12Refer to the exhibit. If a user on the local machine tries to SSH to a remote host on eth1, what will happen?
13You are a network administrator for a medium-sized company. The company has a Linux server acting as a router/firewall with three network interfaces: eth0 (public, 203.0.113.2/24, gateway 203.0.113.1), eth1 (DMZ, 10.0.1.1/24), and eth2 (internal, 192.168.1.1/24). The DMZ hosts a web server with IP 10.0.1.100, and the internal network has client machines. The firewall rules are currently set to default DROP on INPUT and FORWARD, ACCEPT on OUTPUT. The administrator wants to allow internal clients (192.168.1.0/24) to access the web server (10.0.1.100) on port 80. Additionally, the administrator wants to allow external users (from the internet) to access the web server's public IP (203.0.113.2) on port 80, which should be DNATed to 10.0.1.100. The administrator has enabled IP forwarding and added the following rules: iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 10.0.1.100:80 iptables -A FORWARD -i eth0 -o eth1 -p tcp --dport 80 -j ACCEPT iptables -A FORWARD -i eth1 -o eth0 -p tcp --sport 80 -j ACCEPT Internal clients cannot access the web server. External users are able to access the web server successfully. What is the most likely reason internal clients cannot access the web server?
14A network administrator notices that a Linux router with two network interfaces is not forwarding packets between them, despite having IP forwarding enabled in the kernel. The administrator has verified that the firewall rules are not blocking the traffic. What is the most likely cause of the issue?
15Which TWO of the following are valid methods to configure a Linux system to use a specific DNS server for name resolution?
16A client on the internet sends a TCP SYN packet to 10.0.1.10:8080. The router receives it on eth0. According to the exhibit, what will happen to the packet?
17An administrator needs to prioritize traffic for a VoIP application over other traffic on a Linux router. Which tool should be used to implement traffic shaping and prioritization?
18A company has a Linux server with two network interfaces: eth0 connected to the internal 192.168.1.0/24 network, and eth1 connected to the internet via a public IP of 203.0.113.10. The server runs a web server on port 80 and needs to allow internal clients to access the internet while hiding their private IPs (MASQUERADE). Additionally, external users should be able to reach the web server using the public IP. The administrator has enabled IP forwarding and configured iptables with the following rules: iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT iptables -A FORWARD -i eth1 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT However, internal clients can access the internet, but external users cannot reach the web server. What should the administrator do to fix the issue?
19A company has multiple subnets and wants to implement policy-based routing to direct traffic from a specific development subnet (192.168.10.0/24) through a specialized firewall for content filtering, while all other traffic uses the default gateway. Which of the following steps is required to achieve this using iproute2 tools?
20Which TWO network diagnostic steps should be performed to isolate a problem where a Linux server (IP 10.0.0.10/24) cannot reach a remote server (IP 192.168.1.50/24) while other hosts on the same subnet can reach it? Assume routing is properly configured.
21Given the exhibited routing table and rules, what will happen to a packet originating from IP 192.168.10.50 destined to 8.8.8.8?
22Arrange the steps to configure a Linux system as a DNS server using BIND.
23Order the steps to configure a Linux system to send system logs to a remote syslog server.
24Match each network service to its purpose.
25Match each system log to its typical content.
26A company's network has a single switch connecting all devices. The IT manager wants to isolate the development team's traffic from the rest of the network without buying new hardware. Which configuration should the administrator implement on the switch ports connected to the development team's computers?
27A Linux server with two Ethernet interfaces (eth0 and eth1) has been set up as a transparent bridge using brctl. The bridge is up and shows both interfaces as members. However, hosts connected to eth0 cannot communicate with hosts on eth1. What is the most likely cause?
28A network administrator is configuring source-based routing. They have created a new routing table and added a default route. They then run: ip rule add to 10.0.0.0/24 lookup 100. Traffic from 10.0.0.0/24 still uses the main table. What is the problem?
29A system administrator wants to combine two Gigabit Ethernet interfaces of a Linux server into a single logical interface to increase throughput and provide redundancy. Which kernel module should be loaded to support this? (Assume the interfaces are identical and are connected to the same switch.)
30A DHCP server running on a Linux machine is not leasing IP addresses to clients on a particular VLAN. The server's configuration file includes a subnet declaration for that VLAN, but clients receive only link-local addresses. What is the most likely issue?
