CCNA Network Infra Connectivity Questions

75 of 390 questions · Page 4/6 · Network Infra Connectivity topic · Answers revealed

226
MCQmedium

A network technician is troubleshooting a connectivity issue where a host cannot communicate with a remote server. The technician notices that frames are being dropped at an intermediate switch. At which OSI model layer does the switch primarily operate, and what is the Protocol Data Unit (PDU) used at that layer?

A.Layer 1; bits
B.Layer 2; frames
C.Layer 3; packets
D.Layer 4; segments
AnswerB

Switches operate at Layer 2 (Data Link) and use frames, which contain source and destination MAC addresses, to make forwarding decisions.

Why this answer

Switches primarily operate at Layer 2 (Data Link layer) of the OSI model, where they make forwarding decisions based on MAC addresses. The Protocol Data Unit (PDU) at this layer is the frame, which includes the MAC header, payload, and trailer. When frames are dropped at an intermediate switch, it indicates a Layer 2 issue such as a MAC address table problem, VLAN mismatch, or duplex mismatch.

Exam trap

Cisco often tests the distinction that a standard switch operates at Layer 2, but candidates may incorrectly choose Layer 3 because they associate switches with VLANs or IP routing, forgetting that basic switching is a Layer 2 function.

Why the other options are wrong

A

Switches do not operate at Layer 1; hubs and repeaters do.

C

While some multilayer switches can route, the basic switch in this scenario operates at Layer 2.

D

Segments are used by transport layer protocols, not by switches.

227
Matchingmedium

Drag and drop the cable issue symptoms on the left to the correct descriptions on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Frames that failed the cyclic redundancy check, often due to faulty cabling or electromagnetic interference

Total of all receive-side errors, including runts, giants, CRC, and frame errors

Packets that could not be transmitted successfully, often due to collisions or buffer overruns

Frames smaller than 64 bytes, typically caused by collisions or faulty hardware

Frames larger than the maximum allowed size, often due to a malfunctioning NIC or duplex mismatch

Why these pairings

Each interface counter describes a specific type of packet failure. CRC errors occur when the frame check sequence fails, pointing to physical issues like bad cabling or interference. Input errors is a broader counter that sums all receive-side anomalies, including CRC errors, runts, and giants.

Output errors represents transmit-side failures, often from collisions, buffer overruns, or late collisions. Runts are frames shorter than the 64-byte minimum, commonly caused by collisions or defective hardware, while giants exceed the maximum frame size and usually indicate a duplex mismatch or faulty NIC. Understanding these categories helps pinpoint whether the problem is receive-side, transmit-side, or due to physical layer faults.

Exam trap

Do not confuse the symptom (crosstalk) with its causes (split pair) or other issues (attenuation, impedance mismatch). Focus on the definition of the symptom.

228
Drag & Dropmedium

Drag and drop the following steps into the correct order to describe the ARP resolution process when a host needs to send data to another host on the same Ethernet network.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4

Why this order

ARP resolution begins with checking the cache, then broadcasting a request if needed, the target replies with its MAC, and the source updates its cache to send data directly.

Exam trap

The most common trap is to assume that ARP always starts with a broadcast. Remember that the cache check is always the first step to avoid unnecessary broadcasts.

229
MCQhard

A subnet must support 30 usable IPv4 host addresses. Which prefix is the smallest that meets the requirement?

A./28
B./27
C./26
D./25
AnswerB

This is correct because a /27 provides 30 usable host addresses.

Why this answer

A /27 is the smallest valid prefix. In plain language, a /27 provides 32 total addresses, and after subtracting the network and broadcast addresses, 30 usable host addresses remain. A /28 would be too small because it provides only 14 usable hosts.

This is a classic minimum-prefix question because it checks whether you can work backward from a host requirement and choose the smallest subnet that fits without over-allocating more space than necessary.

Exam trap

A frequent exam trap is choosing a /28 prefix because it appears to be the closest to supporting 30 hosts. However, a /28 subnet only provides 16 total addresses, of which 14 are usable for hosts after excluding the network and broadcast addresses. This mistake arises from confusing total addresses with usable hosts or failing to subtract the reserved addresses.

Selecting a /28 leads to insufficient host capacity, causing network issues or exam failure. Always remember that usable hosts equal total addresses minus two, which is critical when calculating subnet sizes for CCNA questions.

Why the other options are wrong

A

Option A (/28) is incorrect because a /28 subnet provides only 16 total addresses, which results in 14 usable host addresses after subtracting the network and broadcast addresses. This is insufficient to support 30 hosts.

C

Option C (/26) is incorrect because although it supports 62 usable hosts, it is larger than necessary for 30 hosts, leading to inefficient IP address allocation.

D

Option D (/25) is incorrect because it provides 126 usable host addresses, which is far more than required, resulting in significant address space waste.

230
Matchingmedium

Match each subnetting term to its most accurate meaning.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Number of bits used for the network portion of the address

Increment between subnet boundaries

Address that identifies the subnet itself

Address used to reach all hosts in the subnet

Why these pairings

Prefix length refers to the number of bits used for the network portion, so it correctly maps to 'Number of bits used for the network portion of the address.' Block size is the increment between subnet boundaries, matching its assigned meaning. Network address identifies the subnet itself, not a host, so it maps to 'Address that identifies the subnet itself.' Broadcast address is used to reach all hosts in the subnet, aligning with 'Address used to reach all hosts in the subnet.' Each term is directly tied to its definition without introducing unrelated concepts.

Exam trap

Be careful not to confuse the subnet mask's role with other subnetting concepts. The subnet mask defines boundaries, not the actual addresses or counts. Always remember that the mask is used in conjunction with an IP address to compute network, broadcast, and host ranges.

231
Drag & Dropmedium

Drag and drop the following steps into the correct order to troubleshoot a suspected duplex mismatch and CRC errors on an interface using Cisco IOS-XE CLI commands.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4

Why this order

First, access the device and enter privileged mode, then run 'show interfaces' to diagnose CRC errors and confirm a duplex mismatch. Next, enter configuration mode and set the speed manually before duplex; setting speed first prevents the duplex from reverting to auto. Finally, exit configuration mode and save the running config to ensure the change persists.

Exam trap

Configuring duplex before speed can cause the duplex to reset to auto-negotiation, so always set speed first when manually fixing a duplex mismatch.

232
Drag & Dropmedium

Drag and drop the following steps into the correct order to install a new fiber optic link between two switches, including SFP insertion and basic troubleshooting.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4

Why this order

The correct sequence is Option A: Insert SFP into Switch A, connect fiber cable, then repeat for Switch B, and finally verify link on both switches. This follows best practice to insert the SFP before attaching the fiber cable, which helps prevent dust contamination and ESD damage. Option B is incorrect because inserting both SFPs first leaves them exposed and increases risk of damage.

Option C is wrong because connecting the cable before inserting the SFP can strain the connector and risk contamination. Option D is incorrect because verifying link on one switch before the other end is connected is futile – the link will not be up until both ends are properly installed.

Exam trap

The exam trap is that candidates may think it is acceptable to insert both SFPs first or to verify the link on one switch before the other end is connected. Remember that fiber optic installation requires careful handling: insert SFP, then cable, and only verify after both ends are complete.

233
Drag & Dropmedium

Drag and drop the following steps into the correct order to troubleshoot and resolve excessive interface errors caused by a duplex mismatch on a Cisco switch interface.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

The correct order starts with identifying symptoms using show interfaces to see error counters like CRC and late collisions. Next, check the local interface speed and duplex with show interfaces status. Then discover the neighbor's speed and duplex, for instance via show cdp neighbors detail, to confirm a mismatch.

After identifying the mismatch, configure the interface with the correct settings (e.g., speed and duplex commands). Finally, verify the resolution by running show interfaces again to ensure errors are no longer incrementing.

234
PBQhard

You are connected to R1 via console. R1 is directly connected to R2 over a 1000BASE-T link that is failing to come up. Configure interface GigabitEthernet0/0 on R1 with the correct speed and duplex settings to match R2's configuration, and then verify the link is operational. Additionally, determine the appropriate SFP type for a new 40 km fiber link between R1 and R2.

Network Topology
G0/010.0.0.1/30G0/010.0.0.2/30linkR1R2

Hints

  • Check R2's running config to see if speed and duplex are manually set.
  • Auto-negotiation failure can occur when one side is set to auto and the other to fixed settings.
  • For distances over 10 km on fiber, you typically need a 1000BASE-ZX SFP.
A.Configure interface GigabitEthernet0/0 with 'speed 1000' and 'duplex full'. For the new fiber link, use a 1000BASE-ZX SFP.
B.Configure interface GigabitEthernet0/0 with 'speed auto' and 'duplex auto'. For the new fiber link, use a 1000BASE-SX SFP.
C.Configure interface GigabitEthernet0/0 with 'speed 1000' and 'duplex half'. For the new fiber link, use a 1000BASE-LX SFP.
D.Configure interface GigabitEthernet0/0 with 'speed 100' and 'duplex full'. For the new fiber link, use a 1000BASE-EX SFP.
AnswerA
solution
! R1
interface GigabitEthernet0/0
speed 1000
duplex full

Why this answer

The link is down because R1 is set to auto-negotiate speed and duplex while R2 is hardcoded to 1000 Mbps full duplex. This mismatch causes the link to fail. To fix, configure R1's GigabitEthernet0/0 with 'speed 1000' and 'duplex full'.

For the new 40 km fiber link, a 1000BASE-ZX SFP is required as it supports distances up to 70 km. (1000BASE-LX supports only up to 10 km and is insufficient for 40 km.) Verify with 'show interfaces GigabitEthernet0/0' to see the link state change to up/up.

Exam trap

Do not assume auto-negotiation always works; when one side is hardcoded, the other must match. Also, know the distance limitations of SFP types: SX (short), LX (long, 10 km), ZX (extended, 70 km).

Why the other options are wrong

B

Auto-negotiation cannot match a hardcoded speed/duplex; 1000BASE-SX is for short distances (up to 550 m).

C

Gigabit Ethernet does not support half duplex; 1000BASE-LX maximum distance is 10 km.

D

Speed mismatch (100 vs 1000) will cause link failure; 1000BASE-EX is not an IEEE standard (ZX is used for extended reach).

235
PBQhard

You are managing a Cisco WLC (192.168.1.10) via its web UI. The wireless network 'CorpSecure' has been configured but clients cannot associate. Some report 'wrong password' errors; others see the SSID but fail to connect. Additionally, management access to the WLC web UI is intermittent. Identify and resolve the issues so that wireless clients can successfully associate with 'CorpSecure' using WPA3-Personal and the WLC web UI is reliably accessible from the management VLAN (VLAN 10).

Hints

  • Check the security settings on the WLAN; clients expecting WPA3 will fail with WPA2 configured.
  • An SSID that is hidden (Broadcast disabled) may not appear in client scans unless manually entered.
  • Management access issues might be unrelated to the WLAN config; verify the management interface IP and default gateway are correct.
A.Configure the SSID with WPA3-Personal; verify management interface is on VLAN 10 with correct gateway.
B.Change the SSID security to WPA2-PSK and disable SSID broadcast; reset the WLC to factory defaults.
C.Update the WLC firmware to the latest version and change the management VLAN to VLAN 1.
D.Reconfigure the SSID with WPA3-Enterprise and enable SSID broadcast; set the management interface to use DHCP.
AnswerA
solution
! WLC
Navigate to WLANs > Edit CorpSecure > Security > Layer 2 > Select WPA3-Personal (AES) > Apply
Navigate to WLANs > Edit CorpSecure > SSID > Enable Broadcast SSID > Apply

Why this answer

The primary issue is a security mismatch: the SSID is set to WPA2-PSK while clients expect WPA3, causing 'wrong password' errors. Since clients can see the SSID, broadcast is already enabled; the secondary connection failures may be due to incompatible devices, but the correct fix is to change the security to WPA3-Personal (AES). Additionally, verify that the management interface is on VLAN 10 with the correct gateway to ensure reliable WLC web UI access.

Exam trap

Candidates might mistakenly conclude the SSID broadcast is disabled and enable it unnecessarily, overlooking that the visible SSID indicates broadcast is already on, or they might ignore the management VLAN configuration.

Why the other options are wrong

B

The specific factual error: WPA2-PSK is not compatible with clients expecting WPA3-Personal, and hiding the SSID prevents clients from seeing it.

C

The specific factual error: VLAN 1 is the default and often discouraged for management; the issue is not firmware-related but configuration-based.

D

The specific factual error: WPA3-Enterprise is not appropriate without a RADIUS server, and DHCP for management can lead to unreliable access.

236
PBQhard

You are connected to WLC-1 via SSH. A new SSID 'CorpSecure' must be configured for 5 GHz clients using WPA3-Personal. However, after creation, clients can see the SSID but fail to associate. Review the WLC configuration and fix the issue so that clients can successfully associate and obtain an IP address from VLAN 100 (subnet 10.0.100.0/24).

Network Topology
G0/0192.168.1.10/24G0/110.0.0.1/30G0/210.0.100.1/24SwitchManagementWLC-1Upstream RouterClient VLAN 100

Hints

  • Check the current security settings on the WLAN; they are using WPA2, not WPA3.
  • The radio policy is not set — clients may try to connect on 2.4 GHz, but the SSID should be 5 GHz only.
  • Ensure the WLAN is enabled after changes.
A.Change the WLAN security to WPA3-Personal, enable AES-CCMP for WPA3, set the radio policy to 5 GHz, and ensure the WLAN is mapped to the dynamic interface for VLAN 100.
B.Change the WLAN security to WPA2-Personal, enable TKIP encryption, and set the radio policy to 5 GHz.
C.Change the WLAN security to WPA3-Personal, enable AES-CCMP, but leave the radio policy as 'All' (both 2.4 GHz and 5 GHz).
D.Change the WLAN security to WPA3-Personal, enable AES-CCMP, set the radio policy to 5 GHz, but do not enable the WLAN after changes.
AnswerA
solution
! WLC-1
config wlan security wpa3 1 enable
config wlan security wpa3 psk 1 set ascii CorpSecurePass123
config wlan radio-policy 1 5ghz
config wlan enable 1
config wlan security wpa3 ciphers 1 aes-ccmp

Why this answer

The SSID was configured with WPA2 instead of WPA3. The WLC also had no radio policy set for 5 GHz only. To fix, change the WLAN security to WPA3-Personal, enable AES-CCMP for WPA3, and set the radio policy to 5 GHz.

Additionally, ensure the WLAN is mapped to the appropriate dynamic interface for VLAN 100, not the management interface, and that client VLAN 100 is reachable. The commands to modify the WLAN are: config wlan security wpa3 1 enable, config wlan security wpa3 psk ascii CorpSecurePass123 1, config wlan radio policy 802.11a-only 1, and config wlan enable 1.

