CCNA Devnet Network Fundamentals Questions

24 of 99 questions · Page 2/2 · Devnet Network Fundamentals topic · Answers revealed

76
MCQmedium

Which of the following is a private IPv4 address range as defined by RFC 1918?

A.192.167.0.0/16
B.172.16.0.0/12
C.11.0.0.0/8
D.172.32.0.0/12
AnswerB

Correct. This is a private range.

Why this answer

Option B is correct because RFC 1918 defines the private IPv4 address range 172.16.0.0/12, which includes addresses from 172.16.0.0 to 172.31.255.255. These addresses are reserved for use within private networks and are not routable on the public internet.

Exam trap

Cisco often tests the exact boundaries of the 172.16.0.0/12 range, and the trap here is that candidates mistakenly think any address starting with 172 is private, but only 172.16.0.0 through 172.31.255.255 are reserved.

How to eliminate wrong answers

Option A is wrong because 192.167.0.0/16 is not a private range; the correct private range is 192.168.0.0/16, not 192.167.0.0/16. Option C is wrong because 11.0.0.0/8 is a public IP range (originally assigned to the US Department of Defense) and is not reserved by RFC 1918. Option D is wrong because 172.32.0.0/12 falls outside the RFC 1918 private block; the private range is 172.16.0.0/12, which covers 172.16.0.0 through 172.31.255.255, and 172.32.0.0 is in the public space.

77
MCQmedium

Which DNS record type is used to verify domain ownership for email security (SPF)?

A.A record
B.CNAME record
C.MX record
D.TXT record
AnswerD

TXT records can contain arbitrary text, including SPF data.

Why this answer

SPF (Sender Policy Framework) is stored in a TXT record.

78
MCQhard

In a wireless network using 802.11ac, which frequency band does the standard primarily operate in to achieve higher throughput?

A.5 GHz
B.2.4 GHz
C.6 GHz
D.Both 2.4 GHz and 5 GHz
AnswerA

Correct. 802.11ac uses 5 GHz.

Why this answer

802.11ac (Wi-Fi 5) operates exclusively in the 5 GHz band, allowing wider channels and higher throughput.

79
MCQeasy

Which transport layer protocol is used by HTTP and guarantees reliable delivery?

A.TCP
C.IP
D.UDP
AnswerA

Correct. HTTP uses TCP.

Why this answer

HTTP relies on TCP (Transmission Control Protocol) as its transport layer protocol because TCP provides reliable, connection-oriented data delivery. TCP ensures that all HTTP requests and responses are delivered in order, without loss or duplication, by using acknowledgments, retransmissions, and sequence numbers. This reliability is essential for HTTP, which expects complete and correct data transfer for web pages and resources.

Exam trap

Cisco often tests the distinction between transport layer protocols by pairing HTTP with TCP, but the trap here is that candidates may confuse HTTP's use of TCP with other protocols like UDP (used by DNS or VoIP) or think IP provides reliability, when in fact IP only handles routing and fragmentation without delivery guarantees.

How to eliminate wrong answers

Option B (ICMP) is wrong because ICMP is a network layer protocol used for error reporting and diagnostic functions (e.g., ping), not for transporting application data like HTTP. Option C (IP) is wrong because IP is a network layer protocol responsible for addressing and routing packets, not for reliable delivery at the transport layer. Option D (UDP) is wrong because UDP is a transport layer protocol that provides connectionless, unreliable delivery without acknowledgments or retransmissions, making it unsuitable for HTTP's requirement of guaranteed delivery.

80
MCQeasy

Which DNS record type is used to map a domain name to an IPv6 address?

A.A
B.AAAA
C.CNAME
D.MX
AnswerB

AAAA record maps to IPv6.

Why this answer

The AAAA (quad-A) record is the DNS resource record type defined in RFC 3596 to map a fully qualified domain name to a 128-bit IPv6 address. Unlike the A record, which stores a 32-bit IPv4 address, the AAAA record holds the longer IPv6 address, enabling clients to resolve hostnames to IPv6 destinations.

Exam trap

Cisco often tests the AAAA record by pairing it with the A record as a distractor, expecting candidates to remember that IPv6 uses four 'A's (AAAA) while IPv4 uses a single 'A', and that CNAME and MX serve entirely different purposes unrelated to address mapping.

