CCNA DHCP (IPv4 and IPv6) Questions

67 questions · DHCP (IPv4 and IPv6) · All types, answers revealed

1
MCQeasy

A network engineer runs the following command to verify DHCPv4 server bindings on router R1: R1# show ip dhcp binding Output: Bindings from all pools not associated with VRF: IP address Client-ID/ Lease expiration Type Hardware address/ User name 192.168.1.10 0050.7966.6800 Mar 01 2025 12:00 PM Automatic 192.168.1.11 0063.6973.636f.2d30 Mar 01 2025 01:00 PM Automatic 192.168.1.12 0100.1a.2b.3c.4d.5e Mar 01 2025 02:00 PM Automatic What does this output indicate?

A.The DHCP server has three static bindings configured.
B.The DHCP server has dynamically assigned three IP addresses to clients.
C.The DHCP server is out of IP addresses because all bindings are in use.
D.The DHCP server is using relay agents because the client IDs are long hexadecimal strings.
AnswerB

Each entry shows an IP address, client identifier, lease expiration, and type 'Automatic', confirming dynamic assignments.

Why this answer

The show ip dhcp binding command displays active DHCP bindings. The output shows three active leases with IP addresses, client identifiers (MAC addresses or relay-agent IDs), lease expiration times, and the type (Automatic meaning dynamically assigned).

2
MCQmedium

A network engineer runs the following debug command to troubleshoot a DHCPv4 issue on router R1: R1# debug ip dhcp server events Output: DHCPD: DHCPDISCOVER received from 0050.7966.6800 on interface GigabitEthernet0/0 DHCPD: Sending DHCPOFFER to 0050.7966.6800 via GigabitEthernet0/0 DHCPD: DHCPREQUEST received from 0050.7966.6800 DHCPD: No binding found for client 0050.7966.6800 DHCPD: Adding binding for client 0050.7966.6800 DHCPD: Sending DHCPACK to 0050.7966.6800 via GigabitEthernet0/0 DHCPD: DHCPINFORM received from 0050.7966.6800 DHCPD: Sending DHCPACK to 0050.7966.6800 via GigabitEthernet0/0 What does this output indicate?

A.The DHCP server failed to create a binding for the client.
B.The DHCP server successfully assigned an IP address to the client, and the client sent a DHCPINFORM to request additional parameters.
C.The DHCP client is using a relay agent because the DISCOVER was received on a different interface.
D.The DHCP server rejected the DHCPREQUEST because no binding was found.
AnswerB

The sequence shows a successful DORA process (DISCOVER, OFFER, REQUEST, ACK) followed by an INFORM, which is used to get additional options like DNS servers.

Why this answer

The debug output shows the DHCP server successfully processing a DISCOVER, OFFER, REQUEST, and ACK sequence, followed by an INFORM message. The 'No binding found' message is normal for a new client, and the binding is created. The INFORM is used by the client to obtain additional configuration parameters after the address is assigned.

3
MCQmedium

Router R5 has this DHCP configuration: ip dhcp pool POOL3 network 172.16.0.0 255.255.255.0 default-router 172.16.0.1 option 150 ip 10.10.10.10 ! interface GigabitEthernet0/0 ip address 172.16.0.1 255.255.255.0 no shutdown What is the purpose of the option 150 command?

A.It provides the IP address of a TFTP server to DHCP clients, typically used by VoIP phones.
B.It sets the DNS server for the DHCP pool.
C.It defines a custom option that is ignored by standard DHCP clients.
D.It specifies the default gateway for the clients.
AnswerA

Option 150 is used to specify a TFTP server for VoIP phones or other devices that need to download configuration files.

Why this answer

Option 150 is a DHCP option that specifies the IP address of a TFTP server. Cisco IP phones use this option to locate the TFTP server from which they download their configuration and firmware files. The correct answer is A because this is the standard purpose of option 150 in a Cisco VoIP environment.

Exam trap

The trap here is that candidates often confuse option 150 with option 66 (TFTP server name) or assume it is a generic custom option, but Cisco specifically tests that option 150 provides the TFTP server IP address for VoIP phones.

How to eliminate wrong answers

Option B is wrong because the DNS server is set using the 'dns-server' command in the DHCP pool, not option 150. Option C is wrong because option 150 is a well-known DHCP option defined by Cisco for TFTP server address, not a custom or ignored option. Option D is wrong because the default gateway is set using the 'default-router' command, not option 150.

4
MCQmedium

A network engineer runs the following command on Router R1: R1# show ip dhcp conflict IP address Detection method Detection time VRF 192.168.1.20 Ping Mar 01 2020 01:00 AM 192.168.1.21 Gratuitous ARP Mar 01 2020 01:05 AM Based on this output, what is the problem?

A.The DHCP server is working normally; conflicts are automatically resolved.
B.The DHCP server has detected IP address conflicts, meaning another device on the network is using the same IP addresses.
C.The DHCP server is not responding to client requests.
D.The DHCP pool is misconfigured with overlapping subnets.
AnswerB

Conflicts indicate duplicate IP usage on the network.

Why this answer

The `show ip dhcp conflict` command displays IP addresses that the DHCP server has detected as already in use on the network. The detection methods (Ping and Gratuitous ARP) confirm that another device is responding to these addresses, indicating a conflict. This output directly shows that the DHCP server is functioning but has identified conflicts, meaning another host is using the same IP addresses.

Exam trap

Cisco often tests the distinction between a DHCP server that is working but detecting conflicts versus a server that is failing to respond or misconfigured, leading candidates to incorrectly assume the server is broken when it is actually performing its conflict detection duties correctly.

How to eliminate wrong answers

Option A is wrong because conflicts are not automatically resolved; the DHCP server logs them and will not lease those addresses until the conflict is cleared manually or via timeout. Option C is wrong because the output shows the DHCP server is actively detecting conflicts, which requires it to be responding to client requests and performing conflict detection. Option D is wrong because overlapping subnets would cause pool exhaustion or misallocation, but the output specifically shows address conflicts detected via Ping and ARP, not a pool configuration issue.

