CCNA Network Infra Connectivity Questions

75 of 390 questions · Page 1/6 · Network Infra Connectivity topic · Answers revealed

1
Multi-Selectmedium

Which TWO statements correctly describe interface errors and duplex mismatches on Cisco switches?

Select 2 answers
A.Runts are typically caused by CRC errors on the transmitting device.
B.Late collisions on a half-duplex interface can indicate a duplex mismatch with the connected device.
C.The 'show interfaces' command displays the number of CRC errors and runts on an interface.
D.Full-duplex interfaces use CSMA/CD to detect collisions before transmitting.
E.Auto-MDIX can resolve a duplex mismatch by renegotiating the speed and duplex settings.
AnswersB, C

Late collisions occur after the frame's first 512 bits have been transmitted, typically due to one side operating in full-duplex while the other is half-duplex.

Why this answer

Option B is correct because late collisions occur when a frame is transmitted onto the wire and collides after the first 512 bit-times of the frame. In a half-duplex Ethernet segment, a duplex mismatch causes the full-duplex side to never defer and transmit at any time, while the half-duplex side expects to detect collisions only during the collision window. When the full-duplex device sends a frame while the half-duplex device is already transmitting, the half-duplex device detects a collision after the 512-bit window, resulting in a late collision.

Exam trap

Cisco often tests the distinction between late collisions (which occur after the 64-byte window and indicate a duplex mismatch) and early collisions (which occur within the window and are normal in half-duplex), and candidates mistakenly think that all collisions are normal or that CRC errors are the primary cause of runts.

Why the other options are wrong

A

Runts result from collisions on half-duplex links or faulty network interface cards, not from CRC errors.

D

CSMA/CD is only used in half-duplex environments; full-duplex disables collision detection entirely.

E

Auto-MDIX does not participate in speed or duplex negotiation; that function is handled by auto-negotiation (IEEE 802.3u).

2
MCQhard

An interface is configured with 10.24.7.158/27. What is the broadcast address of that subnet?

A.10.24.7.159
B.10.24.7.191
C.10.24.7.127
D.10.24.7.160
AnswerA

Correct. It is the last address in the /27 block.

Why this answer

A /27 uses blocks of 32 addresses. The block containing .158 is 10.24.7.128 through 10.24.7.159, so .159 is the broadcast address.

Exam trap

A frequent exam trap is mistaking the broadcast address for the network address of the next subnet or the last address of a different subnet block. For example, 10.24.7.160 is the network address of the next /27 subnet, not the broadcast address of the current subnet. Candidates often confuse the last usable host address with the broadcast address or select an address from an adjacent subnet block.

This mistake leads to incorrect subnetting answers and can cause interface misconfigurations in real networks, resulting in communication failures.

Why the other options are wrong

B

Incorrect. 10.24.7.191 is the last address of a larger /26 subnet block, not the /27 block containing 10.24.7.158, so it cannot be the broadcast address here.

C

Incorrect. 10.24.7.127 is the broadcast address of the previous /27 subnet block (10.24.7.96/27), not the one containing 10.24.7.158.

D

Incorrect. 10.24.7.160 is the network address of the next /27 subnet block after 10.24.7.128/27, not the broadcast address of the current subnet.

3
Multi-Selectmedium

Which three statements about the Spanning Tree Protocol (STP) are true? (Choose three.)

Select 3 answers
.STP uses Bridge Protocol Data Units (BPDUs) to exchange topology information.
.STP elects a root bridge based on the lowest bridge ID.
.STP places redundant ports in blocking state to prevent loops.
.STP always uses the highest port cost to select the root port.
.STP converges instantly after a topology change.
.STP is used to increase the number of broadcast domains.

Why this answer

All three statements are correct because STP relies on Bridge Protocol Data Units (BPDUs) to share topology information between switches, elects a root bridge by comparing bridge IDs (a combination of priority and MAC address, with the lowest value winning), and prevents loops by placing redundant ports into a blocking state (discarding state in Rapid PVST+). These are fundamental behaviors of the 802.1D Spanning Tree Protocol.

Exam trap

Cisco often tests the fact that STP does not use timers to elect the root bridge (it uses bridge ID comparison) and that blocking state is the mechanism for loop prevention, not disabling the port entirely or relying on TCN BPDUs alone.

4
Multi-Selectmedium

Which TWO statements correctly compare 802.11ac and 802.11ax features?

Select 2 answers
A.802.11ax uses OFDMA, while 802.11ac uses OFDM.
B.Both 802.11ac and 802.11ax support 1024-QAM modulation.
C.WPA3 is mandatory for 802.11ax and optional for 802.11ac.
D.Both standards use only the 5 GHz band.
E.802.11ac uses 80 MHz channels, while 802.11ax uses 160 MHz channels exclusively.
AnswersA, C

OFDMA allows multiple users to share subcarriers simultaneously, improving efficiency in dense environments.

Why this answer

Option A is correct because 802.11ax (Wi‑Fi 6) introduces Orthogonal Frequency Division Multiple Access (OFDMA), which allows multiple users to share subcarriers simultaneously, improving efficiency in dense environments. In contrast, 802.11ac (Wi‑Fi 5) uses Orthogonal Frequency Division Multiplexing (OFDM), where each transmission occupies the entire channel for a single user, leading to less efficient channel utilization. Option C is correct: WPA3 is mandatory for Wi‑Fi 6 (802.11ax) certification, while for 802.11ac it is optional—devices can still obtain Wi‑Fi 5 certification with WPA2 only.

Option B is incorrect because 802.11ac supports a maximum of 256‑QAM; 1024‑QAM is first introduced with 802.11ax. Option D is wrong: 802.11ac operates exclusively in the 5 GHz band, but 802.11ax operates in both 2.4 GHz and 5 GHz. Option E is false: both standards support 20, 40, 80, and 160 MHz channel widths; 802.11ac does not exclusively use 80 MHz, and 802.11ax does not use 160 MHz exclusively.

Exam trap

Cisco often tests the misconception that higher QAM values (like 1024-QAM) are backward-compatible across Wi-Fi generations, but 802.11ac is limited to 256-QAM, and 802.11ax is the first to support 1024-QAM.

Why the other options are wrong

B

802.11ac supports only up to 256‑QAM; 1024‑QAM is introduced with 802.11ax.

D

802.11ac operates only in the 5 GHz band, but 802.11ax operates in both 2.4 GHz and 5 GHz.

E

Both 802.11ac and 802.11ax support a range of channel widths, including 20, 40, 80, and 160 MHz; neither standard restricts to a single channel width.

5
Matchingmedium

Drag and drop the 802.11 standards on the left to their correct frequency band and maximum throughput on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

2.4 GHz, 11 Mbps

5 GHz, 54 Mbps

2.4 GHz, 54 Mbps

2.4/5 GHz, 600 Mbps

5 GHz, 6.9 Gbps

Why these pairings

Each 802.11 standard operates in specific frequency bands and has a maximum theoretical throughput. 802.11a uses 5 GHz at 54 Mbps, 802.11b uses 2.4 GHz at 11 Mbps, 802.11g uses 2.4 GHz at 54 Mbps, 802.11n uses both 2.4 and 5 GHz up to 600 Mbps, 802.11ac uses 5 GHz up to 6.9 Gbps, and 802.11ax uses 2.4, 5, and 6 GHz up to 9.6 Gbps.

Exam trap

A common trap is confusing 802.11a with 802.11g because both have 54 Mbps throughput, but they operate in different frequency bands. Remember that 802.11a uses 5 GHz exclusively, while 802.11g uses 2.4 GHz.

6
PBQhard

You are connected to R1. Configure IPv4 and IPv6 addressing on R1's GigabitEthernet0/0 and GigabitEthernet0/1 interfaces so that R1 can ping both R2's IPv4 address (203.0.113.2) and R2's IPv6 address (2001:db8:1::2). The current configuration has an incorrect subnet mask on G0/0, missing default gateway, and R1's G0/1 has a duplicate IPv4 address with R3. Also, use EUI-64 for IPv6 on G0/0 and static IPv6 assignment on G0/1. Ensure all issues are resolved and connectivity verified.

Network Topology
G0/0203.0.113.1/30G0/0203.0.113.2/30linkG0/1192.168.1.254/24G0/0192.168.1.1/24R2R1switchR3

Hints

  • Check the subnet mask on G0/0; it should match R2's /30.
  • G0/1's IPv4 address conflicts with R3; use an unused address like .254.
  • Enable IPv6 globally with 'ipv6 unicast-routing' before configuring interface IPv6 addresses.
A.Change G0/0 subnet mask to 255.255.255.252, add default gateway 203.0.113.2, change G0/1 IPv4 to 192.168.1.254, enable IPv6 routing, configure G0/0 with ipv6 address 2001:db8:1::/64 eui-64, and G0/1 with ipv6 address 2001:db8:2::1/64.
B.Change G0/0 subnet mask to 255.255.255.0, add default gateway 203.0.113.1, change G0/1 IPv4 to 192.168.1.254, enable IPv6 routing, configure G0/0 with ipv6 address 2001:db8:1::1/64, and G0/1 with ipv6 address 2001:db8:2::1/64.
C.Change G0/0 subnet mask to 255.255.255.252, add default gateway 203.0.113.2, change G0/1 IPv4 to 192.168.1.1, enable IPv6 routing, configure G0/0 with ipv6 address 2001:db8:1::/64 eui-64, and G0/1 with ipv6 address 2001:db8:2::1/64.
D.Change G0/0 subnet mask to 255.255.255.252, add default gateway 203.0.113.2, change G0/1 IPv4 to 192.168.1.254, enable IPv6 routing, configure G0/0 with ipv6 address 2001:db8:1::1/64, and G0/1 with ipv6 address 2001:db8:2::/64 eui-64.
AnswerA
solution
! R1
configure terminal
interface gigabitethernet0/0
ip address 203.0.113.1 255.255.255.252
ipv6 address 2001:db8:1::/64 eui-64
exit
interface gigabitethernet0/1
ip address 192.168.1.254 255.255.255.0
ipv6 address 2001:db8:2::1/64
exit
ip route 0.0.0.0 0.0.0.0 203.0.113.2
end

Why this answer

The subnet mask on G0/0 was incorrectly set to /24 instead of /30. While a /24 mask on 203.0.113.1 would include 203.0.113.2 in the same subnet from R1's perspective, the mismatch with R2's /30 mask leads to inconsistent subnet definitions and potential ARP or routing issues. Additionally, no default gateway was configured, so traffic to remote networks would fail.

On G0/1, the IPv4 address 192.168.1.1 was already used by R3, causing a duplicate IP conflict. IPv6 was not configured on either interface. The fix involved correcting the subnet mask on G0/0 to 255.255.255.252, adding a default gateway (203.0.113.2), assigning a unique IPv4 address to G0/1 (192.168.1.254), enabling IPv6 routing globally with `ipv6 unicast-routing`, configuring EUI-64 on G0/0 (`ipv6 address 2001:db8:1::/64 eui-64`), and static IPv6 on G0/1 (`ipv6 address 2001:db8:2::1/64`).

Exam trap

Watch out for subnet mask mismatches (e.g., /24 vs /30) and duplicate IP addresses. Also, note the specific IPv6 addressing requirements: EUI-64 on one interface and static on the other. Don't assume a default gateway can be any IP in the subnet; it must be the neighbor's IP.

Why the other options are wrong

B

The subnet mask /24 is too large, causing a mismatch with R2's /30; the default gateway must be R2's IP (203.0.113.2); EUI-64 is not used on G0/0.

C

The duplicate IPv4 address on G0/1 is not resolved; it still uses 192.168.1.1 which is already assigned to R3.

D

EUI-64 is required on G0/0, not G0/1; static IPv6 is required on G0/1, not G0/0.

7
MCQhard

What prefix length corresponds to the subnet mask 255.255.255.224?

A./26
B./27
C./28
D./29
AnswerB

This is correct because 255.255.255.224 represents 27 network bits.

Why this answer

The subnet mask 255.255.255.224 corresponds to /27. In plain language, the first three octets contribute 24 network bits, and 224 in binary is 11100000, which contributes 3 more network bits. That gives a total of 27 network bits.

This is a common prefix-conversion question because it checks whether you can move between dotted-decimal masks and prefix lengths confidently.

Exam trap

Be cautious not to confuse the binary values of different subnet masks. Always convert the last octet to binary to determine the correct prefix length.

Why the other options are wrong

A

The /26 prefix corresponds to subnet mask 255.255.255.192, which has 64 addresses per subnet, not 32. The mask 255.255.255.224 has 27 network bits, not 26.

C

The /28 prefix corresponds to subnet mask 255.255.255.240, which provides 16 addresses per subnet (14 usable). The mask 255.255.255.224 has 32 addresses per subnet, so /28 is incorrect.

D

The /29 prefix corresponds to subnet mask 255.255.255.248, which provides 8 addresses per subnet (6 usable). The mask 255.255.255.224 has 32 addresses, so /29 is incorrect.

8
MCQhard

A network technician is troubleshooting a newly installed fiber link between two Cisco Catalyst 9300 switches. The link is up, but the interface shows excessive CRC errors and input errors. The technician runs 'show interfaces' and 'show interfaces transceiver details' on the suspect interface. Based on the output, what is the most likely cause of the errors?

A.The interface is configured for full duplex but the switchport is set to auto-negotiation, causing a duplex mismatch.
B.The SFP transceiver is faulty because the transmit power is too low at -3.5 dBm.
C.The fiber cable is too long for the SX SFP, exceeding the distance limit.
D.The receive power is too low, likely due to a dirty or damaged fiber connector or excessive attenuation.
AnswerD

The receive power of -20.1 dBm is below the low threshold of -17.0 dBm, indicating a weak signal that causes CRC errors. This is often due to dirty connectors, damaged fiber, or excessive attenuation.

Why this answer

The output from 'show interfaces transceiver details' would show the receive power level. A receive power that is too low (e.g., below the receiver sensitivity threshold) indicates excessive signal loss, often due to dirty or damaged fiber connectors, poor splices, or excessive cable attenuation. This causes bit errors that manifest as CRC and input errors, even though the link is physically up.

Option D correctly identifies this as the most likely cause.

Exam trap

Cisco often tests the distinction between transmit power and receive power, trapping candidates who assume a low transmit power is the root cause, when in fact the receive power is the critical metric for signal integrity at the far end.

Why the other options are wrong

A

The interface shows Full Duplex and 1000 Mbps with no collisions or late collisions, which indicates no duplex mismatch. Duplex mismatch typically causes collisions and late collisions, which are absent here.

B

The transmit power of -3.5 dBm is within the normal range for SX SFP (-1.0 to -9.5 dBm), so the SFP is transmitting correctly. Low transmit power would not cause CRC errors if it is within specifications.

