CCNA Network Infra Connectivity Questions

15 of 390 questions · Page 6/6 · Network Infra Connectivity topic · Answers revealed

376
Drag & Dropmedium

Drag and drop the following troubleshooting steps into the correct order to diagnose a client connectivity issue using the OSI bottom-up method.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4

Why this order

The OSI bottom-up troubleshooting method starts at Layer 1: first check physical cable connections and link lights (A). Next, at Layer 2, verify the switch's MAC address table (D) to ensure local segment communication is intact. Moving to Layer 3, confirm the IP address configuration and subnet mask (B) are correct.

Finally, ping the default gateway (C) to validate end-to-end Layer 3 connectivity. The correct sequence is A → D → B → C, because each lower layer must function before higher-layer tests can succeed.

Exam trap

The trap is that candidates often skip the physical layer and jump to IP or ping tests because those are more familiar. Remember: always start at Layer 1 in a bottom-up approach.

377
PBQhard

You are connected to R1 via console. The link between R1 and R2 is experiencing packet loss and CRC errors. Configure interface speed and duplex on R1's GigabitEthernet0/0 to match R2's settings, then replace the SFP module with one that supports the required 2 km distance. Finally, verify the interface is operational without errors.

Network Topology
G0/0192.0.2.1/30G0/0192.0.2.2/302km fiberR1R2

Hints

  • CRC errors often indicate a duplex mismatch. Check the neighbor's configuration.
  • Auto-negotiation must be disabled on both ends if one side is hardcoded.
  • The current SFP is rated for 550m; for 2 km you need a long-range SFP (e.g., 1000BASE-LX).
A.Configure speed 1000, duplex full, and no negotiation auto on Gi0/0, then replace the SFP-GE-SX with SFP-GE-L.
B.Configure speed 1000 and duplex full on Gi0/0, then replace the SFP-GE-SX with SFP-GE-SX-MM.
C.Configure speed 100 and duplex full on Gi0/0, then replace the SFP-GE-SX with SFP-GE-L.
D.Configure no negotiation auto on Gi0/0, then replace the SFP-GE-SX with SFP-GE-L.
AnswerA
solution
! R1
configure terminal
interface GigabitEthernet0/0
speed 1000
duplex full
no negotiation auto
end
copy running-config startup-config

Why this answer

The CRC errors indicate a duplex mismatch or faulty medium. R1 is set to auto-negotiation while R2 is hardcoded to 1000/full, causing mismatch. First, set speed and duplex on R1 to match R2: 'speed 1000' and 'duplex full'.

Also disable auto-negotiation with 'no negotiation auto'. The existing SFP-GE-SX only supports 550m, but the link requires 2 km; replace it with a 1000BASE-LX/LH SFP (SFP-GE-L) which supports up to 10 km. After changes, verify with 'show interfaces Gi0/0' to confirm no CRC errors and correct speed/duplex.

Exam trap

Do not forget to disable auto-negotiation when manually setting speed and duplex on a Cisco interface. Also, remember that SFP types have specific distance limitations: SX for short reach (550m), LX/LH for long reach (10 km), and EX or ZX for even longer distances.

Why the other options are wrong

B

The SFP-GE-SX-MM is a multimode SFP with the same distance limitation as the original SFP-GE-SX.

C

The speed must match exactly; 100 Mbps is not compatible with 1000 Mbps.

D

When auto-negotiation is disabled, speed and duplex must be manually set; otherwise, the interface may default to half-duplex or other incompatible settings.

378
PBQhard

You are connected to R1 via the console. R1 and R2 are directly connected via their GigabitEthernet0/0 interfaces. Configure R1's G0/0 for 100 Mbps full-duplex operation. Then, diagnose and fix an auto-negotiation failure that prevents the link from coming up. Finally, replace the existing 1000BASE-T SFP with a 1000BASE-LX SFP to support a new 5 km fiber run. Ensure the link is up and working.