Exam trap

Students often forget to change the radio policy from 'All' to a specific band, or they confuse WPA2 with WPA3. Also, they may overlook enabling the WLAN after configuration. Ensure you understand the specific requirements for WPA3 and the need to match the radio policy to the client band.

Why the other options are wrong

B

The specific factual error is that WPA2-Personal with TKIP does not meet the WPA3-Personal requirement; WPA3 mandates AES-CCMP.

C

The specific factual error is that the radio policy must be set to 5 GHz only, not 'All', to restrict access to 5 GHz clients.

D

The specific factual error is that the WLAN remains disabled, so clients cannot associate even if other settings are correct.

237
MCQhard

A network administrator is troubleshooting connectivity issues between two switches. Hosts connected to Switch A cannot ping hosts on Switch B. The link between the switches shows as up/up on both ends, but interface error counters (CRC, runts) are increasing rapidly. What should the administrator do to resolve the issue?

A.Replace the faulty cable between the two switches.
B.Change the duplex setting on SwitchA's interface to auto-negotiation.
C.Replace the SFP module on SwitchA's GigabitEthernet0/1 port.
D.Enable the interface with 'no shutdown' command.
AnswerB

The interface is manually set to full-duplex, but the remote side is likely auto-negotiating. Setting both to auto or both to full-duplex resolves the mismatch.

Why this answer

The increasing CRC and runts errors on an up/up link indicate a duplex mismatch, where one side is using full duplex and the other half duplex. Assuming SwitchB is using auto-negotiation (the default on Cisco switches), changing SwitchA's interface to auto-negotiation will allow both ends to negotiate the correct duplex setting, resolving the mismatch and stopping the errors.

Exam trap

Cisco often tests the misconception that a link showing 'up/up' means the physical layer is perfect, when in reality duplex mismatch causes high error rates while keeping the interface up, leading candidates to incorrectly suspect cable or hardware faults.

Why the other options are wrong

A

Cable issues would manifest as input errors or interface flapping, but the counters show zero errors.

C

No errors are reported, so the SFP is functioning correctly.

D

The 'show interface' output clearly shows the interface is up, so no shutdown is not needed.

238
Multi-Selectmedium

Which TWO statements correctly describe the encapsulation process at the OSI model Transport layer?

Select 2 answers
A.It adds source and destination IP addresses to the data.
B.It breaks data into smaller units called segments (for TCP) or datagrams (for UDP).
C.It adds a header that includes source and destination MAC addresses.
D.It adds a header that includes source and destination port numbers.
E.It converts data into bits for transmission over the physical medium.
AnswersB, D

The Transport layer segments upper-layer data into manageable units. For TCP, these are called segments; for UDP, they are called datagrams.

Why this answer

At the Transport layer (Layer 4), TCP segments data into segments and UDP segments data into datagrams. This segmentation allows efficient transmission and reassembly at the destination. The Transport layer header includes source and destination port numbers to identify the communicating applications, not IP or MAC addresses.

Exam trap

Cisco often tests the distinction between OSI model layers, and the trap here is confusing the Transport layer's port numbers and segmentation with the Network layer's IP addressing or the Data Link layer's MAC addressing.

Why the other options are wrong

A

The Transport layer uses port numbers, not IP addresses. IP addresses are added during Network layer encapsulation.

C

MAC addresses are used for local delivery on a network segment and are part of Layer 2 encapsulation.

E

The Physical layer handles the actual transmission of raw bits over the network medium.

239
MCQmedium

Which IPv6 protocol function replaces ARP?

A.DHCPv6
B.Neighbor Discovery
AnswerB

Correct. Neighbor Discovery replaces ARP in IPv6 networks.

Why this answer

IPv6 uses Neighbor Discovery Protocol to resolve Layer 3-to-Layer 2 information and perform related local-link functions such as router discovery and address resolution.

Exam trap

Be careful not to confuse protocols that manage IP addresses or routing with those that resolve addresses.

Why the other options are wrong

A

DHCPv6 is not a protocol that replaces ARP; instead, it is used for assigning IP addresses and configuration information to IPv6 devices. ARP is replaced by the Neighbor Discovery Protocol in IPv6, which performs similar functions for address resolution.

C

EUI-64 is not a protocol but a method for generating IPv6 interface identifiers. It does not perform the function of resolving link-layer addresses like ARP does in IPv4.

D

SLAAC (Stateless Address Autoconfiguration) is a method for automatically configuring IPv6 addresses but does not perform the function of resolving link-layer addresses like ARP does in IPv4. Therefore, it cannot replace ARP in IPv6.

240
MCQhard

A network engineer is troubleshooting a workstation that cannot access the internet. The workstation is connected to a switch port configured for access VLAN 10. The switch is a Cisco 2960-X running IOS-XE. The engineer runs 'ipconfig /all' on the workstation and sees an IPv4 address of 169.254.123.45 with a subnet mask of 255.255.0.0. The engineer then connects to the switch and issues 'show interfaces vlan 10'. What is the most likely cause of the issue?

A.The workstation is not configured to use DHCP.
B.The switch's VLAN 10 SVI is administratively down.
C.The switch port connecting the workstation is in a different VLAN.
D.The DHCP server is not configured on the network.
AnswerB

The 'administratively down' state on the SVI indicates it was manually disabled with the 'shutdown' command. This prevents the switch from routing or providing DHCP services for that VLAN, causing the workstation to get an APIPA address.

Why this answer

The workstation has an APIPA address (169.254.x.x), which indicates it failed to obtain a DHCP lease. Since the switch's VLAN 10 SVI is administratively down, the workstation cannot reach the DHCP server (which may be on a different subnet or the SVI itself), causing the DHCP request to time out and the workstation to self-assign an APIPA address. Option B is correct because an administratively down SVI breaks Layer 3 connectivity for that VLAN, preventing DHCP traffic from being routed.

Exam trap

Cisco often tests the distinction between a Layer 2 connectivity issue (like VLAN mismatch) and a Layer 3 issue (like an SVI being down), where candidates incorrectly assume a VLAN mismatch because the workstation gets an APIPA address, but the APIPA address actually points to a DHCP failure, not a VLAN mismatch.

Why the other options are wrong

A

The workstation likely has DHCP enabled, but the switch's SVI being down prevents DHCP discovery from reaching a server.

C

A VLAN mismatch would likely result in a different IP address or no connectivity, but the SVI being down is a more direct cause.

D

The absence of a DHCP server is a possible cause, but the exhibit clearly shows the SVI is administratively down, which is a more specific and immediate issue.

241
MCQhard

A host uses the subnet mask 255.255.254.0. Which prefix length does this represent?

A./22
B./23
C./24
D./25
AnswerB

This is correct because 255.255.254.0 corresponds to 23 network bits.

Why this answer

The mask 255.255.254.0 represents /23. In plain language, the first two octets are fully network bits, the third octet contributes 7 more network bits because 254 in binary is 11111110, and the last octet contributes none. That totals 23 network bits.

This is a common prefix-conversion question because candidates often memorize the usual masks but hesitate when a non-/24 boundary appears. Recognizing that 255.255.254.0 equals /23 is important for subnetting and local-scope calculations.

Exam trap

Be cautious of common subnet masks like /24 and ensure you count the bits correctly, especially in non-standard masks.

Why the other options are wrong

A

Option A is incorrect because the subnet mask 255.255.254.0 corresponds to a prefix length of /23, not /22. A /22 prefix would indicate a subnet mask of 255.255.252.0.

C

The subnet mask 255.255.254.0 corresponds to a prefix length of /23, not /24. A /24 prefix length would indicate a subnet mask of 255.255.255.0, which allows for fewer hosts per subnet.

D

Option D is incorrect because a subnet mask of 255.255.254.0 corresponds to a prefix length of /23, not /25. A /25 subnet mask would allow for only 128 IP addresses, which is not applicable here.

242
MCQhard

A network engineer is troubleshooting connectivity issues for hosts in VLAN 10. Hosts in VLAN 10 are unable to ping the default gateway at 192.168.10.1. The engineer checks the switch configuration and notices that the SVI for VLAN 10 is configured with an IP address, but the interface is in a down/down state. What is the most likely cause of this issue?

A.The interface is administratively shut down.
B.VLAN 10 does not exist in the VLAN database.
C.The IP address is not in the correct subnet for VLAN 10.
D.The switch does not have a default gateway configured.
AnswerB

The SVI for VLAN 10 is down/down because the VLAN is not created. Once VLAN 10 is created with the 'vlan 10' command in global configuration mode, the SVI will come up if there is at least one active port in that VLAN.

Why this answer

An SVI (Switch Virtual Interface) will remain in a down/down state if the corresponding VLAN does not exist in the switch's VLAN database. Even if the SVI is configured with an IP address, the interface cannot come up because there is no Layer 2 VLAN to associate with it. This is a common cause of SVI down/down issues when the VLAN has not been created or has been deleted.

Exam trap

Cisco often tests the distinction between an SVI being down due to a missing VLAN versus an administratively shutdown interface, leading candidates to mistakenly choose the administrative shutdown option when the interface status shows 'down/down' instead of 'administratively down'.

Why the other options are wrong

A

The running-config shows 'no shutdown', so this is not the cause.

C

The IP address and subnet mask are correctly configured for the VLAN.

D

The SVI status is not affected by the presence or absence of a default gateway.

243
Drag & Dropmedium

Drag and drop the following steps into the correct order to troubleshoot a suspected duplex mismatch and CRC errors on a Cisco switch interface using CLI commands.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4

Why this order

Start by examining current interface stats, then fix the mismatch, and finally clear and recheck counters.

Exam trap

The trap is that candidates often clear counters before fixing the issue, thinking they need a clean baseline. However, you must first see the errors to confirm the problem. Also, some may try to fix before inspecting, which is not systematic troubleshooting.

244
Drag & Dropmedium

Which of the following correctly describes the sequence of the TCP three-way handshake between a client and a server?

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4

Why this order

The TCP three-way handshake establishes a reliable connection in three steps: the client sends a SYN, the server replies with SYN-ACK, and the client acknowledges with an ACK. Option A correctly depicts this. Option B omits the server's SYN, leaving synchronization incomplete.

Option C reverses the roles by having the server initiate, which never occurs in a standard handshake. Option D begins with a SYN-ACK, which is not a valid initial packet; the handshake must start with a SYN.

Exam trap

Do not confuse the roles: the client always initiates with a SYN, the server responds with SYN-ACK, and the client finishes with an ACK. Watch out for options that reverse the order or swap the flags.

245
MCQhard

A host is configured as 10.20.30.95/27. Which address is the network address of its subnet?

A.10.20.30.32
B.10.20.30.64
C.10.20.30.95
D.10.20.30.96
AnswerB

This is correct because the host falls within the 64–95 /27 block.

Why this answer

A /27 uses blocks of 32 addresses. In plain language, the ranges in the last octet are 0–31, 32–63, 64–95, 96–127, and so on. Since the host address ends in 95, it belongs to the 64–95 block. The first address in that block is the network address, which is 10.20.30.64.

This is a classic subnet-boundary question because it tests whether you can identify the containing block and then choose the first address in that block as the network address.

Exam trap

A frequent exam trap is mistaking the host IP address for the network address or incorrectly identifying the subnet block boundaries. Candidates often select the host IP itself or the next block's starting address as the network address. For example, choosing 10.20.30.95 or 10.20.30.96 instead of 10.20.30.64.

This happens because the subnet mask’s block size (32 addresses for /27) is overlooked, leading to confusion about which block the host belongs to. Misunderstanding this can cause incorrect subnetting and routing errors in real networks.

Why the other options are wrong

A

10.20.30.32 is incorrect because the host IP 10.20.30.95 does not fall within the 32–63 subnet block. This address belongs to a different subnet block and cannot be the network address for the given host.

C

10.20.30.95 is incorrect because it is the host IP address itself, not the network address. The network address must be the first address in the subnet block, not a host address.

D

10.20.30.96 is incorrect because it is the first address of the next subnet block (96–127). The host IP 10.20.30.95 belongs to the previous block, so 10.20.30.96 cannot be its network address.

246
MCQhard

A network engineer is troubleshooting intermittent connectivity on an access switch port connected to a server. The output of 'show interfaces gigabitEthernet 1/0/24' shows an increasing number of runts and giants, but no CRC errors. The 'show interfaces status' command indicates the port is in 'err-disabled' state every few hours and must be manually re-enabled. What is the most likely cause of this issue?

A.Duplex mismatch between the switch port and the server NIC
B.Faulty cable or connector causing physical layer errors
C.Incorrect VLAN configuration on the switch port
D.Speed mismatch between the switch port and the server NIC
AnswerB

Runts and giants without CRC errors often indicate physical layer issues like a bad cable, connector, or excessive noise. The cable length at maximum (100 meters) and MDIX off suggest potential signal degradation, leading to intermittent flapping and err-disabled state.

Why this answer

Runts and giants without CRC errors indicate a physical-layer issue that corrupts the frame preamble or interframe gap but not the actual data payload. A faulty cable or connector can cause signal degradation leading to these framing errors. The intermittent err-disabled state is typically triggered by link-flap (repeated link up/down events) caused by the unstable physical connection, not directly by alignment or frame-check error counters.

Exam trap

Cisco often tests the distinction between CRC errors (data corruption) and runts/giants (framing errors) to mislead candidates into thinking duplex mismatch is the cause, but duplex mismatch produces CRC errors and collisions, not runts/giants without CRC errors.

Why the other options are wrong

A

Duplex mismatch would cause CRC errors and late collisions, which are not present in the exhibit.

C

VLAN mismatch does not cause runts or giants; it causes Layer 2 issues like no connectivity.

D

Speed mismatch would prevent the link from coming up or cause CRC errors, but the link is up at 1000 Mb/s.

247
MCQhard

A network engineer is troubleshooting a link between two Cisco Catalyst 9300 switches that are connected via a 10GBASE-SR SFP+ module on each end over OM3 multimode fiber. The link is up, but the interface counters show a high number of CRC errors and runts. The engineer runs 'show interfaces Gi1/0/1' and 'show interfaces Gi1/0/1 transceiver details'. What is the most likely cause of the errors?

A.The SFP+ module is faulty and needs replacement.
B.The fiber patch cables are too long, exceeding the 300-meter distance limit for 10GBASE-SR over OM3 fiber.
C.The interface speed is mismatched; the switch interface shows 1000Mb/s but the SFP+ is 10GBASE-SR.
D.The receive optical power is too low, indicating a fiber or connector issue.
AnswerD

The receive power of -15.1 dBm is below the typical receive sensitivity for 10GBASE-SR (about -12.6 dBm). This causes bit errors that appear as CRC errors and runts. The transmit power is normal, so the issue is on the receive side, likely dirty connectors or a damaged fiber.