C

The SX SFP supports up to 550m on OM3 fiber, and the link is operational, so distance is not the issue. Excessive CRC errors due to distance would typically cause the link to be down or unstable.

9
Matchingmedium

Match each address-related concept to its most accurate meaning.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Indicates network versus host portions of an IPv4 address

Next-hop path used for off-subnet traffic

Address used to reach all hosts in the local broadcast domain

Address that identifies the subnet itself

Why these pairings

The subnet mask is used to distinguish the network portion from the host portion of an IPv4 address. The default gateway is the next-hop router that forwards traffic destined for off-subnet networks. The broadcast address sends packets to all hosts within the local broadcast domain, while the network address identifies the subnet itself and is the first address in the subnet range.

Exam trap

The exam often tests your ability to differentiate between IP addresses, MAC addresses, subnet masks, and default gateways. Be careful not to confuse the function of each, especially since they are all related to addressing and routing.

10
Multi-Selectmedium

Which TWO statements are true about IPv6 link-local addresses?

Select 2 answers
A.They are automatically configured on all IPv6-enabled interfaces.
B.They are routable across the entire IPv6 internet.
C.They always use the EUI-64 format for the interface ID.
D.They are used as the default gateway address for IPv6 hosts.
E.They are identified by the prefix fe80::/10.
AnswersA, E

IPv6-enabled interfaces automatically generate a link-local address, even if no other IPv6 address is configured.

Why this answer

Option A is correct because IPv6 link-local addresses (fe80::/10) are automatically generated on every IPv6-enabled interface using Stateless Address Autoconfiguration (SLAAC) as defined in RFC 4862. This ensures that each interface has a unique local address for neighbor discovery and other link-local operations without requiring manual configuration or a DHCPv6 server.

Exam trap

Cisco often tests the misconception that link-local addresses are routable or that they always use EUI-64, when in fact they are strictly link-scoped and can use privacy extensions to randomize the interface ID.

Why the other options are wrong

B

Link-local addresses are not routable; they are confined to a single link or network segment. Routers will not forward packets with a link-local source or destination address beyond the local subnet.

C

While EUI-64 is one method for generating the interface ID, link-local addresses can also use randomly generated identifiers (privacy extensions) or be manually configured. The statement that they always use EUI-64 is incorrect.

D

The default gateway for IPv6 hosts is typically a global unicast or unique local address, not a link-local address. While routers may send Router Advertisements with a link-local source, the default gateway address learned by hosts is the router's link-local address, but the host uses that link-local address as the next-hop, not as the default gateway address itself. The statement is misleading because the default gateway is often the link-local address of the router, but the host uses it as the next-hop, not as a routable address.

11
MCQhard

A network administrator is troubleshooting a wireless connectivity issue in a large office. Users on the 5 GHz band report intermittent disconnections and slow performance, while 2.4 GHz clients are unaffected. The office uses a Cisco 9800 WLC with APs that support 802.11ac Wave 2. The administrator checks the WLC's RF profile and notices a high number of channel utilization reports on channel 36. What is the most likely cause of the problem?

A.Enable DFS channels to avoid radar interference.
B.Change some APs to use channels 40, 44, or 48 to reduce co-channel interference.
C.Increase the channel width to 160 MHz to improve throughput.
D.Disable the 2.4 GHz radios to force all clients to 5 GHz.
AnswerB

Co-channel interference occurs when multiple APs use the same frequency channel, causing contention. Changing some APs to non-overlapping channels reduces this.

Why this answer

Channel 36 is a 20 MHz channel in the 5 GHz band. When many APs use the same channel (channel 36), they share the same medium, leading to co-channel interference (CCI). This causes intermittent disconnections and slow performance for 5 GHz clients because they must contend for airtime.

Spreading APs across non-overlapping channels like 40, 44, or 48 reduces CCI and improves performance.

Exam trap

Cisco often tests the misconception that DFS channels are the solution for any 5 GHz interference issue, but the trap here is that high channel utilization on a non-DFS channel (36) indicates co-channel interference, not radar avoidance.

Why the other options are wrong

A

DFS channels are used to avoid radar interference, but the problem described is co-channel interference on channel 36, not radar events. The exhibit shows no radar events, so enabling DFS channels would not address the high channel utilization.

C

Increasing channel width to 160 MHz would actually increase the likelihood of co-channel interference because fewer non-overlapping channels are available, and it would not solve the existing high utilization on channel 36.

D

Disabling 2.4 GHz radios would force all clients to 5 GHz, potentially worsening the co-channel interference on channel 36 by adding more clients to an already congested channel. The 2.4 GHz band is not the source of the problem.

12
Multi-Selectmedium

Which two statements accurately compare TCP and UDP? (Choose two.)

Select 2 answers
A.TCP provides connection-oriented transport
B.UDP guarantees delivery through acknowledgments
C.UDP has lower overhead than TCP
D.TCP does not use port numbers
E.UDP is always faster because it avoids congestion
AnswersA, C

Correct. TCP is a connection-oriented transport protocol.

Why this answer

TCP is connection-oriented and uses sequencing, acknowledgments, and related controls. UDP is simpler and has lower overhead, but it does not guarantee delivery.

Exam trap

Be careful not to confuse the connection-oriented nature of TCP with UDP's connectionless design. Remember that TCP is about reliability, while UDP focuses on speed and simplicity.

Why the other options are wrong

B

UDP is a connectionless protocol that does not use acknowledgments, sequence numbers, or retransmissions; it simply sends datagrams without any guarantee of delivery. Reliable delivery mechanisms like acknowledgments are a feature of TCP, not UDP.

D

TCP uses port numbers extensively to identify source and destination applications, just like UDP. Port numbers are a fundamental part of both TCP and UDP headers, enabling multiplexing of multiple services on a single host.

E

While UDP has lower overhead and can be faster in some scenarios, it is not 'always faster' because network congestion, packet loss, and application behavior can affect performance. Additionally, UDP does not inherently avoid congestion; it simply does not implement congestion control, which can lead to network congestion if used aggressively.

13
Drag & Dropmedium

Drag and drop the following steps into the correct order to configure an SSID on a WLC and complete a WPA3-Personal client association with DHCP address assignment.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4

Why this order

The correct sequence is to first create the SSID profile, then configure WPA3-Personal security to ensure the WLAN is protected before it becomes active, then enable the SSID, set up the DHCP scope for address assignment, and finally allow the client to associate and obtain an IP address. Option A enables the SSID before setting security, exposing the network to unauthorized access during that window. Option B incorrectly starts with DHCP configuration before the SSID even exists.

Option D also enables the SSID before security, leading to the same vulnerability as option A. Only option C follows the secure configuration order recommended by Cisco.

Exam trap

A common mistake is enabling the WLAN before applying WPA3 security, but the recommended practice is to configure security first to prevent a temporary open SSID.

14
MCQhard

A host address is 172.31.9.200/27. Which address is the first usable host in that subnet?

A.172.31.9.193
B.172.31.9.192
C.172.31.9.223
D.172.31.9.201
AnswerA

This is correct because 172.31.9.192 is the network address and .193 is the first usable host.

Why this answer

A /27 subnet has a block size of 32. In practical terms, the relevant last-octet blocks are 0-31, 32-63, 64-95, 96-127, 128-159, 160-191, 192-223, and 224-255. Because 200 falls within the 192-223 block, the network address is 172.31.9.192 and the first usable host is 172.31.9.193.

This is a host-range interpretation problem rather than just network-or-broadcast recognition.

Exam trap

Be careful not to confuse the network address with the first usable host address.

Why the other options are wrong

B

172.31.9.192 is the network address of the subnet, which is reserved and cannot be assigned to any host. In IPv4, the network address is used to identify the subnet itself, not as a host address.

C

172.31.9.223 is the broadcast address of the subnet, which is reserved for sending traffic to all hosts in the subnet. It cannot be assigned to a host.

D

172.31.9.201 is a valid host address in the subnet, but it is not the first usable host. The first usable host is .193, which comes after the network address .192.

15
PBQhard

You are troubleshooting connectivity between R1 and R2. R1's Gi0/0 interface is connected to R2's Gi0/0. R1 can ping its own IP but cannot ping R2's IP. Examine the provided 'show interfaces' output on R1 and identify the root cause. Then, apply the necessary configuration command(s) on R1 to resolve the issue.

Network Topology
Gi0/0192.168.1.1/30Gi0/0192.168.1.2/30linkR1R2

Hints

  • The interface is up but line protocol is down—think Layer 2.
  • Check the duplex and speed settings; mismatch can cause this.
  • Ensure both ends have the same duplex setting; for GigabitEthernet, full-duplex is standard.
A.interface GigabitEthernet0/0 duplex full speed 1000
B.interface GigabitEthernet0/0 no shutdown
C.interface GigabitEthernet0/0 ip address 192.168.1.1 255.255.255.0
D.interface GigabitEthernet0/0 no keepalive
AnswerA
solution
! R1
interface gi0/0
duplex full

Why this answer

The 'line protocol is down' on R1's Gi0/0 interface indicates a Layer 2 issue. Since the interface is up but line protocol is down, the most common cause is a duplex mismatch or a keepalive issue. In this scenario, the interface is configured as 'full-duplex' but the far-end R2 might be set to half-duplex, causing a mismatch.

The fix is to set the duplex to 'full' and speed to 1000 on R1's interface, or to use 'auto' for both. However, the correct command to resolve a duplex mismatch is to set both sides to the same setting, typically 'full' for GigabitEthernet. The command 'duplex full' under the interface will ensure R1 uses full-duplex, and if R2 is also set to full-duplex, the line protocol should come up.

Exam trap

Do not confuse 'line protocol is down' with an interface being administratively down. The 'up/down' status points to a Layer 2 issue, often duplex mismatch. Always check duplex and speed settings first.

Why the other options are wrong

B

The specific factual error is that 'no shutdown' only brings an interface out of an administratively down state, but the problem here is a line protocol issue, not an administrative shutdown.

C

The specific factual error is that the IP address is already configured correctly; the problem is at Layer 2, not Layer 3.

D

The specific factual error is that keepalive settings are not typically the cause of a line protocol down on modern Ethernet interfaces; duplex mismatch is a more common cause.

16
PBQhard

You are connected to R1 via console. R1 and R2 are directly connected via GigabitEthernet0/0. Your task is to configure IPv4 and IPv6 addressing on both routers so that they can ping each other's IPv4 and IPv6 addresses. The current configuration has intentional faults: R1's IPv4 subnet mask is incorrect, R2 is missing its default gateway, and R1's IPv6 address uses EUI-64 but is not working due to a duplicate IP. Correct the IPv4 mask on R1, assign a static IPv6 address on R2, and ensure both routers can reach each other.

Network Topology
G0/0192.0.2.1/30G0/0192.0.2.2/30linkR1R2

Hints

  • Check the subnet mask on R1's G0/0 — the link between two routers typically uses a /30 mask.
  • R2 has no IPv6 address configured — assign one manually.
  • R2 cannot reach R1's IPv4 address because they are on different subnets and R2 has no default gateway.
A.On R1, change the IPv4 mask to 255.255.255.252; on R2, assign IPv4 address 192.0.2.2/30 and IPv6 address 2001:db8:1::2/64; configure a default route on R2 pointing to 192.0.2.1.
B.On R1, change the IPv4 mask to 255.255.255.0; on R2, assign IPv4 address 192.0.2.2/24 and IPv6 address 2001:db8:1::2/64; no default route needed.
C.On R1, change the IPv4 mask to 255.255.255.252; on R2, assign IPv4 address 192.0.2.2/28 and IPv6 address 2001:db8:1::2/64; configure a default route on R2 pointing to 192.0.2.1.
D.On R1, change the IPv4 mask to 255.255.255.252; on R2, assign IPv4 address 192.0.2.2/30 and IPv6 address 2001:db8:1::1/64; configure a default route on R2 pointing to 192.0.2.1.
AnswerA
solution
! R1
configure terminal
interface GigabitEthernet0/0
ip address 192.0.2.1 255.255.255.252
end

! R2
configure terminal
interface GigabitEthernet0/0
ip address 192.0.2.2 255.255.255.252
ipv6 address 2001:db8:1::2/64
exit
ip route 0.0.0.0 0.0.0.0 192.0.2.1
end

Why this answer

R1's IPv4 mask was /28, but the correct mask for the link should be /30 to avoid overlapping subnets (192.0.2.0/28 includes both .1 and .14, but they are on the same link). R2 had no IPv6 address configured. Additionally, R1's EUI-64 address was valid but R2 needed a static IPv6 address.

The solution: on R1, change the mask to 255.255.255.252; on R2, assign an IPv4 address with mask /30 and a static IPv6 address 2001:db8:1::2/64; also add a default route on R2 pointing to 192.0.2.1 for IPv4. After these changes, both routers can ping each other's IPv4 and IPv6 addresses.

Exam trap

Watch out for subnet mask mismatches and duplicate IPv6 addresses. Always use /30 for point-to-point links and ensure each router has a unique IPv6 address on the same link.

Why the other options are wrong

B

The specific factual error: Using a /24 mask on a point-to-point link wastes addresses and may cause subnet overlap; also, R2 needs a default route to reach R1's IPv4 address if the mask is /30, but with /24 they are in the same subnet so no default route is needed, but the mask is still wrong.

C

The specific factual error: R2's IPv4 mask must match R1's mask to ensure both routers agree on the subnet boundary. Using /28 on R2 while R1 uses /30 creates a mismatch.

D

The specific factual error: Assigning the same IPv6 address to both routers causes a duplicate address conflict, preventing communication.

17
MCQhard

A network engineer replaces a failed 1000BASE-LX SFP on a core switch with a new transceiver of the same type. After connecting the single-mode fiber, the link remains down and a 'show interfaces gig1/0/49 transceiver' reveals an Rx power of –30 dBm, while the far-end SFP is transmitting at –3 dBm over a 2 km span. The fiber patch cord shows no visible damage.

A.The new SFP is a counterfeit Cisco transceiver that cannot establish a stable link.
B.The SFP is not fully seated in the switch port, causing an intermittent optical connection.
C.Excessive attenuation due to a dirty or damaged fiber connector is preventing the link from coming up.
D.The single-mode fiber distance exceeds the 10 km maximum for 1000BASE-LX, leading to severe signal dispersion.
AnswerC

A –30 dBm Rx power with a transmit level of –3 dBm over a 2 km single-mode span represents a 27 dB loss, far exceeding the expected 0.5–1 dB. Such high loss is typical of contaminated end faces, poor mating, or a tight bend, and it pushes the signal below the receiver sensitivity threshold (around –25 dBm), causing the link to stay down.