5
MCQhard

An engineer configures a DHCP server on a Cisco router to assign IP addresses from a pool. Clients receive addresses, but when the engineer checks 'show ip dhcp binding', no bindings are displayed. Which is the most likely explanation?

A.The DHCP pool is configured with 'lease infinite', causing bindings to be stored in a different database.
B.The 'ip dhcp excluded-address' command includes the entire pool range, so no addresses are assigned and no bindings are created.
C.The router's DHCP server is configured in 'database' mode, which stores bindings externally.
D.The clients are using DHCPv6, not DHCPv4.
AnswerB

Correct: If the excluded address range covers the pool, the server will not assign any addresses, and no bindings are created.

Why this answer

The 'show ip dhcp binding' command only displays bindings that are currently active. If the lease time is very short or the clients release addresses, bindings may not appear. However, a more subtle edge case is when the DHCP server is configured with 'ip dhcp excluded-address' that includes the pool range, causing the server to not assign addresses but still respond with NAKs.

6
MCQmedium

A network engineer runs the following command on Router R1: R1# show ip dhcp database URL : flash:/dhcpdb Read/write : Read/Write Last updated : Mar 01 2020 00:00:00 Status : Last read succeeded. Next write scheduled in 0 seconds. Based on this output, which statement is correct?

A.The DHCP database is stored in NVRAM and is read-only.
B.The DHCP database is stored in flash and is functioning correctly.
C.The DHCP database write failed and needs to be rescheduled.
D.The DHCP database is empty because no bindings exist.
AnswerB

The status shows success.

Why this answer

The output shows the DHCP database is stored in flash (URL: flash:/dhcpdb) with read/write access, and the status indicates the last read succeeded with a write scheduled in 0 seconds. This confirms the database is functioning correctly, as the router can read and write DHCP bindings to flash memory, which is the default storage location for DHCP database persistence.

Exam trap

Cisco often tests the distinction between DHCP database storage locations (flash vs. NVRAM vs. TFTP) and the interpretation of status messages like 'Last read succeeded' versus 'Last write failed', tricking candidates into assuming a failure or empty database without reading the full output.

How to eliminate wrong answers

Option A is wrong because the URL shows flash:/dhcpdb, not NVRAM, and the access is read/write, not read-only. Option C is wrong because the status clearly states 'Last read succeeded' and 'Next write scheduled in 0 seconds', indicating no failure occurred. Option D is wrong because the output does not provide any information about the number of bindings; the database could contain bindings or be empty, but the status does not indicate emptiness.

7
Multi-Selecthard

Which TWO statements about DHCPv6 prefix delegation are true? (Choose TWO.)

Select 2 answers
A.The requesting router uses the IA_NA option to request a prefix.
B.The delegating router must have a DHCPv6 pool configured with a prefix-delegation statement.
C.The requesting router uses the 'ipv6 dhcp client pd' command on its upstream interface to request a prefix.
D.The delegating router must be configured with 'ipv6 dhcp server' under the downstream interface facing the requesting router.
E.The requesting router can only use the delegated prefix on the interface that received it.
AnswersB, C

Correct. The delegating router uses a DHCPv6 pool with the 'prefix-delegation' command to define the prefix to be delegated.

Why this answer

DHCPv6 prefix delegation allows a delegating router to assign a prefix (e.g., /48) to a requesting router, which then sub-delegates /64 prefixes to downstream interfaces. The requesting router uses the IA_PD option, not IA_NA. The delegating router must be configured with a prefix delegation pool and an interface DHCP configuration referencing that pool.

The requesting router typically uses 'ipv6 dhcp client pd' on its upstream interface. The 'ipv6 dhcp server' command is used on the delegating router, not the requesting router.

8
MCQmedium

A network engineer runs the following command on Router R1: R1# show ip dhcp snooping binding MacAddress IpAddress Lease(sec) Type VLAN Interface AA:BB:CC:01:02:03 192.168.1.10 86400 dhcp-snooping 10 GigabitEthernet0/1 AA:BB:CC:01:02:04 192.168.1.11 86400 dhcp-snooping 10 GigabitEthernet0/1 AA:BB:CC:01:02:05 192.168.1.12 86400 dhcp-snooping 10 GigabitEthernet0/2 Based on this output, which statement is correct?

A.DHCP snooping is enabled and has recorded bindings for three clients.
B.DHCP snooping has detected a rogue DHCP server on GigabitEthernet0/1.
C.DHCP snooping is not functioning because the bindings are not trusted.
D.DHCP snooping has a conflict because two clients are on the same interface.
AnswerA

The table shows valid bindings.

Why this answer

Option A is correct because the output shows three DHCP snooping bindings with MAC addresses, IP addresses, lease times, and associated VLANs and interfaces, which indicates that DHCP snooping is enabled and has successfully recorded these bindings for clients. The 'dhcp-snooping' type confirms these are dynamically learned from DHCP messages, and the presence of multiple clients on the same interface (GigabitEthernet0/1) is valid as long as they are on the same VLAN.

Exam trap

Cisco often tests the misconception that multiple DHCP clients on the same interface indicate a conflict or misconfiguration, but DHCP snooping bindings can legitimately show multiple entries per interface as long as they are in the same VLAN and have unique MAC/IP pairs.

How to eliminate wrong answers

Option B is wrong because the output shows only DHCP snooping bindings, not any information about a rogue DHCP server; a rogue server would be detected via DHCP snooping's 'trusted' and 'untrusted' port configuration, which is not displayed here. Option C is wrong because the bindings are present and valid, indicating DHCP snooping is functioning correctly; the 'trusted' status applies to ports, not bindings, and untrusted ports can still have valid bindings. Option D is wrong because having two clients on the same interface (GigabitEthernet0/1) is not a conflict; DHCP snooping allows multiple bindings per interface as long as they are in the same VLAN and have unique MAC/IP pairs.