Why this answer

The high CRC errors and runts on a 10GBASE-SR link over OM3 fiber, combined with the 'show interfaces transceiver details' command, point to a physical-layer issue. Low receive optical power (below the receiver sensitivity threshold) causes bit errors that manifest as CRC errors and runts, even though the link is up. This is the most common cause when the fiber and transceivers are otherwise compatible.

Exam trap

Cisco often tests the misconception that CRC errors always indicate a faulty transceiver or cable length issue, when in reality low optical power from dirty or damaged connectors is a more common and subtle cause on fiber links.

Why the other options are wrong

A

The transceiver diagnostics show no fault flags, and the module is reporting nominal bit rate and other values within range.

B

The distance itself is within spec; the issue is the receive power being too low, not the distance exceeding the limit.

C

This is a configuration mismatch, but it does not directly cause CRC errors. The CRC errors are due to low receive power.

248
PBQhard

You are connected to R1 via console. The network consists of R1, R2, and a multilayer switch MLS1. R1's GigabitEthernet0/0 connects to MLS1's GigabitEthernet1/0/1 (VLAN 10), and MLS1's GigabitEthernet1/0/2 connects to R2's GigabitEthernet0/0. The goal is to enable IPv6 communication between R1 and R2 across the layer-3 switch. Currently, R1 and R2 cannot ping each other's IPv6 addresses. Configure R1's G0/0 with the IPv6 prefix 2001:db8:1:10::/64 using EUI-64, and R2's G0/0 with static IPv6 address 2001:db8:1:10::2/64. Also ensure MLS1 has IPv6 routing enabled and an IPv6 address on VLAN 10 (2001:db8:1:10::3/64). Troubleshoot and fix any layer-2 or layer-3 issues preventing connectivity.

Network Topology
G0/0G1/0/1G1/0/1G0/0SiMLS1R1R2

Hints

  • R1's G0/0 has no IPv6 address configured.
  • The correct command uses the 'eui-64' keyword to generate the interface ID from the MAC.
  • After configuration, R1 should be able to ping the other IPv6 addresses.
A.Configure 'ipv6 address 2001:db8:1:10::/64 eui-64' on R1's G0/0 interface.
B.Enable IPv6 routing on R1 with 'ipv6 unicast-routing'.
C.Configure 'ipv6 address 2001:db8:1:10::1/64' on R1's G0/0 interface (without EUI-64).
D.Change the VLAN on MLS1's G1/0/1 to match R1's VLAN.
AnswerA
solution
! R1
interface GigabitEthernet0/0
ipv6 address 2001:db8:1:10::1/64 eui-64
end

Why this answer

R1 has no IPv6 address configured on G0/0. The required prefix is 2001:db8:1:10::/64 using EUI-64, which generates the interface ID from the MAC address. The command 'ipv6 address 2001:db8:1:10::/64 eui-64' must be entered in interface configuration mode.

Additionally, MLS1 has IPv6 routing enabled (as seen by the connected route), but R1's interface is missing the IPv6 address. After configuration, R1 will be able to ping R2 and MLS1. No other changes are needed because R2 and MLS1 are correctly configured.

Exam trap

Do not confuse global IPv6 routing enablement with interface address configuration. The presence of a connected route indicates routing is enabled; the missing piece is the interface address. Also, pay attention to specific requirements like EUI-64.

Why the other options are wrong

B

IPv6 unicast-routing is already enabled; the problem is at the interface level.

C

The requirement specifies EUI-64; omitting it results in a static address that does not match the intended configuration.

D

The VLAN configuration is correct; no change is needed.

249
PBQhard

You are connected to the console of R1. The network administrator reports that hosts in VLAN 10 cannot reach the server at 192.168.1.100. R1 is the default gateway for VLAN 10 via subinterface G0/0.10. The link between R1 and the switch SW1 appears to be up, but pings fail. Your task is to identify and resolve the issue.

Network Topology
G0/0.10192.168.10.1/24G0/1trunkG0/1R1SW1access port VLAN10PC1

Hints

  • Check the interface status and error counters on the link.
  • Auto-negotiation might have failed; try manually setting speed and duplex.
  • The trunk link must be operational for inter-VLAN routing.
A.Check the interface status on R1's G0/0.10 subinterface; it may be administratively down.
B.Verify that the VLAN 10 SVI on SW1 has an IP address in the correct subnet.
C.Check the duplex and speed settings on the physical interface G0/0 of R1 and the corresponding switchport on SW1; they may be mismatched.
D.Ensure that the native VLAN on the trunk between R1 and SW1 is VLAN 1.
AnswerC
solution
! R1
interface GigabitEthernet0/0
duplex full
speed 100
no shutdown

! SW1
interface GigabitEthernet0/1
duplex full
speed 100
no shutdown

Why this answer

The link between R1 and SW1 had mismatched duplex/speed settings because auto-negotiation failed, causing excessive CRC errors and packet loss. Manually setting both sides to 100/full resolves the issue.

Exam trap

Do not assume that a link showing 'up/up' means error-free communication. Always check for CRC errors and duplex mismatches when pings fail despite the interface being up. Subinterfaces depend on the physical interface; troubleshoot the physical layer first.

Why the other options are wrong

A

The specific factual error is that subinterfaces do not have an independent line protocol state; they depend on the physical interface. The problem is likely a physical layer issue like duplex mismatch.

B

The specific factual error is that the SVI is not involved in this scenario; the router's subinterface handles routing for VLAN 10. The link between R1 and SW1 is the bottleneck.

D

The specific factual error is that native VLAN mismatch causes different symptoms (e.g., CDP/STP issues) and does not cause line protocol down or CRC errors.

250
MCQmedium

A network engineer must summarize the following routes before advertising them upstream: 172.16.32.0/24 172.16.33.0/24 172.16.34.0/24 172.16.35.0/24 Which summary route should be used?

A.172.16.32.0/22
B.172.16.32.0/23
C.172.16.32.0/21
D.172.16.34.0/22
AnswerA

Correct. This is correct. A /22 beginning at 172.16.32.0 cleanly includes 172.16.32.0 through 172.16.35.255, which matches the four listed /24 networks exactly.

Why this answer

The correct summary is 172.16.32.0/22 because a /22 covers exactly four consecutive /24 networks when the starting boundary is aligned correctly. This is the part many people miss: summarization is not only about how many networks fit into a block, but also where that block starts. Here the four /24 networks begin neatly at 172.16.32.0 and continue through 172.16.35.255, which is the exact range a /22 covers.

A /23 would be too small, while a /21 would be unnecessarily broad and could advertise addresses you do not intend to include. The /22 beginning at 172.16.34.0 is not on a valid /22 boundary, so that option is misaligned.

Exam trap

Ensure the summary route starts on the correct boundary and covers exactly the intended range without including extra networks.

Why the other options are wrong

B

Option B, 172.16.32.0/23, is incorrect because it only summarizes two of the four provided routes (172.16.32.0/24 and 172.16.33.0/24), failing to include the other two routes (172.16.34.0/24 and 172.16.35.0/24).

C

Option C (172.16.32.0/21) includes a broader range of addresses than necessary, covering 172.16.32.0 to 172.16.39.255, which exceeds the specified routes and could lead to incorrect routing information being advertised.

D

Option D is incorrect because the summary route 172.16.34.0/22 would only cover the addresses from 172.16.34.0 to 172.16.35.255, missing the routes 172.16.32.0/24 and 172.16.33.0/24.

251
Matchingmedium

Drag and drop the cable or transceiver types on the left to the corresponding distance limits or characteristics on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

100 meters (328 ft) at 1 Gbps

400 meters (1312 ft) at 10 Gbps

10 kilometers (6.2 miles) at 10 Gbps

100 meters (328 ft) at 10 Gbps

5 kilometers (3.1 miles) over single-mode fiber

Why these pairings

These pairings match common Ethernet cable and transceiver types to their standard maximum distances. Cat5e UTP (1000BASE-T) and Cat6a UTP (10GBASE-T) both support 100 meters at their respective speeds, limited by copper signal attenuation. Multimode fiber with SFP+ SR (10GBASE-SR) distance depends on fiber grade: 300 meters on OM3, 400 meters on OM4; the CCNA often uses 300 meters, but 400 meters is valid for OM4.

Single-mode fiber with SFP+ LR (10GBASE-LR) supports 10 kilometers, using longer wavelength lasers. SFP (1000BASE-LX) over single-mode fiber reaches 5 kilometers, a standard distance for Gigabit Ethernet over SMF.

Exam trap

Be mindful that fiber distances vary by cable grade—CCNA often tests 300 m for 10GBASE-SR over OM3, not 400 m—and distinguish IEEE standards from vendor-specific claims; also note that 1000BASE-LX can reach 5 km over single-mode but only 550 m over multimode.

252
Multi-Selectmedium

Which TWO statements correctly describe IPv4 and IPv6 host configuration?

Select 2 answers
A.APIPA assigns an IPv4 address in the 169.254.0.0/16 range when a DHCP server is unavailable.
B.IPv6 link-local addresses are always assigned using EUI-64 and start with FE80::/10.
C.EUI-64 is used to generate the network prefix of an IPv6 address from the interface's MAC address.
D.A host can have only one default gateway configured at a time for both IPv4 and IPv6.
E.The ipconfig command on Windows can display both IPv4 and IPv6 addresses, subnet masks, default gateways, and DNS servers.
AnswersA, E

APIPA (Automatic Private IP Addressing) automatically assigns an address from 169.254.0.0/16 when DHCP fails, allowing local communication without a DHCP server.

Why this answer

Option A is correct because APIPA (Automatic Private IP Addressing) automatically assigns an IPv4 address from the 169.254.0.0/16 range when a DHCP server is unavailable, enabling local subnet communication without manual configuration. Option E is correct because the ipconfig command on Windows displays both IPv4 and IPv6 addresses, subnet masks, default gateways, and DNS servers. Option B is incorrect because while IPv6 link-local addresses start with FE80::/10, they are not always assigned using EUI-64; they can also be randomly generated (privacy extensions) or manually configured.

Option C is incorrect because EUI-64 generates the interface identifier (host portion) of an IPv6 address from the MAC address, not the network prefix — the prefix is provided via SLAAC, DHCPv6, or manual configuration. Option D is incorrect because a host can have multiple default gateways configured for redundancy, though only one is active at a time per routing table; additionally, IPv4 and IPv6 default gateways are independent and can coexist.

Exam trap

Cisco often tests the misconception that EUI-64 generates the network prefix of an IPv6 address, when in fact it generates only the interface identifier (host portion), while the network prefix is assigned via SLAAC, DHCPv6, or manual configuration.

Why the other options are wrong

B

The statement incorrectly claims that link-local addresses are always assigned using EUI-64.

C

The statement confuses the role of EUI-64; it creates the interface ID, not the network prefix.

D

The statement is too restrictive; multiple default gateways can be configured, especially in multi-homed hosts.

253
MCQmedium

A network administrator is troubleshooting a connectivity issue between two hosts on different subnets. The administrator captures packets on the source host and notices that the frames contain the correct source and destination MAC addresses but the encapsulated packets have incorrect source and destination IP addresses. According to the OSI model, which layer is most likely responsible for this issue?

A.Physical Layer (Layer 1)
B.Data Link Layer (Layer 2)
C.Network Layer (Layer 3)
D.Transport Layer (Layer 4)
AnswerC

The Network Layer is responsible for logical addressing (IP addresses) and routing. Incorrect IP addresses indicate a problem at this layer.

Why this answer

The Network Layer (Layer 3) is responsible for logical addressing (IP addresses) and routing packets between different subnets. Since the captured frames have correct MAC addresses (Layer 2) but incorrect source and destination IP addresses, the issue lies in how the IP headers are being constructed or assigned, which is a Layer 3 function. This could be caused by misconfigured IP addresses, subnet masks, or default gateways on the source host.

Exam trap

Cisco often tests the distinction between MAC addresses (Layer 2) and IP addresses (Layer 3) in troubleshooting scenarios, and the trap here is that candidates might incorrectly blame the Data Link Layer because they see 'frames' and 'MAC addresses' in the question, without recognizing that the IP address error points to the Network Layer.

Why the other options are wrong

A

The issue is with the IP addresses, which are not handled at Layer 1.

B

The MAC addresses are correct, so the Data Link Layer is functioning properly.

D

IP addresses are not part of the Transport Layer header; they belong to the Network Layer.

254
MCQhard

A router interface is configured with 192.0.2.97/28. What is the network address of the subnet?

A.192.0.2.80
B.192.0.2.96
C.192.0.2.111
D.192.0.2.112
AnswerB

Correct. It is the first address in the 192.0.2.96/28 subnet.

Why this answer

A /28 uses blocks of 16 addresses. The block containing .97 runs from .96 through .111, so .96 is the network address.

Exam trap

Be careful not to confuse the given IP address or the broadcast address with the network address.

Why the other options are wrong

A

Option A (192.0.2.80) is incorrect because the subnet mask /28 indicates a block size of 16, making the valid network addresses range from 192.0.2.96 to 192.0.2.111. The network address for this subnet is 192.0.2.96.

C

The address 192.0.2.111 is not a valid network address for the subnet defined by 192.0.2.97/28, as it falls outside the range of usable addresses for that subnet, which spans from 192.0.2.96 to 192.0.2.111.

D

Option D, 192.0.2.112, is wrong because it does not represent the network address for the subnet defined by the IP address 192.0.2.97/28. The correct network address is 192.0.2.96, which is the first address in the subnet range.

255
MCQhard

A branch router has two equal-cost static routes to the same destination network. Both routes are displayed in the output of the show ip route command, and pings from the router to both next-hop IP addresses succeed. Despite this, all traffic heading toward that destination is egressing only a single interface. The technician suspects Cisco Express Forwarding (CEF) is not performing load balancing as expected. What should the technician do next?

A.Issue the show ip cef <destination> detail command to inspect the CEF FIB entry and verify both adjacencies are present.
B.Check the interface output rates with show interface to see if both interfaces are transmitting traffic.
C.Display the routing table again with show ip route to ensure both static routes are still installed.
D.Verify the bandwidth configured on the outgoing interfaces using show interfaces or show running-config.
AnswerD

CEF load‑balances among equal‑cost paths based on the hash of packet headers, but when interface bandwidth values differ, CEF may internally adjust the load‑sharing weight (e.g., by creating unequal‑cost load‑sharing for otherwise equal routes). Confirming the bandwidth values are identical eliminates or identifies a hidden mismatch as the cause.