31A Linux administrator is setting up an IPsec VPN between two sites using strongSwan. The VPN established successfully, but traffic between the sites is not being encrypted. What is the most probable cause?
32A system administrator wants to allow incoming SSH connections from only the 192.168.1.0/24 network on a Linux server. Which iptables rule accomplishes this?
33A Linux server is configured as a DNS resolver with BIND. Users report that they cannot resolve external hostnames. The server can resolve internal names. Which of the following is the most likely cause?
34A Linux router is experiencing packet loss for connections that should be forwarded. The router's IP forwarding is enabled, and the routing table is correct. Which kernel parameter is most likely causing the issue?
35Which TWO of the following tools are used to capture and analyze network packets on a Linux system?
36Which TWO conditions must be met for a Linux bridge to forward traffic between its ports?
37Which THREE actions are typically required to configure a VLAN interface on a Linux system?
38The server is unable to communicate with hosts on the 192.168.2.0/24 network. Based on the exhibit, what is the most likely cause?
39Hosts connected to eth1 cannot communicate with hosts on eth0. Based on the exhibit, what is the most likely reason?
40Traffic from the 10.1.1.0/24 subnet is seen leaving through eth1 as intended, but reply traffic from the internet never comes back. What is the most likely cause?
41A system administrator wants to combine two 1 Gbps Ethernet interfaces into a single logical bonded interface to increase throughput and provide redundancy. Which mode of bonding will provide both load balancing and fault tolerance without requiring switch configuration?
42A network administrator notices that VLAN tagging is not working on a Linux bridge. The bridge interface br0 has member ports eth0 and eth1. The administrator runs 'bridge vlan show' and sees that only the default VLAN 1 is present. What is the most likely cause?
43A company has multiple internet connections and wants to route traffic from specific subnets to specific providers. They are using policy-based routing with ip rule and ip route. After adding the rules, the administrator finds that the traffic is not matching the intended routing table. Which command should be used to verify that the rules are being matched correctly?
44To create a simple bridge interface that connects two Ethernet interfaces, which of the following commands should be used?
45An administrator configures a DHCP relay agent using 'dhcrelay' in a network with multiple VLANs. The relay agent is on a Linux server with interfaces eth0 (VLAN 10) and eth1 (VLAN 20). The DHCP server is on VLAN 10. Which command correctly sets up the relay to forward requests from VLAN 20 to the DHCP server at 192.168.1.5?
46An administrator is troubleshooting IPv6 connectivity on a Linux host. The host has an IPv6 address configured on eth0, but cannot ping6 the default gateway. The output of 'ip -6 route show' shows a default route via fe80::1 dev eth0. Which tool should be used to verify that the neighbor discovery process is working?
47Which of the following commands creates a new network namespace named 'test'?
48A security analyst wants to capture only TCP packets with the SYN flag set to identify connection attempts. Which tcpdump filter expression accomplishes this?
49To implement 802.1X port-based authentication on a Linux network interface, which combination of software components is typically required when the Linux system acts as the supplicant?
50Which TWO conditions must be met for a Linux bridge to forward Ethernet frames between its ports?
51Which THREE of the following are valid bonding modes in Linux?
52An administrator is configuring netfilter rules to implement a stateful firewall. Which TWO of the following commands are necessary to allow the firewall to correctly forward TCP traffic from internal to external networks (assuming proper default policies)?
53A packet destined to 192.168.1.100 is sent from this router. Which interface will be used to forward it?
54Based on the capture, which of the following statements is correct about the communication between 10.0.0.1 and 10.0.0.3?
55After rebooting, the bridge br0 does not forward traffic between eth0 and eth1. Which configuration is most likely missing?
56A network administrator wants to improve network performance by bonding two gigabit Ethernet interfaces (eth0 and eth1) on a Linux server. The switch supports IEEE 802.3ad (LACP). Which bonding mode should be used to provide both load balancing and fault tolerance?
57A Linux router is experiencing asymmetric routing issues. The network has two internet connections (ISP1 and ISP2) with default routes. The administrator wants to ensure that traffic originating from a specific source IP uses ISP1 for both incoming and outgoing packets. Which ip rule configuration achieves this?
58Which command will display the current VLAN membership of interface eth1?
59An administrator wants to allow SSH access from the internal network (192.168.1.0/24) only, using nftables. Which rule should be added to the filter table input chain?