Why this answer

Option C is correct because the measured Rx power of –30 dBm is far below the receive sensitivity threshold for 1000BASE-LX (typically –19 to –22 dBm), even though the transmitter is outputting a healthy –3 dBm over only 2 km. This indicates excessive loss in the optical path, most commonly caused by a dirty or damaged fiber connector. Cleaning the connector ends with an appropriate fiber cleaning tool and inspecting with a microscope would likely resolve the issue.

Exam trap

Cisco often tests the concept that a link can fail due to excessive optical loss even when the fiber distance is well within the rated maximum, leading candidates to incorrectly blame distance or counterfeit hardware instead of connector cleanliness or damage.

Why the other options are wrong

A

Low Rx power points to a physical signal issue, not a counterfeit detection problem.

B

A partially seated SFP would likely prevent any light from entering, not show a measurable but weak signal.

D

Distance would not cause a 27 dB loss over such a short path, and dispersion is not measured as a reduction in optical power on the DOM readout.

18
PBQhard

You are troubleshooting connectivity between R1 and R2. The link is up but users report intermittent packet loss. Examine the provided show interface output on R1, identify the root cause, and apply the necessary fix to restore normal operation.

Network Topology
G0/0192.0.2.1/30G0/0192.0.2.2/30linkR1R2

Hints

  • Input errors without CRC or frame errors often indicate a duplex mismatch.
  • Check the duplex setting on both ends of the link.
  • Use 'duplex auto' and 'speed auto' to allow negotiation.
A.Configure 'duplex auto' and 'speed auto' on interface G0/0 of R1.
B.Replace the faulty cable between R1 and R2.
C.Increase the MTU size on interface G0/0 of R1.
D.Disable CDP on interface G0/0 of R1.
AnswerA
solution
! R1
interface GigabitEthernet0/0
duplex auto
speed auto

Why this answer

The interface shows 'input errors' (150) but zero CRC and zero frame errors. This combination, along with 'Full-duplex, 1000Mb/s' and the link being up/up, indicates the interface is manually set to full-duplex while the connected device (R2) is likely operating at half-duplex (duplex mismatch). Although CRC errors are zero, input errors can still occur due to collisions on a mismatched duplex link.

The fix is to set the interface to auto-negotiate duplex and speed, or to manually set both sides to the same duplex setting. The recommended command is 'duplex auto' and 'speed auto' on both ends. In this scenario, we will configure R1's G0/0 for auto-negotiation.

Exam trap

Do not confuse input errors with CRC errors. Input errors without CRC/frame errors often indicate a duplex mismatch, not a physical layer issue. Always check the duplex setting on both ends when you see input errors but no CRC errors.

Why the other options are wrong

B

A faulty cable would likely cause CRC errors, frame errors, or interface resets, not just input errors with zero CRC.

C

MTU size does not affect duplex negotiation or collisions; it is unrelated to the input errors caused by duplex mismatch.

D

CDP has no impact on duplex negotiation or error counters; it is unrelated to the problem.

19
Drag & Dropmedium

Drag and drop the following steps into the correct order to troubleshoot a Windows client that is unable to reach a remote server.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
6Step 6

Why this order

The correct order begins with ipconfig /all to verify the client's IP settings, then tests the local TCP/IP stack with ping 127.0.0.1. Next, pinging the client's own IP confirms the NIC and configuration. Pinging the default gateway checks local network connectivity, and pinging the remote server tests end-to-end.

Finally, tracert isolates the failure point if the remote ping fails. This layered approach narrows the problem scope from the host itself outward.

20
Drag & Dropmedium

Drag and drop the following troubleshooting steps into the correct order to diagnose a client connectivity issue. Use the OSI bottom-up method, starting with the lowest layer and moving up.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4

Why this order

The bottom-up approach starts at Layer 1 and moves up to Layer 7, checking physical, network, and application layers in order.

Exam trap

Candidates often confuse bottom-up with top-down approaches or skip layers. Remember: bottom-up always starts at the physical layer and moves up one layer at a time.

21
MCQhard

A network engineer notices that a switch port connected to a legacy server is experiencing late collisions and the server reports excessive retransmissions. The switch port is configured for auto-negotiation and shows a negotiated speed of 100 Mbps and duplex full. The server's NIC is manually set to 100 Mbps and half-duplex. What is the most likely cause?

A.The switch port is incorrectly configured for auto-negotiation and should be manually set to match the server's NIC.
B.The server's NIC is failing, causing cyclic redundancy check (CRC) errors and forcing retransmissions.
C.A duplex mismatch exists between the switch port and the server NIC.
D.The switch port is overloaded by a broadcast storm, causing an excessive number of collisions.
AnswerC

The switch port negotiated full-duplex at 100 Mbps (as shown in the switch output), while the server NIC is hard-coded to half-duplex. This mismatch causes exactly the observed symptoms: late collisions on the full-duplex switch port and excessive retransmissions on the half-duplex server.

Why this answer

Option C is correct because the switch port is auto-negotiating to full-duplex while the server's NIC is manually set to half-duplex. This creates a duplex mismatch: the switch transmits expecting no collisions (full-duplex), but the server, operating in half-duplex, detects collisions when the switch sends frames while the server is transmitting. Late collisions occur because the collision is detected after the first 64 bytes of the frame, and the server's half-duplex CSMA/CD logic forces retransmissions, matching the symptoms described.

Exam trap

Cisco often tests the concept that auto-negotiation mismatches (e.g., one side set to manual) cause duplex mismatches, and candidates mistakenly think the issue is speed mismatch or that both sides must be manually set, but the trap here is that the server's manual half-duplex setting overrides the auto-negotiation result, creating a duplex mismatch that produces late collisions.

Why the other options are wrong

A

Misunderstanding that auto-negotiation always causes duplex mismatches, when in fact a mismatch occurs because one side is manually configured while the other uses auto-negotiation to negotiate an incompatible mode.

B

Confusing CRC errors with late collisions. Late collisions are a layer-1 timing issue, not a data integrity problem.

D

Attributing all network performance problems to broadcast storms, ignoring the specific error counter 'late collisions' that points directly to a duplex mismatch.

22
MCQhard

A network technician replaced a faulty SFP transceiver on a switch port. After replacement, the port remains in a down/down state. The technician verifies the fiber cable is securely connected at both ends and observes that the remote switch port is also in a down/down state. What should the technician do next?

A.Verify that the speed and duplex settings are set to auto-negotiation.
B.Check whether the SFP module type is incompatible with the switch.
C.Verify the VLAN assignment on the port.
D.Check the running configuration for the no shutdown command on the interface.
AnswerD

This is the most immediate and logical next step. A shut-down interface displays as down/down (or administratively down/down), and without verifying the administrative state, all other troubleshooting is premature. The technician has already addressed physical connectivity, so a configuration oversight must be ruled out.

Why this answer

The correct answer is D because the most common cause of a port remaining in a down/down state after replacing a faulty SFP is that the interface is administratively down. The 'no shutdown' command must be applied to bring the interface up. Since the technician already verified physical connectivity and both ends show down/down, the issue is likely at the configuration layer, not the physical layer.

Exam trap

Cisco often tests the distinction between physical layer issues (cable, SFP) and administrative state issues (shutdown), where candidates mistakenly focus on hardware compatibility or VLAN settings when the port is simply disabled via configuration.

Why the other options are wrong

A

Candidates assume a speed mismatch must be the problem due to the down/down state, overlooking that a shutdown interface also appears down/down (without the 'administratively' prefix in some outputs) and that the physical check was already done.

B

The urgency to blame the newly installed hardware leads many to skip the quick-win config check, potentially wasting time on hardware replacement when the fix is a single command.

C

Candidates often confuse link status with connectivity issues that occur after the link is up, mistakenly targeting a Layer 2 problem for a Layer 1 symptom.

23
Drag & Dropmedium

Drag and drop the following troubleshooting steps into the correct order to diagnose client connectivity using the OSI bottom-up method.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4

Why this order

Following the OSI bottom-up model, we begin with Layer 1 physical connectivity (cabling and link lights), then Layer 2 data link (VLAN and switchport configuration), Layer 3 network (IP configuration and default gateway), and finally Layer 7 application (DNS resolution and application settings).

Exam trap

The trap is that candidates may jump to common higher-layer issues (like IP or DNS) without first verifying the physical and data link layers. Always start at Layer 1 in the bottom-up method.

24
Drag & Dropmedium

Drag and drop the following steps into the correct order to replace a faulty SFP module on a Cisco switch and verify the fiber interface.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4

Why this order

The faulty SFP must be removed first, then the new SFP installed, cable connected, and finally verification steps performed to confirm link and transceiver status using 'show interfaces' and 'show interfaces transceiver' commands.

Exam trap

The trap is that candidates may confuse the order of installation and verification. Remember: always remove the faulty module first, then install, then connect cables, and finally verify. Do not skip the removal step or verify before installation.

25
PBQmedium

You are connected via the console to R1, a Cisco ISR 4331 router. The network administrator reports that the link between R1's GigabitEthernet0/0 and a switch is experiencing high error rates and intermittent connectivity. Upon inspection, you notice that the interface is configured with speed 1000 and duplex full. The switch port is set to auto-negotiate. Your task is to resolve the duplex mismatch by configuring the router interface to match the switch's settings.

Network Topology
G0/0G0/1linkR1SW1

Hints

  • The switch port is set to auto-negotiate.
  • Duplex mismatch occurs when one side is set manually and the other auto.
  • Use the 'speed auto' and 'duplex auto' commands.
A.Configure the router interface with 'speed 1000' and 'duplex full'.
B.Configure the router interface with 'no speed' and 'no duplex' to restore defaults, then set 'speed 1000' and 'duplex full'.
C.Configure the router interface with 'no speed' and 'no duplex' to restore defaults, then set 'speed 1000' and 'duplex half'.
D.Configure the router interface with 'no speed' and 'no duplex' to restore defaults, then set 'speed auto' and 'duplex auto'.
AnswerD
solution
! R1
interface GigabitEthernet0/0
speed auto
duplex auto

Why this answer

The duplex mismatch was caused by manually forcing speed and duplex on the router while the switch was set to auto-negotiate. Changing the router to auto-negotiate allows both sides to negotiate the best duplex (full duplex) and speed, eliminating errors.

Exam trap

A common trap is to think that manually setting the router to the same speed and duplex as the switch's negotiated settings will fix the issue. However, if the switch is set to auto-negotiate, it will not successfully negotiate with a manually configured interface. The only way to ensure a match is to enable auto-negotiation on both sides.

Why the other options are wrong

A

The specific factual error is that manually setting speed and duplex on one side while the other side is set to auto-negotiate can lead to a duplex mismatch because auto-negotiation relies on both ends participating.

B

The specific factual error is that manually setting speed and duplex after restoring defaults still disables auto-negotiation on the router, which does not resolve the mismatch.

C

The specific factual error is that setting duplex half on the router while the switch auto-negotiates will likely result in the switch negotiating to full duplex, causing a mismatch.

26
MCQhard

A host has the address 10.10.10.94/27. Which subnet contains that host?

A.10.10.10.32/27
B.10.10.10.64/27
C.10.10.10.96/27
D.10.10.10.0/27
AnswerB

This is correct because 94 falls within the 64 through 95 range.

Why this answer

A /27 mask creates subnets in blocks of 32 addresses. In plain language, that means the fourth-octet ranges are 0–31, 32–63, 64–95, 96–127, and so on. Since the host address ends in 94, it falls inside the 64–95 block. That means the subnet is 10.10.10.64/27.

This is a classic subnetting task because it checks whether you can move from prefix length to block size and then locate the host inside the correct range. The key skill is recognizing the increment boundary and not guessing based only on the nearest familiar address.

Exam trap

Avoid guessing based on familiar numbers; calculate the subnet range using the block size.

Why the other options are wrong

A

The subnet 10.10.10.32/27 covers addresses 10.10.10.32 through 10.10.10.63. The host address 10.10.10.94 is not within this range, so this subnet is incorrect.

C

The subnet 10.10.10.96/27 covers addresses 10.10.10.96 through 10.10.10.127. The host address 10.10.10.94 is below the starting address of this subnet, so it is not included.

D

The subnet 10.10.10.0/27 covers addresses 10.10.10.0 through 10.10.10.31. The host address 10.10.10.94 is far outside this range, so this subnet is incorrect.

27
MCQmedium

A junior network engineer is configuring a new Windows 10 workstation to connect to the corporate network. The network uses a /24 subnet mask and has a default gateway of 192.168.1.1. The workstation obtains its IP address automatically from a DHCP server, but the engineer needs to manually set a static IPv4 address of 192.168.1.50 and ensure the workstation can reach the internet. Which configuration step must the engineer take to satisfy these requirements?

A.Set the subnet mask to 255.255.0.0 and the default gateway to 192.168.1.1
B.Set the subnet mask to 255.255.255.0 and the default gateway to 192.168.1.1
C.Set the subnet mask to 255.255.255.0 and leave the default gateway blank
D.Set the subnet mask to 255.255.255.0 and the default gateway to 192.168.1.50
AnswerB

This is the correct configuration. The subnet mask 255.255.255.0 corresponds to a /24 prefix, which matches the network. The default gateway 192.168.1.1 is the router's IP on the same subnet, allowing the workstation to reach the internet.

Why this answer

Option B is correct because a /24 subnet mask (255.255.255.0) matches the network prefix of the default gateway 192.168.1.1, ensuring the workstation can route traffic to the internet via that gateway. Option A fails because a /16 mask (255.255.0.0) does not match the corporate /24 network, causing incorrect network identification and potential routing issues. Option C fails because leaving the default gateway blank means the host cannot reach any network beyond its local subnet, so internet access is impossible.

Option D fails because using the host's own IP (192.168.1.50) as the default gateway would cause the host to attempt to route traffic to itself, never reaching the actual gateway.

Exam trap

Cisco often tests the requirement that the default gateway must be on the same subnet as the host's IP address, and a common trap is to confuse the gateway address with the host's own IP or to use an incorrect subnet mask that still allows local communication but breaks routing.

Why the other options are wrong

A

Using a /16 subnet mask (255.255.0.0) does not match the corporate /24 network, leading to incorrect network identification and potential routing issues.

C

Leaving the default gateway blank prevents the host from reaching any network beyond its own subnet, so internet access is impossible.

D

Setting the default gateway to the host's own IP address (192.168.1.50) would cause traffic to be sent to itself, never reaching the actual gateway.

28
PBQhard

You are connected to R1. The network administrator reports that the link between R1 and R2 is flapping and performance is poor. Examine the provided show interface output on R1, identify the root cause of the issue, and apply the necessary configuration fix to resolve the problem permanently.

