350-401 · topic practice

NAT and DHCP practice questions

Practise 350-401 DHCP questions covering DORA flow, scopes, excluded addresses, default gateway options, helper addresses, and troubleshooting clients that receive APIPA or cannot get an IP address.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: NAT and DHCP

What the exam tests

What to know about NAT and DHCP

DHCP questions usually test address assignment, scopes, relay agents, excluded addresses and why a client cannot obtain an IP address.

DHCP discovery, offer, request and acknowledgement flow.

DHCP scopes, excluded addresses and default gateway options.

DHCP relay using helper addresses.

Troubleshooting clients that receive APIPA or no address.

Why learners struggle

Why NAT and DHCP questions are commonly missed

DHCP questions are missed when learners overlook the relay agent requirement for cross-subnet assignments, or assume that because a DHCP server exists, a client will always get an address. Routing, relay, scope, and exclusion details all affect the outcome.

  • ·DHCP relay required — clients on a different subnet cannot broadcast to a remote DHCP server without a helper address
  • ·Excluded addresses — addresses in an excluded range are never offered, even if they are in the scope
  • ·Default gateway option — must match the client subnet, not the server's subnet
  • ·APIPA address (169.254.x.x) — indicates DHCP discovery failed, not a server response
  • ·DORA flow — Discovery, Offer, Request, Acknowledgement; missing any step breaks assignment
  • ·Scope exhaustion — a full scope returns no addresses even when the server is reachable

Watch out for

Common NAT and DHCP exam traps

  • A DHCP server on another subnet usually requires a relay/helper address.
  • Excluded addresses are not offered to clients.
  • The default gateway option must match the client subnet.
  • A client can fail even when the server exists if routing or relay is wrong.

Practice set

NAT and DHCP questions

20 questions · select your answer, then reveal the explanation

Question 1mediummultiple choice
Read the full DHCP explanation →

A network engineer is configuring a Cisco router to provide internet access to a small office using a single public IP address assigned by the ISP. The engineer wants to allow internal hosts to initiate connections to the internet, but also needs to make a web server on the internal network reachable from the internet. The engineer configures a standard access list for NAT and an ip nat inside source list command. However, external users cannot reach the internal web server. What is the most likely cause?

Question 2mediummultiple choice
Open the full VLAN trunking answer →

A network engineer is troubleshooting a DHCP issue on a Cisco router configured as a DHCP server for a VLAN. Clients in the VLAN are able to obtain IP addresses from the DHCP server, but they are not receiving the correct DNS server address. The engineer checks the DHCP pool configuration and sees the dns-server command is configured with the correct IP address. What is the most likely cause of the problem?

Question 3hardmultiple choice
Read the full DHCP explanation →

A network engineer is configuring NAT overload (PAT) on a Cisco router to allow multiple internal hosts to share a single public IP address. The engineer uses the command ip nat inside source list 1 interface GigabitEthernet0/0 overload. After testing, internal hosts can access the internet, but some applications fail intermittently. The engineer suspects a NAT issue. What is the most likely cause?

Question 4mediummultiple choice
Open the full VLAN trunking answer →

A network engineer is configuring a Cisco router as a DHCP relay agent to forward DHCP requests from a client VLAN to a centralized DHCP server located in a different subnet. The engineer configures the ip helper-address command on the VLAN interface. However, clients in the VLAN are not receiving IP addresses. The DHCP server is reachable from the router. What is the most likely cause?

Question 5hardmultiple choice
Read the full DHCP explanation →

A network engineer is troubleshooting a NAT issue where an internal host cannot establish an SSH session to a remote server on the internet. The engineer checks the NAT translations on the border router and sees that the translation for the host's source IP is present. However, the SSH session times out. The engineer also notices that the remote server's IP is not in the NAT translation table. What is the most likely cause?

Question 6easymultiple choice
Read the full DHCP explanation →

A network engineer is configuring a Cisco router to act as a DHCP server for a branch office. The engineer creates a DHCP pool for the 192.168.1.0/24 subnet and configures the default-router, dns-server, and domain-name options. However, clients are able to obtain IP addresses but cannot ping the default gateway. The engineer verifies that the router's interface IP is 192.168.1.1. What is the most likely cause?

