- A
Default gateway
The default gateway is the router that enables communication between different networks. It directly answers the question 'How do devices communicate outside their local network?'
- B
MAC address
Why wrong: This is incorrect because the MAC address is a hardware identifier used for local network communication, not for inter-network routing. It answers 'What is the unique hardware ID of a network interface?'
- C
ARP
Why wrong: This is incorrect because ARP (Address Resolution Protocol) resolves IP addresses to MAC addresses, not to enable inter-network communication. It answers 'How does a device find the MAC address for a given IP address?'
- D
Subnet mask
Why wrong: This is incorrect because the subnet mask identifies the network portion of an IP address, not the path to other networks. It answers 'Which part of an IP address is the network and which is the host?'
Quick Answer
The answer is the default gateway, as it most directly answers the question of how a device reaches a network outside its own local subnet. In the context of network layer functions for CCNA, the default gateway is the router interface that serves as the exit point for traffic destined for non-local IP addresses, enabling inter-network communication. On the CCNA 200-301 v2 exam, this concept is frequently tested alongside MAC address resolution and ARP, where a common trap is confusing the default gateway with a DNS server or assuming it is needed for local traffic. Remember that within the same subnet, devices communicate directly using MAC addresses and ARP; the default gateway only comes into play when the destination IP is not on the local network. A helpful memory tip: think of the default gateway as the “door out of your neighborhood”—you only need it to leave, not to visit your next-door neighbor.
CCNA Network Services and Security Practice Question
This 200-301 practice question tests your understanding of network services and security. Read the scenario carefully and evaluate each option against the stated constraints before committing to an answer. A key principle to apply: authentication verifies the identity of users or devices before granting network access, answering the question “Who are you?” in Cisco security.. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.
Match each term to the question it most directly answers.
Answer choices
Why each option matters
Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.
Correct answer & explanation
Default gateway
Authentication verifies a user's identity, answering 'Who are you?'. Authorization defines what an authenticated user is permitted to do, answering 'What are you allowed to do?'. Accounting records the actions and resources used during a session, answering 'What happened during the session?'. Availability ensures that services and data are accessible when required, answering 'Can the service or data be used when needed?'.
Key principle: Authentication verifies the identity of users or devices before granting network access, answering the question “Who are you?” in Cisco security.
Answer analysis
Option-by-option breakdown
For each option: why learners choose it and why it is or isn't the right answer here.
- ✓
Default gateway
Why this is correct
The default gateway is the router that enables communication between different networks. It directly answers the question 'How do devices communicate outside their local network?'
Related concept
Authentication verifies the identity of users or devices before granting network access, answering the question “Who are you?” in Cisco security.
- ✗
MAC address
Why it's wrong here
This is incorrect because the MAC address is a hardware identifier used for local network communication, not for inter-network routing. It answers 'What is the unique hardware ID of a network interface?'
- ✗
ARP
Why it's wrong here
This is incorrect because ARP (Address Resolution Protocol) resolves IP addresses to MAC addresses, not to enable inter-network communication. It answers 'How does a device find the MAC address for a given IP address?'
- ✗
Subnet mask
Why it's wrong here
This is incorrect because the subnet mask identifies the network portion of an IP address, not the path to other networks. It answers 'Which part of an IP address is the network and which is the host?'
Option-by-option analysis
Why each answer is right or wrong
Understanding why wrong answers are wrong — and when they would be correct — is what separates a 750 score from a 900. The 200-301 exam frequently reuses these exact scenarios with slightly different constraints.
✓Default gatewayCorrect answer▾
Why this is correct
The default gateway is the router that enables communication between different networks. It directly answers the question 'How do devices communicate outside their local network?'
✗MAC addressWrong answer — click to see why▾
Why this is wrong here
The specific factual error: MAC address does not enable communication between different networks; it is used within a single broadcast domain.
Why candidates choose this
Candidates pick this because they confuse the role of MAC addresses with default gateways in network communication.
✗ARPWrong answer — click to see why▾
Why this is wrong here
The specific factual error: ARP operates at Layer 2 and is used for local network resolution, not for routing between networks.
Why candidates choose this
Candidates pick this because ARP is essential for communication, but they misunderstand its role in cross-network traffic.
✗Subnet maskWrong answer — click to see why▾
Why this is wrong here
The specific factual error: Subnet mask helps determine if a destination is local or remote, but the default gateway is used to reach remote networks.
Why candidates choose this
Candidates pick this because subnet mask is involved in routing decisions, but it does not directly enable inter-network communication.
Analysis generated from the official 200-301blueprint and verified against question context. The “when correct” sections are what AI assistants cite when candidates ask “what’s the difference between these options?”
Common exam traps
Common exam trap: answer the scenario, not the keyword
Learners often confuse authentication with authorization. Authentication proves identity, while authorization defines what that identity is permitted to do.