Why this answer

CEF load balancing can be influenced by the bandwidth values configured on the egress interfaces. Even when the routing table shows equal-cost paths, CEF may assign different load shares if the interfaces have mismatched bandwidth (e.g., if one interface has a manually lowered bandwidth). Verifying the interface bandwidth reveals whether an asymmetric configuration is causing CEF to favor one link over the other.

This check targets the data‑plane forwarding behavior directly, before inspecting FIB entries or traffic counters.

Exam trap

Many candidates immediately reach for show ip cef to examine the Forwarding Information Base, assuming that will expose a missing adjacency. However, show ip cef only displays the installed paths—it would show both adjacencies in this case—and does not indicate why CEF is not splitting traffic. The real culprit is often a bandwidth mismatch that silently distorts the load‑sharing ratio.

Why the other options are wrong

A

Candidates often believe that a missing FIB adjacency is the root cause, but in this scenario both paths are reachable and installed; the issue lies in how CEF weights the paths, which is influenced by interface parameters.

B

Exam‑takers may confuse verifying the symptom with identifying the root cause. Seeing only one interface transmitting confirms the problem but offers no corrective insight.

C

A common reflex is to re‑verify the obvious; however, the question states the routes are present and next‑hops are reachable, so revisiting the RIB is redundant.

256
MCQhard

A host uses the subnet mask 255.255.255.240. How many usable host addresses exist in each subnet?

A.12
B.14
C.16
D.30
AnswerB

This is correct because a /28 has 16 total addresses minus 2 reserved equals 14 usable hosts.

Why this answer

The mask 255.255.255.240 corresponds to /28. In practical terms, that leaves 4 host bits, which gives 16 total addresses in each subnet. After subtracting the network and broadcast addresses, 14 usable hosts remain.

This is a classic host-capacity calculation and a very common subnetting pattern on the exam.

Exam trap

A frequent exam trap is selecting the total number of addresses in the subnet (16) instead of the usable host addresses (14). Candidates often forget to subtract the network and broadcast addresses, which are reserved and cannot be assigned to hosts. Another common mistake is confusing the /28 subnet mask with /27, which offers 30 usable hosts, leading to incorrect answers like 30.

This confusion arises because both subnet masks are close in size but differ significantly in host capacity. Always remember that usable hosts equal total addresses minus two reserved addresses.

Why the other options are wrong

A

Option A states 12 usable hosts, which is incorrect because a /28 subnet provides 16 total addresses. Subtracting the network and broadcast addresses leaves 14 usable hosts, not 12. This option underestimates the host capacity.

C

Option C claims 16 usable hosts, which is incorrect because 16 represents the total number of addresses in the subnet, including network and broadcast addresses. Usable hosts must exclude these two reserved addresses.

D

Option D suggests 30 usable hosts, which corresponds to a /27 subnet mask (255.255.255.224), not /28. This overestimates the host count for the given subnet mask and is therefore incorrect.

257
MCQhard

A network administrator notices that file transfers to a server are extremely slow, and on the switch interface connecting to the server, the output of 'show interfaces' indicates a high number of runts and CRC errors, but no collisions. Which of the following is the most likely cause?

A.The cable connecting the server to the switch is faulty.
B.The switch port is configured for full-duplex, but the server's NIC is set to half-duplex.
C.The switch port speed is set to 100 Mbps, but the server NIC is set to 10 Mbps.
D.The server's NIC driver is outdated, causing packet loss.
AnswerB

A duplex mismatch where the switch uses full-duplex and the server uses half-duplex results in the full-duplex side (switch) showing runts and CRC errors without collisions, while the half-duplex side sees collisions. This matches the 'show interfaces' output and explains the slow transfers due to excessive retransmissions.

Why this answer

The combination of runts (frames smaller than 64 bytes) and CRC errors with zero collisions is a classic symptom of a duplex mismatch. When one side operates at full-duplex and the other at half-duplex, the half-duplex side will detect collisions and invoke its backoff algorithm, causing the full-duplex side to receive truncated frames (runts) and frames with invalid FCS (CRC errors). The switch interface statistics show no collisions because the switch port is full-duplex and does not detect collisions, while the server's half-duplex NIC is causing the corruption.

Exam trap

Cisco often tests the distinction between symptoms of duplex mismatch versus cable faults, where candidates mistakenly attribute runts and CRC errors to a bad cable, ignoring the critical clue of zero collisions that points to a mismatch.

Why the other options are wrong

A

While a faulty cable could cause CRC errors, it would likely produce other error types and might not exhibit the specific pattern of only runts and CRC errors with no collisions. This pattern strongly points to a duplex mismatch.

C

A speed mismatch would generally cause the link to fail entirely; you wouldn't see interface errors because there would be no connectivity. The scenario describes connectivity with errors, so this is unlikely.

D

Outdated drivers may cause performance problems, but they do not produce the specific interface error counters on the switch. The recorded runts and CRC errors point to a physical or data-link layer issue, not a driver problem.

258
Drag & Drophard

Drag and drop the following steps into the correct order to configure a new WLAN on a Cisco WLC using IOS-XE CLI, including WPA3-Personal security, and to complete a wireless client association with DHCP.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4

Why this order

The configuration order follows the Cisco IOS-XE WLC CLI: first enter global config, create the WLAN profile, set security (WPA3-Personal/SAE), enable the WLAN, then the client associates and gets an IP via DHCP.

Exam trap

Be careful with the order of operations: you must create the WLAN profile first, then configure security, then enable the WLAN. Also, remember that DHCP IP assignment occurs after the client associates, not before.

259
MCQmedium

A network technician is troubleshooting a connectivity issue between two hosts. Host A sends a web request to Host B. The technician captures packets on the link between the two hosts and sees the data as '01010101...'. At which layer of the OSI model is this data being transmitted, and what is the correct PDU name for this layer?

A.Data Link layer; frames
B.Physical layer; bits
C.Network layer; packets
D.Transport layer; segments
AnswerB

At the Physical layer (Layer 1), data is transmitted as a stream of bits. The PDU is called 'bits'. This matches the capture of '01010101...'.

Why this answer

The data shown as '01010101...' represents raw binary bits being transmitted over the physical medium. At the Physical layer (Layer 1), data is encoded as electrical signals, light pulses, or radio waves, and the PDU is called bits. This matches the description of the captured data.

Exam trap

Cisco often tests the distinction between the Physical layer's raw bits and the Data Link layer's frames, expecting candidates to recognize that binary sequences without structure belong to Layer 1, not Layer 2.

Why the other options are wrong

A

The technician sees raw bits before framing, so this is not the Data Link layer.

C

The Network layer deals with logical addressing and routing, not the physical transmission of bits.

D

The Transport layer is above the Physical layer and does not deal with bit-level transmission.

260
MCQhard

Refer to the exhibit. A network engineer is troubleshooting an OSPFv2 neighbor adjacency that remains in the DOWN state between R1 and R2. The engineer issues the show cdp neighbors detail command on R1 and confirms that R1's GigabitEthernet0/1 interface is configured with IP address 192.168.1.1/30. What is the most likely cause of the problem?

A.The OSPF area IDs configured on R1 and R2 do not match.
B.There is an MTU mismatch between the two routers.
C.The IP addresses on the connected interfaces are in different subnets.
D.OSPF authentication is configured incorrectly on one of the routers.
AnswerC

The CDP entry for R2 shows an IP address of 10.1.1.2, while the local interface on R1 has 192.168.1.1/30, which is a different subnet. OSPF requires both ends of a link to share a common subnet.

Why this answer

The correct answer is C because OSPFv2 requires that neighboring interfaces share a common subnet to form an adjacency. The show cdp neighbors detail output confirms R1's GigabitEthernet0/1 is configured with IP address 192.168.1.1/30, but if R2's interface is on a different subnet (e.g., 192.168.2.0/30), the routers will not be able to communicate OSPF Hello packets, leaving the neighbor state in DOWN. This is a fundamental OSPF neighbor formation requirement, and a subnet mismatch will prevent the adjacency from progressing past the DOWN state.

Exam trap

Cisco often tests the specific OSPF neighbor state where a subnet mismatch causes the adjacency to remain in DOWN, tricking candidates into thinking it would cause a later state issue like EXSTART/EXCHANGE, which is actually associated with MTU or area ID mismatches.

Why the other options are wrong

A

Area mismatch is a valid cause but not supported by the given data; the IP addresses are on different subnets, which logically precedes area negotiation.

B

MTU is not shown; candidates may recall that mismatched MTU can cause OSPF problems but the scenario explicitly reveals an IP addressing inconsistency.

D

Authentication issues are common OSPF traps, but they are not indicated here; the IP address difference is explicitly observed.

261
MCQhard

A host uses subnet mask 255.255.255.224. How many total addresses exist in each subnet block?

A.16
B.32
C.30
D.64
AnswerB

This is correct because /27 yields 32 total addresses per subnet.

Why this answer

The subnet mask 255.255.255.224 (/27) has 5 host bits, so each subnet has 2^5 = 32 total addresses. Option A (16) results from confusing /27 with /28 (4 host bits = 16). Option D (64) results from confusing /27 with /26 (6 host bits = 64).

Option C (30) is the number of usable host addresses (32 - 2 = 30), not the total addresses asked for in the question.

Exam trap

Be careful to distinguish between total addresses and usable addresses. Many candidates automatically think of usable addresses when subnetting.

Why the other options are wrong

A

16 would be the total addresses for a /28 mask (4 host bits), not the /27 mask specified.

C

30 is the number of usable host addresses (total addresses minus network and broadcast), not the total addresses.

D

64 would be the total addresses for a /26 mask (6 host bits), not the /27 mask specified.

262
Multi-Selectmedium

Which TWO statements correctly describe differences between 802.11ac (Wi-Fi 5) and 802.11ax (Wi-Fi 6)?

Select 2 answers
A.802.11ac uses OFDMA, while 802.11ax uses only OFDM.
B.802.11ax supports 1024-QAM modulation, whereas 802.11ac supports up to 256-QAM.
C.Both 802.11ac and 802.11ax operate exclusively in the 5 GHz band.
D.802.11ax operates in both the 2.4 GHz and 5 GHz bands, while 802.11ac operates only in the 5 GHz band.
E.802.11ac introduces target wake time (TWT) for improved power saving, but 802.11ax does not support it.
AnswersB, D

802.11ax supports 1024-QAM for higher data rates; 802.11ac maximum is 256-QAM.

Why this answer

Options B and D are correct. 802.11ax (Wi-Fi 6) introduces 1024-QAM for higher data rates (B), while 802.11ac maxes at 256-QAM. Additionally, 802.11ax supports both 2.4 GHz and 5 GHz bands, whereas 802.11ac is limited to 5 GHz only (D). Option A is incorrect because it reverses the roles: 802.11ac uses OFDM, and 802.11ax uses OFDMA.

Option C is incorrect because 802.11ax also operates in 2.4 GHz. Option E is incorrect because Target Wake Time (TWT) is introduced in 802.11ax, not 802.11ac.

Exam trap

Cisco often tests the misconception that 802.11ac also uses OFDMA or that both standards operate in the same frequency bands, so candidates must remember that OFDMA is exclusive to 802.11ax and that 802.11ac is 5 GHz only.

Why the other options are wrong

A

This statement reverses the technologies: 802.11ac uses OFDM, and 802.11ax uses OFDMA.

C

802.11ax adds 2.4 GHz support for backward compatibility and better range.

E

TWT is a feature of 802.11ax, not 802.11ac.

263
Drag & Dropmedium

Drag and drop the following steps into the correct order to configure a WPA3 SSID on a Cisco WLC and complete a wireless client association.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4

Why this order

The steps follow the standard WLC configuration sequence: create the WLAN, set WPA3-Personal security, enable it, then the client associates and gets an IP.

Exam trap

The trap is that candidates may think security can be configured after enabling the WLAN, or that client IP assignment occurs before association. Remember: always configure all settings before enabling the WLAN, and client DHCP occurs after association.

264
Matchingmedium

Drag and drop the wireless terms on the left to the correct descriptions on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Uses OFDM and supports up to 160 MHz channel bonding in 5 GHz only

Uses OFDMA and supports both 2.4 GHz and 5 GHz bands

Uses SAE (Simultaneous Authentication of Equals) for secure pre-shared key authentication

Uses 192-bit minimum strength security suite and EAP authentication

Independently handles all wireless functions without a central controller

Why these pairings

802.11ac (Wi-Fi 5) uses OFDM and can bond channels up to 160 MHz, but operates exclusively in the 5 GHz band. 802.11ax (Wi-Fi 6) uses OFDMA for more efficient multi-user access and works in both 2.4 GHz and 5 GHz. WPA3-Personal secures pre-shared keys with SAE, replacing WPA2’s PSK, while WPA3-Enterprise uses 192-bit encryption and EAP for strong authentication. An autonomous AP functions standalone without a wireless controller.

Exam trap

Many learners confuse OFDM (802.11ac) with OFDMA (802.11ax) and WPA3-Personal’s SAE with WPA3-Enterprise’s EAP; remember that SAE is for personal mode and EAP is for enterprise.

265
MCQhard

An IPv6 host has a global unicast address and a correct default route learned from a router advertisement, but the next-hop entry shown on the host uses a link-local address rather than a global unicast address. What is the best explanation?

A.IPv6 hosts commonly use the router’s link-local address as the next hop on the local segment.
B.The host has learned the wrong default route because IPv6 gateways must always be global unicast.
C.The host can reach only local destinations when the next hop is link-local.
D.The router advertisement has failed because it did not provide a MAC address.
AnswerA

This is correct because IPv6 next-hop behavior often relies on the router’s link-local address on the local link.

Why this answer

That behavior is normal in IPv6. In practical terms, the host only needs to reach the router on the local segment, so it uses the router’s link-local address as the next-hop target. The packet still leaves the local link toward remote destinations, but the immediate neighbor on that link is identified by link-local addressing.

This is an important IPv6 concept because many people assume the default gateway must be a globally routable address. It does not. On the local link, the host is really forwarding to its directly attached router interface, and the router’s link-local address is enough for that local handoff.

Exam trap

Don't assume that a default gateway must be a global unicast address in IPv6; link-local addresses are used for local communication.

Why the other options are wrong

B

This option is incorrect because IPv6 gateways do not have to be global unicast; link-local addresses are valid for routing within the local network segment. The host can use the link-local address of the router as the next hop for packets destined to other networks.

C

This option is incorrect because a host with a link-local next hop can still reach global unicast addresses, as link-local addresses are used only for communication within the same local network segment.

D

This option is wrong because a router advertisement does not need to provide a MAC address for the next-hop link-local address to be valid; link-local addresses are inherently usable for local communication without MAC address specification.