Question 7easymultiple choice
Read the full DHCP explanation →

A network engineer is configuring NAT on a Cisco router to allow internal hosts to access the internet. The engineer uses the command ip nat inside source list 100 interface GigabitEthernet0/0 overload, where access list 100 permits only the 10.0.0.0/8 network. After testing, hosts in the 10.0.0.0/8 network can access the internet, but hosts in the 172.16.0.0/16 network cannot. The engineer verifies that the 172.16.0.0/16 hosts have connectivity to the router. What is the most likely cause?

Question 8mediummultiple choice
Read the full DHCP explanation →

A network engineer is troubleshooting a DHCP issue where a client is not receiving an IP address from a Cisco router configured as a DHCP server. The engineer checks the DHCP pool configuration and sees that the network command is configured with the correct subnet. The engineer also verifies that the ip dhcp excluded-address command is not blocking any addresses. However, the client's DHCP discover message is not reaching the router. What is the most likely cause?

Question 9hardmultiple choice
Read the full DHCP explanation →

A network engineer is configuring NAT on a Cisco router to allow internal hosts to access the internet. The engineer uses the command ip nat inside source static tcp 192.168.1.10 80 203.0.113.1 80. After testing, external users can access the internal web server using the public IP. However, internal hosts cannot access the web server using the public IP. What is the most likely cause?

Question 10mediummultiple choice
Read the full DHCP explanation →

A network engineer runs the following command on Router R1:

R1# show ip nat translations

Pro Inside global Inside local Outside local Outside global --- 192.0.2.10 10.0.0.10 --- --- --- 192.0.2.11 10.0.0.11 --- ---

Based on this output, what can be concluded?

Question 11mediummultiple choice
Read the full DHCP explanation →

A network engineer runs the following command on Router R2:

R2# debug ip dhcp server events
*Mar  1 00:05:23.123: DHCPD: DHCPDISCOVER received from client 0063.6973.636f.2d30.3030.302e.3030.3030.2e30.3030.312d.4574.30 on interface GigabitEthernet0/1
*Mar  1 00:05:23.124: DHCPD: Sending DHCPOFFER to client 0063.6973.636f.2d30.3030.302e.3030.3030.2e30.3030.312d.4574.30 (10.0.0.2)
*Mar  1 00:05:23.125: DHCPD: DHCPREQUEST received from client 0063.6973.636f.2d30.3030.302e.3030.3030.2e30.3030.312d.4574.30
*Mar  1 00:05:23.126: DHCPD: Sending DHCPACK to client 0063.6973.636f.2d30.3030.302e.3030.3030.2e30.3030.312d.4574.30 (10.0.0.2)

Based on this debug output, what can be concluded?

Question 12hardmultiple choice
Read the full DHCP explanation →

A network engineer runs the following command on Router R3:

R3# show ip nat statistics

Total active translations: 5 (0 static, 5 dynamic; 5 extended) Outside interfaces: GigabitEthernet0/0 Inside interfaces: GigabitEthernet0/1 Hits: 1234 Misses: 5 CEF Translated packets: 1200, CEF Punted packets: 34 Expired translations: 10 Dynamic mappings: -- Inside Source

[Id] ip nat pool POOL1 203.0.113.1 203.0.113.10 netmask 255.255.255.240

refcount 5

Based on this output, what can be concluded?

Question 13mediummultiple choice
Read the full DHCP explanation →

A network engineer runs the following command on Router R4:

R4# show ip dhcp binding

Bindings from all pools not associated with VRF:

IP address       Client-ID/              Lease expiration        Type

Hardware address/ User name

10.0.0.10        0063.6973.636f.2d30.    Mar 01 2025 12:00 PM   Automatic
                 3030.302e.3030.3030.
                 2e30.3030.312d.4574.

30

10.0.0.11        0063.6973.636f.2d30.    Mar 01 2025 12:05 PM   Automatic
                 3030.302e.3030.3030.
                 2e30.3030.312d.4574.