60A server reports packet loss on a bonded interface (mode 4). The switch configuration is verified correct. Running ethtool shows all slaves are connected at 1 Gbps full duplex. Which command should be used to check if the LACP negotiation is successful?
61A company's Linux router uses iptables. The administrator needs to log all dropped packets (by default policy) before they are dropped. Where should the LOG rule be placed?
62Which of the following is the correct command to add an IPv6 address 2001:db8::1/64 to interface eth0?
63An administrator configures a bridge br0 with two ports (eth0 and eth1). The network uses STP. After configuration, packets from a host on eth0 to a host on eth1 are not forwarded. The bridge shows blocking state for one of the ports. What is the most likely cause?
64A system administrator needs to configure a VPN tunnel using WireGuard. The private key of the local peer is stored in /etc/wireguard/private.key. Which command should be used to set the private key via wg-quick?
65Which TWO statements about VLAN tagging are correct?
66Which THREE commands can be used to display routing information?
67Which TWO steps are required to enable IP forwarding on a Linux system permanently?
68Based on the exhibit, what is the configuration of the network interfaces?
69A host on 192.168.2.100 tries to SSH to the firewall's IP address (192.168.1.1). The firewall's input chain policy is drop. Will the SSH connection be allowed?
70Which command would add the default gateway 192.168.1.1 to this interface?
71A system administrator recently configured two NICs in a bonding interface (bond0) using mode 1 (active-backup). Although both links appear up, traffic never fails over when the primary link goes down. Which command should the administrator use to diagnose the bonding status and determine the root cause?
72An administrator needs to create a Linux bridge (br0) and add an Ethernet interface (eth1) to it for KVM virtual machine networking. Which set of commands accomplishes this task?
73A Linux router running multiple routing tables is misconfigured. The administrator wants to add a policy routing rule that sends all traffic from subnet 10.10.0.0/16 to routing table 200. Which command should be used?
74A Linux server requires several VLAN interfaces on eth0. The network switch expects 802.1Q tagged frames for VLAN 10. Which command correctly creates the VLAN interface?
75A company requires link aggregation between a Linux server and a switch to increase throughput and provide redundancy. The switch supports only standard 802.3ad (LACP). Which bonding mode should be configured on the Linux server?
76An administrator is troubleshooting network isolation in a Linux container environment. The container should have its own network stack, but it appears to be using the host's interfaces. Which command correctly runs a command inside a network namespace named 'ns1' to verify its network configuration?
77A Linux router needs to forward DHCP broadcasts from clients on subnet 192.168.1.0/24 (eth0) to a DHCP server at 10.0.0.5. Which command starts a DHCP relay agent?
78An administrator is troubleshooting IPv6 connectivity on an interface with link-local address fe80::1. Which command correctly pings that address from the local host, ensuring the packet uses the correct interface?
79A Linux router running FRR (Free Range Routing) needs to participate in OSPF with adjacent Cisco routers. Which configuration file should be modified to enable OSPF?
80Which TWO commands display the current kernel routing table? (Choose two.)
81Which THREE of the following are valid Linux bonding modes? (Choose three.)
82Which TWO tools are commonly used for traffic shaping and QoS on Linux? (Choose two.)
83Your company has a Linux server acting as a router with three VLAN interfaces: eth0.10 (192.168.10.1/24), eth0.20 (192.168.20.1/24), and eth0.30 (192.168.30.1/24). The server has a default route via eth0 (native VLAN) to the internet gateway at 10.0.0.1. Internal hosts can communicate between VLANs, but cannot reach the internet. You have verified that the default route is present and that the gateway is reachable from the router itself. The iptables FORWARD chain policy is ACCEPT, and no filtering rules are defined. However, you notice that ip_forward is enabled. What is the most likely missing configuration?
84A Linux server with two NICs bonded in mode 1 (active-backup) was working correctly until a switch was replaced. Now, although both interfaces are up, the bond always shows only one active slave, and if that slave fails, traffic does not fail over. The bonding configuration uses miimon=100 and neither arp_interval nor arp_ip_target is set. You run 'cat /proc/net/bonding/bond0' and see that the MII status of both slaves is 'up' but the link failures count is 0 for the backup slave. What is the most likely cause, and which parameter should be adjusted?
85A system administrator notices that the network bond interface bond0 is not operational. The bond is configured using mode 1 (active-backup). The physical interfaces eth0 and eth1 are both up but bond0 shows 'DOWN'. Which of the following is the most likely cause?
