Back to Cisco DCCOR / CCNP Data Center Core 350-601 questions

Scenario-based practice

DHCP Troubleshooting Scenarios

Practise 350-601 DHCP questions covering DORA flow, scopes, excluded addresses, default gateway options, helper addresses, and troubleshooting clients that receive APIPA or cannot get an IP address.

12
scenario questions
350-601
exam code
Cisco
vendor

Scenario guide

How to approach dhcp troubleshooting scenarios

DHCP questions cover server configuration, relay agents (ip helper-address), DHCP snooping, and the four-step DORA handshake. Common exam scenarios: a host isn't getting an IP, a relay agent isn't forwarding requests, or a rogue DHCP server is handing out wrong addresses.

Quick answer

DHCP questions usually test address assignment, scopes, relay agents, excluded addresses and why a client cannot obtain an IP address.

DHCP discovery, offer, request and acknowledgement flow.

DHCP scopes, excluded addresses and default gateway options.

DHCP relay using helper addresses.

Troubleshooting clients that receive APIPA or no address.

Related practice questions

Related 350-601 topic practice pages

Scenario questions usually connect to one or more exam topics. Use these links to review the underlying concepts behind the scenario.

Practice set

Practice scenarios

Question 1hardmultiple choice
Read the full DHCP explanation →

A network administrator suspects that a rogue DHCP server is active on the data center network. The switches are Cisco Nexus 9000 series running NX-OS. Which configuration should be applied to prevent DHCP spoofing?

Question 2easymultiple choice
Open the full VLAN trunking answer →

A network engineer is configuring DHCP snooping on a Cisco Nexus 9000 switch to prevent rogue DHCP server attacks. The switch connects to the legitimate DHCP server on Ethernet 1/1. Clients are connected to ports Ethernet 1/2 through 1/24. The engineer enables DHCP snooping globally and on VLAN 10, but clients are unable to obtain IP addresses from the DHCP server. Other connectivity between clients and the server works (e.g., static IPs). What is the most likely cause and solution?

Question 3easymultiple choice
Open the full VLAN trunking answer →

A startup company is deploying a new web application on UCS B-Series blades. They want to use PXE boot for rapid provisioning. The network team has configured a DHCP server and a PXE server on the same VLAN as the UCS service profiles. The system administrator creates a service profile for a blade and sets the boot policy to 'PXE' as the first boot device, and local disk as second. However, when the blade powers on, it boots from the local disk instead of PXE. The PXE server logs show no request from the blade's MAC address. The DHCP server logs show no activity. The fabric interconnect is configured with a default VLAN. What is the most likely cause?

Question 4hardmultiple choice
Read the full DHCP explanation →

An attacker attempts to spoof a legitimate client's IP address to intercept traffic. DHCP snooping is enabled. Which feature prevents this spoofing by validating source IP in data packets?

Question 5mediummultiple choice
Read the full DHCP explanation →

A network administrator configures DHCP snooping on a Nexus 9000 switch. The legitimate DHCP server is connected to Ethernet 1/1. An unauthorized DHCP server is detected on Ethernet 1/2. Which action should be taken to prevent the unauthorized server from offering IP addresses?

Question 6mediummulti select
Read the full DHCP explanation →

Which THREE security features are commonly used on Cisco Nexus switches to prevent DHCP-based attacks? (Choose three.)

Question 7mediummulti select
Read the full DHCP explanation →

Which TWO security features rely on the DHCP snooping binding table? (Select exactly 2)

Question 8easymultiple choice
Read the full DHCP explanation →

A data center switch has DHCP snooping enabled globally. Which of the following is a best practice to ensure DHCP server legitimacy?

Question 9easymultiple choice
Open the full VLAN trunking answer →

Refer to the exhibit. A DHCP server is connected to Ethernet1/1 and a client in VLAN 10 is connected to Ethernet1/2. The client obtains an IP address. Which statement is best supported?

Exhibit

```
ip dhcp snooping
ip dhcp snooping vlan 10,20
interface Ethernet1/1
  ip dhcp snooping trust
interface Ethernet1/2
  ip dhcp snooping verify mac-address
```
Question 10mediummultiple choice
Read the full DHCP explanation →

Refer to the exhibit. A client connected to Ethernet1/2 cannot obtain an IP address via DHCP. What is the most likely cause?

Exhibit

Switch# show running-config | section interface
interface Ethernet1/1
 description DHCP Server
 switchport mode access
!
interface Ethernet1/2
 description Client
 switchport mode access
 ip verify source
!
ip dhcp snooping
ip dhcp snooping vlan 10
ip dhcp snooping information option
Question 11hardmultiple choice
Open the full VLAN trunking answer →

An engineer is troubleshooting a DHCP issue in a data center VLAN. Clients are unable to obtain IP addresses from the DHCP server. The switch has DHCP snooping enabled on the VLAN, and the DHCP server is connected to a trusted port. The clients are on untrusted ports. Which additional security feature is most likely causing the problem if the DHCP server is on a different subnet and the switch is not configured as a DHCP relay?

Question 12hardmultiple choice
Open the full VLAN trunking answer →

An organization is deploying Cisco Nexus 9000 switches with NX-OS and needs to prevent ARP spoofing attacks. The network engineer enables Dynamic ARP Inspection (DAI) on all VLANs. However, some legitimate hosts are unable to obtain IP addresses via DHCP. What is the most likely reason?

These 350-601 practice questions are part of Courseiva's free Cisco certification practice question bank. Courseiva provides original exam-style 350-601 questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.