Network Topology
G0/010.0.0.1/30G0/010.0.0.2/301000BASE-LX SMF 5 kmR1R2

Hints

  • The interface is administratively down; use 'no shutdown' to bring it up.
  • Auto-negotiation failures often require manually setting speed and duplex on both ends.
  • To replace an SFP, the interface must be shut down, SFP swapped, then no shutdown.
A.Configure speed 100 and duplex full on G0/0, then no shutdown. After the link is up, remove the 1000BASE-T SFP and insert the 1000BASE-LX SFP; the interface will automatically detect the new SFP and adjust speed/duplex.
B.Configure speed 100 and duplex full on G0/0, then no shutdown. After the link is up, remove the 1000BASE-T SFP and insert the 1000BASE-LX SFP, then configure the interface with speed 1000 and duplex full to match the new SFP.
C.Configure speed 100 and duplex full on G0/0, then no shutdown. After the link is up, remove the 1000BASE-T SFP and insert the 1000BASE-LX SFP, then configure the interface with speed auto and duplex auto. Finally, verify the link state.
D.Configure speed 100 and duplex full on G0/0, then no shutdown. After the link is up, remove the 1000BASE-T SFP and insert the 1000BASE-LX SFP, then configure the interface with speed 100 and duplex full to maintain consistency.
AnswerC
solution
! R1
configure terminal
interface gigabitEthernet 0/0
speed 100
duplex full
no shutdown
end
! (Physically replace SFP with 1000BASE-LX)
configure terminal
interface gigabitEthernet 0/0
speed auto
duplex auto
no shutdown
end

Why this answer

First, set speed to 100 and duplex to full on GigabitEthernet0/0, then issue no shutdown to bring the link up. This manual configuration resolves potential auto-negotiation failures on the copper link. After confirming the link, issue shutdown on the interface before physically swapping the SFP to a 1000BASE-LX module.

Then, configure the interface with speed auto and duplex auto (standard for fiber) and no shutdown. Finally, verify the link state. Option A is wrong because the interface does not automatically adjust to the new SFP's capabilities; explicit reconfiguration is required.

Option B is wrong because forcing speed 1000 and duplex full is unnecessary and may cause negotiation issues. Option D is wrong because maintaining 100 Mbps on a 1000BASE-LX SFP would prevent the link from operating.

Exam trap

A common mistake is forgetting to issue the 'shutdown' command before physically swapping SFPs, which can damage the hardware. Also, understanding that fiber SFPs typically use auto-negotiation is key.

Why the other options are wrong

A

The interface does not automatically detect and adjust speed/duplex for a new SFP; explicit reconfiguration is required.

B

Setting speed 1000 and duplex full is not correct because fiber SFPs typically use auto-negotiation, and forcing these parameters can cause negotiation failures.

D

Maintaining speed 100 and duplex full on a 1000BASE-LX SFP is incorrect because the SFP operates only at 1000 Mbps, so the interface must be configured accordingly (speed auto/duplex auto).

379
MCQhard

A host address is 172.22.14.99/27. Which address is the broadcast address of the subnet?

A.172.22.14.95
B.172.22.14.127
C.172.22.14.96
D.172.22.14.128
AnswerB

This is correct because .99 belongs to the 96-127 /27 subnet.

Why this answer

A /27 subnet has a block size of 32. In practical terms, the relevant blocks are 0-31, 32-63, 64-95, 96-127, and so on. Because 99 falls within the 96-127 block, the broadcast address is the last address in that block: 172.22.14.127.

This is a classic subnet-boundary question and remains important because addressing precision appears throughout the CCNA blueprint.

Exam trap

Be careful not to confuse network addresses with broadcast addresses, and ensure you are calculating the correct subnet range.

Why the other options are wrong

A

Option A is incorrect because the broadcast address for the subnet 172.22.14.99/27 is 172.22.14.127, not 172.22.14.95. The /27 subnet mask indicates that the last 5 bits are for host addresses, allowing for a range of addresses that ends at 172.22.14.127.