Network Topology
G0/110.0.0.5/30G0/110.0.0.6/30linkR1R2

Hints

  • Check the duplex setting on the interface; it should match the connected device.
  • CRC errors and input errors often indicate a duplex mismatch.
  • The line protocol being down suggests a Layer 1 or Layer 2 issue.
A.Configure the interface with the 'duplex full' command.
B.Configure the interface with the 'speed 100' command.
C.Configure the interface with the 'no shutdown' command.
D.Configure the interface with the 'duplex auto' command.
AnswerA
solution
! R1
configure terminal
interface gigabitEthernet 0/1
duplex full
end

Why this answer

The show interface output on R1 indicates the interface is operating in half-duplex with high CRC errors and input errors, classic symptoms of a duplex mismatch when the remote side (R2) is set to full-duplex. The root cause is that R1’s duplex setting does not match R2’s, causing collisions and flapping. Configuring 'duplex full' on R1’s GigabitEthernet0/1 forces full-duplex, which resolves the mismatch if the remote side is already forced full.

Option B (speed 100) only configures speed—it does not change duplex, so the mismatch persists. Option C (no shutdown) is irrelevant because the interface is administratively up (the issue is operational). Option D (duplex auto) would set R1 to autonegotiate, but if R2 is forced full, autonegotiation fails and defaults to half-duplex, recreating the mismatch.

Therefore, only 'duplex full' permanently fixes the issue.

Exam trap

The exam trap is that candidates often confuse symptoms of duplex mismatch with speed mismatch or cable issues. Remember that CRC errors and flapping are classic signs of duplex mismatch. Always check the duplex setting first.

Why the other options are wrong

B

The specific factual error is that speed mismatch is not the root cause; duplex mismatch is indicated by CRC errors and flapping.

C

The specific factual error is that 'no shutdown' only brings an interface up administratively; it does not fix duplex or speed issues.

D

The specific factual error is that auto-negotiation can fail if one side is manually set; the fix is to manually set both sides to the same duplex.

29
MCQhard

A subnet uses network address 192.168.200.96/28. Which range contains the usable host addresses?

A.192.168.200.97 to 192.168.200.110
B.192.168.200.96 to 192.168.200.111
C.192.168.200.98 to 192.168.200.111
D.192.168.200.81 to 192.168.200.94
AnswerA

This is correct because .96 is the network and .111 is the broadcast.

Why this answer

A /28 block contains 16 addresses. In practical terms, the block starting at 192.168.200.96 runs through 192.168.200.111. The first address is the network address and the last address is the broadcast address. That means the usable host range is 192.168.200.97 through 192.168.200.110.

This question checks whether you can calculate the correct block and then exclude the two reserved boundary addresses.

Exam trap

Remember to exclude the network and broadcast addresses when determining usable host ranges.

Why the other options are wrong

B

This range includes the network address (.96) and the broadcast address (.111), which cannot be assigned to hosts. Usable host addresses must exclude these two addresses.

C

This range starts at .98, which excludes the valid host .97, and ends at .111, which includes the broadcast address. The correct usable range is .97 to .110.

D

This range (192.168.200.81 to .94) belongs to a different subnet. For a /28 subnet starting at .96, the valid host range is .97 to .110. This range is from a previous subnet (e.g., 192.168.200.80/28).

30
Drag & Dropmedium

Drag and drop the following steps into the correct order to diagnose and resolve a duplex/speed mismatch causing interface errors on a Cisco switch.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
6Step 6

Why this order

The correct diagnostic process begins by collecting interface statistics with 'show interfaces' to detect anomalies (step 1). If CRC errors, runts, and late collisions are present, these indicate a duplex mismatch (step 2). Next, check the current duplex and speed configuration for that interface using 'show interfaces <int>' (step 3).

Compare this setting with the expected configuration or with the remote device's interface (step 4) to confirm the mismatch. Based on the findings, apply the correct duplex and speed commands to align both ends (step 5). Finally, verify that the error counters stop incrementing after the fix (step 6).

31
MCQmedium

A network administrator receives a call from a user who cannot access any external websites from their wired workstation. The user can ping the default gateway successfully, but fails to ping 8.8.8.8. The administrator runs ipconfig /all on the workstation and sees an IP address of 192.168.1.50, subnet mask 255.255.255.0, and default gateway 192.168.1.1. What is the most likely cause of this issue?

A.The workstation has an incorrect default gateway configured.
B.The workstation has a duplicate IP address on the network.
C.The workstation is connected to the wrong VLAN.
D.The workstation has a DNS misconfiguration.
AnswerA

The user can ping the default gateway (192.168.1.1) but cannot ping 8.8.8.8, indicating local connectivity works but external routing fails. If the actual network gateway is different (e.g., 192.168.1.254), the workstation's configured gateway would be incorrect, preventing traffic from being forwarded to external networks.

Why this answer

The user can successfully ping 192.168.1.1, proving local IP connectivity to that device. However, the device at 192.168.1.1 may not be the correct default gateway for reaching external networks; the actual gateway router might be at a different IP (e.g., 192.168.1.254). This misconfiguration explains why pings to 8.8.8.8 fail even though the local gateway responds, as the workstation sends external traffic to the wrong next-hop address.

Exam trap

This question tests the ability to differentiate between local connectivity issues and routing issues. A common trap is to assume DNS is the problem when users cannot access websites, but the failure to ping an external IP indicates a routing problem, not a name resolution problem. Also, successful ping to the gateway eliminates many Layer 2 or IP configuration issues.

Why the other options are wrong

B

A duplicate IP would cause intermittent or lost connectivity and likely prevent a consistent reply from the gateway.

C

Being on the wrong VLAN would typically prevent the workstation from receiving an IP in the 192.168.1.0/24 subnet and reaching the gateway at 192.168.1.1.

D

DNS is only used for name resolution; pinging an IP address directly does not involve DNS, so a DNS misconfiguration cannot cause the ping failure to 8.8.8.8.

32
PBQhard

You are troubleshooting connectivity between R1 and R2. R1's GigabitEthernet0/0 interface is configured with a static IP of 10.0.0.1/30 but cannot ping its neighbor R2 at 10.0.0.2/30. R1 is using a 1000BASE-T SFP module to connect to a 1000BASE-LX/LH SFP on R2, but the link is down. Diagnose and resolve the issue by adjusting interface speed and duplex settings, and ensure the correct SFP is used for the 2 km fiber run.

Network Topology
G0/010.0.0.1/30G0/010.0.0.2/302 km fiberR1R2

Hints

  • Auto-negotiation is not supported on fiber SFPs; it must be disabled.
  • The 1000BASE-T SFP is for copper cables (max 100m), not for fiber runs of 2 km.
  • Check the SFP type using 'show interfaces gigabitethernet 0/0 transceiver' after replacement.
A.Replace the 1000BASE-T SFP with a 1000BASE-LX/LH SFP, then on R1 configure 'no negotiation auto', 'speed 1000', and 'duplex full'.
B.Keep the 1000BASE-T SFP and configure 'no negotiation auto', 'speed 1000', and 'duplex full' on R1.
C.Replace the 1000BASE-T SFP with a 1000BASE-LX/LH SFP, then configure 'speed 1000' and 'duplex full' on R1 without disabling auto-negotiation.
D.Replace the 1000BASE-T SFP with a 1000BASE-LX/LH SFP, then configure 'no negotiation auto' on R1 without setting speed and duplex.
AnswerA
solution
! R1
configure terminal
interface gigabitEthernet 0/0
no negotiation auto
speed 1000
duplex full
end

Why this answer

The link is down because auto-negotiation is enabled on R1's SFP port (which uses a 1000BASE-T SFP) while R2's port uses a 1000BASE-LX/LH SFP. Auto-negotiation must be disabled on both sides for fiber SFPs. Additionally, the 1000BASE-T SFP is for copper twisted-pair and cannot connect to a fiber SFP; it must be replaced with a 1000BASE-LX/LH SFP to match the 2 km distance.

Commands to fix: on R1, 'no negotiation auto' disables auto-negotiation; 'speed 1000' and 'duplex full' set the correct parameters; then the SFP must be physically replaced with a 1000BASE-LX/LH module.

Exam trap

This question tests your understanding of SFP compatibility and the need to disable auto-negotiation on fiber interfaces. A common trap is to focus only on the auto-negotiation issue while ignoring the media mismatch, or to forget that speed and duplex must be manually set when auto-negotiation is disabled.

Why the other options are wrong

B

The specific factual error is that 1000BASE-T SFPs use copper cabling and cannot interface with fiber SFPs; they are incompatible.

C

The specific factual error is that auto-negotiation must be disabled on fiber SFPs; leaving it enabled can prevent the link from coming up.

D

The specific factual error is that disabling auto-negotiation does not automatically set speed and duplex; they must be configured manually.

33
Multi-Selectmedium

A switch port was configured for sticky MAC learning. Which two statements accurately describe how the feature behaves?

Select 2 answers
A.The switch can dynamically learn MAC addresses and add them to the running configuration as secure MAC addresses.
B.Sticky learning removes the need to enable port security on the interface.
C.Saved sticky addresses can become part of the startup configuration if the running configuration is saved.
D.Sticky learning automatically converts the interface into a trunk port.
E.Sticky learning prevents the maximum secure MAC limit from being enforced.
AnswersA, C

This is correct because sticky MAC learning lets the switch observe source MAC addresses arriving on the port and then record them as secure MAC entries. That gives the convenience of dynamic discovery with the control of port security.

Why this answer

Sticky MAC learning is Cisco’s way of letting a port learn device MAC addresses automatically, while still treating them as secure addresses under port security. In everyday language, it saves the administrator from typing each allowed MAC address by hand. As devices connect, the switch can learn their MAC addresses and place them into the running configuration as sticky secure MACs.

If the administrator later saves the configuration, those learned entries can also be written into startup-config and survive a reboot. The feature does not replace port security; it works as part of port security. It also does not change the port into a trunk or disable the maximum address count.

So the two correct ideas are dynamic secure learning and the ability to preserve those learned MACs by saving the configuration.

Exam trap

Remember, sticky MAC learning is a feature of port security, not a replacement or a mode change.

Why the other options are wrong

B

Sticky MAC learning is a feature of port security and cannot function without port security being enabled on the interface. The command 'switchport port-security' must be configured first, and then 'switchport port-security mac-address sticky' enables sticky learning.

D

Sticky MAC learning is a port security feature that operates on access ports and does not affect the interface's operational mode. Trunk ports are configured separately using 'switchport mode trunk' and are used for carrying multiple VLANs, which is unrelated to MAC address learning behavior.

E

Sticky MAC learning does not override the maximum secure MAC address limit configured with 'switchport port-security maximum'. If the number of learned sticky addresses reaches the limit, additional MAC addresses will trigger a security violation, just like with dynamically learned addresses.

34
Multi-Selectmedium

Which TWO interface error counters indicate a Layer 1 issue?

Select 2 answers
A.CRC errors
B.Output queue drops
C.Runts
D.Input errors
E.Ignored packets
AnswersA, C

CRC errors indicate a mismatch in the frame check sequence, commonly due to physical layer issues like bad cabling or electromagnetic interference.

Why this answer

CRC errors occur when the cyclic redundancy check computed at the receiver does not match the value appended by the sender, indicating that the frame was corrupted during transmission. This corruption is typically caused by physical-layer problems such as faulty cabling, bad connectors, or excessive electrical noise. Runts are frames that are smaller than the minimum Ethernet frame size of 64 bytes (excluding preamble), and they often result from collisions or transceiver issues that are Layer 1 phenomena.

Both counters directly point to physical-layer impairments rather than logical or congestion-related issues.

Exam trap

Cisco often tests the distinction between Layer 1 errors (CRC, runts, giants, frame errors) and Layer 2/3 congestion indicators (output drops, input drops, ignored counts), so the trap is that candidates mistakenly associate any 'drop' or 'error' counter with the physical layer without understanding the underlying cause.

Why the other options are wrong

B

Output queue drops occur when the transmit queue is full due to congestion, typically at Layer 3 (IP) or Layer 2 (switching). They are not caused by physical layer issues but by traffic overload or insufficient buffer space.

D

Input errors is a catch-all counter that includes CRC, runts, giants, and framing errors. While it can indicate Layer 1 issues, it is not specific to Layer 1 because it also includes errors from higher layers (e.g., alignment errors). The question asks for counters that indicate a Layer 1 issue, and input errors is too broad.

E

Ignored packets are dropped due to buffer overflow, often from high traffic or hardware limitations, not specifically a Layer 1 error. They are typically caused by congestion at Layer 2 or Layer 3, not physical layer faults.

35
Matchingmedium

Drag and drop the Wi-Fi features on the left to the correct descriptions on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Uses OFDMA to improve efficiency in dense environments

Uses SAE (Simultaneous Authentication of Equals) for secure password-based authentication

A single AP and its associated clients

Centralized management of multiple APs, enabling seamless roaming

Commonly used in 802.11ac to increase throughput by combining channels

Why these pairings

802.11ax (Wi-Fi 6) uses OFDMA to divide channels into smaller subcarriers, allowing simultaneous transmission to multiple clients and improving efficiency in dense environments. WPA3-Personal employs Simultaneous Authentication of Equals (SAE) to replace the vulnerable pre-shared key handshake, providing secure password-based authentication resistant to offline dictionary attacks. A Basic Service Set (BSS) is the fundamental building block of a WLAN, consisting of a single access point (AP) and all associated wireless clients.

A Wireless LAN Controller (WLC) centralizes AP management, handling configuration, firmware updates, and seamless roaming across multiple APs. Channel bonding (80 MHz) combines two 40 MHz channels, doubling the channel width to increase throughput; it is commonly used in 802.11ac (Wi-Fi 5) to achieve higher data rates.

Exam trap

Be careful not to confuse the specific technology used by each Wi-Fi generation: OFDMA is unique to 802.11ax, while channel bonding (80/160 MHz) is more closely associated with 802.11ac.

36
MCQhard

A host is configured with 172.16.10.62/27. Which address is the broadcast address for that subnet?

A.172.16.10.31
B.172.16.10.32
C.172.16.10.63
D.172.16.10.64
AnswerC

This is correct because the host is in the 32–63 /27 block, whose broadcast is .63.

Why this answer

A /27 uses blocks of 32 addresses. In plain language, the last-octet ranges are 0–31, 32–63, 64–95, and so on. Since the host address ends in 62, it belongs to the 32–63 block. The last address in that block is the broadcast address, so the broadcast is 172.16.10.63.

This is a classic subnetting question because it requires you to place the host inside the correct block and then identify the last address in that block rather than guessing based on the host value alone.