9
MCQmedium

A network engineer runs the following command to verify DHCPv6 pool configuration on router R1: R1# show ipv6 dhcp pool Output: Pool DHCPv6_POOL : Prefix number: 1 Prefix: 2001:DB8:1::/48 Preferred lifetime 604800, valid lifetime 2592000 Expires at Mar 01 2025 12:00 PM (2592000 seconds) DNS server: 2001:DB8::1 Domain name: example.com Active clients: 5 What does this output indicate?

A.The DHCPv6 pool has 5 active clients and provides prefix delegation, DNS, and domain name.
B.The DHCPv6 pool is used only for stateless address autoconfiguration (SLAAC).
C.The DHCPv6 pool has 5 clients with addresses from the prefix 2001:DB8:1::/48.
D.The DHCPv6 pool has a preferred lifetime of 2592000 seconds.
AnswerA

The output shows a prefix for delegation, DNS server, domain name, and 5 active clients.

Why this answer

The show ipv6 dhcp pool command displays DHCPv6 pool configuration. This pool has a prefix 2001:DB8:1::/48 for delegation, DNS server, domain name, and 5 active clients. The prefix has preferred and valid lifetimes.

10
MCQhard

An engineer is troubleshooting a DHCPv6 prefix delegation scenario. The router (R1) is a DHCPv6 client on its WAN interface and is supposed to receive a /48 prefix from the ISP's DHCPv6 server to delegate to LAN interfaces. The WAN interface is configured with 'ipv6 address dhcp' and 'ipv6 dhcp client pd ISP-PREFIX'. The LAN interfaces have 'ipv6 address ISP-PREFIX 0:0:0:1::/64 eui-64'. The engineer sees that the WAN interface gets a global IPv6 address, but the LAN interfaces do not get any IPv6 address. What is the most likely cause?

A.The LAN interfaces are missing the 'ipv6 enable' command.
B.The ISP's DHCPv6 server is not configured to delegate a prefix.
C.The 'ipv6 dhcp client pd' command should be 'ipv6 dhcp client pd ISP-PREFIX hint ::/48'.
D.The WAN interface needs the 'ipv6 nd other-config-flag' command.
AnswerB

Correct because if the server does not delegate a prefix, the client's 'ipv6 dhcp client pd' request will fail, and the LAN interfaces will not receive any addresses from the delegated prefix.

Why this answer

The WAN interface successfully obtains a global IPv6 address via DHCPv6, but the LAN interfaces lack IPv6 addresses because the DHCPv6 client process on R1 has not received a delegated prefix. The 'ipv6 dhcp client pd ISP-PREFIX' command requests a prefix delegation from the ISP's DHCPv6 server; if the server is not configured to delegate prefixes (e.g., missing the 'prefix-delegation' pool or 'ipv6 dhcp server' with prefix assignment), the client never receives a prefix to assign to LAN interfaces. This is the most likely cause given the symptom.

Exam trap

Cisco often tests the distinction between DHCPv6 address assignment (IA_NA) and prefix delegation (IA_PD), trapping candidates who assume that obtaining a WAN address automatically implies a delegated prefix is also received.

How to eliminate wrong answers

Option A is wrong because 'ipv6 enable' is not required on LAN interfaces when they already have an explicit 'ipv6 address' command; the address configuration implicitly enables IPv6. Option C is wrong because the 'hint' keyword is optional and not required for prefix delegation to work; the client can request a prefix without a hint, and the server may still delegate one. Option D is wrong because 'ipv6 nd other-config-flag' is used to tell hosts to obtain other configuration (e.g., DNS) via DHCPv6, not to enable prefix delegation on the client or server side.

11
MCQhard

What is the default DHCPv6 client DUID type on a Cisco IOS-XE router?

A.DUID-LLT (Link-Layer plus Time)
B.DUID-EN (Enterprise Number)
C.DUID-LL (Link-Layer)
D.DUID-UUID (Universally Unique Identifier)
AnswerC

Cisco IOS-XE defaults to DUID-LL for DHCPv6 clients.

Why this answer

Cisco IOS-XE defaults to DUID-LL (Link-Layer) for DHCPv6 clients, which uses the MAC address of the interface, per RFC 8415.

12
MCQmedium

Which DHCPv4 option is used by a client to request a specific IP address in the DHCPREQUEST message?

A.Option 12 (Host Name)
B.Option 50 (Requested IP Address)
C.Option 54 (Server Identifier)
D.Option 51 (IP Address Lease Time)
AnswerB

Option 50 carries the requested IP address in DHCPREQUEST.

Why this answer

Option 50 (Requested IP Address) is used by the client in DHCPREQUEST to specify the desired IP address, per RFC 2132.

13
Multi-Selectmedium

Which TWO commands can be used to verify DHCP IPv4 server operation and address pool utilization on a Cisco IOS router? (Choose TWO.)

Select 2 answers
A.show ip dhcp binding
B.show ip dhcp pool
C.show ip dhcp conflict
D.debug ip dhcp server events
E.show ip interface
AnswersA, B

Displays all active DHCP leases (IP address, MAC, lease time, etc.).

Why this answer

Option A is correct because the 'show ip dhcp binding' command displays the list of active DHCP address bindings, including the IP address, MAC address, lease expiration, and type (automatic, manual, or dynamic). This directly verifies that the DHCP server is operating and has allocated addresses from its pool. Option B is correct because the 'show ip dhcp pool' command shows the pool name, utilization statistics (e.g., total addresses, leased addresses, and excluded addresses), and pool configuration, confirming address pool utilization.