How to eliminate wrong answers

Option A is wrong because the A record maps a domain name to a 32-bit IPv4 address, not an IPv6 address. Option C is wrong because the CNAME record creates an alias from one domain name to another canonical name, it does not store any IP address. Option D is wrong because the MX record specifies the mail exchange server responsible for accepting email on behalf of a domain, and it contains a hostname, not an IP address.

81
MCQmedium

A developer is writing a Python script to interact with a REST API. The API requires a JSON payload to create a new resource. Which HTTP method should be used?

A.POST
B.PATCH
C.PUT
D.GET
AnswerA

Correct. POST creates a new resource.

Why this answer

POST is used to create a new resource on the server.

82
MCQhard

A network engineer configures an HTTP/2 server. Which feature of HTTP/2 reduces overhead by compressing headers using HPACK?

A.Server push
B.Binary framing layer
C.HPACK
D.Multiplexed streams
AnswerC

HPACK is specifically designed for HTTP/2 header compression.

Why this answer

HPACK is the header compression mechanism specified for HTTP/2 (RFC 7541). It reduces overhead by encoding HTTP headers into a compact binary format using static and dynamic tables, eliminating redundant header data across requests. This directly addresses the question's focus on reducing overhead through header compression.

Exam trap

Cisco often tests the distinction between features that improve performance (multiplexing, server push) versus the specific mechanism for header compression (HPACK), leading candidates to confuse multiplexing or binary framing with compression.

How to eliminate wrong answers

Option A is wrong because server push is a feature that allows the server to send resources proactively before the client requests them, but it does not involve header compression. Option B is wrong because the binary framing layer is the foundation of HTTP/2 that encodes frames into binary format for efficient parsing, but it is not responsible for header compression; HPACK operates within this layer. Option D is wrong because multiplexed streams enable multiple concurrent requests and responses over a single TCP connection, reducing head-of-line blocking, but they do not compress headers.

83
MCQhard

A developer is building a real-time video streaming application that must minimize delay, even if some packets are lost. Which transport protocol is most appropriate, and why?

A.TCP, because it provides flow control to avoid congestion.
B.UDP, because it guarantees packet delivery.
C.TCP, because it ensures all packets arrive in order.
D.UDP, because it has lower overhead and no retransmission delay.
AnswerD

UDP minimizes delay, which is crucial for real-time streaming.

Why this answer

UDP is suitable for real-time streaming because it is connectionless and does not retransmit lost packets, reducing latency. TCP's retransmission and ordering would cause delays.

84
MCQmedium

In the context of SDN, which API is used between the SDN controller and the network devices to configure forwarding behavior?

AnswerC

Correct. Southbound APIs communicate with network devices.

Why this answer

Southbound APIs like OpenFlow, NETCONF, or gRPC communicate from controller to devices.

85
MCQhard

An engineer sees that a DNS query for 'www.example.com' returns a CNAME record. What does this mean?

A.The domain has multiple IP addresses
B.The domain uses IPv6
C.The IP address is directly provided
D.The domain is an alias for another domain
AnswerD

The CNAME points to the canonical name.

Why this answer

A CNAME (Canonical Name) record maps an alias domain name to another canonical domain name. When a DNS query for 'www.example.com' returns a CNAME record, it means 'www.example.com' is an alias for another domain (e.g., 'example.com'), and the resolver must perform a second query to obtain the actual A or AAAA record. This is defined in RFC 1035 and is used to simplify domain management.

Exam trap

Cisco often tests the misconception that a CNAME record directly provides an IP address, when in fact it only provides an alias that requires further resolution.

How to eliminate wrong answers

Option A is wrong because multiple IP addresses for a domain are indicated by multiple A or AAAA records, not by a CNAME record. Option B is wrong because IPv6 support is indicated by AAAA records, not CNAME records. Option C is wrong because a CNAME record does not directly provide an IP address; it redirects the query to another domain name, which then must be resolved to an IP address via an A or AAAA record.