Exam trap

Be careful not to confuse the broadcast address with the network address or the start of the next subnet.

Why the other options are wrong

A

The address 172.16.10.31 is the broadcast address for the /27 subnet 172.16.10.0–31, not for the subnet containing host 172.16.10.62. Since the host's IP is in the 32–63 range, the broadcast is .63, not .31.

B

172.16.10.32 is the network address (subnet ID) of the /27 subnet that includes hosts 32–63. It is not the broadcast address; the broadcast is the last address in the subnet, which is .63.

D

172.16.10.64 is the network address of the next /27 subnet (64–95), not the broadcast address for the subnet containing .62. The broadcast for the subnet containing .62 is .63.

37
MCQhard

A host uses the subnet mask 255.255.255.192. How many usable host addresses exist in each subnet?

A.30
B.62
C.126
D.254
AnswerB

This is correct because /26 yields 64 total addresses and 62 usable hosts.

Why this answer

The mask 255.255.255.192 corresponds to /26. That leaves 6 host bits, which means each subnet contains 64 total addresses. After excluding the network and broadcast addresses, 62 usable host addresses remain.

This is a standard host-capacity question. The safest approach is to convert the mask to the prefix, determine the total addresses from the number of host bits, and then subtract the two reserved addresses.

Exam trap

Be careful not to confuse total addresses with usable addresses; always subtract the network and broadcast addresses.

Why the other options are wrong

A

The subnet mask 255.255.255.192 is /26, which provides 64 total addresses per subnet. Subtracting the network and broadcast addresses leaves 62 usable hosts, not 30. 30 usable hosts corresponds to a /27 subnet mask (255.255.255.224).

C

126 usable hosts would require a /25 subnet mask (255.255.255.128), which provides 128 total addresses. The given mask /26 provides only 64 total addresses, so 126 is incorrect.

D

254 usable hosts corresponds to a /24 subnet mask (255.255.255.0), which provides 256 total addresses. The mask 255.255.255.192 is /26, which is two bits longer, resulting in only 64 total addresses.

38
MCQhard

A subnet uses the mask 255.255.255.252. How many usable host addresses are available in each subnet?

A.2
B.4
C.6
D.14
AnswerA

This is correct because /30 provides 4 total addresses and 2 usable hosts.

Why this answer

The mask 255.255.255.252 corresponds to /30. In practical terms, that gives 4 total addresses per subnet. After subtracting the network and broadcast addresses, 2 usable host addresses remain.

This is a classic small-subnet calculation that often appears in point-to-point addressing scenarios.

Exam trap

Remember to exclude network and broadcast addresses when calculating usable host addresses.

Why the other options are wrong

B

The /30 subnet provides a total of 4 addresses, but one is the network address and one is the broadcast address, leaving only 2 usable host addresses. Saying 4 is incorrect because it counts the network and broadcast addresses as usable.

C

A /30 subnet has only 2 bits for host addresses, yielding 2^2 = 4 total addresses, of which 2 are usable. 6 usable hosts would require at least 3 host bits (2^3 - 2 = 6), which corresponds to a /29 subnet.

D

14 usable hosts correspond to a /28 subnet (255.255.255.240), which has 4 host bits (2^4 - 2 = 14). A /30 subnet has only 2 host bits, so it cannot provide 14 usable hosts.

39
Matchingmedium

Drag and drop the cable/transceiver types on the left to the correct descriptions on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Supports 1000BASE-T up to 100 meters with auto-negotiation for speed/duplex

Supports up to 5 km (or more with longer optics) using 1310 nm laser

Supports up to 300 meters over OM3 fiber at 10 Gbps

Single-mode transceiver for 10 Gbps links up to 10 km

1000BASE-T copper SFP transceiver for up to 100 meters on CAT5e/CAT6

Why these pairings

CAT5e UTP supports 1000BASE-T up to 100 meters as standard twisted-pair copper cabling. Single-mode fiber with 1000BASE-LX SFP uses a 1310 nm laser for long-distance links, typically up to 5 km but extendable with specific optics. Multimode fiber with 10GBASE-SR SFP+ provides high-speed 10 Gbps connectivity up to 300 meters over OM3 fiber due to SR’s short-reach design.

SFP-10G-LR is a single-mode transceiver designed for 10 km at 10 Gbps, leveraging its long-reach specification. GLC-T is a 1000BASE-T copper SFP, so it operates over CAT5e/CAT6 up to 100 meters. Incorrect pairings would mismatch cable type and distance capabilities, such as using multimode fiber for a 10 km link or a copper SFP with single-mode fiber.

Exam trap

A common mistake is to mismatch transceiver types and fiber categories, like using a 10GBASE-SR SFP+ on single-mode fiber or expecting a copper SFP to work over fiber; always check the transceiver’s specifications and compatible cabling.

40
MCQhard

A subnet must support at least 126 usable IPv4 host addresses. Which prefix is the longest that meets the requirement?

A./26
B./25
C./24
D./27
AnswerB

This is correct because /25 provides 126 usable host addresses.

Why this answer

A /25 is the smallest valid answer. In practical terms, a /25 provides 128 total addresses. After subtracting the network and broadcast addresses, 126 usable hosts remain. A /26 would be too small because it supports only 62 usable hosts.

This is a typical minimum-prefix question. The goal is to choose the smallest subnet that satisfies the host requirement without wasting more address space than necessary.

Exam trap

Be careful not to confuse total addresses with usable addresses. Always subtract the network and broadcast addresses when calculating usable hosts.

Why the other options are wrong

A

A /26 prefix provides 2^(32-26) - 2 = 64 - 2 = 62 usable host addresses, which is insufficient for the requirement of at least 126 usable hosts.

C

A /24 prefix provides 2^(32-24) - 2 = 256 - 2 = 254 usable host addresses, which is more than required. While it works, it is not the smallest prefix that meets the requirement, wasting IP address space.

D

A /27 prefix provides 2^(32-27) - 2 = 32 - 2 = 30 usable host addresses, far below the required 126. This is insufficient for the subnet.

41
MCQhard

What prefix length corresponds to the subnet mask 255.255.255.248?

A./28
B./29
C./30
D./27
AnswerB

This is correct because 255.255.255.248 equals 29 network bits.

Why this answer

The mask 255.255.255.248 corresponds to /29. In practical terms, the first three octets provide 24 network bits, and the value 248 in the last octet is 11111000 in binary, which contributes 5 more network bits. That gives a total prefix length of 29.

This is a standard dotted-decimal to prefix conversion question. It matters because subnetting often requires you to move comfortably between both forms.

Exam trap

Be careful not to confuse the binary values of subnet masks. Ensure you understand how to convert between dotted-decimal and CIDR notation.

Why the other options are wrong

A

The subnet mask 255.255.255.240 corresponds to a /28 prefix length, not /29. This mask has 28 network bits, leaving 4 host bits, which yields 14 usable hosts per subnet.

C

The subnet mask 255.255.255.252 corresponds to a /30 prefix length, not /29. A /30 mask has 30 network bits and only 2 host bits, providing 2 usable addresses, typically used for point-to-point links.

D

The subnet mask 255.255.255.224 corresponds to a /27 prefix length, not /29. A /27 mask has 27 network bits and 5 host bits, providing 30 usable hosts per subnet.

42
MCQhard

A host is configured with IP address 172.16.100.222/27. Which address is the broadcast address for its subnet?

A.172.16.100.191
B.172.16.100.223
C.172.16.100.224
D.172.16.100.255
AnswerB

This is correct because .222 is in the 192–223 /27 block.

Why this answer

A /27 uses address blocks of 32. In practical terms, the fourth-octet ranges are 0–31, 32–63, 64–95, 96–127, 128–159, 160–191, 192–223, and 224–255. Since 222 falls inside the 192–223 block, the broadcast address is the last address in that block, which is 172.16.100.223.

This is a classic subnet-boundary question because it tests whether you can place a host in the correct block and then identify the final address in that block as the broadcast.

Exam trap

Avoid assuming the broadcast address is always .255 or miscalculating subnet ranges.

Why the other options are wrong

A

172.16.100.191 is the broadcast address of the previous /27 subnet (172.16.100.160/27), not the subnet containing .222. The host .222 is in the 172.16.100.192/27 subnet, so its broadcast is .223.

C

172.16.100.224 is the network address of the next /27 subnet (172.16.100.224/27), not a broadcast address. Broadcast addresses are always the last address in a subnet, not the first.

D

172.16.100.255 is the broadcast address of the entire /24 subnet (172.16.100.0/24), not the /27 subnet containing .222. The /27 subnet has a smaller range, so its broadcast is .223.

43
Multi-Selectmedium

Which TWO commands would a network administrator use to verify that a client has received a valid IP address from a DHCP server and can resolve domain names to IP addresses?

Select 2 answers
A.ipconfig /all
B.ping 127.0.0.1
C.tracert 8.8.8.8
D.nslookup www.courseiva.com
E.arp -a
AnswersA, D

Displays full TCP/IP configuration, confirming DHCP-assigned IP address, subnet mask, gateway, and DNS servers.

Why this answer

Option A (ipconfig /all) is correct because it displays the full TCP/IP configuration for all network adapters, including whether DHCP is enabled, the assigned IP address, subnet mask, default gateway, and the DHCP server address. This allows the administrator to confirm that the client received a valid IP address from the DHCP server. Option D (nslookup www.courseiva.com) is correct because it queries the configured DNS server to resolve the domain name to an IP address, verifying that name resolution is working.

Option B (ping 127.0.0.1) only tests the local TCP/IP stack and does not verify DHCP assignment or DNS resolution. Option C (tracert 8.8.8.8) uses an IP address directly and does not test domain-name resolution. Option E (arp -a) displays the ARP cache, which is unrelated to DHCP or DNS.

Exam trap

Cisco often tests the distinction between verifying local IP stack functionality (ping 127.0.0.1) versus verifying DHCP address assignment and DNS resolution, leading candidates to mistakenly choose loopback or traceroute commands that do not validate the specific requirements.

Why the other options are wrong

B

ping 127.0.0.1 only tests the local TCP/IP stack and does not verify DHCP address assignment or DNS resolution.

C

tracert 8.8.8.8 uses an IP address directly and does not test domain-name resolution.

E

arp -a displays the ARP cache, which is unrelated to DHCP or DNS.

44
Drag & Dropmedium

Drag and drop the following troubleshooting steps into the correct order to diagnose a client connectivity issue using the OSI bottom-up method. The client cannot access a web server by its FQDN.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4

Why this order

The bottom-up OSI approach starts with Layer 1 (physical) – step A; then Layer 2 (data link) – step D; then Layer 3 (network) – step C; and finally Layer 7 (application) – step B. This methodical progression isolates the issue layer by layer, ensuring all dependencies are checked systematically.

Exam trap

The trap is that candidates often jump to DNS or IP configuration because the symptom involves an FQDN, but the bottom-up method requires starting at Layer 1. Remember: always start at the bottom of the OSI model when using this approach.

45
PBQhard

You are troubleshooting a connectivity issue for a remote worker who reports being unable to access the internet. The worker's PC is connected to switch S1, which is connected to router R1. You have console access to R1. The router's interface G0/0 is configured with IP 192.168.1.1/24, and the DHCP pool 'LAN' currently has network 192.168.1.0 255.255.255.0 and default-router 192.168.1.254. The PC has obtained an IP address of 192.168.1.100 from DHCP and a subnet mask of 255.255.255.0, but cannot ping 8.8.8.8. Identify the fault and configure R1 to restore internet access for the PC.

Network Topology
G0/0192.168.1.1/24G0/0192.168.1.1/24PCS1R1internet

Hints

  • Check the default-router value in the DHCP pool against the router's interface IP.
  • The PC's APIPA address indicates DHCP failure — review the DHCP configuration.
  • Ensure the router's interface IP matches the gateway offered by DHCP.
A.Change the default-router in the DHCP pool 'LAN' to 192.168.1.1
B.Change the network statement in the DHCP pool 'LAN' to 192.168.1.0 255.255.255.0
C.Add the command 'ip helper-address 192.168.1.254' on interface G0/0
D.Change the IP address of interface G0/0 to 192.168.1.254/24
AnswerA
solution
! R1
conf t
ip dhcp pool LAN
default-router 192.168.1.1
end

Why this answer

The PC received a valid IP address from DHCP, proving the DHCP server is reachable and the network statement is correct. However, the pool’s default-router is set to 192.168.1.254, while the actual interface IP (the real gateway) is 192.168.1.1. The PC therefore uses an incorrect default gateway, blocking internet access.

Changing the default-router to 192.168.1.1 fixes the gateway mismatch. Option B is wrong because the network statement already matches the subnet. Option C is unnecessary since no helper address is needed for a DHCP server on the same subnet.

Option D would change the router’s IP to 192.168.1.254, creating further misalignment and breaking connectivity.

Exam trap

Do not assume that any connectivity issue is caused by a DHCP server failure; always compare the default-router entry in the DHCP pool with the actual interface IP before altering network statements or adding helper addresses.

Why the other options are wrong

B

The network statement is already correct; changing it does not resolve the incorrect default gateway.

C

No helper address is needed because the DHCP server (the router itself) is on the same subnet as the PC.

D

Setting the interface IP to 192.168.1.254 would create an address mismatch with the DHCP pool’s gateway and break the subnet.

46
MCQhard

A network administrator captures traffic on Server B and finds that ICMP echo requests from Host A arrive, and the server generates corresponding echo replies, but these replies never appear on the wire. The server's routing table has a valid default gateway, and no ACLs are blocking the traffic. What is the most likely cause?

A.The server's TCP stack is corrupt.
B.The server's ARP cache contains an incorrect MAC address for the destination host.
C.The server's routing table is missing a route to the source network.
D.The switch port connecting Server B has port security enabled and has learned a different MAC.
AnswerB

The server must resolve the destination IP address (Host A) to a MAC address to build the frame. If the ARP cache holds a wrong MAC, the frame carrying the echo reply is sent to an incorrect device or the encapsulation fails, so the reply never appears on the wire.

Why this answer

The ICMP echo requests arrive at Server B, and the server generates replies, but they never appear on the wire. This indicates the server cannot deliver the frames to the next hop. Since the server has a valid default gateway and no ACLs are blocking, the most likely cause is an incorrect MAC address in the ARP cache for the destination (either the host or the default gateway).

The server will encapsulate the IP packet into a frame using the wrong MAC, causing the switch to drop the frame or send it to the wrong device, so the reply never reaches the wire correctly.

Exam trap

Cisco often tests the distinction between Layer 3 routing (which works correctly here) and Layer 2 frame delivery (which fails due to ARP issues), leading candidates to incorrectly blame routing or ACLs instead of the ARP cache.