Exam trap

Cisco often tests the distinction between verification commands (show) and troubleshooting/debugging commands (debug), leading candidates to mistakenly select 'debug ip dhcp server events' as a verification tool when it is actually a real-time diagnostic command that can impact router performance.

14
MCQhard

A network engineer runs the following command on Router R1: R1# show ip dhcp server statistics Memory usage 26140 Address conflicts 0 Pool statistics Pool IP addresses Requests Offers Acks Naks Declines Releases POOL1 10-20 50 45 40 5 2 3 Based on this output, which statement is correct?

A.The DHCP server is operating without any issues.
B.The DHCP server is rejecting requests (Naks) and clients are declining offers, indicating possible pool exhaustion or address conflicts.
C.The DHCP server has a memory problem.
D.The DHCP server has no address conflicts.
AnswerB

Naks and Declines are signs of issues.

Why this answer

The output shows 5 NAKs and 2 Declines, indicating that the DHCP server is rejecting requests (NAKs) and clients are declining offers (Declines). NAKs typically occur when a client requests an IP address that is no longer valid or available, while Declines happen when a client detects an address conflict via ARP. This combination strongly suggests pool exhaustion or address conflicts, making option B correct.

Exam trap

Cisco often tests the distinction between server-tracked address conflicts (shown in the 'Address conflicts' counter) and client-detected conflicts (shown as Declines), leading candidates to incorrectly assume zero conflicts means no issues.

How to eliminate wrong answers

Option A is wrong because the presence of NAKs and Declines indicates issues, so the server is not operating without any issues. Option C is wrong because the memory usage of 26140 is not specified as problematic, and no memory-related errors or warnings are shown in the output. Option D is wrong because while the 'Address conflicts' counter is 0, the 2 Declines indicate that clients are detecting address conflicts on their own, which is a separate issue from server-tracked conflicts.

15
MCQhard

What is the default DHCPv4 server lease time on a Cisco IOS-XE router configured as a DHCP server?

A.3600 seconds (1 hour)
B.43200 seconds (12 hours)
C.86400 seconds (1 day)
D.604800 seconds (7 days)
AnswerC

The default lease time for Cisco IOS-XE DHCP server is 86400 seconds.

Why this answer

Cisco IOS-XE DHCP server defaults to a lease time of 86400 seconds (1 day) unless explicitly configured otherwise.

16
MCQeasy

A network engineer runs the following command on Router R1: R1# show ip dhcp relay information trusted Interface Trusted GigabitEthernet0/1 Yes GigabitEthernet0/2 No Based on this output, which statement is correct?

A.DHCP relay information is trusted on GigabitEthernet0/1, so option 82 packets are accepted on that interface.
B.DHCP relay information is trusted on both interfaces.
C.DHCP relay information is not configured on any interface.
D.DHCP relay information is trusted on GigabitEthernet0/2, so option 82 packets are dropped.
AnswerA

Trusted interfaces accept option 82.

Why this answer

The command 'show ip dhcp relay information trusted' displays the trust status of each interface for DHCP relay information (option 82). When an interface is marked as 'Yes' under the Trusted column, it means the router will accept and forward DHCP packets that already contain option 82 information from that interface. Therefore, on GigabitEthernet0/1, option 82 packets are accepted.

Exam trap

Cisco often tests the misconception that 'trusted' means the interface is trusted to send DHCP requests, when in fact it means the interface is trusted to receive and forward packets that already contain option 82 information.

How to eliminate wrong answers

Option B is wrong because the output clearly shows that GigabitEthernet0/2 is marked as 'No', indicating it is not trusted, so both interfaces are not trusted. Option C is wrong because the output explicitly shows that DHCP relay information is configured and trusted on at least one interface (GigabitEthernet0/1). Option D is wrong because GigabitEthernet0/2 is not trusted (marked 'No'), and on untrusted interfaces, option 82 packets are dropped, not accepted; the statement incorrectly says option 82 packets are dropped on a trusted interface.

17
MCQeasy

A network engineer runs the following command to verify DHCPv4 pool configuration on router R1: R1# show ip dhcp pool DHCP_POOL Output: Pool DHCP_POOL : Utilization mark (high/low) : 100 / 0 Subnet size (first/next) : 0 / 0 Total addresses : 254 Leased addresses : 100 Pending event : none 1 subnet is currently in the pool : Current index IP address range Leased addresses 192.168.1.1 192.168.1.1 - 192.168.1.254 100 What does this output indicate?

A.The DHCP pool has 254 addresses available, and 100 are currently leased.
B.The DHCP pool is exhausted because 100 addresses are leased.
C.The DHCP server is using a database agent to store leases.
D.The DHCP pool has a utilization mark of 100%, meaning it is full.
AnswerA

Total addresses is 254, leased addresses is 100, so 154 are available.

Why this answer

The show ip dhcp pool command displays pool details. This pool has 254 total addresses, with 100 currently leased. The current index shows the next address to be assigned (192.168.1.1, but this is the start of the range; the actual next assignment may be tracked differently).

18
Multi-Selectmedium

Which THREE symptoms indicate a DHCP IPv4 starvation attack or address pool exhaustion? (Choose THREE.)

Select 3 answers
A.Legitimate clients fail to obtain an IP address via DHCP.
B.The DHCP pool shows 100% utilization with many unknown MAC addresses.
C.The DHCP server's binding table contains a large number of leases from spoofed MAC addresses.
D.Client devices experience high CPU utilization due to DHCP processing.
E.Duplicate IP address detection (DAD) failures are reported on all clients.
AnswersA, B, C

Pool exhaustion prevents new leases for real clients.

Why this answer

Option A is correct because a DHCP starvation attack exhausts the available IP addresses in the pool, preventing legitimate clients from obtaining a lease. When the address pool is fully depleted, the DHCP server cannot respond to new DISCOVER messages, causing clients to fail to acquire an IP address.