C

Option C (172.22.14.96) is incorrect because it falls within the usable host range of the subnet and is not the broadcast address. The broadcast address for the subnet 172.22.14.96/27 is actually 172.22.14.127.

D

Option D, 172.22.14.128, is incorrect because it does not fall within the subnet defined by 172.22.14.99/27, which has a valid range of 172.22.14.96 to 172.22.14.127. The broadcast address for this subnet is 172.22.14.127.

380
MCQhard

An administrator deploys a new WLAN on a Cisco 9800 WLC using WPA3-Personal (SAE) with AES encryption. A single 802.11ax laptop running Windows 10 fails to connect, displaying an authentication timeout despite entering the correct passphrase. Other clients, including legacy 802.11ac devices, connect without issue.

A.The WLC’s WLAN is misconfigured for WPA3-Enterprise, and the laptop lacks a supplicant for 802.1X authentication.
B.The laptop’s wireless adapter does not support Protected Management Frames, which are mandatory for WPA3-Personal.
C.The WLC has disabled 802.11ax OFDMA on the 5 GHz band, preventing the 802.11ax laptop from associating.
D.The laptop’s driver is configured for 160 MHz channel width, which is incompatible with the WLC’s channel plan, causing authentication to fail.
AnswerB

PMF is a prerequisite for WPA3. If the client cannot negotiate PMF, the SAE authentication will time out. This explains why only that laptop fails, even though it supports 802.11ax.

Why this answer

WPA3-Personal (SAE) mandates the use of Protected Management Frames (PMF) as defined in IEEE 802.11w. If the laptop's wireless adapter or driver does not support PMF, it cannot complete the SAE handshake, resulting in an authentication timeout. Legacy 802.11ac clients can connect because they are using WPA2, which does not require PMF.

Exam trap

Cisco often tests the mandatory dependency of Protected Management Frames (802.11w) for WPA3-Personal, leading candidates to incorrectly attribute the failure to channel width or OFDMA incompatibility.

Why the other options are wrong

A

Misidentifying the WLAN security type: WPA3-Personal does not require an enterprise supplicant, so this is not the cause.

C

Confusing radio resource management with connection establishment: OFDMA settings do not block initial association, only data transmission efficiency.

D

Misattributing connection failures to channel bandwidth settings; these are negotiated after successful association and do not impact the 802.11 authentication and association phases.

381
MCQhard

Two routers, R1 and R2, are connected via a serial link. The interface on R1 shows 'Serial0/0 is up, line protocol is down' and no pings succeed across the link. You check the configuration and notice R1 has 'encapsulation ppp' but R2's serial interface was mistakenly left at the default encapsulation hdlc.

A.The IP addresses on the serial interfaces are in different subnets, so packets are dropped at Layer 3.
B.The mismatched encapsulation types prevent the routers from forming a Layer 2 connection, so the line protocol remains down.
C.The serial cable is faulty, causing physical layer issues that trigger the line protocol down state.
D.The routers are missing a routing protocol configuration, so they cannot route traffic across the link.
AnswerB

With PPP on one end and HDLC on the other, the L2 frames are incompatible. The receiving router cannot decode the incoming frame, and L2 keepalives fail, causing the line protocol to drop.

Why this answer

Option B is correct because the line protocol on a serial interface requires both ends to agree on the Layer 2 encapsulation type. R1 is configured with PPP (encapsulation ppp), while R2 defaults to HDLC. Since these encapsulations are incompatible, the routers cannot establish a valid Layer 2 connection, causing the line protocol to remain down despite the physical layer being up.

Exam trap

Cisco often tests the distinction between 'line protocol is down' (Layer 2 issue) and 'Serial0/0 is down' (Layer 1 issue), and candidates mistakenly attribute a line protocol down state to physical problems or IP addressing errors rather than encapsulation mismatch.