Why the other options are wrong

A

ICMP does not use TCP; it is encapsulated directly in IP. The symptom would be unrelated to TCP.

C

A missing route would prevent the IP layer from even attempting to send the packet, not result in a generated-but-not-transmitted error.

D

Port security would have blocked the incoming request if Host A's MAC violated the policy, but the request was received, so this cannot explain the missing reply.

47
MCQhard

Which prefix length corresponds to the subnet mask 255.255.255.192?

A./25
B./26
C./27
D./28
AnswerB

This is correct because 255.255.255.192 equals 26 network bits.

Why this answer

The mask 255.255.255.192 corresponds to /26. In practical terms, the first three octets contribute 24 network bits, and 192 in binary is 11000000, which contributes 2 more network bits. That totals 26 network bits.

This is a standard conversion skill that matters in subnetting, ACL design, and route interpretation.

Exam trap

Be careful not to confuse similar subnet masks or miscount the number of bits in the binary representation.

Why the other options are wrong

A

The /25 prefix length corresponds to subnet mask 255.255.255.128, not 255.255.255.192. The mask 255.255.255.128 has 128 in the last octet, while 255.255.255.192 has 192, indicating a different number of host bits.

C

The /27 prefix length corresponds to subnet mask 255.255.255.224, not 255.255.255.192. The mask 255.255.255.224 has 224 in the last octet, which provides 30 usable hosts per subnet, whereas 255.255.255.192 provides 62 usable hosts.

D

The /28 prefix length corresponds to subnet mask 255.255.255.240, not 255.255.255.192. The mask 255.255.255.240 has 240 in the last octet, which supports 14 usable hosts, while 255.255.255.192 supports 62 usable hosts.

48
Drag & Dropmedium

Drag and drop the following troubleshooting steps into the correct order to diagnose a client connectivity issue using the OSI bottom-up method.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4

Why this order

The OSI bottom-up method starts at Layer 1 (physical) and moves upward. Step A (Check physical connectivity) verifies cables and link lights at Layer 1. Step D (Check for MAC address table entries) examines Layer 2 connectivity.

Step B (Verify IP address configuration) confirms Layer 3 settings. Step C (Test application functionality) tests Layer 7 applications such as ping or web browsing. This sequence aligns with the bottom-up approach of resolving lower-layer issues before examining higher layers.

Exam trap

The trap is that candidates may jump to common troubleshooting steps like checking IP configuration or testing applications, but the bottom-up method requires starting at the physical layer. Always remember the OSI layer order and apply it sequentially.

49
MCQmedium

A network administrator is troubleshooting a user's wired workstation that cannot access the internet. The user reports that the workstation was working earlier today. The administrator runs 'ipconfig /all' on the workstation and sees an IP address of 169.254.10.55. What is the most likely cause of this issue?

A.The workstation has a duplicate IP address conflict with another device.
B.The workstation is unable to communicate with a DHCP server due to a faulty network cable.
C.The workstation's DNS server settings are misconfigured.
D.The workstation is connected to the wrong VLAN, causing it to receive an incorrect IP address.
AnswerB

A faulty network cable prevents the workstation from reaching the DHCP server, causing the client to self-assign an APIPA address (169.254.x.x).

Why this answer

The IP address 169.254.10.55 falls within the Automatic Private IP Addressing (APIPA) range (169.254.0.0/16, RFC 3927). This address is assigned by the operating system when a DHCP client fails to receive a response from a DHCP server. A faulty network cable would prevent the workstation from communicating with the DHCP server, causing the client to self-assign an APIPA address after the DHCP discovery process times out.

Exam trap

Cisco often tests the concept that APIPA addresses are only generated when the DHCP client cannot communicate with any DHCP server, not when there is a configuration mismatch or server-side issue that still allows Layer 2 connectivity.

Why the other options are wrong

A

A duplicate IP address conflict would generate an error message and the workstation would still attempt to use the conflicting IP, not fall back to APIPA. The workstation would retain its DHCP-assigned address and display a conflict notification.

C

DNS misconfiguration would affect name resolution, but the workstation would still obtain a valid IP address from DHCP, not an APIPA address. APIPA is only triggered when DHCP discovery fails entirely.

D

Being on the wrong VLAN would likely result in an IP from a different subnet, not an APIPA address, unless the DHCP server for that VLAN is unreachable. APIPA occurs only when no DHCP server is reachable at all.

50
PBQmedium

You are connected to the console of R1. The network administrator reports that users cannot communicate with the server at 192.168.2.10. R1 is connected to R2 via a serial link (S0/0/0) with IP 10.0.0.1/30 on R1 and 10.0.0.2/30 on R2. The network uses OSPF for routing. You suspect an interface issue on the serial link.

Network Topology
S0/0/010.0.0.1/30S0/0/010.0.0.2/30SerialS0/0/010.0.0.2/30192.168.2.10G0/0 192.168.2.1/24R2R1Server

Hints

  • Check the interface status and line protocol.
  • Serial links require a clock rate on the DCE end.
  • Ensure the encapsulation matches on both ends.
A.Use the show interfaces serial0/0/0 command to verify the interface status and check for encapsulation mismatch.
B.Use the show ip route command to verify that the route to 192.168.2.0/24 is present in the routing table.
C.Use the ping 10.0.0.2 command to test Layer 3 connectivity to the neighbor router.
D.Use the show running-config interface serial0/0/0 command to check the configuration of the serial interface.
AnswerA
solution
! R1
interface Serial0/0/0
clock rate 64000
no shutdown
encapsulation ppp

Why this answer

The serial interface may be administratively down or have incorrect encapsulation. Setting the clock rate on the DCE side and ensuring PPP encapsulation matches the neighbor resolves the issue.

Exam trap

Do not confuse troubleshooting steps: when a specific interface issue is suspected, use interface-level commands like show interfaces, not routing or ping commands. The show interfaces command is the go-to for verifying interface status and encapsulation.

Why the other options are wrong

B

The show ip route command does not provide interface-level details such as encapsulation or clock rate; it only shows routing information.

C

Ping does not provide detailed interface status or configuration information; it only indicates whether the neighbor is reachable, not why it is not.

D

The running-config shows the intended configuration but not the current operational state; for example, it won't show if the interface is administratively down unless you check the shutdown command.

51
Multi-Selectmedium

Which TWO statements accurately describe the encapsulation process in the TCP/IP model as data moves from the application layer to the network access layer?

Select 2 answers
A.At the application layer, the PDU is called a segment and includes a transport layer header.
B.At the transport layer, the PDU is called a segment (for TCP) and includes source and destination port numbers.
C.At the network layer, the PDU is called a frame and includes source and destination MAC addresses.
D.At the network layer, the PDU is called a packet and includes source and destination IP addresses.
E.At the data link layer, the PDU is called a packet and includes source and destination IP addresses.
AnswersB, D

The transport layer encapsulates data with a header containing port numbers to identify the application.

Why this answer

At the transport layer, TCP creates segments that include source and destination port numbers (B correct). At the network layer, the PDU is a packet containing source and destination IP addresses (D correct). Option A is wrong because the application layer generates data, not segments, and transport headers are added later.

Option C mislabels the network layer PDU; it is a packet, not a frame, and MAC addresses belong to frames. Option E is wrong because the data link layer PDU is a frame, not a packet, and it uses MAC addresses, not IP addresses.

Exam trap

Cisco often tests the specific PDU naming conventions (segment, packet, frame) and the layer at which each header is added, causing candidates to confuse the network layer packet with the data link layer frame or to misidentify the transport layer PDU.

Why the other options are wrong

A

The application layer PDU is just data; no transport header is added at this stage.

C

At the network layer, the PDU is a packet with IP addresses; MAC addresses are added at the data link layer.

E

The data link layer PDU is a frame, not a packet, and it contains source and destination MAC addresses.

52
PBQhard

You are connected to R1 via console. R1's GigabitEthernet0/1 interface connects to a remote site switch over a 2 km fiber link. The current configuration shows speed and duplex set to 1000 Mbps and full, but the interface is down/down due to an SFP mismatch. Review the exhibit, identify the problem, and correct it so that the interface comes up and communicates at the correct speed and duplex. Additionally, ensure the interface is configured to auto-negotiate properly for future cable replacements.

Network Topology
Gi0/110.0.0.1/302 km fiberR1Remote Switch

Hints

  • Hard-coded speed and duplex can prevent auto-negotiation and cause link failure with fiber SFPs.
  • The interface is administratively down; check for the 'shutdown' command in the running config.
  • For distances over 550 m, a 1000BASE-LX SFP is needed instead of 1000BASE-SX.
A.Replace the SFP with a 1000BASE-LX module, remove the manual speed and duplex settings, and issue the no shutdown command.
B.Replace the SFP with a 1000BASE-SX module, keep the manual speed 1000 and duplex full, and issue the no shutdown command.
C.Keep the existing SFP, change the speed to 100 and duplex to half, and issue the no shutdown command.
D.Replace the SFP with a 1000BASE-LX module, keep the manual speed 1000 and duplex full, and issue the no shutdown command.
AnswerA
solution
! R1
interface GigabitEthernet0/1
no speed
no duplex
no shutdown

Why this answer

The interface was administratively shut down (shutdown command) and had hard-coded speed 1000 and duplex full, which is incompatible with the 2 km fiber link requiring a long-haul SFP (e.g., 1000BASE-LX). The correct fix is to remove the manual speed/duplex settings, enable auto-negotiation (which is default but overridden), and then no shutdown. For a 2 km link, a 1000BASE-LX SFP is required; the existing SFP (likely 1000BASE-SX, max 550 m) caused the link to be down.

After replacing with the correct SFP, the interface should come up. Commands: interface Gi0/1, no speed, no duplex, no shutdown.

Exam trap

Trap: Candidates may focus only on the SFP replacement and forget to remove manual speed/duplex settings, or they may choose an SFP with insufficient distance. Remember that Gigabit Ethernet fiber interfaces should use auto-negotiation, and manual settings are only for troubleshooting or specific legacy scenarios.

Why the other options are wrong

B

The specific factual error is that 1000BASE-SX cannot support 2 km distances; it is limited to 550 m.

C

The specific factual error is that Gigabit Ethernet interfaces cannot be set to 100 Mbps; they only support 1000 Mbps or auto-negotiation.

D

The specific factual error is that manual speed/duplex settings should be removed to allow auto-negotiation; they are not recommended for fiber interfaces.

53
PBQmedium

You are connected via the console to R1, a Cisco ISR 4331 router. The network uses IPv6. R1's GigabitEthernet0/0 interface has the MAC address 00:1C:0F:9A:7B:32. You need to configure the interface to use EUI-64 to form a global unicast address from the prefix 2001:DB8:CAFE:1::/64. Additionally, ensure that the interface is enabled for IPv6.

Network Topology
G0/0linkR1IPv6 Network

Hints

  • EUI-64 uses the interface MAC address to create the interface ID.
  • The command format is 'ipv6 address prefix/length eui-64'.
  • You may also need to enable IPv6 on the interface with 'ipv6 enable'.
A.R1(config-if)# ipv6 address 2001:DB8:CAFE:1:021C:0FFF:FE9A:7B32/64 eui-64 R1(config-if)# no shutdown
B.R1(config-if)# ipv6 address 2001:DB8:CAFE:1::/64 eui-64 R1(config-if)# no shutdown
C.R1(config-if)# ipv6 address 2001:DB8:CAFE:1:021C:0FFF:FE9A:7B32/64 R1(config-if)# no shutdown
D.R1(config-if)# ipv6 address 2001:DB8:CAFE:1:001C:0FFF:FE9A:7B32/64 eui-64 R1(config-if)# no shutdown
AnswerA
solution
! R1
interface GigabitEthernet0/0
ipv6 address 2001:DB8:CAFE:1::/64 eui-64
ipv6 enable

Why this answer

The EUI-64 process inserts FF:FE in the middle of the MAC address and inverts the 7th bit. Configuring the IPv6 address with the eui-64 keyword automatically generates the interface ID from the MAC address.

Exam trap

Trap: Candidates often forget the bit inversion step in EUI-64 or incorrectly use the :: abbreviation with the eui-64 keyword. Remember: EUI-64 requires the full prefix and the 7th bit of the MAC must be flipped.

Why the other options are wrong

B

The specific factual error is that the EUI-64 keyword cannot be used with the double colon (::) abbreviation; the prefix must be fully specified.

C

The specific factual error is that the command does not use the eui-64 keyword, so it does not meet the requirement to use EUI-64.

D

The specific factual error is that the 7th bit inversion was not applied; the interface ID should start with 021C, not 001C.

54
MCQhard

A network administrator notices that wireless clients are unable to associate with the corporate SSID 'CorpNet' on an AP that is managed by a WLC. The AP has been joined to the WLC successfully, and the WLC is reachable from the AP. The administrator checks the WLC configuration. Based on the exhibit, what is the most likely cause of the association failure?

A.The WLAN is disabled.
B.The WLAN is missing a pre-shared key.
C.CCKM is not supported by the clients.
D.The WLAN is mapped to the management interface.
AnswerD

The management interface should not be used for client data traffic; it should be a dynamic interface.

Why this answer

The exhibit shows the WLAN 'CorpNet' is mapped to the management interface. While the association process may succeed, the management interface is reserved for control and management traffic (e.g., CAPWAP, SSH) and is not designed to carry client data. This misconfiguration prevents the client from obtaining network access (e.g., IP address via DHCP), which manifests as an apparent association failure.

Client data must be mapped to a dynamic interface (VLAN) or the guest interface for proper operation.

Exam trap

Cisco often tests the misconception that mapping to the management interface blocks 802.11 association; in reality, association may succeed, but the client fails to obtain network services.

Why the other options are wrong

A

The 'show wlan summary' output explicitly shows the WLAN status as 'Enabled', so the WLAN is not disabled. A disabled WLAN would prevent associations, but that is not the case here.

B

The output shows PSK is enabled with a passphrase 'Cisco123', so a pre-shared key is configured. Missing PSK would cause authentication failures, but that is not the issue here.

C

CCKM is a fast roaming method that is optional for client association. Clients can associate without CCKM support; it only affects roaming performance, not initial association.

55
MCQmedium

A network administrator is troubleshooting a Windows 10 client that cannot access a web server at 192.168.1.100. The client has an IP address of 192.168.1.50/24 and can ping its default gateway (192.168.1.1) successfully, but ping to 192.168.1.100 fails. Which command should the administrator run next to verify the client's current network connections and identify potential issues with active sessions?

A.ipconfig /all
B.netstat -a
C.tracert 192.168.1.100
D.ping -t 192.168.1.100
AnswerB

This command shows all active TCP connections and listening ports on the client, allowing the administrator to see if there are any established sessions to the web server or if the web server's port is being blocked or not responding.