Exam trap

Cisco often tests the distinction between DHCP starvation symptoms and unrelated network issues like DAD failures or client CPU load, expecting candidates to recognize that only server-side indicators (pool exhaustion, spoofed MACs, client failure) are valid.

19
MCQeasy

What is the default lease duration for a DHCPv4 address pool on a Cisco IOS router?

A.1 day
B.7 days
C.30 minutes
D.Infinite
AnswerA

The default lease time is 1 day (24 hours) unless overridden with the lease command.

Why this answer

The default lease duration for a DHCPv4 address pool on a Cisco IOS router is 1 day (86400 seconds). This is defined by the Cisco IOS DHCP server implementation, which uses a 24-hour lease as the default when no lease duration is explicitly configured under the DHCP pool configuration.

Exam trap

Cisco often tests the default lease value as a memorization point, and the trap here is that candidates may confuse the Cisco default with the RFC 2131 suggested default of 1 day (which is the same) or assume a longer lease like 7 days is standard for enterprise networks.

How to eliminate wrong answers

Option B is wrong because 7 days is not the default; it is a commonly configured lease duration for networks with stable devices, but Cisco IOS defaults to 1 day. Option C is wrong because 30 minutes is a very short lease typically used for high-turnover environments like Wi-Fi hotspots, not the default. Option D is wrong because an infinite lease is not a default behavior; it would require explicit configuration using the 'lease infinite' command, and DHCP leases are designed to expire to allow address reclamation.

20
MCQhard

An engineer configures DHCPv4 on a router with multiple pools for different subnets. Clients in subnet A receive addresses correctly, but clients in subnet B receive addresses from subnet A's pool. The router has 'ip dhcp relay' configured. Which is the most likely explanation?

A.The DHCP server selects the pool based on the giaddr; if the relay agent does not set the giaddr correctly, the server may use the first matching pool.
B.The pools are configured in the wrong order; the server uses the first pool that matches the client's MAC address.
C.The router has 'ip dhcp smart-relay' enabled, which overrides pool selection.
D.The DHCP server is configured with 'network' statements that overlap.
AnswerA

Correct: The giaddr is critical for pool selection. If it is not set (e.g., due to missing 'ip helper-address' on the correct interface), the server may assign from a different pool.

Why this answer

When a DHCP relay agent forwards requests, it inserts the gateway IP address (giaddr) based on the interface that received the request. If the relay agent is not configured correctly, or if the DHCP server does not have a pool matching the giaddr, it may assign addresses from a different pool. However, a subtle edge case is that the DHCP server uses the giaddr to select the pool; if the relay agent is not configured to set the giaddr (e.g., using 'ip helper-address' without proper interface configuration), the giaddr may be 0.0.0.0, causing the server to use a default pool.

21
MCQmedium

A network engineer runs the following command on Router R1: R1# show ip dhcp pool POOL1 Pool POOL1 : Utilization mark (high/low) : 100 / 0 Subnet size (first/next) : 0 / 0 Total addresses : 10 Leased addresses : 10 Pending event : none 1 subnet is currently in the pool : Current index IP address range Leased addresses 192.168.1.11 192.168.1.10 - 192.168.1.19 10 Based on this output, which statement is correct?

A.The DHCP pool has available addresses for new clients.
B.The DHCP pool is fully utilized; no more addresses are available.
C.The DHCP pool is configured with a /24 subnet.
D.The DHCP server has a pending event causing address allocation to fail.
AnswerB

Leased addresses equal total addresses.

Why this answer

The output shows that all 10 addresses in the pool (192.168.1.10–192.168.1.19) are leased, and the current index is 192.168.1.11, which is beyond the first address. This means no free addresses remain, so the pool is fully utilized. Option B correctly states this condition.

Exam trap

The trap here is that candidates often misinterpret the 'Current index' as the next available address, but it merely indicates the last allocation point; the true indicator of exhaustion is the 'Leased addresses' equaling 'Total addresses'.

How to eliminate wrong answers

Option A is wrong because the 'Leased addresses' count equals the 'Total addresses' (10), indicating zero available addresses for new clients. Option C is wrong because the IP address range 192.168.1.10–192.168.1.19 contains only 10 addresses, which corresponds to a /28 subnet mask (255.255.255.240), not a /24. Option D is wrong because the 'Pending event' field shows 'none', meaning there is no pending event causing allocation failures.

22
MCQhard

An engineer configures DHCPv6 prefix delegation on a router with multiple requesting interfaces. The router receives a /48 prefix from the server, but only one interface gets a /64 sub-prefix. Which is the most likely explanation?

A.Only one interface is configured with 'ipv6 address prefix-name ::1:0:0:0:1/64' using the delegated prefix; other interfaces lack this configuration.
B.The DHCPv6 server only delegates a single /64 prefix, not a /48.
C.The router's 'ipv6 dhcp client pd' command is missing the 'rapid-commit' option.
D.The router has 'ipv6 dhcp client information refresh' set to a high value, delaying updates.
AnswerA

Correct: The delegated prefix must be explicitly used on each interface with the appropriate 'ipv6 address' command referencing the prefix name.

Why this answer

When using DHCPv6 PD, the router can delegate sub-prefixes to downstream interfaces using the 'ipv6 dhcp client pd' command with a hint. If only one interface has the 'ipv6 address' command with the prefix, only that interface gets an address. The other interfaces may not have the correct configuration to use the delegated prefix.

23
MCQeasy

Which DHCPv4 message type does a client send to request a specific IP address previously offered?

A.DHCPDISCOVER
B.DHCPOFFER
C.DHCPREQUEST
D.DHCPACK
AnswerC

DHCPREQUEST is sent by the client to request the offered IP address.

Why this answer

The DHCPREQUEST message is used by the client to accept an offer and request the offered IP address, as defined in RFC 2131.