266
MCQhard

Refer to the exhibit. An engineer is troubleshooting a connectivity issue where packets from the local network destined to host 192.168.1.200 are being dropped. The host 192.168.1.200 is configured with IP address 192.168.1.200/25, while the router’s GigabitEthernet0/0 interface is on the same physical segment. Based on the output, what is the most likely cause of the problem?

A.The host 192.168.1.200 has an incorrect default gateway set, preventing it from communicating with the router.
B.The router interface Gi0/0 is using a /24 subnet mask while the host is in a /25 subnet, making 192.168.1.200 appear as a local address to the router but off-subnet to the host.
C.An inbound access list on GigabitEthernet0/0 is blocking ICMP traffic from host 192.168.1.200.
D.The GigabitEthernet0/0 interface is in a shutdown state, preventing traffic from being forwarded to the host.
AnswerB

The output shows 'Internet address is 192.168.1.2/24'. With this mask, the router treats 192.168.1.200 as directly connected and sends ARP requests for it. The host, configured with a /25 mask, sees 192.168.1.2 as outside its /25 subnet (192.168.1.128/25), so it does not process the ARP request or respond, breaking connectivity.

Why this answer

The router's GigabitEthernet0/0 interface is configured with a /24 subnet mask, which means its directly connected network is 192.168.1.0/24. The host 192.168.1.200/25 has a subnet mask of /25, so its local network is 192.168.1.128/25. When the router receives a packet destined for 192.168.1.200, it considers the address to be within its own directly connected /24 subnet and attempts to forward it locally via ARP.

However, the host's /25 mask causes it to treat 192.168.1.200 as a local address, but the router's /24 mask means the router expects the host to be on the same subnet without a gateway. The mismatch prevents the host from responding to ARP requests from the router for addresses outside its /25 range, leading to dropped packets.

Exam trap

Cisco often tests the concept that a router will ARP for any destination IP within its directly connected network, regardless of the host's subnet mask, leading candidates to overlook the subnet mask mismatch and instead blame the default gateway or interface status.

Why the other options are wrong

A

Candidates often think connectivity problems are caused by gateway misconfiguration, ignoring the subnet mask mismatch that actually prevents Layer 2 communication.

C

Candidates may glance at the output and assume an access list is blocking traffic, but the output clearly shows no ACL is applied.

D

A common troubleshooting mistake is to assume an interface is down, but the state is clearly shown as up in the exhibit.

267
Multi-Selectmedium

Which statement correctly describes a feature of WPA3 security in wireless LANs?

Select 1 answer
A.WPA3 uses TKIP encryption for backward compatibility with legacy devices.
B.WPA3 introduces Simultaneous Authentication of Equals (SAE) to resist offline dictionary attacks.
C.WPA3 relies solely on 802.1X/EAP authentication for both personal and enterprise modes.
D.WPA3 mandates the use of GCMP-256 encryption for enhanced security.
E.WPA3 makes Protected Management Frames (PMF) optional to support older clients.
AnswersB

SAE replaces WPA2's PSK handshake, providing a secure key exchange that prevents attackers from cracking the password offline.

Why this answer

Option B is correct. WPA3 introduces Simultaneous Authentication of Equals (SAE), which uses a Dragonfly key exchange to resist offline dictionary attacks and provide forward secrecy. Option A is wrong because WPA3 does not use or support TKIP encryption; it mandates AES.

Option C is wrong because WPA3-Personal uses SAE, not 802.1X/EAP. Option D is wrong because GCMP-256 is only mandatory in the optional WPA3-Enterprise 192-bit security mode, not across all WPA3 deployments; standard WPA3-Personal uses AES-GCMP with 128-bit keys. Option E is wrong because WPA3 requires Protected Management Frames (PMF) by default, unlike WPA2.

Exam trap

Many candidates incorrectly assume WPA3 universally uses GCMP-256 encryption, confusing the optional enterprise mode with the baseline WPA3-Personal requirement.

Why the other options are wrong

A

WPA3 mandates AES encryption and does not include TKIP for any compatibility; TKIP was deprecated in WPA2.

C

WPA3-Personal uses SAE, not 802.1X/EAP; only WPA3-Enterprise relies on 802.1X.

D

GCMP-256 is only mandated in the optional WPA3-Enterprise 192-bit mode; standard WPA3 uses GCMP with 128-bit keys.

E

Protected Management Frames (PMF) are required, not optional, in WPA3 to mitigate management frame attacks.

268
PBQhard

You are connected to R1. The link between R1 and R2 is experiencing packet loss and slow performance. Examine the following partial show interface output: R1# show interfaces gigabitEthernet 0/0 GigabitEthernet0/0 is up, line protocol is up Duplex: Full, Speed: Auto, 100Mb/s Input errors: 12345, CRC: 5000, frame: 0, overrun: 0, ignored: 0 R2# show interfaces gigabitEthernet 0/0 GigabitEthernet0/0 is up, line protocol is up Duplex: Half, Speed: Auto, 100Mb/s Input errors: 0, CRC: 0, collisions: 5000, late collisions: 0 Identify the root cause of the issue, and apply the necessary fix on R1 to resolve the problem.

Network Topology
G0/010.0.0.1/30G0/010.0.0.2/30linkR1R2

Hints

  • Look at the number of input errors versus CRC errors.
  • Check the duplex setting on both interfaces.
  • A high number of input errors without CRC often indicates a duplex mismatch.
A.Configure the interface with 'duplex half' to match the half-duplex setting on R2.
B.Configure the interface with 'speed 100' to force the link speed to 100 Mbps.
C.Replace the Ethernet cable with a new one to fix the physical layer issue.
D.Configure the interface with 'no shutdown' to bring the interface up.
AnswerA
solution
! R1
interface gigabitethernet0/0
duplex half

Why this answer

The output reveals a duplex mismatch. R1 is operating in full‑duplex mode, while R2 is in half‑duplex mode. On the full‑duplex side (R1), simultaneous transmissions from both ends result in corrupted frames, visible as a high count of CRC errors.

On the half‑duplex side (R2), ordinary collisions occur because R2 uses CSMA/CD, but no CRC errors are seen because it detects collisions and retransmits. The only immediate fix from R1—since R2 is fixed at half‑duplex—is to change R1's interface to half‑duplex using the command 'duplex half', which matches the settings and stops the corrupted frames. (Long‑term, both sides should ideally be set to full‑duplex, but that requires access to R2.)

Exam trap

Do not confuse input errors with CRC errors. High input errors without CRC errors strongly indicate a duplex mismatch, not a cable fault. Always check duplex settings on both ends when you see this pattern.

Why the other options are wrong

B

The specific factual error is that speed mismatch does not cause the high input error count without CRC errors; duplex mismatch does.

C

The specific factual error is that cable issues produce CRC errors, not just input errors; the absence of CRC errors rules out cable problems.

D

The specific factual error is that 'no shutdown' is used to enable an interface that is administratively down; here the interface is up and passing traffic.

269
PBQhard

You are connected to R1. Configure IPv4 and IPv6 addressing on R1's interfaces so that R1 can reach R2's loopback0 (192.0.2.1/32) and R2's IPv6 loopback0 (2001:db8:1::1/64). R1 has a misconfigured subnet mask on G0/0 and is missing its default gateway. Additionally, R1 has a duplicate IPv4 address on G0/1 that must be corrected. Use EUI-64 for R1's IPv6 link-local address on G0/0 and static IPv6 for the global unicast address on G0/1.

Network Topology
G0/010.0.0.1/30G0/010.0.0.2/30linkR1R2

Hints

  • Check the subnet mask on G0/0 — it should match the link between R1 and R2.
  • R1 needs a default route to reach networks beyond R2.
  • G0/1's IP address conflicts with R2's G0/1 — use a different subnet.
A.Change G0/0 mask to /30, add default route via 10.0.0.2, change G0/1 IP to 192.0.2.2/30, enable IPv6 on G0/0 with EUI-64 link-local, assign 2001:db8:2::1/64 to G0/1
B.Change G0/0 mask to /24, add default route via 10.0.0.1, change G0/1 IP to 10.0.0.6/30, enable IPv6 on G0/0 with EUI-64 link-local, assign 2001:db8:1::1/64 to G0/1
C.Change G0/0 mask to /30, add default route via 10.0.0.1, change G0/1 IP to 192.0.2.2/30, enable IPv6 on G0/0 with EUI-64 link-local, assign 2001:db8:2::1/64 to G0/1
D.Change G0/0 mask to /30, add default route via 10.0.0.2, change G0/1 IP to 10.0.0.6/30, enable IPv6 on G0/0 with EUI-64 link-local, assign 2001:db8:2::1/64 to G0/1
AnswerA
solution
! R1
interface gigabitethernet0/0
ip address 10.0.0.1 255.255.255.252
ipv6 enable
ipv6 address fe80::/64 eui-64
exit
interface gigabitethernet0/1
ip address 192.0.2.2 255.255.255.252
ipv6 address 2001:db8:2::1/64
exit
ip route 0.0.0.0 0.0.0.0 10.0.0.2

Why this answer

R1 cannot reach R2 because G0/0 has a wrong subnet mask (/24 instead of /30) and no default gateway. Also, G0/1 has a duplicate IPv4 address (10.0.0.5/30 conflicts with R2's G0/1). To fix: change G0/0 mask to /30, add a default route via 10.0.0.2, assign a unique IP to G0/1 (e.g., 192.0.2.2/30), enable IPv6 on G0/0 with EUI-64 link-local, and assign a static global unicast address to G0/1 (2001:db8:2::1/64).

Exam trap

Watch out for common mistakes: using the wrong subnet mask (e.g., /24 instead of /30), pointing the default gateway to the wrong next-hop (e.g., 10.0.0.1 instead of 10.0.0.2), and failing to resolve duplicate IPs by moving to a different subnet. Also, ensure IPv6 addresses are unique and not conflicting with other devices.

Why the other options are wrong

B

The subnet mask on G0/0 must match the connected network (/30), not /24. The default gateway should point to the neighbor's IP (10.0.0.2). The new G0/1 IP must be in a different subnet to avoid duplication.

The IPv6 global unicast address on G0/1 must be unique and not conflict with R2's loopback.

C

The default gateway must be the IP address of the directly connected neighbor (R2's G0/0), which is 10.0.0.2, not 10.0.0.1.

D

The IP address 10.0.0.6/30 is in the same subnet as R2's G0/1 (10.0.0.5/30), so it does not resolve the duplicate address conflict. A different subnet must be used.

270
MCQmedium

A host with IP address 172.16.50.130 and mask 255.255.255.192 needs to reach 172.16.50.190. Which statement is correct?

A.The destination is on a remote subnet, so the host must send to the default gateway.
B.The destination is local, so the host ARPs for 172.16.50.190 directly.
C.The destination is a directed broadcast for the local subnet.
D.The source host is using the network address of the subnet.
AnswerB

Correct. Same-subnet traffic is sent directly to the destination MAC.

Why this answer

Both 172.16.50.130 and 172.16.50.190 fall within the 172.16.50.128/26 subnet (range .128 to .191). Therefore, the destination is local, and the host will use ARP to resolve the destination IP directly. Option A is incorrect because the destination is not remote.

Option C is incorrect because the directed broadcast address for this subnet is 172.16.50.191, not .190. Option D is incorrect because 172.16.50.130 is a valid host address, not the network address (.128).

Exam trap

Be cautious of subnet mask calculations and ensure you understand the IP range it defines.

Why the other options are wrong

A

The destination is local to the same /26 subnet, so it does not need to go through the default gateway.

C

The subnet directed broadcast is 172.16.50.191 (the last address in the .128/26 range), not .190.

D

The source address 172.16.50.130 is a usable host address, not the network address of the subnet.

271
Multi-Selectmedium

Which TWO statements about fiber optic cables and SFP/SFP+ transceivers are correct?

Select 2 answers
A.Single-mode fiber (SMF) uses a smaller core diameter than multimode fiber (MMF).
B.Multimode fiber supports longer distances than single-mode fiber.
C.SFP+ transceivers are commonly used for 10 Gigabit Ethernet connections.
D.SFP modules support data rates up to 10 Gbps.
E.Multimode fiber typically has a core diameter of 9 microns.
AnswersA, C

SMF typically has a 9-micron core, while MMF has a 50- or 62.5-micron core, allowing SMF to support longer distances.

Why this answer

Option A is correct because single-mode fiber (SMF) has a core diameter of about 9 microns, which is smaller than multimode fiber (MMF) cores of 50 or 62.5 microns. Option C is correct because SFP+ transceivers are indeed designed for 10 Gigabit Ethernet, supporting data rates up to 10 Gbps. Option B is wrong because multimode fiber is used for shorter distances (up to a few hundred meters) due to higher modal dispersion, while single-mode fiber supports longer distances (tens of kilometers).

Option D is wrong because standard SFP modules support up to 1 Gbps, not 10 Gbps; SFP+ modules handle 10 Gbps. Option E is wrong because a 9-micron core is characteristic of single-mode fiber, not multimode fiber.

Exam trap

Cisco often tests the misconception that 'multimode' implies longer reach due to its name, but the opposite is true because of modal dispersion limits.

Why the other options are wrong

B

Single-mode fiber supports much longer distances (up to 10 km or more) than multimode fiber (typically up to 550 m for 10 Gbps).

D

SFP is limited to 1 Gbps; for 10 Gbps, SFP+ is required.

E

This describes single-mode fiber, not multimode.

272
MCQhard

A subnet must support at least 62 usable IPv4 host addresses. Which prefix is the most restrictive that meets the requirement?

A./27
B./26
C./25
D./24
AnswerB

This is correct because /26 provides 62 usable host addresses.

Why this answer

A /26 is the smallest valid answer. In practical terms, a /26 provides 64 total addresses and 62 usable host addresses after subtracting the network and broadcast addresses. A /27 would be too small because it provides only 30 usable hosts.

This is a standard minimum-prefix question because it checks whether you can work backward from the host requirement and choose the smallest subnet that fits.

Exam trap

Avoid confusing total addresses with usable ones; remember to subtract network and broadcast addresses.

Why the other options are wrong

A

A /27 subnet provides only 30 usable host addresses (32 total minus 2 for network and broadcast), which does not meet the requirement of at least 62 usable addresses.

C

Option C: /25 provides 126 usable host addresses, which exceeds the requirement of at least 62 usable addresses. However, it is not the smallest prefix that meets the requirement, as /26 suffices with 62 usable addresses.

D

Option D: /24 provides 256 total addresses, with 254 usable, which exceeds the requirement of at least 62 usable addresses. However, it is not the smallest prefix that meets the requirement.

273
Multi-Selectmedium

Which four of the following correctly describe characteristics or best practices for VLAN trunking and Layer 2 switch configuration? (Choose four.)