Why the other options are wrong

A

The line protocol down state is a Layer 2 indicator, not a Layer 3 problem. It reflects the failure of the data link layer to establish a connection, independent of IP addressing.

C

The 'interface up' part of the status explicitly confirms that the physical layer (Layer 1) is operational. A faulty cable would cause both physical and line protocol to show down.

D

Line protocol down indicates a Layer 2 failure, which occurs before any routing decision. Even without a routing protocol, the line protocol would come up if Layer 2 were functional, because the interface status is independent of routing.

382
MCQhard

A technician is troubleshooting a connectivity issue where a workstation connected to a Cisco switch port cannot ping other hosts that are in the same VLAN 10 segment. The technician runs the show mac address-table command and notices that the workstation's MAC address is listed on VLAN 1, not VLAN 10. What is the most likely cause?

A.The switch port is not configured with the switchport access vlan 10 command.
B.The switch port is configured as a trunk with native VLAN 1.
C.The MAC address table contains a stale entry that must be cleared.
D.Spanning Tree Protocol has placed the port in a blocking state.
AnswerA

When an access port's VLAN is not explicitly set, the port defaults to VLAN 1. The workstation's MAC is learned on VLAN 1, causing connectivity failure with VLAN 10 hosts. Adding the switchport access vlan 10 command resolves the issue.

Why this answer

The workstation's MAC address appears in VLAN 1 instead of VLAN 10 because the switch port is operating in the default VLAN (VLAN 1). The most likely cause is that the port has not been explicitly assigned to VLAN 10 using the `switchport access vlan 10` command. Without this command, the port remains in its default access VLAN (VLAN 1), so all frames from the workstation are associated with VLAN 1, preventing communication with hosts in VLAN 10.

Exam trap

Cisco often tests the default VLAN behavior (VLAN 1) and the fact that an access port without an explicit VLAN assignment remains in VLAN 1, leading candidates to overlook the missing `switchport access vlan` command and instead blame trunking, STP, or MAC table aging.

Why the other options are wrong

B

Candidates often assume any VLAN mismatch with VLAN 1 indicates a trunk misconfiguration, but a missing access VLAN is the more common and direct cause.

C

Candidates might think that an outdated MAC record is causing the VLAN display, but the dynamic learning process reflects the actual port VLAN.

D

Tempting because a blocked port can disrupt connectivity, but the MAC address table entry would still appear on the correct VLAN, not default to VLAN 1.

383
Drag & Dropmedium

Drag and drop the following steps into the correct order to replace a faulty SFP module on a Cisco switch and verify the fiber interface.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4

Why this order

To replace a faulty SFP, first disconnect the cable to avoid damage, then remove the old module, insert the new one, reconnect the cable, and finally verify the interface is operational.

Exam trap

A common trap is to think you should remove the module before disconnecting the cable, but this can damage the fiber connector. Always disconnect cables first when working with optical modules.

384
MCQmedium

Exhibit: A host on VLAN 10 can ping the local SVI but not a server in VLAN 20. The Layer 3 switch has both VLAN interfaces up. What is the next item to verify first?

A.Whether the server in VLAN 20 has the correct default gateway
B.Whether the switch should disable IP routing
C.Whether VLAN 10 should be the native VLAN
D.Whether the host should use a /8 mask instead of /24
AnswerA

End-host gateway issues are a very common reason for one-way inter-VLAN failures.

Why this answer

If the source host can reach its own default gateway, the local VLAN and access port are probably fine. The next practical check is whether the server in VLAN 20 has the correct IP address, mask, and default gateway configured.

Exam trap

A frequent exam trap is to overlook the remote device’s default gateway configuration and instead suspect the Layer 3 switch’s routing or VLAN setup. Candidates often assume that because the VLAN interfaces are up, routing must be functional. However, if the server in VLAN 20 lacks the correct default gateway pointing to its VLAN SVI, it cannot return traffic to the source host, causing failed pings.