24
MCQhard

What is the default DHCPv4 client lease time on a Cisco IOS-XE router configured as a DHCP client?

A.3600 seconds (1 hour)
B.43200 seconds (12 hours)
C.86400 seconds (1 day)
D.1800 seconds (30 minutes)
AnswerC

Cisco IOS-XE DHCP client requests a lease time of 86400 seconds by default.

Why this answer

Cisco IOS-XE defaults to a DHCPv4 lease time of 86400 seconds (1 day) when acting as a client, per RFC 2131 and Cisco implementation.

25
Multi-Selectmedium

Which THREE commands can be used to troubleshoot DHCPv6 client address assignment issues on a Cisco IOS router acting as a DHCPv6 client? (Choose THREE.)

Select 3 answers
A.show ipv6 dhcp interface
B.debug ipv6 dhcp detail
C.show ipv6 interface
D.show ip dhcp binding
E.show ipv6 dhcp pool
AnswersA, B, C

Displays DHCPv6 client state, server address, and lease information.

Why this answer

Option A is correct because 'show ipv6 dhcp interface' displays the DHCPv6 client state, including the assigned IPv6 address, prefix, and server information for a specific interface. This command directly shows whether the client has successfully obtained an address via DHCPv6.

Exam trap

Cisco often tests the distinction between DHCPv4 and DHCPv6 commands, expecting candidates to know that 'show ip dhcp binding' is IPv4-only and 'show ipv6 dhcp pool' is server-side, not client-side.

26
MCQhard

A network engineer configures a DHCP snooping trusted port on a switch to allow a legitimate DHCP server. However, clients connected to untrusted ports on the same VLAN cannot obtain IP addresses. The DHCP server is reachable and the switch shows no DHCP snooping drops. Which is the most likely explanation?

A.The DHCP server is not configured to trust the relay agent information option (option 82), causing it to discard the requests.
B.The trusted port is in the wrong VLAN; DHCP snooping only works when the trusted port is in the same VLAN as the clients.
C.The switch has 'ip dhcp snooping verify mac-address' enabled, causing MAC address mismatches.
D.The DHCP server is not configured with the correct subnet for the client VLAN.
AnswerA

Correct: By default, DHCP snooping inserts option 82. Many servers reject packets with option 82 unless configured to trust it.

Why this answer

DHCP snooping requires IP source guard or DHCP snooping binding to be populated. If the switch has 'ip dhcp snooping information option' enabled, the DHCP server may drop packets due to option 82 being inserted, unless the server is configured to trust it.

27
MCQeasy

Which DHCPv6 message is used by a server to respond to a SOLICIT with available configuration parameters?

A.REPLY
B.ADVERTISE
C.RECONFIGURE
D.INFORMATION-REQUEST
AnswerB

ADVERTISE is the response to SOLICIT in DHCPv6.

Why this answer

The ADVERTISE message is sent by the DHCPv6 server in response to a SOLICIT, offering configuration parameters, per RFC 8415.

28
Drag & Drophard

Drag and drop the steps to troubleshoot DHCP (IPv4 and IPv6) adjacency or connectivity failures into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

Begin by checking the DHCP client's interface for an IP address and DHCP state. Then, verify that the relay agent is configured and reachable. Next, confirm that the DHCP server is reachable from the relay.

After that, inspect access lists or firewall rules that might block DHCP traffic. Finally, review debug output to isolate the failure point.

29
MCQmedium

A network engineer runs the following command on Router R1: R1# show ipv6 dhcp binding Client: FE80::A8BB:CCFF:FE01:0200 DUID: 00030001AABBCC010200 Username: unassigned IA NA: IA ID 0x00010001, T1 302400, T2 483840 Address: 2001:DB8:1::1000 Preferred lifetime 604800, valid lifetime 2592000 Expires at Mar 08 2020 12:00 AM (2592000 seconds) Client: FE80::A8BB:CCFF:FE01:0300 DUID: 00030001AABBCC010300 Username: unassigned IA NA: IA ID 0x00010001, T1 302400, T2 483840 Address: 2001:DB8:1::1001 Preferred lifetime 604800, valid lifetime 2592000 Expires at Mar 08 2020 12:00 AM (2592000 seconds) Based on this output, which statement is correct?

A.The DHCPv6 server has assigned duplicate addresses to the clients.
B.The DHCPv6 server is functioning correctly with two active bindings.
C.The DHCPv6 server is not using a pool; addresses are statically assigned.
D.The DHCPv6 server has a DUID conflict.
AnswerB

Both clients have unique bindings and valid lifetimes.

Why this answer

The output shows two DHCPv6 clients with unique link-local addresses and DUIDs, each assigned a distinct IPv6 address from the 2001:DB8:1::/64 prefix. The presence of valid lifetimes and T1/T2 timers indicates the DHCPv6 server is operating normally, maintaining two active bindings. Option B correctly identifies this as proper server behavior.

Exam trap

Cisco often tests the distinction between duplicate addresses and unique addresses in DHCPv6 binding output, where candidates may mistakenly think two different addresses are duplicates because they share the same prefix or IA ID.

How to eliminate wrong answers

Option A is wrong because the addresses 2001:DB8:1::1000 and 2001:DB8:1::1001 are different, not duplicates; duplicate addresses would show the same IPv6 address for both clients. Option C is wrong because the output shows dynamically assigned addresses with lifetimes and timers, which are characteristics of pool-based DHCPv6 assignment, not static configuration. Option D is wrong because each client has a unique DUID (00030001AABBCC010200 vs 00030001AABBCC010300), so there is no DUID conflict.

30
MCQhard

A router configured as a DHCPv6 relay agent is not forwarding DHCPv6 requests from clients to the server. The relay interface has 'ipv6 dhcp relay destination' configured. Clients are on a different VLAN. Which is the most likely explanation?