Select 4 answers
.802.1Q trunking uses a native VLAN that carries untagged traffic; both ends of the trunk must agree on the native VLAN.
.Dynamic Trunking Protocol (DTP) can be used to negotiate trunking between Cisco switches if both ports are set to dynamic desirable or trunk mode.
.VLAN 1 is the default native VLAN on Cisco switches and is considered a best practice to use for all user traffic to simplify management.
.A switchport configured as an access port can belong to multiple VLANs simultaneously if using VLAN pruning.
.VLAN Trunking Protocol (VTP) in transparent mode allows a switch to forward VTP advertisements but does not synchronize its VLAN database.
.When connecting two switches, it is recommended to manually set the trunk mode to avoid DTP negotiation errors and security risks.

Why this answer

802.1Q trunking defines a native VLAN that carries untagged traffic; both ends must agree on the native VLAN to prevent misdirection and security issues. DTP can negotiate trunking between Cisco switches when ports are set to dynamic desirable or trunk mode, allowing automatic trunk establishment. VTP in transparent mode forwards VTP advertisements to other switches but does not synchronize its VLAN database, making it safe for maintaining local VLAN control.

Manually setting trunk mode is a best practice to avoid DTP negotiation errors and security risks, as DTP can be exploited. Option 3 is incorrect because using VLAN 1 for user traffic is a security vulnerability; it is recommended to change the native VLAN and prune VLAN 1. Option 4 is incorrect because an access port belongs to only one VLAN; VLAN pruning is used on trunk links to restrict VLAN traffic, not to allow an access port to carry multiple VLANs.

Exam trap

Cisco often tests the misconception that VLAN 1 is a best practice for user traffic, when in fact it is a well-known security vulnerability and should be changed or pruned.

274
MCQmedium

A network administrator is configuring a new Windows 10 workstation on a network that uses DHCP. The workstation receives an IPv4 address of 169.254.10.20 with a subnet mask of 255.255.0.0 and no default gateway. The user cannot access the internet or other subnets. What is the most likely cause of this issue?

A.The workstation has a duplicate IP address conflict.
B.The workstation's DNS server configuration is incorrect.
C.The workstation's subnet mask is misconfigured.
D.The DHCP server is unreachable or not responding.
AnswerD

When a DHCP client fails to receive an IP address from a DHCP server, it self-assigns an APIPA address from the 169.254.0.0/16 range. This explains the observed address and the absence of a default gateway.

Why this answer

The IP address 169.254.10.20 with a /16 subnet mask is an Automatic Private IP Addressing (APIPA) address, which Windows assigns when a DHCP discovery broadcast (DHCPDISCOVER) fails to receive a response from a DHCP server. Without a valid DHCP lease, the workstation has no default gateway, so it cannot communicate outside its local subnet, explaining the lack of internet or inter-subnet access. The most likely cause is that the DHCP server is unreachable or not responding, forcing the client to self-assign an APIPA address.

Exam trap

Cisco often tests the misconception that a 169.254.x.x address indicates a duplicate IP or a subnet mask issue, but the real trap is that APIPA is a direct symptom of DHCP server unavailability, not a configuration error on the client.

Why the other options are wrong

A

Duplicate IP conflicts typically result in a warning but do not cause the system to assign a 169.254.x.x address.

B

DNS issues do not affect IP address assignment via DHCP.

C

The subnet mask is correct for the APIPA range; the problem is the lack of a DHCP server response.

275
Matchingmedium

Drag and drop the OSI layer names on the left to the correct PDU names and example protocols on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Bits; e.g., electrical signals

Frame; e.g., Ethernet

Packet; e.g., IP

Segment; e.g., TCP

Data; e.g., HTTP

Why these pairings

The OSI model layers map to specific PDUs and example protocols: Physical layer deals with bits and electrical signals; Data Link with frames (e.g., Ethernet); Network with packets (e.g., IP); Transport with segments (e.g., TCP); and Application with data (e.g., HTTP). Each layer encapsulates data from above, and the PDU names reflect how data is packaged at that layer.

Exam trap

Be careful not to confuse the PDUs and protocols between adjacent layers, especially Data Link vs. Network (frames vs. packets, MAC vs. IP) and Network vs.

Transport (packets vs. segments, IP vs. TCP). Remember the encapsulation order: data, segment, packet, frame, bits.

276
MCQhard

A network requires at least 500 usable host addresses in one IPv4 subnet. Which prefix is the smallest that meets the requirement?

A./24
B./23
C./22
D./25
AnswerB

This is correct because a /23 provides 510 usable host addresses.

Why this answer

To support at least 500 usable hosts, the subnet must provide at least 502 total addresses when the network and broadcast addresses are included. In plain language, that means 256 total addresses in a /24 are not enough, so the next larger power-of-two block is required. A /23 provides 512 total addresses and 510 usable host addresses, which satisfies the requirement while remaining the smallest valid option.

This is a classic host-capacity question because it checks whether you can work backward from a required usable host count and choose the smallest prefix that works without wasting more space than necessary.

Exam trap

Be careful not to confuse the total number of addresses with the number of usable host addresses. Remember to account for network and broadcast addresses.

Why the other options are wrong

A

A /24 subnet provides only 256 usable host addresses, which is insufficient for the requirement of at least 500 usable addresses. Therefore, it cannot be the correct answer.

C

Option C (/22) provides 1022 usable addresses, which exceeds the requirement of 500 usable addresses, but it is not the smallest prefix that meets the requirement. The correct answer is /23, which provides exactly 510 usable addresses.

D

Option D: /25 provides only 126 usable host addresses, which is insufficient for a requirement of at least 500 usable addresses in a single subnet.

277
Multi-Selecteasy

An engineer is reviewing transport protocols for a new application. Which two characteristics are associated with TCP rather than UDP?

Select 2 answers
A.Connection establishment before data transfer
B.Best-effort delivery with no acknowledgments
C.Sequencing and retransmission support
D.Lower overhead because no session state is tracked
AnswersA, C

TCP uses a session setup process before exchanging application data.

Why this answer

TCP is connection-oriented and provides reliability with sequence numbers, acknowledgments, and retransmissions. UDP is lighter but does not guarantee delivery.

Exam trap

Don't confuse reliability with speed; TCP's reliability features add overhead, making it slower than UDP.

278
MCQhard

A host uses address 192.168.5.126/25. Which address is the broadcast address for its subnet?

A.192.168.5.63
B.192.168.5.127
C.192.168.5.128
D.192.168.5.255
AnswerB

This is correct because the lower /25 block runs from .0 through .127.

Why this answer

A /25 divides the /24 into two halves: 0–127 and 128–255. In plain language, the host address 192.168.5.126 is in the lower half, which runs from .0 through .127. The last address in that block is the broadcast address, so the broadcast is 192.168.5.127.

This is a classic subnetting question because it checks whether you can identify the correct block and then select the last address in that block as the broadcast address.

Exam trap

Remember that the broadcast address is the last address in the subnet, not the first address of the next subnet or the broadcast for the entire /24.

Why the other options are wrong

A

Option A (192.168.5.63) is incorrect because it does not fall within the subnet defined by the address 192.168.5.126/25, which has a valid range of 192.168.5.128 to 192.168.5.255 for host addresses.

C

The address 192.168.5.128 is incorrect because it falls outside the subnet defined by 192.168.5.126/25, which includes addresses from 192.168.5.0 to 192.168.5.127. The broadcast address for this subnet is 192.168.5.127.

D

Option D, 192.168.5.255, is incorrect because it is the broadcast address for the entire 192.168.5.0/24 subnet, not the /25 subnet specified in the question.

279
MCQhard

A subnet has the network address 192.168.20.128/26. What is the broadcast address?

A.192.168.20.159
B.192.168.20.191
C.192.168.20.192
D.192.168.20.255
AnswerB

This is correct because .128/26 covers .128 through .191.

Why this answer

A /26 subnet uses blocks of 64 addresses. In plain language, the block that starts at 192.168.20.128 runs through 192.168.20.191. The first address in that block is the network address, and the last address is the broadcast address. That means the broadcast address is 192.168.20.191.

This is a standard subnetting calculation. Once the block size is identified, the broadcast address is simply the last address in the block.

Exam trap

Be careful not to confuse the broadcast address with the first address of the next subnet or with the broadcast address of a different subnet mask.

Why the other options are wrong

A

Option A (192.168.20.159) is incorrect because the broadcast address for the subnet 192.168.20.128/26 is 192.168.20.191, calculated as the highest address in the subnet range from 192.168.20.128 to 192.168.20.191.

C

The option C, 192.168.20.192, is incorrect because it falls outside the range of the subnet defined by 192.168.20.128/26, which has a valid broadcast address of 192.168.20.191.

D

The broadcast address for the subnet 192.168.20.128/26 is 192.168.20.191, not 192.168.20.255. The address 192.168.20.255 is the broadcast address for the entire 192.168.20.0/24 network, which is not relevant to the specified subnet.

280
PBQmedium

You are connected to the console of SW1. The network administrator reports that a workstation connected to interface FastEthernet0/1 cannot communicate with the rest of the network. The workstation is configured for VLAN 10, but the interface is in VLAN 1.

Hints

  • Use 'show vlan brief' to see VLAN assignments.
  • The interface is currently in VLAN 1.
  • Change the access VLAN to 10.
A.Configure the interface as a trunk port.
B.Configure the interface as an access port and assign it to VLAN 10.
C.Configure the interface as a trunk port and allow VLAN 10.
D.Configure the interface as a dynamic desirable port.
AnswerB
solution
! SW1
interface FastEthernet0/1
switchport access vlan 10

Why this answer

The port was in VLAN 1 instead of VLAN 10. By configuring 'switchport access vlan 10', the workstation is now in the correct VLAN and can communicate with the rest of the network.

Exam trap

This question tests your understanding of access ports versus trunk ports and how to assign a VLAN to an access port. A common trap is to think that trunking is needed to carry VLAN traffic, but for end devices, access ports are used. Remember that 'switchport access vlan' is the command to assign a VLAN to an access port.

Why the other options are wrong

A

Trunk ports are used to carry multiple VLANs between switches, not to assign a single workstation to a specific VLAN.

C

Trunk ports are designed to carry multiple VLANs and are typically used between switches, not for end-user devices.

D

DTP modes control whether a port becomes a trunk or remains an access port; they do not change the access VLAN.

281
MCQmedium

A branch LAN requires 50 usable IPv4 host addresses. What is the most efficient subnet mask that provides at least 50 usable hosts?

A./27
B./26
C./25
D./24
AnswerB

Correct. A /26 supports 62 usable hosts.

Why this answer

A /26 provides 64 total addresses and 62 usable host addresses, which is the smallest subnet mask (largest prefix length) that fits 50 hosts, making it the most efficient choice.

Exam trap

Read the requirement carefully. Cisco often uses subtle wording like 'most efficient' or 'industry standard' to eliminate technically correct but non-optimal answers.

Why the other options are wrong

A

A /27 subnet provides only 30 usable host addresses, which is insufficient for the requirement of 50 usable addresses. Therefore, it does not meet the needs of the branch LAN.

C

Option C: /25 provides 126 usable addresses, which exceeds the requirement of 50 usable addresses. However, it is not the smallest prefix that meets the requirement.

D

Option D, /24, provides 256 total addresses, which exceeds the requirement of 50 usable addresses. However, it is not the smallest prefix that meets the requirement, as /26 provides 64 addresses, which is sufficient and more efficient.

282
PBQhard

You are connected to R1. The link between R1 and R2 is down. The output of 'show interfaces gigabitEthernet0/0' on R1 shows: 'GigabitEthernet0/0 is administratively down, line protocol is down (disabled)', with IP address 203.0.113.1/30, MTU 1500, and no input/output errors. Determine the root cause and configure the necessary fix to bring the interface up and restore connectivity.

Network Topology
G0/0203.0.113.1/30G0/0203.0.113.2/30linkR1R2

Hints

  • Check the interface status: 'show interfaces' reveals administratively down.
  • The 'shutdown' command disables the interface; use 'no shutdown' to enable it.
  • After enabling, verify with 'show ip interface brief'.
A.Enter interface configuration mode for GigabitEthernet0/0 and issue the 'no shutdown' command.
B.Enter interface configuration mode and issue the 'speed 100' command to match the remote interface speed.
C.Enter interface configuration mode and issue the 'duplex full' command to force full-duplex operation.
D.Enter interface configuration mode and issue the 'no keepalive' command to disable keepalives.
AnswerA
solution
! R1
configure terminal
interface gigabitethernet0/0
no shutdown

Why this answer

The interface status 'administratively down' means the interface was manually shut down using the 'shutdown' command. To bring it up, you must enter interface configuration mode and issue 'no shutdown', which administratively enables the interface. The other options are incorrect: setting speed to 100 Mbps or forcing full-duplex will not fix an administratively down state, and disabling keepalives is unrelated to the interface being disabled.

Exam trap

Candidates often miss the 'administratively down' keyword in show interfaces output and instead look for speed/duplex mismatches; always read the interface status first.

Why the other options are wrong

B

A speed mismatch would show 'up, line protocol down' and possibly increased input errors, but the interface here is 'administratively down'—manually disabled.

C

A duplex mismatch would cause late collisions or CRC errors, not an 'administratively down' status, which indicates a shutdown state.

D

Disabling keepalives has no effect on 'administratively down' because the interface is disabled at the administrative level, not because of a keepalive failure.

283
MCQhard

A host is configured with 10.1.1.34/30. Which address is the broadcast address for its subnet?

A.10.1.1.31
B.10.1.1.35
C.10.1.1.32
D.10.1.1.36
AnswerB

This is correct because .34 is in the 32–35 subnet block.

Why this answer

A /30 subnet has a block size of 4. In practical terms, the last-octet blocks are 0–3, 4–7, 8–11, and so on. Because 34 falls within the 32–35 block, the broadcast address is the last address in that block: 10.1.1.35.

This question tests whether you can identify the correct subnet block before choosing the broadcast address.

Exam trap

Ensure you correctly identify the subnet range and understand the roles of network, host, and broadcast addresses.

Why the other options are wrong

A

The address 10.1.1.31 is incorrect as a broadcast address for the subnet 10.1.1.34/30; the correct broadcast address is 10.1.1.35, derived from the subnet mask which allows for only 4 IP addresses (10.1.1.34 to 10.1.1.37).

C

The address 10.1.1.32 is not the broadcast address for the subnet 10.1.1.34/30; instead, it is the network address for the subnet, which is 10.1.1.32 to 10.1.1.35.

D

The address 10.1.1.36 is incorrect because it exceeds the valid range for a /30 subnet, which only allows for four IP addresses (two usable hosts, one network, and one broadcast). The broadcast address for the subnet 10.1.1.34/30 is 10.1.1.35.