86
MCQmedium

A network administrator is configuring a new subnet for a branch office that requires 50 usable host addresses. The corporate network uses the 192.168.10.0/24 block. Which subnet mask should be used to meet the requirement with minimal waste?

A.255.255.255.128 (/25)
B.255.255.255.0 (/24)
C.255.255.255.192 (/26)
D.255.255.255.224 (/27)
AnswerC

/26 provides 62 usable hosts, sufficient for 50 hosts with minimal waste.

Why this answer

Option C is correct because a /26 subnet mask (255.255.255.192) provides 2^(32-26) = 64 total addresses, of which 62 are usable (subtracting network and broadcast addresses). This meets the requirement of 50 usable hosts with minimal waste, as the next smaller mask (/27) only offers 30 usable addresses, which is insufficient.

Exam trap

The trap here is that candidates often forget to subtract the two reserved addresses (network and broadcast) from the total host count, leading them to incorrectly select a /27 mask (which has 32 total addresses but only 30 usable) thinking it is sufficient for 50 hosts.

How to eliminate wrong answers

Option A is wrong because a /25 mask (255.255.255.128) provides 126 usable addresses, which far exceeds the requirement of 50 and wastes 76 addresses, contradicting the 'minimal waste' condition. Option B is wrong because a /24 mask (255.255.255.0) provides 254 usable addresses, which is the original subnet size and wastes 204 addresses, failing the minimal waste requirement. Option D is wrong because a /27 mask (255.255.255.224) provides only 30 usable addresses (2^5 - 2 = 30), which is insufficient for the required 50 hosts.

87
Multi-Selecthard

Which THREE of the following are characteristics of HTTP/2 compared to HTTP/1.1?

Select 3 answers
A.Header compression using HPACK
B.Binary framing layer
C.Plaintext headers for debugging
D.Requires multiple TCP connections for parallel requests
E.Multiplexed streams over a single TCP connection
AnswersA, B, E

HPACK reduces header overhead.

Why this answer

HPACK compression reduces header overhead by encoding header fields, which is a key improvement over HTTP/1.1's uncompressed headers. This minimizes latency and bandwidth usage, especially for repeated headers like cookies and user-agent.

Exam trap

Cisco often tests the misconception that HTTP/2 is purely a performance upgrade without structural changes, leading candidates to incorrectly select plaintext headers or assume multiple TCP connections are still required.

88
MCQeasy

An engineer is troubleshooting a network issue and needs to verify the MAC address of the next-hop router on a directly connected segment. Which layer of the OSI model does the engineer need to examine to find this information?

A.Data Link layer (Layer 2)
B.Transport layer (Layer 4)
C.Physical layer (Layer 1)
D.Network layer (Layer 3)
AnswerA

MAC addresses are used at Layer 2 for local network communication.

Why this answer

The MAC address of the next-hop router is found in the Data Link layer (Layer 2) header of a frame. When a device sends an IP packet to a next-hop router on the same segment, it encapsulates the packet in a frame with the destination MAC address of that router's interface. To verify this address, you examine Layer 2 information, such as by using the `show arp` command on Cisco devices to view the MAC-to-IP mapping.

Exam trap

Cisco often tests the misconception that MAC addresses belong to the Network layer because they are used in routing decisions, but the trap is that MAC addresses are strictly a Data Link layer construct used for local segment delivery, not for end-to-end path determination.

How to eliminate wrong answers

Option B is wrong because the Transport layer (Layer 4) handles end-to-end communication, segmentation, and port numbers (e.g., TCP/UDP), not MAC addresses. Option C is wrong because the Physical layer (Layer 1) deals with raw bit transmission, electrical signals, and media specifications, not addressing or frame headers. Option D is wrong because the Network layer (Layer 3) uses logical IP addresses for routing and packet forwarding, but the MAC address is a Layer 2 identifier used for delivery on the local segment.

89
MCQhard

Which DNS record type is used to verify domain ownership for email security protocols like SPF and DKIM?

A.CNAME
B.TXT
C.MX
D.NS
AnswerB

Correct. TXT records store arbitrary text, used for SPF and DKIM.

Why this answer

SPF and DKIM records are stored as TXT records in DNS. SPF records specify which mail servers are authorized to send email for a domain, while DKIM records contain a public key used to verify email signatures. Both are implemented via TXT records, not other record types.

