Back to ENCOR 350-401 questions

Scenario-based practice

NAT and PAT Configuration Scenarios

Practise 350-401 NAT and PAT questions covering address translation types, inside/outside interface roles, static vs dynamic vs PAT, and troubleshooting missing or incorrect translations.

15
scenario questions
350-401
exam code
Cisco
vendor

Scenario guide

How to approach nat and pat configuration scenarios

NAT and PAT questions cover static NAT (one-to-one), dynamic NAT (pool-based), and PAT/overload (many-to-one using port numbers). The CCNA asks you to read NAT table output, fix misconfigured NAT, and match the right NAT type to a scenario.

Quick answer

NAT questions usually test how private addresses are translated, when to use static NAT, dynamic NAT or PAT, and how inside/outside interfaces affect traffic flow.

Static NAT, dynamic NAT and PAT behaviour.

Inside local, inside global, outside local and outside global address meanings.

How NAT affects connectivity between private networks and public destinations.

How to troubleshoot NAT rules, ACL matches and interface direction.

Related practice questions

Related 350-401 topic practice pages

Scenario questions usually connect to one or more exam topics. Use these links to review the underlying concepts behind the scenario.

Practice set

Practice scenarios

Question 1mediumdrag order
Read the full VRF explanation →

Drag and drop the steps of VRF-aware NAT configuration for path isolation into the correct order, from first to last.

Question 2hardmultiple choice
Read the full NAT/PAT explanation →

A network engineer issues the following command on Router R6:

R6# show ip nat translations

Pro Inside global Inside local Outside local Outside global --- 192.168.1.100 10.0.0.10 --- --- --- 192.168.1.101 10.0.0.11 --- --- udp 192.168.1.100:1234 10.0.0.10:1234 203.0.113.5:53 203.0.113.5:53 tcp 192.168.1.101:80 10.0.0.11:80 198.51.100.2:443 198.51.100.2:443

Based on this output, what is true about the NAT translations?

Question 3mediummultiple choice
Read the full NAT/PAT explanation →
interface GigabitEthernet0/0
 ip address 10.0.0.1 255.255.255.0
 ip nat outside

!

interface GigabitEthernet0/1
 ip address 192.168.1.1 255.255.255.0
 ip nat inside

!

access-list 1 permit 192.168.1.0 0.0.0.255

!

ip nat inside source list 1 interface GigabitEthernet0/0 overload

What is the effect of this configuration?

Question 4mediummultiple choice
Read the full NAT/PAT explanation →

A network engineer is configuring a Cisco router to provide internet access to a small office using a single public IP address assigned by the ISP. The engineer wants to allow internal hosts to initiate connections to the internet, but also needs to make a web server on the internal network reachable from the internet. The engineer configures a standard access list for NAT and an ip nat inside source list command. However, external users cannot reach the internal web server. What is the most likely cause?

Question 5hardmultiple choice
Read the full NAT/PAT explanation →

A network engineer is troubleshooting a NAT issue where an internal host cannot establish an SSH session to a remote server on the internet. The engineer checks the NAT translations on the border router and sees that the translation for the host's source IP is present. However, the SSH session times out. The engineer also notices that the remote server's IP is not in the NAT translation table. What is the most likely cause?

Question 6hardmultiple choice
Read the full NAT/PAT explanation →

A network engineer is configuring NAT overload (PAT) on a Cisco router to allow multiple internal hosts to share a single public IP address. The engineer uses the command ip nat inside source list 1 interface GigabitEthernet0/0 overload. After testing, internal hosts can access the internet, but some applications fail intermittently. The engineer suspects a NAT issue. What is the most likely cause?