This one-way communication failure can mislead candidates into troubleshooting switch settings unnecessarily, wasting time and missing the root cause.

Why the other options are wrong

B

Disabling IP routing on the Layer 3 switch would prevent inter-VLAN routing entirely. Since both VLAN interfaces are up and the host can ping its local SVI, IP routing is likely enabled, so this is not the first item to verify.

C

The native VLAN setting affects untagged traffic on trunk links but does not directly impact inter-VLAN routing or the ability of hosts to communicate across VLANs. It is not the primary cause of the described symptom.

D

Using a /8 mask instead of /24 would cause subnetting issues, but since the host can ping its own VLAN interface, the subnet mask is likely correct. This is not the first or most probable cause of the problem.

385
MCQhard

A host address is 10.10.10.14/29. Which address is the broadcast address for its subnet?

A.10.10.10.7
B.10.10.10.15
C.10.10.10.8
D.10.10.10.16
AnswerB

This is correct because .14 is in the 8–15 /29 subnet.

Why this answer

A /29 subnet has a block size of 8. In practical terms, the fourth-octet ranges are 0–7, 8–15, 16–23, and so on. Since 14 falls in the 8–15 block, the broadcast address is the last address in that block, which is 10.10.10.15.

This is a classic subnetting question that checks whether you can find the block first and then identify the final address in that block.

Exam trap

Avoid confusing the network address or a host address with the broadcast address. Remember, the broadcast address is the last address in the subnet range.

Why the other options are wrong

A

Option A, 10.10.10.7, is incorrect because it does not represent the broadcast address for the subnet defined by 10.10.10.14/29. The correct broadcast address is 10.10.10.15, which is the highest address in the subnet range.

C

The address 10.10.10.8 is not the broadcast address for the subnet 10.10.10.14/29. The correct broadcast address is 10.10.10.15, which is the highest address in the subnet range from 10.10.10.8 to 10.10.10.15.

D

The address 10.10.10.16 is outside the subnet defined by 10.10.10.14/29, which includes addresses from 10.10.10.8 to 10.10.10.15. Therefore, it cannot be the broadcast address for this subnet.

386
Matchingmedium

Drag and drop the layer names on the left to the correct PDU names on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Segment

Packet

Frame

Bits

Data

Why these pairings

In the OSI model, each layer has a specific PDU name: Application layer uses Data, Transport uses Segment, Network uses Packet, Data Link uses Frame, Physical uses Bits.

Exam trap

A common trap is mixing up the PDU names for adjacent layers, especially confusing 'Packet' (Layer 3) with 'Frame' (Layer 2) or 'Segment' (Layer 4). Remember the order: Data, Segment, Packet, Frame, Bits.

387
MCQhard

A host with address 172.16.5.10/23 wants to determine whether 172.16.6.20 is on the same local network. What is the correct conclusion?

A.It is on the same local network because both addresses begin with 172.16.
B.It is on the same local network because /23 covers all addresses in 172.16.5.x and 172.16.6.x
C.It is on a different network, so the host should use the default gateway
D.It is on a different network, so ARP will resolve it across the router automatically
AnswerC

This is correct because 172.16.6.20 is not in the same /23 network as 172.16.5.10.

Why this answer

A /23 prefix covers two consecutive /24 ranges. In plain language, that means the network boundaries move in blocks of 2 in the third octet. The address 172.16.5.10/23 belongs to the 172.16.4.0/23 network, which covers 172.16.4.x and 172.16.5.x. The destination 172.16.6.20 belongs to a different /23 block, so it is not on the same local network.

This question checks whether you can think beyond default /24 boundaries and understand how a broader prefix changes the local network range. The host would therefore need to use its default gateway to reach 172.16.6.20, because that destination is off-subnet relative to the /23 in use.

Exam trap

Don't assume addresses with the same initial octets are in the same subnet; always calculate based on the subnet mask.