Exam trap

Cisco often tests the misconception that SPF or DKIM use a dedicated record type like SPF or DKIM, when in fact both rely on TXT records, and candidates may incorrectly choose MX or CNAME due to their association with email or aliasing.

How to eliminate wrong answers

Option A is wrong because CNAME records create an alias for a domain name and cannot contain the arbitrary text data required for SPF or DKIM policies. Option C is wrong because MX records specify mail exchange servers for routing email, not for storing authentication or verification data. Option D is wrong because NS records delegate a domain to authoritative name servers and have no role in email security protocol verification.

90
MCQhard

A developer is designing a microservices architecture where services need to discover each other using DNS. The team wants to map a service name 'payment-service.example.com' to its IPv6 address. Which DNS record type should be used?

A.PTR record
B.AAAA record
C.A record
D.CNAME record
AnswerB

AAAA record maps a hostname to an IPv6 address.

Why this answer

The AAAA record (Quad-A) is the correct DNS record type for mapping a hostname to an IPv6 address, as defined in RFC 3596. Since the requirement is specifically to resolve 'payment-service.example.com' to an IPv6 address, the AAAA record is the appropriate choice.

Exam trap

Cisco often tests the distinction between A and AAAA records, and the trap here is that candidates may confuse the AAAA record with the A record or incorrectly think a CNAME can resolve to an IP address directly.

How to eliminate wrong answers

Option A is wrong because a PTR record is used for reverse DNS lookups (mapping an IP address to a hostname), not for forward resolution of a hostname to an IPv6 address. Option C is wrong because an A record maps a hostname to an IPv4 address, not an IPv6 address. Option D is wrong because a CNAME record creates an alias from one hostname to another canonical hostname, and does not directly provide an IP address mapping.

91
Multi-Selecthard

A network engineer is analyzing traffic and needs to identify which applications use UDP. Which three applications commonly use UDP as their transport protocol? (Choose three.)

Select 3 answers
AnswersA, D, E

DHCP uses UDP for client-server communication.

Why this answer

DHCP (Dynamic Host Configuration Protocol) uses UDP as its transport protocol because it relies on connectionless, best-effort delivery for broadcasting IP configuration requests and offers. DHCP clients send discovery messages to UDP port 67 (server) and servers respond to UDP port 68 (client), avoiding the overhead of TCP's connection establishment, which is unnecessary for transient broadcast-based transactions.

Exam trap

Cisco often tests the distinction between control plane protocols (like DHCP, DNS, NTP) that use UDP for efficiency versus management or data transfer protocols (like SSH, SMTP) that require TCP's reliability, leading candidates to mistakenly associate all 'important' traffic with TCP.

92
MCQeasy

Which of the following is a non-overlapping channel in the 2.4 GHz Wi-Fi band?

A.Channel 3
B.Channel 6
C.Channel 12
D.Channel 9
AnswerB

Channel 6 is non-overlapping.

Why this answer

Channels 1, 6, and 11 are non-overlapping in the 2.4 GHz band.

93
MCQmedium

A network administrator configures a switch port to belong to VLAN 10. Which OSI layer is primarily involved in VLAN tagging?

A.Layer 1 (Physical)
B.Layer 3 (Network)
C.Layer 2 (Data Link)
D.Layer 4 (Transport)
AnswerC

VLAN tagging is a Layer 2 function using IEEE 802.1Q.

Why this answer

VLANs operate at Layer 2 (Data Link) by adding tags to Ethernet frames.

94
Multi-Selectmedium

A network administrator is configuring a DNS server. Which TWO DNS record types are used for IPv6 address resolution?

Select 2 answers
A.MX record
B.CNAME record
C.PTR record
D.AAAA record
E.A record
AnswersC, D

PTR records are used for reverse DNS lookup, which also works with IPv6.

Why this answer

The AAAA record (option D) maps a hostname to a 128-bit IPv6 address, analogous to the A record for IPv4. The PTR record (option C) performs reverse DNS lookup, mapping an IPv6 address to a hostname, which is essential for IPv6 address resolution in scenarios like logging or mail server verification.