284
MCQhard

A network technician connects a new Cisco switch to an existing access switch using a Category 5e copper patch cable. The link fails to come up, and the interface status shows 'err-disabled'. The technician checks the interface diagnostics and the running configuration. What action should the technician take to resolve the problem?

A.Replace the Category 5e cable with a Category 6 cable to support Gigabit Ethernet.
B.Configure the interface as a trunk port and disable spanning-tree BPDU guard.
C.Replace the copper SFP with a fiber SFP to increase the distance.
D.Manually set the speed and duplex to 1000 Mbps and full duplex on both switches.
AnswerB

The port is in err-disabled because bpduguard is enabled. Since this is a connection between two switches, the port should be configured as a trunk (or at least not as an access port with portfast) and bpduguard should be disabled to prevent the errdisable state.

Why this answer

The most likely reason for the err-disabled state is a spanning-tree BPDU guard violation on the access switch's port configured with PortFast. When another switch is connected, it sends BPDUs, triggering BPDU guard to error-disable the port. Configuring the interface as a trunk port and disabling BPDU guard (option B) resolves the issue by allowing BPDUs without triggering the protection.

Option A is unnecessary because Category 5e supports Gigabit Ethernet. Option C is irrelevant since the problem is not distance-related. Option D is risky because auto-negotiation is preferred and manual settings can cause mismatches.

Exam trap

Cisco often tests the misconception that err-disabled is always caused by speed/duplex mismatches or cable issues, but the trap here is that BPDU guard on a PortFast access port is a frequent and specific cause when connecting another switch.

Why the other options are wrong

A

The symptom is err-disabled, not a speed or duplex mismatch; cable type is not the issue.

C

The port is a built-in copper port, not an SFP-based interface; distance is not the issue.

D

The err-disabled state is due to BPDU guard, not speed/duplex mismatch; manual settings would not fix the root cause.

285
Drag & Dropmedium

Drag and drop the following steps into the correct order to configure WPA3-Personal on a WLC, associate a wireless client, and complete the 802.11 authentication and DHCP process.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4

Why this order

The correct order is to first configure the WLAN with WPA3-Personal on the WLC, then the client completes 802.11 authentication (open system authentication followed by the SAE handshake), next the client associates with the AP, and finally the client obtains an IP address via DHCP. Option B correctly follows this sequence, while option A incorrectly reverses authentication and association, option C places WLAN configuration after client association, and option D erroneously performs DHCP before any wireless steps.

Exam trap

Watch out for the order of 802.11 authentication and DHCP. Many candidates mistakenly place DHCP before authentication, but authentication is a layer 2 process that must complete before the client can obtain an IP address.

286
MCQhard

A network engineer is troubleshooting a link between two Cisco Catalyst 9300 switches that are connected via a single-mode fiber optic cable. The link is up, but the interface counters show a high number of CRC errors and frame check sequence (FCS) errors. The interface is configured for 1000 Mbps and full duplex on both ends. What is the most likely cause of these errors?

A.A speed or duplex mismatch between the two switches
B.Faulty or dirty fiber optic cable or connectors
C.Incorrect SFP+ module type inserted in the switch
D.Excessive cable length beyond the distance limit
AnswerB

The low received power (-20 dBm on SwitchA) indicates excessive loss, likely due to a damaged cable or dirty connectors.

Why this answer

CRC and FCS errors indicate corruption at the data-link layer, typically caused by physical-layer issues such as signal degradation. Since the link is up and both ends are configured for 1000 Mbps full duplex, a speed/duplex mismatch is ruled out. Dirty or faulty single-mode fiber connectors or the cable itself can introduce optical signal loss or reflections, leading to bit errors that manifest as CRC/FCS errors.

Exam trap

Cisco often tests the distinction between CRC errors (physical-layer signal integrity) and duplex mismatch symptoms (late collisions, runts), leading candidates to incorrectly choose a speed/duplex mismatch when the interface counters show CRC errors.

Why the other options are wrong

A

The exhibit confirms consistent speed and duplex settings.

C

The modules are correctly identified and match the fiber type.

D

There is no evidence of the cable length in the exhibit, and the low power is more indicative of a physical fault rather than simply exceeding distance limits.

287
PBQhard

You are troubleshooting a wireless client association failure on a Cisco WLC. A client reports it can see the SSID 'GuestNet' but fails to connect, while another client using the same SSID connects fine. You must check the WLC configuration, identify the cause, and fix it so that both clients can associate successfully.

Network Topology
AP-1WLCClient-1

Hints

  • Check if the failing client supports WPA3. Legacy clients may only support WPA2.
  • WPA3 Transition Mode allows a WLAN to accept both WPA2 and WPA3 clients.
  • PMF (Protected Management Frames) set to 'Required' will reject clients that do not support it.
A.Change the WLAN security to WPA2-PSK only and disable PMF.
B.Enable WPA3 Transition Mode and set PMF to Optional.
C.Disable PMF on the WLAN and keep WPA3 enabled.
D.Change the WLAN to use WPA2-PSK with PMF Required.
AnswerB
solution
! WLC
config wlan 2
no security wpa3 pmf required
security wpa3 pmf optional
security wpa3 transition-mode enable
end

Why this answer

The client that cannot associate is likely a legacy client that does not support WPA3. The WLAN 'GuestNet' has WPA3 enabled with 'PMF Required', which forces all clients to support WPA3 and PMF. To fix this, enable WPA3 Transition Mode (which allows both WPA2 and WPA3 clients) and set PMF to Optional.

This will allow the older client to associate using WPA2 while newer clients can use WPA3.

Exam trap

The key trap is confusing PMF settings with authentication protocols. PMF Required is only valid with WPA3, and disabling PMF alone does not fix the protocol mismatch. Always consider that WPA3 Transition Mode is the feature designed to support mixed environments.

Why the other options are wrong

A

The specific factual error: Disabling PMF entirely is not necessary; PMF can be set to Optional to allow both PMF-capable and non-PMF clients.

C

The specific factual error: Disabling PMF alone does not allow a WPA2-only client to associate with a WPA3-only WLAN; the WLAN must also support WPA2.

D

The specific factual error: PMF Required is only supported with WPA3; WPA2 only supports PMF Optional. Additionally, this configuration would not support WPA3 clients.

288
Multi-Selectmedium

Which TWO statements accurately describe the use of ipconfig, ping, and tracert when troubleshooting a client that cannot reach a remote server?

Select 2 answers
A.A successful ping to 127.0.0.1 confirms that the TCP/IP stack on the local host is functional.
B.If ping to the default gateway fails, the issue is certainly caused by a faulty Ethernet cable.
C.An ipconfig output showing an IPv4 address of 169.254.x.x indicates the DHCP client could not obtain an IP address and self-assigned an APIPA address.
D.A tracert that shows 'Request timed out' for the very first hop proves the local default gateway router is down or unreachable.
E.Running ipconfig /release followed by ipconfig /renew will always restore connectivity if the Ethernet cable is unplugged and re-plugged.
AnswersA, C

Pinging the loopback address tests the local host's TCP/IP protocol stack without sending traffic onto the network.

Why this answer

Option A is correct because pinging the loopback address 127.0.0.1 tests the local TCP/IP stack without sending any frames onto the network. A successful reply confirms that the IP protocol, routing table, and network interface driver are functioning correctly on the local host. This is a foundational step in troubleshooting, as it isolates the problem to the local machine if the ping fails.

Exam trap

Cisco often tests the misconception that a failed ping to the default gateway always points to a physical layer issue, when in fact it could be due to logical misconfigurations, firewall rules, or the gateway itself being operational but not responding to ICMP.

Why the other options are wrong

B

A single cable fault is only one of many possibilities; more testing is needed before concluding physical layer failure.

D

Timed-out hops in tracert do not directly prove the router is down; it may simply not be generating ICMP Time Exceeded messages.

E

These commands do not guarantee a lease; the DHCP server must be operational and reachable.

289
Multi-Selectmedium

Which TWO statements about SFP transceivers and fiber optic cabling are correct?

Select 2 answers
A.SFP transceivers are permanently installed on the switch motherboard and cannot be replaced.
B.1000BASE-SX SFP transceivers are designed for multimode fiber and typically support distances up to 550 meters.
C.Multimode fiber typically uses laser-based transmitters for long-distance transmission.
D.Single-mode fiber (SMF) with 1000BASE-LX SFP transceivers can support distances up to 5 km.
E.Single-mode fiber has a larger core diameter than multimode fiber, allowing longer distances.
AnswersB, D

1000BASE-SX uses multimode fiber with a 850 nm wavelength and supports distances up to 550 m (depending on fiber grade).

Why this answer

Option B is correct because 1000BASE-SX SFP transceivers are designed for multimode fiber (MMF) and use short-wavelength lasers (850 nm). Over 50/125 µm MMF, they support up to 550 meters. Option D is correct because 1000BASE-LX SFP transceivers are designed for single-mode fiber (SMF) and support distances up to 5 km according to the IEEE 802.3 standard (not 10 km, which is typically a vendor-specific LH extension).

Option A is false because SFPs are hot-swappable pluggable modules, not permanently installed. Option C is false because multimode fiber typically uses LED or VCSEL transmitters for short distances, not lasers for long-haul. Option E is false because single-mode fiber has a smaller core diameter (8-10 µm) than multimode fiber (50-62.5 µm), which reduces modal dispersion and allows longer distances.

Exam trap

Cisco often tests the misconception that multimode fiber always uses lasers for long distances, when in fact multimode fiber is optimized for shorter runs with LED or VCSEL sources, while single-mode fiber uses lasers for extended reach.

Why the other options are wrong

A

This statement is false because SFP slots are designed for modular, replaceable transceivers.

C

Laser transmitters are used in single-mode fiber for longer distances; multimode uses LED/VCSEL.

E

Single-mode fiber has a smaller core, not larger. The smaller core reduces dispersion and allows longer reach.

290
Multi-Selectmedium

Which TWO statements correctly describe the OSI model layers and their corresponding PDU names during encapsulation?

Select 2 answers
A.The Transport layer encapsulates data into segments.
B.The Network layer encapsulates segments into packets.
C.The Data Link layer encapsulates packets into bits.
D.The Session layer encapsulates segments into sessions.
E.The Physical layer encapsulates frames into bits.
AnswersA, B

The Transport layer adds a TCP or UDP header to upper-layer data to create segments, making this statement correct.

Why this answer

Both A and B are correct. During encapsulation, the Transport layer (Layer 4) adds a header to upper-layer data to form segments, and the Network layer (Layer 3) encapsulates those segments into packets by adding a network-layer header (e.g., IP). Option C is incorrect because the Data Link layer encapsulates packets into frames, not bits; bits are the raw transmission unit at the Physical layer.

Option D is incorrect because the Session layer manages sessions but does not produce a PDU called 'sessions'; encapsulation of segments only occurs at Layers 4 and below. Option E is incorrect because the Physical layer transmits frames as bits but does not perform encapsulation; encapsulation ends at the Data Link layer.

Exam trap

Cisco often tests the specific PDU names at each layer (e.g., segment vs. packet vs. frame vs. bit) and the order of encapsulation, so the trap here is confusing the Data Link layer PDU (frame) with bits or mixing up the Session layer's role with encapsulation.

Why the other options are wrong

C

The Data Link layer encapsulates packets into frames, not bits; bits are the PDU of the Physical layer.

D

The Session layer handles session management and does not perform encapsulation into 'sessions'; encapsulation at this layer is not defined.

E

The Physical layer transmits frames as bits but does not encapsulate frames into bits; encapsulation ends at Layer 2.

291
MCQhard

A host is configured as 172.16.20.190/26. Which range contains the usable host addresses for that subnet?

A.172.16.20.129 to 172.16.20.190
B.172.16.20.128 to 172.16.20.191
C.172.16.20.130 to 172.16.20.191
D.172.16.20.193 to 172.16.20.254
AnswerA

This is correct because .128 is the network and .191 is the broadcast.

Why this answer

A /26 uses blocks of 64 addresses. In practical terms, the fourth-octet ranges are 0–63, 64–127, 128–191, and 192–255. Since 190 falls inside the 128–191 block, the network address is .128 and the broadcast address is .191. That leaves .129 through .190 as the usable range.

This is a strong test of whether you can identify the correct block and then exclude the reserved boundary addresses correctly.

Exam trap

A frequent exam trap is selecting an answer range that includes the network or broadcast address as usable hosts. For example, option B lists 172.16.20.128 to 172.16.20.191, which incorrectly includes the network (.128) and broadcast (.191) addresses. These addresses are reserved and cannot be assigned to hosts.

Another trap is excluding valid host addresses or including addresses from adjacent subnets, as seen in options C and D. Misidentifying subnet boundaries or forgetting to exclude reserved addresses causes these errors, leading to incorrect subnetting answers.

Why the other options are wrong

B

Option B incorrectly includes the network address (172.16.20.128) and broadcast address (172.16.20.191) as usable hosts, which are reserved and cannot be assigned to devices, making this option invalid.

C

Option C excludes the first usable host address (172.16.20.129) and incorrectly includes the broadcast address (172.16.20.191), which is not assignable to hosts, thus making it an incorrect range.

D

Option D lists a range starting at 172.16.20.193, which belongs to the next subnet block (192–255) and does not include the IP 172.16.20.190, so it is unrelated and incorrect for this question.

292
MCQhard

A host is assigned 192.168.10.33/28. Which subnet contains that host?

A.192.168.10.16/28
B.192.168.10.32/28
C.192.168.10.48/28
D.192.168.10.0/28
AnswerB

This is correct because 33 falls within the 32 through 47 range.

Why this answer

A /28 subnet uses blocks of 16 addresses. In plain language, the last octet ranges move in increments of 16: 0–15, 16–31, 32–47, 48–63, and so on. Since the host address ends in 33, it belongs to the 32–47 block. That means the containing subnet is 192.168.10.32/28.

This style of subnetting question is common because it tests whether you can identify the correct network boundary quickly. The key is to recognize the block size from the prefix and then place the address inside the correct interval without confusing the host with the network address.

Exam trap

Be careful not to confuse the host address with the network address or miscalculate the subnet boundaries.

Why the other options are wrong

A

Option A (192.168.10.16/28) is incorrect because it represents a different subnet, specifically the range 192.168.10.16 to 192.168.10.31, which does not include the host 192.168.10.33.

C

Option C is wrong because the host IP 192.168.10.33/28 falls within the subnet range of 192.168.10.32 to 192.168.10.47, making 192.168.10.48/28 an entirely different subnet that does not include the host.