Detailed technical explanation
How to think about this question
Authentication is the process of verifying the identity of a user or device before granting access to network resources. In Cisco networking, authentication mechanisms such as 802.1X, RADIUS, and TACACS+ confirm "Who are you?" by validating credentials like usernames and passwords or digital certificates. This step is fundamental to network security because it ensures only legitimate users or devices can initiate a session. Authorization follows authentication by determining the level of access or permissions granted to the authenticated user or device. It answers "What are you allowed to do?" and controls which resources, commands, or services the user can access. Cisco devices use authorization policies configured in AAA (Authentication, Authorization, and Accounting) frameworks to enforce these permissions, preventing unauthorized actions even after identity verification. Accounting tracks and logs user activities and resource usage, answering "What happened?" This includes recording session start and stop times, commands executed, and data transferred. Availability, while not part of AAA, ensures that network services remain accessible and operational when needed, addressing "Can the system be used when needed?" Together, these concepts form a comprehensive security and management model critical for Cisco network operations and CCNA exam understanding.
KKey Concepts to Remember
- Authentication verifies the identity of users or devices before granting network access, answering the question “Who are you?” in Cisco security.
- Authorization determines the permissions and access levels for authenticated users, answering “What are you allowed to do?” within Cisco AAA frameworks.
- Accounting records user activities and resource usage to provide audit trails, answering “What happened?” for security and compliance.
- Availability ensures network resources and services remain accessible and operational when required, answering “Can the system be used when needed?”
- Cisco AAA protocols integrate authentication, authorization, and accounting to enforce security policies consistently across devices.
- Authentication uses methods like passwords, digital certificates, or tokens to confirm user identity before access is granted.
- Authorization policies restrict user commands and resource access even after successful authentication to prevent privilege escalation.
- Accounting logs are essential for troubleshooting, auditing, and detecting security incidents in Cisco networks.
TExam Day Tips
- Watch for words such as best, first, most likely and least administrative effort.
- Review why wrong options are wrong, not only why the correct option is correct.
Key takeaway
Authentication verifies the identity of users or devices before granting network access, answering the question “Who are you?” in Cisco security.
Real-world example
How this comes up in practice
A security administrator must allow nursing staff to reach a patient records server while blocking access from the guest Wi-Fi VLAN. After applying an extended ACL, traffic is still blocked from nursing workstations. The ACL was applied outbound instead of inbound on the wrong interface. Questions like this test ACL direction and placement rules.
What to study next
Got this wrong? Here's your next step.
Review authentication verifies the identity of users or devices before granting network access, answering the question “Who are you?” in Cisco security., then practise related 200-301 questions on the same topic to reinforce the concept.
- →
Network Services and Security — study guide chapter
Learn the concepts, then practise the questions
- →
Network Services and Security practice questions
Targeted practice on this topic area only
- →
All 200-301 questions
1,819 questions across all exam domains
- →
CCNA 200-301 v2 study guide
Full concept coverage aligned to exam objectives
- →
200-301 practice test guide
How to use practice tests most effectively before exam day
Related practice questions
Related 200-301 practice-question pages
Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.
Network Infrastructure and Connectivity practice questions
Practise 200-301 questions linked to Network Infrastructure and Connectivity.
Switching and Network Access practice questions
Practise 200-301 questions linked to Switching and Network Access.
IP Routing practice questions
Practise 200-301 questions linked to IP Routing.
Network Services and Security practice questions
Practise 200-301 questions linked to Network Services and Security.
AI and Network Operations practice questions
Practise 200-301 questions linked to AI and Network Operations.
CCNA subnetting practice questions
Practise IPv4 subnetting, CIDR, masks, host ranges and subnet selection.
CCNA OSPF practice questions
Practise OSPF neighbours, router IDs, metrics, areas and routing-table interpretation.
CCNA VLAN practice questions
Practise VLANs, access ports, trunks, allowed VLANs and switching scenarios.
CCNA STP practice questions
Practise spanning tree, root bridge election, port roles and STP troubleshooting.
CCNA EtherChannel practice questions
Practise LACP, PAgP, port-channel behaviour and bundle requirements.
CCNA ACL practice questions
Practise standard and extended ACLs, permit/deny logic and traffic filtering.
CCNA NAT practice questions
Practise static NAT, dynamic NAT, PAT and inside/outside address translation.
Practice this exam
Start a free 200-301 practice session
Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.
FAQ
Questions learners often ask
What does this 200-301 question test?
Network Services and Security — This question tests Network Services and Security — Authentication verifies the identity of users or devices before granting network access, answering the question “Who are you?” in Cisco security..
What is the correct answer to this question?
The correct answer is: Default gateway — Authentication verifies a user's identity, answering 'Who are you?'. Authorization defines what an authenticated user is permitted to do, answering 'What are you allowed to do?'. Accounting records the actions and resources used during a session, answering 'What happened during the session?'. Availability ensures that services and data are accessible when required, answering 'Can the service or data be used when needed?'.
What should I do if I get this 200-301 question wrong?
Review authentication verifies the identity of users or devices before granting network access, answering the question “Who are you?” in Cisco security., then practise related 200-301 questions on the same topic to reinforce the concept.
What is the key concept behind this question?
Authentication verifies the identity of users or devices before granting network access, answering the question “Who are you?” in Cisco security.
About these practice questions
Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →
Last reviewed: Apr 12, 2026
This 200-301 practice question is part of Courseiva's free Cisco certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the 200-301 exam.
Question Discussion
Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.
Sign in to join the discussion.