86An administrator needs to add a static route to the destination network 192.168.100.0/24 via gateway 10.0.0.1. Which TWO of the following commands accomplish this? (Choose two.)
87A medium-sized company uses a Linux server as its internet gateway. The server runs Ubuntu 20.04 and has two network interfaces: eth0 (IP 192.168.1.1/24) connected to the internal LAN, and eth1 (DHCP client, obtains IP 203.0.113.10/24, gateway 203.0.113.1) connected to the ISP modem. The server uses iptables for NAT with the rule 'iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE'. IP forwarding is enabled (net.ipv4.ip_forward=1). Firewalld is running with the default zone set to 'public'. For the past week, internal clients on 192.168.1.0/24 have reported intermittent connectivity to external websites. The administrator notices that during the failures, packets sent to external websites leave the internal network (tcpdump on eth1 shows SYN), but the response SYN-ACK never reaches the client. The administrator checks that the iptables FORWARD chain has a default policy of ACCEPT and no restrictive rules. Which of the following is the most likely cause?
88A sysadmin is configuring VLAN tagging on a Linux server that will act as a router-on-a-stick for multiple VLANs (10, 20, 30). The server has a single physical interface enp0s3 connected to a switch trunk port that allows VLANs 10, 20, and 30. The administrator uses systemd-networkd and creates VLAN interfaces enp0s3.10, enp0s3.20, enp0s3.30 with IP addresses 10.0.10.1/24, 10.0.20.1/24, and 10.0.30.1/24 respectively. They enable IP forwarding and, for security, set the iptables FORWARD chain default policy to DROP, but they add no specific rules. Clients in VLAN 10 can ping their gateway (10.0.10.1) but cannot ping clients in VLAN 20 (10.0.20.2). The switch confirms correct configuration. Which of the following is the most likely cause?
89An administrator wants to implement network bonding for redundancy on a Linux server running RHEL 8. The server has two physical interfaces em1 and em2. The administrator creates a bond interface bond0 with mode active-backup (mode 1) and adds the slaves em1 and em2. They assign IP address 192.168.50.10/24 to bond0 and bring up the bond. The bond appears to work initially, with one slave active. However, when they disconnect the cable from the active slave, the bond does not fail over to the other slave. The administrator checks /proc/net/bonding/bond0 and sees that the link status for both slaves shows 'up' even after the disconnection. They confirm the bonding module is loaded and the mode is correct. Which of the following is the most likely missing configuration?
90A small office network uses a Linux server running dnsmasq to provide DHCP and DNS services. The server runs Ubuntu with dnsmasq version 2.80. The configuration file /etc/dnsmasq.conf includes: 'interface=eth0', 'dhcp-range=192.168.1.100,192.168.1.200,12h', and no other DNS-related options. Clients receive IP addresses from the DHCP server and can access the internet. However, clients cannot ping other clients by hostname (e.g., 'ping workstation1' fails with NXDOMAIN). The dnsmasq logs show that DHCP requests are handled and the client hostnames are recorded. The administrator verifies that /etc/hosts contains only the localhost entry. Which of the following is the most likely cause?
91A company wants to set up a Linux bridge to connect a wireless interface (wlan0) to a wired interface (eth0) to allow devices on the wired network to access the internet through the wireless uplink. The Linux server runs Debian with hostapd to create an access point on wlan0. The administrator creates a bridge br0 using brctl and adds eth0 and wlan0 as ports. They assign IP 192.168.10.1/24 to br0 and start hostapd. Clients on the wired network can access the internet, but cannot ping clients on the wireless network, and vice versa. The administrator verifies that both interfaces are enslaved to br0 (brctl show shows both). They also confirm that IP forwarding is enabled and there are no iptables rules blocking anything. Which of the following is the most likely cause?
The Advanced Networking Configuration domain covers the key concepts tested in this area of the LPIC-2 exam blueprint published by LPI. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all LPIC-2 domains — no account required.
The Courseiva LPIC-2 question bank contains 91 questions in the Advanced Networking Configuration domain. Click any question to see the full explanation and answer breakdown.
Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.
Yes — the session launcher on this page draws questions exclusively from the Advanced Networking Configuration domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.
Save your results, see per-domain analytics, and get readiness scores — free, for every certification.
Sign Up FreeFree forever · Every certification included