D

Option D (192.168.10.0/28) is incorrect because it represents a different subnet than the one containing the host 192.168.10.33. The subnet for 192.168.10.33/28 is 192.168.10.32/28, which includes IPs from 192.168.10.32 to 192.168.10.47.

293
PBQhard

You are connected to R1. The network team reports intermittent connectivity between R1 and R2. Examine the following `show interface` output from R1 to identify the root cause of the issue. Then apply the necessary configuration commands on R1 to resolve the problem. GigabitEthernet0/0 is up, line protocol is up Internet address is 10.0.0.1/30 MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, media type is RJ45 output flow-control is unsupported, input flow-control is unsupported Last input 00:00:01, output 00:00:01, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 100 packets input, 8000 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 100 input errors, 100 CRC, 0 frame, 0 overrun, 0 ignored 0 output errors, 0 collisions, 0 interface resets 0 output buffer failures, 0 output buffers swapped out

Network Topology
G0/010.0.0.1/30G0/010.0.0.2/30linkR1R2

Hints

  • CRC errors often indicate a duplex mismatch or faulty cabling.
  • Check if the interface has manual speed/duplex settings that may conflict with the remote device.
  • The remote device likely uses auto-negotiation; match its settings.
A.Enter interface configuration mode for the problematic interface and issue the 'no speed' and 'no duplex' commands to revert to auto-negotiation.
B.Enter interface configuration mode and issue the 'speed 100' and 'duplex full' commands to ensure both sides are set to the same values.
C.Enter interface configuration mode and issue the 'no shutdown' command to bring the interface up.
D.Enter interface configuration mode and issue the 'duplex half' command to match the remote side's duplex setting.
AnswerA
solution
! R1
configure terminal
interface GigabitEthernet0/0
no speed
no duplex
end

Why this answer

The show interface output reveals 100 CRC errors and 100 input errors, indicating a physical layer problem. Additionally, the interface is manually configured for full-duplex and 100 Mb/s. CRC errors often point to a duplex mismatch or faulty cable.

Since R1 is set to full-duplex, if R2 is set to auto-negotiation (or half-duplex), a mismatch occurs. The fix is to set both sides to auto-negotiation by removing manual speed and duplex settings. On R1, enter interface configuration mode and issue 'no speed' and 'no duplex' to revert to auto-negotiation, then verify with 'show interfaces' that the interface negotiates to full-duplex and errors stop incrementing.

Exam trap

Do not assume that manually setting speed and duplex is always correct. CRC errors often point to a duplex mismatch, and the standard fix is to enable auto-negotiation on both ends. Also, remember that 'no shutdown' is for administratively down interfaces, not for error conditions.

Why the other options are wrong

B

The specific factual error is that reapplying the same manual settings does not resolve a duplex mismatch; it may even perpetuate the mismatch if the remote side is set to auto-negotiation.

C

The specific factual error is that 'no shutdown' is used to enable an interface that is administratively down, but the interface is already up.

D

The specific factual error is that forcing half-duplex is unlikely to resolve the issue; it may worsen performance and still cause errors if the remote side is full-duplex.

294
MCQhard

A subnet has the network address 192.168.30.0/26. What is the broadcast address?

A.192.168.30.63
B.192.168.30.64
C.192.168.30.255
D.192.168.30.31
AnswerA

This is correct because the .0/26 block ends at .63.

Why this answer

A /26 subnet contains 64 addresses. In plain language, the block that starts at 192.168.30.0 runs through 192.168.30.63. The first address is the network address and the last address is the broadcast address, so the broadcast for this subnet is 192.168.30.63.

This is a standard subnet-boundary calculation. Once the block size is identified, the broadcast address is simply the final address in that block.

Exam trap

Remember that the broadcast address is the last address in the subnet, not the first address of the next subnet or the last usable host address.

Why the other options are wrong

B

Option B is incorrect because the broadcast address for the subnet 192.168.30.0/26 is 192.168.30.63, not 192.168.30.64. The address 192.168.30.64 is actually the first address of the next subnet (192.168.30.64/26).

C

The address 192.168.30.255 is incorrect as the broadcast address for the subnet 192.168.30.0/26, which only spans IPs from 192.168.30.0 to 192.168.30.63. The broadcast address for this subnet is 192.168.30.63.

D

Option D, 192.168.30.31, is incorrect because it represents the last usable IP address in the subnet 192.168.30.0/26, not the broadcast address. The broadcast address for this subnet is 192.168.30.63.

295
PBQhard

You are troubleshooting connectivity for a wireless client connected to the home network shown below. The client has obtained an APIPA address (169.254.x.x), indicating DHCP failure. Verify the DHCP server configuration on R1 and correct the issue so that the client receives a valid IP address from the 192.168.1.0/24 subnet.

Network Topology
G0/0192.168.1.1/24switchR1Wireless Client

Hints

  • Check if the DHCP service is enabled globally on R1.
  • APIPA addresses indicate that the client did not receive a DHCP offer.
  • The DHCP pool and interface configuration are correct; the missing piece is the global DHCP service.
A.Enable the DHCP service globally using the 'service dhcp' command on R1.
B.Remove the 'ip dhcp excluded-address 192.168.1.1 192.168.1.10' command because it excludes too many addresses.
C.Change the DHCP pool network to 192.168.1.0/24 and add the default-router 192.168.1.1 command.
D.Configure the 'ip helper-address' command on the client's VLAN interface to forward DHCP requests to the server.
AnswerA
solution
! R1
configure terminal
service dhcp
end

Why this answer

The client obtained an APIPA address (169.254.x.x) because DHCP was not assigning addresses. The DHCP pool is correctly configured, but the global DHCP service must be enabled with the 'service dhcp' command on R1. The excluded-address range (192.168.1.1–192.168.1.10) uses only a small fraction of the /24 subnet, so it is not the issue.

Enabling 'service dhcp' allows the router to process DHCP requests and assign addresses from the pool.

Exam trap

Trap: Candidates often focus on pool configuration (network, default-router, excluded-address) when troubleshooting DHCP failures, but they forget that the DHCP service must be enabled globally with 'service dhcp'. Always check if the service is running before modifying pool parameters.

Why the other options are wrong

B

The specific factual error: Excluding 10 addresses does not exhaust the pool; the pool still has 244 addresses available.

C

The specific factual error: The pool configuration is already correct; modifying it does not address the disabled DHCP service.

D

The specific factual error: 'ip helper-address' is for DHCP relay across subnets; it is not needed when the server is local.

296
PBQhard

You are troubleshooting a link between R1 (G0/0) and R2 (G0/0). The link is up but experiencing packet loss. You suspect an interface speed/duplex mismatch or SFP issue. Configure R1's interface to match the correct speed and duplex, and replace the SFP module if necessary to support a required distance of 40 km over single-mode fiber.

Network Topology
G0/0192.0.2.1/30G0/0192.0.2.2/30SMF linkR1R2

Hints

  • Check the current speed and duplex configuration under the interface.
  • Check the SFP module distance rating using 'show interfaces transceiver'.
  • Remove explicit speed and duplex commands to allow auto-negotiation.
A.Remove manual speed/duplex settings, enable auto-negotiation, and replace the SFP with a long-reach module (e.g., 1000BASE-ZX) that supports 40 km over single-mode fiber.
B.Change the duplex to full and speed to 1000 Mbps manually, and keep the existing SFP.
C.Keep the manual speed/duplex settings but replace the SFP with a 1000BASE-SX module.
D.Enable auto-negotiation on both ends but keep the existing SFP.
AnswerA
solution
! R1
interface gigabitethernet 0/0
no speed
no duplex
end
copy running-config startup-config

Why this answer

The link is experiencing packet loss, likely due to a speed/duplex mismatch between the manually configured interface and the peer (which may use auto-negotiation) and/or an SFP module that cannot support the required 40 km distance over single-mode fiber. To resolve both potential issues, remove any manual speed and duplex settings to restore default auto-negotiation (using 'no speed' and 'no duplex'), and replace the SFP with a module rated for 40 km or more on SMF, such as a 1000BASE-ZX (or 1000BASE-EX) transceiver. Standard 1000BASE-LX/LH only reaches up to 10 km on SMF, so it is insufficient for this scenario.

Exam trap

This question tests your ability to identify and resolve both a speed/duplex mismatch and an SFP distance limitation. A common trap is to focus on only one issue (e.g., only fixing the mismatch or only replacing the SFP) while ignoring the other. Always verify that the SFP supports the required distance and fiber type.

Why the other options are wrong

B

The specific factual error is that manually setting speed/duplex does not guarantee compatibility with the remote end and does not address the SFP distance limitation.

C

The specific factual error is that 1000BASE-SX is for multimode fiber and short distances, not single-mode fiber at 40 km.

D

The specific factual error is that the SFP distance limitation is not addressed; auto-negotiation alone does not change the physical layer capability.

297
Matchingmedium

Match each networking concept to its most accurate role.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Defines network versus host portions of the address

Next hop used for off-subnet traffic

Local Layer 2 address for frame delivery

Data structure used to choose packet-forwarding paths

Why these pairings

A subnet mask distinguishes network and host portions of an IP address, enabling proper local and remote delivery decisions. The default gateway is the router's interface on the local subnet, serving as the exit point for traffic destined outside the local network. A MAC address is a hardware identifier used at Layer 2 to deliver frames to the correct next-hop device on the same link.

The routing table contains network prefixes and next hops, allowing a router to select the best path for forwarding packets.

Exam trap

Learners often confuse the default gateway (a next-hop IP) with the subnet mask (a bit mask defining network boundaries), especially when configuring IP settings; remember that the gateway is where off-subnet packets are sent, while the mask determines if the destination is on the same subnet.

298
Matchingmedium

Drag and drop the interface error types on the left to the corresponding descriptions on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Frames that fail the cyclic redundancy check due to noise or faulty cabling

Frames smaller than 64 bytes, often caused by collisions

Frames exceeding the maximum frame size, often due to a faulty NIC

Repeated link up/down transitions, often from loose cables or hardware issues

Total receive-side errors including CRC, runts, giants, and framing errors

Why these pairings

CRC errors occur when a frame fails the cyclic redundancy check (checksum mismatch) due to noise or faulty cabling. Runts are frames smaller than 64 bytes, typically caused by collisions. Giants are frames exceeding the maximum frame size, often from a faulty NIC.

Flaps are repeated link up/down transitions, usually from loose cables or hardware issues. Input errors is a catch-all counter for all receive-side errors including CRC, runts, giants, and framing errors. Each match is correct because the description aligns with the standard definition; for example, CRC errors specifically involve checksum failure, not frame size or link flapping.

Exam trap

Do not confuse CRC errors with other frame errors. CRC errors are about checksum mismatches, not frame size (runts/giants) or timing (collisions). Focus on the specific description: 'checksum failure' or 'CRC mismatch'.

299
MCQhard

A network engineer is troubleshooting a link between two Cisco switches that are connected via a 1000BASE-LX SFP transceiver. Hosts on VLAN 10 on Switch A cannot ping the default gateway on Switch B. The interface on Switch A is up, but the engineer notices CRC errors incrementing. What should the engineer do to resolve this issue?

A.Replace the SFP with a 1000BASE-SX transceiver
B.Use a mode-conditioning patch cable between the SFP and the fiber patch panel
C.Configure the same VLAN on both switch interfaces
D.Replace the fiber cable with a single-mode fiber cable
AnswerB

A mode-conditioning patch cable corrects the mismatch when using a single-mode transceiver over multimode fiber, preventing signal dispersion.

Why this answer

The 1000BASE-LX SFP transceiver operates at 1310 nm over single-mode fiber (SMF). When connected to multimode fiber (MMF), the larger core diameter causes excessive modal dispersion, leading to CRC errors. A mode-conditioning patch cable (mode-conditioning patch cord) launches the laser off-center into the MMF core, reducing differential mode delay and restoring proper signal integrity.

This is a known Cisco best practice for LX transceivers on MMF links.

Exam trap

Cisco often tests the misconception that CRC errors always indicate a bad cable or transceiver, when in fact the root cause can be a mode mismatch between LX optics and multimode fiber that is fixed with a mode-conditioning patch cable rather than replacing the fiber or transceiver.

Why the other options are wrong

A

Using SX would not fix the issue because the fiber is multimode and LX is designed for longer distances; the problem is the cable type mismatch, not the transceiver type.

C

The interface is up/up, so VLAN mismatch is not the issue.

D

Although replacing with single-mode fiber would work, the exhibit does not show CRC errors, so the problem is more likely a mode-conditioning issue.

300
Multi-Selectmedium

Which TWO statements accurately describe wireless LAN fundamentals for CCNA 200-301 v2.0? (Choose two.)

Select 2 answers
A.802.11ax uses MU‑MIMO only for downlink transmissions.
B.802.11ac operates only in the 5 GHz frequency band.
C.Overlapping channels in the 2.4 GHz band are used to maximize non-overlapping channel availability.
D.WPA3 uses Simultaneous Authentication of Equals (SAE) to provide stronger password-based authentication.
E.A wireless LAN controller (WLC) is typically managed via its console port for day-to-day operations.
AnswersB, D

802.11ac is a 5 GHz-only standard, providing wider channels and higher data rates compared to 2.4 GHz.

Why this answer

Option B is correct: 802.11ac (Wi‑Fi 5) operates exclusively in the 5 GHz band, leveraging wider channels (up to 160 MHz) and reduced interference. Option D is correct: WPA3 introduces Simultaneous Authentication of Equals (SAE) for robust password‑based authentication, replacing the weaker WPA2 four‑way handshake. Option A is wrong: 802.11ax (Wi‑Fi 6) supports MU‑MIMO for both uplink and downlink, not only downlink.

Option C is wrong: Overlapping channels in the 2.4 GHz band reduce throughput and are not used to maximize availability; instead, non‑overlapping channels (1, 6, 11) are recommended. Option E is wrong: A WLC is typically managed via a web GUI, SSH, or SNMP, not via its console port for routine operations; console access is used for initial setup or troubleshooting.

Exam trap

Cisco often tests the misconception that 802.11ac operates in both 2.4 GHz and 5 GHz bands, or that MU-MIMO in 802.11ax is exclusive to uplink, when in fact 802.11ax supports MU-MIMO bidirectionally and 802.11ac is strictly 5 GHz.

Why the other options are wrong

A

MU-MIMO is a feature of 802.11ac and 802.11ax, but 802.11ax primarily relies on OFDMA for multi-user support.

C

Overlapping channels reduce performance due to co-channel interference, not maximize non-overlapping channels.

E

Console port is used for initial configuration or troubleshooting, not for routine management.

← PreviousPage 4 of 6 · 390 questions totalNext →

Ready to test yourself?

Try a timed practice session using only Network Infra Connectivity questions.