Exam trap

Cisco often tests the distinction between A records (IPv4) and AAAA records (IPv6), and the trap here is that candidates may confuse PTR records as only relevant for IPv4, forgetting that PTR records are equally critical for IPv6 reverse resolution.

95
MCQeasy

Which of the following is a private IPv4 address range as defined by RFC 1918?

A.192.168.0.0/16
B.172.32.0.0/12
C.172.15.0.0/12
D.11.0.0.0/8
AnswerA

Correct. 192.168.0.0/16 is private.

Why this answer

RFC 1918 defines private IPv4 address ranges that are not routable on the public Internet. The 192.168.0.0/16 range (192.168.0.0 – 192.168.255.255) is explicitly listed in RFC 1918 as a Class C private block, making option A correct.

Exam trap

Cisco often tests the exact prefix length of the 172.16.0.0/12 range, and the trap here is that candidates confuse 172.16.0.0/12 with 172.32.0.0/12, mistakenly thinking any 172.x.x.x address is private.

How to eliminate wrong answers

Option B is wrong because 172.32.0.0/12 falls outside the RFC 1918 private range for Class B, which is 172.16.0.0/12 (172.16.0.0 – 172.31.255.255); 172.32.0.0 is a public address range. Option C is wrong because 172.15.0.0/12 is not a private range at all; it is part of the public Class B space and does not overlap with the 172.16.0.0/12 private block. Option D is wrong because 11.0.0.0/8 is a public Class A range (assigned to the US Department of Defense) and is not listed in RFC 1918; the private Class A range is 10.0.0.0/8.

96
MCQmedium

Which HTTP method is idempotent and used to update a resource by sending the full representation?

A.PUT
B.DELETE
C.POST
D.GET
AnswerA

Correct. PUT is idempotent and updates the entire resource.

Why this answer

PUT is idempotent because making the same request multiple times results in the same server state. It requires the client to send a full representation of the resource, replacing any existing resource at that URI. This aligns with RFC 7231, which defines PUT as a method that creates or replaces the target resource with the enclosed representation.

Exam trap

Cisco often tests the confusion between PUT and PATCH, where candidates mistakenly think PUT can be used for partial updates, but the question specifically asks for 'full representation,' making PUT the only correct choice.

How to eliminate wrong answers

Option B (DELETE) is wrong because while DELETE is idempotent, it is used to remove a resource, not update it by sending a full representation. Option C (POST) is wrong because POST is not idempotent; it is designed to submit data for processing (e.g., creating a subordinate resource) and repeated requests may create multiple resources. Option D (GET) is wrong because GET is idempotent and safe, but it is used to retrieve a resource, not update it.

97
MCQmedium

A network administrator is configuring a new subnet for a branch office that requires at least 50 usable host addresses. Which subnet mask would meet this requirement while minimizing address waste?

A.255.255.255.0 (/24)
B.255.255.255.128 (/25)
C.255.255.255.224 (/27)
D.255.255.255.192 (/26)
AnswerD

Correct. /26 gives 62 usable hosts, fitting 50 with minimal waste.

Why this answer

A /26 subnet provides 62 usable hosts (2^6 - 2 = 62), which is the smallest subnet meeting the requirement of 50 hosts.

99
MCQhard

A network engineer is designing a subnetting scheme for a company that requires 5 subnets from the 192.168.1.0/24 network. What subnet mask should be used, and how many usable hosts per subnet will be available?

A.255.255.255.192 with 62 usable hosts per subnet
B.255.255.255.224 with 30 usable hosts per subnet
C.255.255.255.240 with 14 usable hosts per subnet
D.255.255.255.248 with 6 usable hosts per subnet
AnswerB

255.255.255.224 (/27) provides 8 subnets (2^3=8) with 30 usable hosts each (2^5-2=30).

Why this answer

To create 5 subnets, at least 3 bits are needed (2^3=8 subnets). /27 (255.255.255.224) gives 8 subnets with 30 usable hosts each (2^5-2=30).

← PreviousPage 2 of 2 · 99 questions total

Ready to test yourself?

Try a timed practice session using only Devnet Network Fundamentals questions.