A.The relay destination is configured on the client-facing interface; it should be on the server-facing interface.
B.The DHCPv6 server is not reachable via the relay agent's routing table.
C.The relay agent must have 'ipv6 dhcp server' configured to act as a server.
D.The clients are using DHCPv4, not DHCPv6.
AnswerA

Correct: The 'ipv6 dhcp relay destination' command must be applied to the interface that receives client requests (client-facing), not the server-facing interface.

Why this answer

DHCPv6 relay requires that the relay agent has a route to the DHCP server. If the relay interface is not in the same VRF as the server, or if the server is reachable via a different interface, the relay may fail. A common edge case is that the relay destination is configured on the wrong interface (e.g., the client-facing interface instead of the server-facing interface).

31
MCQmedium

Router R4 has the following DHCPv6 configuration: ipv6 dhcp pool DHCP6_POOL2 address prefix 2001:db8:2::/64 dns-server 2001:db8::1 ! interface GigabitEthernet0/1 ipv6 address 2001:db8:2::1/64 ipv6 dhcp server DHCP6_POOL2 ipv6 nd managed-config-flag no shutdown What is the effect of this configuration?

A.Hosts will use DHCPv6 to obtain both their IPv6 address and other configuration parameters like DNS.
B.Hosts will use SLAAC for addressing and DHCPv6 for DNS only.
C.The DHCPv6 pool is missing a domain-name, so it will not provide any configuration.
D.The ipv6 nd managed-config-flag command is incompatible with the DHCPv6 server and will cause an error.
AnswerA

The managed-config-flag indicates stateful DHCPv6, and the pool provides an address prefix, so hosts get addresses and other info from DHCPv6.

Why this answer

The configuration uses the `ipv6 nd managed-config-flag` command, which sets the Managed Address Configuration flag (M flag) in Router Advertisement (RA) messages. When the M flag is set to 1, hosts are instructed to use DHCPv6 (stateful DHCPv6) to obtain their IPv6 addresses, not SLAAC. Additionally, the DHCPv6 pool provides DNS server information, so hosts will use DHCPv6 for both addressing and other configuration parameters like DNS.

This matches option A.

Exam trap

Cisco often tests the distinction between the M flag (managed-config-flag) and the O flag (other-config-flag), where candidates mistakenly think the M flag only affects DNS or that SLAAC is still used for addressing when the M flag is set.

How to eliminate wrong answers

Option B is wrong because the `ipv6 nd managed-config-flag` sets the M flag to 1, which tells hosts to use DHCPv6 for addressing, not SLAAC; SLAAC is used when the M flag is 0 and the O flag (Other Configuration flag) may be set for DHCPv6-only DNS. Option C is wrong because a DHCPv6 pool does not require a domain-name to function; it can provide an address prefix and DNS server without a domain name, and the configuration will still work. Option D is wrong because the `ipv6 nd managed-config-flag` command is fully compatible with the DHCPv6 server configuration; it is designed to work together to signal hosts to use stateful DHCPv6.

32
MCQhard

A network engineer is troubleshooting a DHCPv4 relay scenario where clients on subnet 10.1.1.0/24 are unable to obtain IP addresses from a DHCP server at 192.168.1.10. The router interface Gi0/0 (10.1.1.1/24) has 'ip helper-address 192.168.1.10' configured. The engineer captures packets and sees DHCP DISCOVER messages sourced from 10.1.1.1 being sent to 192.168.1.10, but no replies are seen. The server is reachable via ping from the router. What is the most likely cause?

A.The DHCP server does not have a route to 10.1.1.0/24.
B.The DHCP server is not configured with a scope for subnet 10.1.1.0/24.
C.The 'ip helper-address' command should be configured on the server-facing interface, not the client-facing interface.
D.The router needs the 'ip dhcp relay information option' command.
AnswerB

Correct because if the server has no scope for the client subnet, it will ignore the DISCOVER message and not send any reply, even though the relayed packet reaches the server.

Why this answer

The DHCP server may not have a route back to the client subnet (10.1.1.0/24) or the server's default gateway does not have a route. The relay agent sets the gateway IP address (giaddr) to the interface IP (10.1.1.1), and the server sends the OFFER back to that giaddr. If the server cannot reach 10.1.1.1, the reply is lost.

However, the engineer confirms the server is reachable via ping, so the issue is likely that the server is not configured with a scope for the 10.1.1.0/24 subnet, causing it to drop the DISCOVER.

33
MCQmedium

Consider the following DHCPv6 configuration on router R2: ipv6 dhcp pool DHCP6_POOL dns-server 2001:db8::1 domain-name example.com ! interface GigabitEthernet0/0 ipv6 address 2001:db8:1::1/64 ipv6 dhcp server DHCP6_POOL ipv6 nd other-config-flag no shutdown What is the effect of this configuration?

A.Hosts on this subnet will use SLAAC to obtain their IPv6 address and then use DHCPv6 to get DNS and domain information.
B.Hosts will obtain both their IPv6 address and DNS information from the DHCPv6 pool.
C.The DHCPv6 pool is missing the address prefix, so it will not provide any configuration to clients.
D.The ipv6 nd other-config-flag command is ignored because the DHCPv6 server is configured on the interface.
AnswerA

The other-config-flag indicates that hosts should use SLAAC for addressing and DHCPv6 for additional parameters, which is stateless DHCPv6.

Why this answer

Option A is correct because the configuration uses the `ipv6 nd other-config-flag` command, which sets the 'Other Configuration' flag (O-flag) in Router Advertisement (RA) messages. This tells hosts to use Stateless Address Autoconfiguration (SLAAC) for their IPv6 address (based on the prefix in the RA) and then use DHCPv6 (stateless DHCPv6) only to obtain additional parameters like DNS server and domain name, as defined in the DHCPv6 pool.