Why this answer

The `netstat -a` command displays all active TCP/UDP connections and listening ports, which is the most direct way to verify current network sessions and identify issues such as blocked ports, half-open connections, or failed connection attempts. While ping failure could result from network-layer filtering (e.g., ACLs blocking ICMP), `netstat -a` reveals whether the client has initiated a TCP connection to 192.168.1.100 and its current state (e.g., SYN_SENT, ESTABLISHED, TIME_WAIT), helping to isolate transport-layer or application-layer problems.

Exam trap

Cisco often tests the distinction between Layer 3 connectivity (ping/tracert) and Layer 4 session verification (netstat), trapping candidates who assume that successful ping implies full application-layer connectivity.

Why the other options are wrong

A

The ipconfig /all command displays detailed IP configuration, including DNS servers and MAC addresses, but does not show active network connections or sessions. Since the client can ping the gateway, IP configuration is likely correct, and this command does not help identify issues with active sessions to the web server.

C

The tracert command performs a route trace to the destination, which requires Layer 3 reachability. Since ping to 192.168.1.100 already failed, tracert will likely also fail and does not provide information about active connections or listening ports. It is useful for identifying where packets are dropped along the path, but not for verifying active sessions.

D

The ping -t command sends continuous ICMP echo requests to test reachability over time, but it does not reveal connection states or listening ports. Since ping already failed, continuous pings will also fail and do not help identify issues with active TCP sessions to the web server.

56
Multi-Selectmedium

Which TWO symptoms are most likely to appear in the output of 'show interfaces' when a duplex mismatch exists between a switch port and a connected host?

Select 2 answers
A.Excessive collisions and CRC errors on the interface
B.Runts and frame errors on the interface
C.Auto-negotiation failed message in the interface output
D.High input rate on the interface
E.Line protocol is down
AnswersA, B

On the half-duplex side, collisions are normal but become excessive due to the full-duplex side transmitting without listening. CRC errors occur when frames are corrupted by collisions.

Why this answer

A duplex mismatch causes collisions on the half-duplex side, resulting in excessive collisions and CRC errors (option A). On the full-duplex side, the host receives truncated frames from the half-duplex side's collisions, leading to runts and frame errors (option B). Option C is incorrect because 'Auto-negotiation failed' would appear only if negotiation itself failed, not from a mismatch after successful negotiation.

Option D is wrong because a duplex mismatch typically reduces throughput and causes errors, not a high input rate. Option E is incorrect because the line protocol remains up; duplex mismatch does not bring the line protocol down.

Exam trap

Cisco often tests the distinction that 'runts' and 'frame errors' are symptoms of duplex mismatch on the full-duplex side, while 'excessive collisions' and 'CRC errors' appear on the half-duplex side, and candidates may incorrectly assume both symptoms appear on the same interface.

Why the other options are wrong

C

A duplex mismatch occurs after auto-negotiation completes; no 'auto-negotiation failed' message appears on the interface.

D

Duplex mismatch causes errors and retransmissions, usually reducing the effective input rate, not increasing it.

E

Duplex mismatch keeps the line protocol up; it affects data integrity but not the Layer 1/2 link state.

57
PBQhard

You are connected to R1 via the console. R1 has two directly connected routers: R2 and R3. Currently, R1 cannot reach R2's loopback interface (203.0.113.1/32). Additionally, R3 is IPv6-only and must be reachable from R1 using a statically assigned global unicast address. Configure R1's interfaces and static routes so that: (1) R1 can ping R2's loopback, (2) R1 can ping R3's IPv6 address 2001:db8:acad:2::1/64, and (3) R1's IPv6 address on the link to R3 is derived using EUI-64.

Hints

  • Check the subnet of the IPv6 address on R1's G0/1; it should match R3's subnet.
  • R2's loopback is not directly connected; a static route is needed.
  • EUI-64 uses the MAC address; ensure the prefix is correct.
A.Configure R1's G0/0 with IP 192.168.1.1/24 and add a static route to 203.0.113.1/32 via 192.168.1.2. Configure R1's G0/1 with IPv6 address 2001:db8:acad:2::/64 eui-64.
B.Configure R1's G0/0 with IP 192.168.1.1/24 and add a static route to 203.0.113.0/24 via 192.168.1.2. Configure R1's G0/1 with IPv6 address 2001:db8:acad:1::/64 eui-64.
C.Configure R1's G0/0 with IP 192.168.1.1/24 and add a static route to 203.0.113.1/32 via 192.168.1.2. Configure R1's G0/1 with IPv6 address 2001:db8:acad:2::1/64.
D.Configure R1's G0/0 with IP 192.168.1.1/24 and add a static route to 203.0.113.1/32 via 192.168.1.2. Configure R1's G0/1 with IPv6 address 2001:db8:acad:1::/64 eui-64.
AnswerA
solution
! R1
interface GigabitEthernet0/1
ipv6 address 2001:db8:acad:2::/64 eui-64
exit
ip route 203.0.113.1 255.255.255.255 192.168.1.2

Why this answer

The ping to R2's loopback fails because R1's G0/0 is configured with a /24 mask, but the network should be /24 (which is correct), but the loopback is on a different subnet (203.0.113.0/24 vs 192.168.1.0/24). Actually the issue is that R1 has no route to 203.0.113.1. The solution is to add a static route on R1 pointing to R2's G0/0 IP.

For IPv6, R1's EUI-64 address is on the wrong subnet (2001:db8:acad:1::/64) but R3 is on 2001:db8:acad:2::/64. The fix is to change the IPv6 address on R1's G0/1 to 2001:db8:acad:2::/64 eui-64. Then add an IPv6 static route if needed (but R1 and R3 are directly connected, so after fixing the subnet, ping should work).

Exam trap

Watch out for subnet mismatches in IPv6 and the requirement to use EUI-64. Many candidates forget that EUI-64 requires the 'eui-64' keyword, not a manual interface ID. Also, ensure static routes point to the exact host (/32) when the destination is a loopback.

Why the other options are wrong

B

The IPv6 subnet mismatch prevents direct connectivity; R1 and R3 must be on the same subnet for a ping to work without additional routing.

C

The requirement explicitly states that the IPv6 address must be derived using EUI-64; a manually specified interface ID violates this.

D

The IPv6 subnet must be the same as R3's for direct connectivity; using a different subnet requires additional routing, which is not configured.

58
Drag & Dropmedium

Drag and drop the following steps into the correct order to describe the encapsulation of data as it passes down the TCP/IP stack for transmission.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

The encapsulation process starts with the application layer generating data. The transport layer packages data into segments (TCP) or datagrams (UDP). The network layer adds an IP header, creating a packet.

The data link layer adds a frame header and trailer (frame). Finally, the physical layer converts the frame into bits for transmission.

59
MCQhard

A host address is 192.168.22.145/28. Which subnet contains that host?

A.192.168.22.128/28
B.192.168.22.144/28
C.192.168.22.160/28
D.192.168.22.148/28
AnswerB

This is correct because .145 falls within the .144 through .159 block.

Why this answer

A /28 prefix creates address blocks of 16. In practical terms, the fourth-octet ranges are 0–15, 16–31, 32–47, and so on. Because 145 falls inside the 144–159 range, the network address of the containing subnet is 192.168.22.144/28.

This type of question checks whether you can move from prefix length to block size and then place a host into the correct interval. The common mistake is choosing a nearby familiar number instead of calculating the actual block boundary.

Exam trap

Avoid assuming a host belongs to a subnet without calculating the exact range. Always verify the block size and boundaries.

Why the other options are wrong

A

The subnet 192.168.22.128/28 includes addresses 192.168.22.128 to 192.168.22.143. The host address 192.168.22.145 is outside this range, so it does not belong to this subnet.

C

The subnet 192.168.22.160/28 includes addresses 192.168.22.160 to 192.168.22.175. The host address 192.168.22.145 is below this range, so it cannot be in this subnet.

D

The subnet 192.168.22.148/28 is not a valid subnet because the network address must be a multiple of the subnet size (16). Valid network addresses for /28 are 0, 16, 32, 48, etc. 148 is not a multiple of 16, so this is not a valid subnet.

60
MCQhard

A host is configured with 10.10.10.130/25. What is the network address of its subnet?

A.10.10.10.0
B.10.10.10.64
C.10.10.10.128
D.10.10.10.255
AnswerC

This is correct because .130 falls in the upper /25 block starting at .128.

Why this answer

A /25 divides the address space into two blocks of 128 addresses. In plain language, the ranges are 0–127 and 128–255. Since the host ends in 130, it belongs to the 128–255 half. That means the network address is 10.10.10.128.

This is a common subnet-boundary question because it tests whether you can map a host address into the correct prefix block quickly and confidently.

Exam trap

Be careful not to confuse the subnet mask with /24 or mistake the broadcast address for the network address.

Why the other options are wrong

A

10.10.10.0 is the network address of the 10.10.10.0/25 subnet (range 0-127), but the host IP 10.10.10.130 is not in that range. The /25 mask creates two subnets: 10.10.10.0/25 and 10.10.10.128/25, and .130 belongs to the latter.

B

10.10.10.64 is not a valid network address for any /25 subnet derived from 10.10.10.0/24. A /25 subnet has a block size of 128, so the network addresses are multiples of 128: 0 and 128. 64 is a multiple of 64, which would be a /26 boundary, not /25.

D

10.10.10.255 is the broadcast address for the 10.10.10.128/25 subnet, not the network address. The broadcast address is the last address in the subnet (all host bits set to 1), while the network address is the first address (all host bits set to 0).

61
Matchingmedium

Match each Ethernet or switching term to its most accurate description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Layer 2 hardware-style address used for local delivery

Layer 2 protocol data unit on Ethernet

Device that learns MAC addresses and forwards local traffic

Traffic sent to all devices in the local broadcast domain

Why these pairings

A MAC address is a Layer 2 hardware identifier burned into each NIC, used for local frame delivery. A frame is the Layer 2 PDU that encapsulates data for Ethernet transmission. A switch learns MAC addresses by examining source addresses and forwards frames based on destination MACs, enabling local traffic isolation.

A broadcast frame is sent to the broadcast MAC address (FF:FF:FF:FF:FF:FF) and is received by all devices within the same broadcast domain.

Exam trap

Be careful not to confuse MAC addresses with other Layer 2 terms like VLANs, trunks, or STP. Each term has a specific definition; MAC addresses are hardware identifiers, not logical groupings or protocols.

62
Drag & Dropmedium

Drag and drop the following steps into the correct order to isolate CRC errors, duplex mismatches, and flapping on a Cisco IOS-XE interface.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4

Why this order

First enter configuration mode, then enable debugs to capture errors, monitor logs, analyze the data, and finally apply fixes and verify.

Exam trap

Do not confuse the order of enabling debugs and monitoring logs. Debuffs must be enabled before you can monitor the debug output. Also, configuration mode is typically entered first to set up logging parameters or debug conditions.

63
PBQhard

You are troubleshooting a client connectivity issue on PC1, which is connected to switch SW1. PC1 reports that it cannot access the internet, but it can ping its default gateway (192.168.1.1). The network uses VLAN 10 for the client subnet. Examine the following show outputs: On PC1, ipconfig shows IP 192.168.1.10, default gateway 192.168.1.1, DNS server 192.168.1.1. On SW1, show running-config includes 'interface Vlan10' with IP 192.168.1.1 255.255.255.0, but no 'ip dns server' and no 'ip name-server' commands. SW1's show ip route displays a default route via 203.0.113.1. Identify the root cause. Configure the necessary fix on the appropriate device to restore full connectivity.

Network Topology
G0/1G0/1203.0.113.1/30203.0.113.1/30PC1SW1RouterInternet

Hints

  • Check DNS configuration on the switch.
  • The PC's DNS server is likely the default gateway (switch).
  • The switch needs to be configured to forward DNS queries.
A.Configure 'ip dns server' and 'ip name-server 8.8.8.8' on SW1.
B.Configure 'ip default-gateway 192.168.1.1' on SW1.
C.Configure 'ip route 0.0.0.0 0.0.0.0 203.0.113.1' on SW1.
D.Configure 'ip domain-lookup' on SW1.
AnswerA
solution
! SW1
ip name-server 8.8.8.8

Why this answer

PC1 is configured with DNS server 192.168.1.1, which is the switch SW1. However, SW1 lacks DNS forwarding capability. To enable DNS relay on the switch, both the 'ip dns server' command (to activate the DNS forwarder) and 'ip name-server 8.8.8.8' (to point to an upstream resolver) are required.

Option A provides the necessary configuration to restore DNS resolution and internet connectivity.

Exam trap

Do not assume that internet connectivity issues are always routing problems. When a client can ping the gateway but cannot access websites, the issue is often DNS. Also, remember that 'ip name-server' configures DNS servers, while 'ip domain-lookup' only enables the DNS client feature.

Why the other options are wrong

B

A default gateway is needed only for management traffic from the switch itself, not for DNS forwarding; the switch already communicates with the router via its default route.

C

A static default route is already present and unrelated to DNS resolution; adding another route would not solve the name resolution failure.

D

The 'ip domain-lookup' command only enables the DNS client on the switch itself, not DNS forwarding for clients like PC1.

64
Drag & Dropmedium

Drag and drop the following steps into the correct order to configure an IPv4 static address on a Windows host, generate an IPv6 EUI-64 address on a Cisco router, and verify the static IP assignment on Windows.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4

Why this order

The static IPv4 is configured on Windows first, then the EUI-64 IPv6 address on the router, and finally verification on Windows. This order separates host and router tasks logically.

Exam trap

Do not assume that router configuration must come first because it is more complex. The logical workflow is to configure the host first, then the router, then verify. Also, verification should always be the last step after all configurations are complete.

65
MCQhard

A network technician is troubleshooting a connectivity issue for a PC connected to switch port Gi1/0/12. The PC can ping its default gateway (192.168.10.1) but cannot ping a server at 192.168.20.10. The switch is configured with VLAN 10 for the access port and is connected to a router-on-a-stick. The technician runs 'show vlan brief' and 'show interfaces trunk' on the switch. What is the most likely cause of the problem?

A.The trunk port Gi1/0/24 is not in trunking mode.
B.The router is missing a subinterface for VLAN 20.
C.The switch port Gi1/0/12 is not assigned to VLAN 10.
D.The PC has a duplicate IP address with the server.
AnswerB

The PC in VLAN 10 can ping its gateway, but VLAN 20 traffic cannot be routed because the router lacks a subinterface for VLAN 20.