31

Based on this output, what can be concluded?

Question 14hardmultiple choice
Read the full DHCP explanation →

A network engineer runs the following command on Router R5:

R5# show ip nat translations

Pro Inside global Inside local Outside local Outside global udp 192.0.2.20:1234 10.0.0.20:1234 203.0.113.1:53 203.0.113.1:53 tcp 192.0.2.20:5678 10.0.0.20:5678 198.51.100.1:80 198.51.100.1:80

Based on this output, what can be concluded?

Question 15mediummultiple choice
Read the full DHCP explanation →

A network engineer runs the following command on Router R6:

R6# show ip dhcp conflict
IP address       Detection method     Detection time         VRF
10.0.0.10        Ping                 Mar 01 2025 10:00 AM   default
10.0.0.15        Gratuitous ARP       Mar 01 2025 10:05 AM   default

Based on this output, what can be concluded?

Question 16mediummultiple choice
Read the full DHCP explanation →

A network engineer runs the following command on Router R7:

R7# show ip nat translations verbose

Pro Inside global Inside local Outside local Outside global --- 192.0.2.10 10.0.0.10 --- --- create: 03/01/2025 09:00:00, use: 03/01/2025 09:05:00 timeout: never, flags: static --- 192.0.2.11 10.0.0.11 --- --- create: 03/01/2025 09:00:00, use: 03/01/2025 09:06:00 timeout: never, flags: static

Based on this output, what can be concluded?

Question 17hardmultiple choice
Read the full DHCP explanation →

A network engineer runs the following command on Router R8:

R8# show ip dhcp server statistics

Memory usage: 12345 Address pools: 2 Database agents: 0 Automatic bindings: 10 Manual bindings: 2 Expired bindings: 1 Malformed messages: 0

Message Received

BOOTREQUEST    0

DHCPDISCOVER 100 DHCPREQUEST 95 DHCPDECLINE 1 DHCPRELEASE 2 DHCPINFORM 0

Based on this output, what can be concluded?

Question 18hardmultiple choice
Read the full DHCP explanation →

A network engineer runs the following command on Router R9:

R9# show ip nat translations

Pro Inside global Inside local Outside local Outside global udp 192.0.2.20:1234 10.0.0.20:1234 203.0.113.1:53 203.0.113.1:53 tcp 192.0.2.20:5678 10.0.0.20:5678 198.51.100.1:80 198.51.100.1:80 --- 192.0.2.21 10.0.0.21 --- ---

Based on this output, what can be concluded?

Question 19mediummultiple choice
Read the full DHCP explanation →

Consider the following configuration snippet: ```

interface GigabitEthernet0/1
 ip address 192.168.1.1 255.255.255.0
 ip nat inside

!

interface GigabitEthernet0/2
 ip address 203.0.113.1 255.255.255.0
 ip nat outside

!

ip nat inside source list 1 interface GigabitEthernet0/2 overload
access-list 1 permit 192.168.1.0 0.0.0.255

``` What is the effect of this configuration?

Question 20mediummultiple choice
Read the full DHCP explanation →

Examine this DHCP configuration: ```

ip dhcp pool POOL1
 network 10.10.10.0 255.255.255.0

default-router 10.10.10.1 dns-server 8.8.8.8 lease 0 12 !

ip dhcp excluded-address 10.10.10.1 10.10.10.10

``` Which statement is true?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused NAT and DHCP sessions

Start a NAT and DHCP only practice session

Every question in these sessions is drawn from the NAT and DHCP domain — nothing else.

Related practice questions

Related 350-401 topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the 350-401 exam test about NAT and DHCP?
DHCP questions usually test address assignment, scopes, relay agents, excluded addresses and why a client cannot obtain an IP address.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just NAT and DHCP questions in a focused session?
Yes — the session launcher on this page draws every question from the NAT and DHCP domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other 350-401 topics?
Use the topic links above to move to related areas, or go back to the 350-401 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the 350-401 exam covers. They are not copied from any real exam or dump site.