Why the other options are wrong

A

This option is incorrect because the addresses 172.16.5.10 and 172.16.6.20 belong to different subnets; 172.16.6.20 is in the 172.16.6.0/23 subnet, while 172.16.5.10 is in the 172.16.5.0/23 subnet.

B

This option is incorrect because a /23 subnet mask allows for addresses in the range of 172.16.4.0 to 172.16.5.255, meaning 172.16.6.20 is outside this range and not on the same local network.

D

Option D is incorrect because ARP (Address Resolution Protocol) operates within the same local network and cannot resolve addresses across routers. Since 172.16.6.20 is on a different network than 172.16.5.10, ARP cannot automatically resolve it.

388
PBQmedium

You are connected to the console of R1. The network has a point-to-point serial link between R1 and R2. The link is down and the line protocol is down. The cable is a DCE/DTE crossover, and R1 is the DCE. The initial configuration shows the interface with an IP address but no clock rate set.

Network Topology
S0/0/0 .1/30S0/0/0 .2/30serial DCER1R2

Hints

  • The DCE side must provide the clock rate.
  • Check the cable type using 'show controllers'.
  • Common clock rates are 64000, 128000, 256000, etc.
A.Configure the clock rate on R1's serial interface.
B.Configure the clock rate on R2's serial interface.
C.Replace the serial cable with a straight-through cable.
D.Set the encapsulation on both ends to PPP.
AnswerA
solution
! R1
interface Serial0/0/0
clock rate 128000

Why this answer

On a serial DCE cable, the DCE end must configure a clock rate to provide timing. Without it, the line protocol stays down. Setting 'clock rate 128000' on R1 resolved the issue.

Exam trap

Remember that 'down/down' indicates a Layer 1 issue. On serial links, the DCE must provide clocking. Do not confuse DCE/DTE roles or jump to Layer 2 solutions like encapsulation.

Why the other options are wrong

B

The DTE end does not set clock rate; only the DCE end does.

C

Serial cables are always DCE/DTE crossover; straight-through cables are for Ethernet.

D

Encapsulation mismatch causes protocol down, not line protocol down; the line protocol is down due to no clock.

389
Matchingmedium

Match each IPv4-related concept to its most accurate role.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Defines which destinations are local versus remote

Next hop used for off-subnet traffic

Address used to reach all hosts in the local subnet

Address identifying one device in the subnet

Why these pairings

The subnet mask defines the network and host portions of an IP address, allowing a host to determine which destinations are on the local subnet versus remote. The default gateway is the local router that forwards traffic destined for other subnets. The broadcast address is used to send a packet to all hosts within the local subnet simultaneously.

The host address uniquely identifies one specific device on that subnet.

Exam trap

Do not confuse the function of the IP address with other network layer concepts like subnet mask or default gateway. The IP address is the unique identifier for a host.

390
MCQeasy

Which IPv6 address type is automatically created on an interface and used for link-local communication?

A.Unique local
B.Global unicast
D.Anycast
AnswerC

Correct. Link-local addresses are auto-created and used locally.

Why this answer

IPv6 interfaces automatically generate a link-local address in FE80::/10 for local-segment functions such as neighbor discovery.

Exam trap

Be careful not to confuse link-local addresses with global or unique local addresses, which are not automatically generated and serve different purposes.

Why the other options are wrong

A

Unique local addresses (ULAs) are designed for local communications within a site and are not automatically created on an interface for local-link communication. They require manual configuration and are not used for link-local purposes.

B

Global unicast addresses are routable addresses used for communication over the internet and are not automatically created for local-link communication. They require configuration and are not limited to a single local network segment.

D

Anycast addresses are not automatically created on an interface for local-link communication; they are assigned to multiple interfaces to allow for routing to the nearest one. Therefore, they do not serve the same purpose as link-local addresses.

← PreviousPage 6 of 6 · 390 questions total

Ready to test yourself?

Try a timed practice session using only Network Infra Connectivity questions.