Question 7easymultiple choice
Read the full NAT/PAT explanation →

A network engineer is configuring NAT on a Cisco router to allow internal hosts to access the internet. The engineer uses the command ip nat inside source list 100 interface GigabitEthernet0/0 overload, where access list 100 permits only the 10.0.0.0/8 network. After testing, hosts in the 10.0.0.0/8 network can access the internet, but hosts in the 172.16.0.0/16 network cannot. The engineer verifies that the 172.16.0.0/16 hosts have connectivity to the router. What is the most likely cause?

Question 8hardmultiple choice
Read the full NAT/PAT explanation →

A network engineer is configuring NAT on a Cisco router to allow internal hosts to access the internet. The engineer uses the command ip nat inside source static tcp 192.168.1.10 80 203.0.113.1 80. After testing, external users can access the internal web server using the public IP. However, internal hosts cannot access the web server using the public IP. What is the most likely cause?

Question 9mediummultiple choice
Read the full NAT/PAT explanation →

A network engineer runs the following command on Router R1:

R1# show ip nat translations

Pro Inside global Inside local Outside local Outside global --- 192.0.2.10 10.0.0.10 --- --- --- 192.0.2.11 10.0.0.11 --- ---

Based on this output, what can be concluded?

Question 10hardmultiple choice
Read the full NAT/PAT explanation →

A network engineer runs the following command on Router R5:

R5# show ip nat translations

Pro Inside global Inside local Outside local Outside global udp 192.0.2.20:1234 10.0.0.20:1234 203.0.113.1:53 203.0.113.1:53 tcp 192.0.2.20:5678 10.0.0.20:5678 198.51.100.1:80 198.51.100.1:80

Based on this output, what can be concluded?

Question 11hardmultiple choice
Read the full NAT/PAT explanation →

A network engineer runs the following command on Router R9:

R9# show ip nat translations

Pro Inside global Inside local Outside local Outside global udp 192.0.2.20:1234 10.0.0.20:1234 203.0.113.1:53 203.0.113.1:53 tcp 192.0.2.20:5678 10.0.0.20:5678 198.51.100.1:80 198.51.100.1:80 --- 192.0.2.21 10.0.0.21 --- ---

Based on this output, what can be concluded?

Question 12hardmultiple choice
Read the full NAT/PAT explanation →

A network engineer runs the following command on Router R3:

R3# show ip nat statistics

Total active translations: 5 (0 static, 5 dynamic; 5 extended) Outside interfaces: GigabitEthernet0/0 Inside interfaces: GigabitEthernet0/1 Hits: 1234 Misses: 5 CEF Translated packets: 1200, CEF Punted packets: 34 Expired translations: 10 Dynamic mappings: -- Inside Source

[Id] ip nat pool POOL1 203.0.113.1 203.0.113.10 netmask 255.255.255.240

refcount 5

Based on this output, what can be concluded?

Question 13mediummultiple choice
Read the full NAT/PAT explanation →

A network engineer runs the following command on Router R7:

R7# show ip nat translations verbose

Pro Inside global Inside local Outside local Outside global --- 192.0.2.10 10.0.0.10 --- --- create: 03/01/2025 09:00:00, use: 03/01/2025 09:05:00 timeout: never, flags: static --- 192.0.2.11 10.0.0.11 --- --- create: 03/01/2025 09:00:00, use: 03/01/2025 09:06:00 timeout: never, flags: static

Based on this output, what can be concluded?

Question 14mediummultiple choice
Read the full NAT/PAT explanation →

Given this NAT configuration: ```

interface GigabitEthernet0/0
 ip address 10.0.0.1 255.255.255.0
 ip nat inside

!

interface GigabitEthernet0/1
 ip address 198.51.100.1 255.255.255.0
 ip nat outside

!

ip nat inside source static 10.0.0.5 198.51.100.5

``` What is the purpose of this configuration?

Question 15easymultiple choice
Read the full NAT/PAT explanation →

Which type of NAT translates multiple inside addresses to a single outside address using different port numbers?

These 350-401 practice questions are part of Courseiva's free Cisco certification practice question bank. Courseiva provides original exam-style 350-401 questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.