Why this answer

The PC can ping its default gateway (192.168.10.1) but not the server at 192.168.20.10, indicating Layer 3 routing is failing between VLANs. Since the switch is configured with VLAN 10 for the access port and uses a router-on-a-stick, the router must have a subinterface for VLAN 20 to route traffic to the server's subnet. The absence of a subinterface for VLAN 20 prevents the router from forwarding packets from VLAN 10 to VLAN 20, making option B correct.

Exam trap

Cisco often tests the misconception that a trunk misconfiguration (option A) is the cause, but the PC's ability to ping the gateway confirms the trunk is working for VLAN 10, so the real issue is the missing subinterface for the destination VLAN.

Why the other options are wrong

A

The trunk port Gi1/0/24 is in 'on' mode and trunking, as shown in 'show interfaces trunk'. Therefore, the trunk is operational and not the cause of the issue.

C

The 'show vlan brief' output shows that port Gi1/0/12 is assigned to VLAN 10, so the PC is in the correct VLAN. This is not the issue.

D

A duplicate IP address would cause connectivity issues to the gateway as well, but the PC can ping the gateway successfully. Therefore, duplicate IP is not the problem.

66
Drag & Dropmedium

Drag and drop the following steps into the correct order to describe the TCP three-way handshake process between a client and a server.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4

Why this order

The TCP three-way handshake begins with the client sending a SYN (A) to initiate the connection. The server replies with a SYN-ACK (B) to acknowledge the client's SYN and provide its own sequence number. Finally, the client sends an ACK (C) to confirm the server's SYN, completing the handshake.

Option D, "Server sends ACK (ack=x+1)," is not part of the three-way handshake; an ACK from the server would be redundant at this stage and actually occurs during the four-way connection termination, not establishment.

Exam trap

The most common trap is confusing the order of the handshake or thinking the server sends a plain ACK instead of a SYN-ACK. Remember: the client always initiates with SYN, the server replies with SYN-ACK, and the client finishes with ACK.

67
MCQhard

An IPv6 LAN is using SLAAC. Which message allows hosts to learn the default gateway and on-link prefix?

A.Neighbor Solicitation
B.Router Advertisement
C.DHCPv6 Solicit
D.ICMP Echo Reply
AnswerB

Correct. RA messages provide prefix and default-router information.

Why this answer

In an IPv6 LAN using SLAAC (Stateless Address Autoconfiguration), hosts learn the default gateway and on-link prefix from Router Advertisement (RA) messages sent by routers. Neighbor Solicitation (NS) is used for address resolution and Duplicate Address Detection (DAD), not for learning gateway/prefix. DHCPv6 Solicit is part of stateful DHCPv6, not SLAAC.

ICMP Echo Reply is a simple reachability test and provides no configuration information.

Exam trap

Be careful not to confuse the roles of Router Solicitation and Router Advertisement messages. Remember, solicitations are requests, while advertisements provide information.

Why the other options are wrong

A

Neighbor Solicitation (NS) messages are used for address resolution (determining the link-layer address of a neighbor) and duplicate address detection, not for advertising default gateway or prefix information.

C

DHCPv6 Solicit messages are used in stateful DHCPv6 to request configuration parameters like addresses and DNS servers, but SLAAC does not use DHCPv6 for default gateway or prefix information; those are provided by RA messages.

D

ICMP Echo Reply messages are used for ping responses and do not carry any routing or prefix information; they are not involved in neighbor discovery or address autoconfiguration.

68
MCQhard

A host is configured with IP address 10.10.40.78/28. Which subnet contains that host?

A.10.10.40.48/28
B.10.10.40.64/28
C.10.10.40.72/28
D.10.10.40.80/28
AnswerB

This is correct because .78 falls inside the .64 through .79 range.

Why this answer

A /28 subnet has a block size of 16. In simple terms, the fourth-octet ranges are 0–15, 16–31, 32–47, 48–63, 64–79, 80–95, and so on. Because 78 falls inside the 64–79 block, the network address for this host’s subnet is 10.10.40.64/28.

This style of subnetting question checks whether you can move from prefix length to block size and then place the host into the correct range. The common mistake is choosing the nearest familiar-looking number instead of the actual block boundary.

Exam trap

Avoid selecting a subnet range based on the nearest familiar-looking number; always calculate the correct block boundary.

Why the other options are wrong

A

The subnet 10.10.40.48/28 includes addresses 10.10.40.48 through 10.10.40.63. The host address 10.10.40.78 is outside this range, so it does not belong to this subnet.

C

The subnet 10.10.40.72/28 is not a valid subnet because /28 subnets have boundaries that are multiples of 16. The valid subnet starting addresses for /28 are 0, 16, 32, 48, 64, 80, etc. 72 is not a multiple of 16, so this is not a valid network address.

D

The subnet 10.10.40.80/28 includes addresses 10.10.40.80 through 10.10.40.95. The host address 10.10.40.78 is below this range, so it does not belong to this subnet.

69
Drag & Dropmedium

Drag and drop the following steps into the correct order to configure an IPv4 address on a Cisco IOS-XE router interface, then verify the configuration with a ping to a host that uses an IPv6 EUI-64 address.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4

Why this order

The correct sequence is to first enter global configuration mode, then interface configuration mode, assign the IPv4 address, exit completely to enable mode, and finally ping the IPv6 host. Option B is incorrect because you cannot enter interface configuration mode before global configuration mode; you must be in global config first. Option C is incorrect because you cannot assign an IPv4 address in global configuration mode; that command must be issued in interface configuration mode.

Option D is incorrect because you cannot execute the ping command from interface configuration mode; you must exit to enable mode first.

Exam trap

The exam trap is that candidates often confuse the order of configuration modes or try to execute commands in the wrong mode. Remember: global config first, then interface config, then assign IP, then exit to enable mode for verification commands like ping.

70
MCQhard

A host is configured with 192.168.60.33/26. Which address is the network address of its subnet?

A.192.168.60.0
B.192.168.60.32
C.192.168.60.64
D.192.168.60.63
AnswerA

This is correct because .33 is in the 0–63 /26 block.

Why this answer

A /26 uses blocks of 64 addresses. In practical terms, the fourth-octet ranges are 0–63, 64–127, 128–191, and 192–255. Since 33 falls within the 0–63 block, the network address is 192.168.60.0.

This is a straightforward boundary-identification question, but it catches people who memorize masks without understanding block sizes. The right approach is to find the correct block first, then take the first address in that block as the network address.

Exam trap

Avoid confusing the first usable host address with the network address. Always identify the block range first.

Why the other options are wrong

B

The /26 subnet mask has a block size of 64, not 32. The network addresses for /26 are 0, 64, 128, and 192. 192.168.60.32 is not a valid network address because it is not a multiple of 64.

C

192.168.60.64 is the network address of the next /26 subnet (64–127). The host address 192.168.60.33 belongs to the 0–63 range, not the 64–127 range.

D

192.168.60.63 is the broadcast address of the 192.168.60.0/26 subnet, not the network address. The network address is always the first address in the subnet (all host bits set to 0).

71
Multi-Selectmedium

Which three statements are true about the operation of Dynamic Host Configuration Protocol (DHCP) in an enterprise network? (Choose three.)

Select 3 answers
.A DHCP client sends a DHCPDISCOVER message as a broadcast to locate a DHCP server.
.A DHCP server uses the client's MAC address to uniquely identify and assign an IP address.
.DHCP options, such as default gateway and DNS server, are included in DHCPOFFER and DHCPACK messages.
.A DHCP relay agent is required only if the client and server are on the same subnet.
.The DHCPREQUEST message is always sent as a unicast directly to the DHCP server.
.DHCP ensures that IP addresses are permanently assigned and never expire.

Why this answer

The DHCP client sends a DHCPDISCOVER message as a broadcast (destination IP 255.255.255.255) because it does not yet know the IP address of any DHCP server. The server uses the client's MAC address (from the CHADDR field) to uniquely identify the client and assign an IP address. DHCP options like default gateway and DNS server are carried in the DHCPOFFER and DHCPACK messages as part of the Options field, allowing the server to provide essential network configuration parameters.

Exam trap

Cisco often tests the misconception that DHCPREQUEST is always unicast, but in the initial DORA exchange, it is broadcast until the client receives an ACK and configures its IP; the trap here is confusing the renewal process with the initial lease acquisition.

72
PBQhard

You are troubleshooting a wireless client connectivity issue on the Cisco WLC at 192.168.1.100. The client reports it can see the SSID 'CorpNet' and successfully associates, but cannot obtain an IP address or reach network resources. The WLAN is already configured with WPA3 security, and the SSID should remain hidden. Identify and correct the configuration issue.

Hints

  • Check which interface the WLAN is mapped to.
  • The management interface is not meant for client data traffic.
  • Use the 'config wlan interface' command to change the binding.
A.The WLAN is mapped to the management interface. Use 'config wlan interface 1 CorpNet_VLAN' to assign the correct interface.
B.The SSID is not hidden. Use 'config wlan disable-broadcast-ssid 1 enable' to hide the SSID.
C.WPA3 is not enabled on the WLAN. Use 'config wlan security wpa akm 6 enable' to enable WPA3.
D.The WLAN is disabled. Use 'config wlan enable 1' to enable the WLAN.
AnswerA
solution
! WLC
config wlan interface 1 CorpNet_VLAN

Why this answer

The WLAN is incorrectly mapped to the management interface, which places client traffic in the management VLAN instead of the correct CorpNet_VLAN. As a result, clients cannot obtain IP addresses or communicate beyond the WLC. Reassigning the WLAN to the CorpNet_VLAN interface with 'config wlan interface 1 CorpNet_VLAN' resolves the issue by placing client data in the proper VLAN.

Exam trap

Clients seeing the SSID indicates the WLAN is enabled and broadcasting; association can complete even on the wrong interface. The actual symptom is a lack of IP connectivity, not an association failure. Always check the WLAN-to-interface mapping when clients associate but cannot reach network services.

Why the other options are wrong

B

Hiding the SSID is already satisfied; changing broadcast settings would make the SSID visible, contradicting the requirement.

C

WPA3 is already enabled on the WLAN, so there is no need to configure security. The client associates successfully, proving security is not the issue.

D

The WLAN is enabled because the client can see the SSID and associates; enabling it again would not fix the VLAN mismatch.

73
Multi-Selectmedium

Which two statements accurately compare SLAAC and DHCPv6?

Select 2 answers
A.SLAAC allows a host to form its own address using information from router advertisements.
B.DHCPv6 can be used to provide host configuration in a more server-driven way.
C.SLAAC requires NAT to function.
D.DHCPv6 replaces the need for router advertisements completely.
E.Neither SLAAC nor DHCPv6 can provide any addressing information to hosts.
AnswersA, B

This is correct because SLAAC relies on router advertisements and local address formation.

Why this answer

SLAAC and DHCPv6 are both IPv6 host-configuration approaches, but they are not the same. In practical terms, SLAAC lets a host build its own address using router advertisements and the advertised prefix, while DHCPv6 can be used to provide addressing information or other configuration in a more server-driven way. Depending on design, IPv6 networks can use one, the other, or a mixture of behaviors.

The key is not to oversimplify. SLAAC is not “IPv6 DHCP,” and DHCPv6 is not the only way IPv6 hosts learn how to operate. Router advertisements remain very important.

Exam trap

Do not assume DHCPv6 is the only way to configure IPv6 addresses or settings; SLAAC also plays a crucial role.

Why the other options are wrong

C

SLAAC does not require NAT because IPv6 has a vast address space, eliminating the need for address translation. NAT is a workaround for IPv4 address exhaustion and is not used in native IPv6 networks. SLAAC relies on router advertisements to provide prefix information, and hosts generate their own addresses without any translation.

D

DHCPv6 does not replace router advertisements; in fact, router advertisements are still required for hosts to determine the default gateway and other network parameters. Even when DHCPv6 is used, hosts rely on RAs to learn the on-link prefix and to decide whether to use stateful or stateless configuration.

E

Both SLAAC and DHCPv6 can provide addressing information to hosts. SLAAC allows hosts to form their own addresses from prefix information in RAs, while DHCPv6 can assign addresses and other configuration parameters. Therefore, the statement that neither can provide addressing information is false.

74
MCQhard

A host is configured with 10.10.10.33/27. What is the broadcast address of its subnet?

A.10.10.10.31
B.10.10.10.63
C.10.10.10.32
D.10.10.10.64
AnswerB

This is correct because .33 is in the 32–63 subnet.

Why this answer

A /27 uses address blocks of 32. In practical terms, the ranges are 0–31, 32–63, 64–95, and so on. Because .33 falls inside the 32–63 block, the broadcast address is the last address in that block, which is 10.10.10.63.

This is a classic subnet-boundary question. The trick is to identify the correct block first and then choose its last address as the broadcast.

Exam trap

Don't confuse the network address or the next subnet's start with the broadcast address. Always calculate the correct range first.

Why the other options are wrong

A

10.10.10.31 is the broadcast address of the previous /27 subnet (10.10.10.0–10.10.10.31), not the subnet containing .33.

C

10.10.10.32 is the network address (subnet ID) of the subnet containing .33, not the broadcast address. The network address is the first address in the block.

D

10.10.10.64 is the network address of the next /27 subnet (10.10.10.64–10.10.10.95), not the broadcast address of the subnet containing .33.

75
Matchingmedium

Drag and drop the wireless terms on the left to the correct descriptions on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Uses only the 5 GHz band and supports up to 160 MHz channel bonding

Introduces OFDMA and supports both 2.4 GHz and 5 GHz bands

Uses Simultaneous Authentication of Equals (SAE) for secure pre-shared key authentication

A single AP and its associated clients, identified by a BSSID

Centralized management device that handles AP configuration, roaming, and security policies

Why these pairings

802.11ac (Wi-Fi 5) operates only in the 5 GHz band and introduced support for 160 MHz-wide channels to achieve higher throughput. 802.11ax (Wi-Fi 6) adds OFDMA for more efficient channel use and works in both 2.4 GHz and 5 GHz bands. WPA3-Personal uses SAE (Simultaneous Authentication of Equals) to protect pre-shared key authentication against offline dictionary attacks. A Basic Service Set (BSS) consists of a single AP and its associated clients, identified by the AP's radio MAC address (BSSID).

A Wireless LAN Controller (WLC) centralizes management, handling AP configuration, client roaming, and security policies across the wireless network.

Exam trap

A common mistake is thinking 802.11ac also uses the 2.4 GHz band, but it is strictly 5 GHz-only; similarly, WPA3 does not use the traditional 4-way handshake like WPA2, but employs SAE to prevent brute-force attacks.

Page 1 of 6 · 390 questions totalNext →

Ready to test yourself?

Try a timed practice session using only Network Infra Connectivity questions.