Exam trap

Cisco often tests the distinction between the M-flag (stateful DHCPv6) and O-flag (stateless DHCPv6), and the trap here is that candidates confuse the `other-config-flag` with the `managed-config-flag`, leading them to incorrectly think DHCPv6 provides addresses when it only provides other parameters.

How to eliminate wrong answers

Option B is wrong because it describes stateful DHCPv6, where both the IPv6 address and other parameters are obtained from the DHCPv6 server; however, the `ipv6 nd other-config-flag` (O-flag) explicitly instructs hosts to use SLAAC for addressing, not DHCPv6 for addresses. Option C is wrong because a DHCPv6 pool does not require an `address prefix` for stateless DHCPv6; the pool only needs to provide options like DNS and domain name, and the prefix for SLAAC is advertised via Router Advertisements. Option D is wrong because the `ipv6 nd other-config-flag` command is not ignored; it is fully functional and works in conjunction with the DHCPv6 server configuration to signal stateless DHCPv6 to clients.

34
MCQeasy

A network engineer runs the following command on Router R1: R1# show ipv6 dhcp interface GigabitEthernet0/1 GigabitEthernet0/1 is in server mode Using pool: POOL6 Preference value: 0 Hint from client: ignored Rapid-Commit: disabled Based on this output, which statement is correct?

A.The interface is configured as a DHCPv6 client.
B.The interface is configured as a DHCPv6 server using pool POOL6.
C.The interface is using rapid-commit for faster address assignment.
D.The interface is in DHCPv6 relay mode.
AnswerB

Server mode with pool specified.

Why this answer

The command output explicitly states 'GigabitEthernet0/1 is in server mode' and 'Using pool: POOL6', which confirms that the interface is acting as a DHCPv6 server. The DHCPv6 server assigns IPv6 addresses and other configuration parameters from the specified pool to requesting clients.

Exam trap

Cisco often tests the ability to read the exact output of 'show ipv6 dhcp interface' and distinguish between server, client, and relay modes, where candidates may misinterpret 'server mode' as client mode or overlook the 'Rapid-Commit: disabled' line.

How to eliminate wrong answers

Option A is wrong because the output shows 'server mode', not client mode; a DHCPv6 client would show 'client mode' or 'in client mode'. Option C is wrong because the output shows 'Rapid-Commit: disabled', meaning rapid-commit is not enabled, so the interface is not using it for faster address assignment. Option D is wrong because the output does not indicate relay mode; a DHCPv6 relay interface would show 'relay mode' or similar, not 'server mode'.

35
MCQmedium

A network engineer is troubleshooting a DHCPv4 issue where a router configured as a DHCP server is not assigning addresses to clients on a subnet that is reachable via a different router (relay). The relay router (R2) has 'ip helper-address 10.1.1.1' on its client-facing interface, and the DHCP server is at 10.1.1.1 (R1). The engineer sees that R2 is sending DHCP DISCOVER messages with giaddr set to the client-facing interface IP, but R1 is not responding. R1 has a DHCP pool for the client subnet. The engineer pings 10.1.1.1 from R2 successfully. What is the most likely cause?

A.The DHCP server does not have a route to the client subnet (the giaddr subnet).
B.The relay agent R2 is missing the 'ip dhcp relay information option' command.
C.The DHCP pool on R1 is missing the 'default-router' command.
D.The 'ip helper-address' on R2 should point to the server's loopback address, not the interface IP.
AnswerA

Correct because the server sends the OFFER to the giaddr IP, which is on a different subnet; without a route back, the OFFER is lost.

Why this answer

The DHCP server may not have a route back to the client subnet (the giaddr subnet). Even though the server's interface IP is reachable, the server needs to send the OFFER to the giaddr (which is the relay agent's interface IP). If the server does not have a route to that subnet, the OFFER will be dropped.

The ping from R2 to R1 succeeds because R1's interface is directly connected, but the return traffic from R1 to the giaddr (which is on a different subnet) may fail if R1 does not have a route.

36
MCQmedium

A network engineer runs the following command to troubleshoot DHCPv6 relay on router R1: R1# debug ipv6 dhcp relay Output: IPv6 DHCP relay: Received SOLICIT message from FE80::1 on GigabitEthernet0/0 IPv6 DHCP relay: Forwarding SOLICIT to server 2001:DB8:2::1 via GigabitEthernet0/1 IPv6 DHCP relay: Received ADVERTISE message from server 2001:DB8:2::1 via GigabitEthernet0/1 IPv6 DHCP relay: Forwarding ADVERTISE to client FE80::1 via GigabitEthernet0/0 IPv6 DHCP relay: Received REQUEST message from FE80::1 on GigabitEthernet0/0 IPv6 DHCP relay: Forwarding REQUEST to server 2001:DB8:2::1 via GigabitEthernet0/1 IPv6 DHCP relay: Received REPLY message from server 2001:DB8:2::1 via GigabitEthernet0/1 IPv6 DHCP relay: Forwarding REPLY to client FE80::1 via GigabitEthernet0/0 What does this output indicate?

A.The DHCPv6 relay agent is not functioning because messages are not being forwarded.
B.The DHCPv6 relay agent is successfully forwarding messages between the client and server.
C.The DHCPv6 server is unreachable because no REPLY is received.
D.The DHCPv6 client is using a global unicast address as its link-local address.
AnswerB

The relay receives client messages, forwards them to the server, and forwards server responses back to the client.

Why this answer

The debug output shows a DHCPv6 relay agent successfully forwarding messages between a client and a server. The relay receives SOLICIT and REQUEST from the client on GigabitEthernet0/0 and forwards them to the server at 2001:DB8:2::1 via GigabitEthernet0/1, then forwards the ADVERTISE and REPLY back.

37
MCQmedium

A network engineer runs the following command to troubleshoot DHCPv6 address assignment on router R1: R1# show ipv6 dhcp binding Output: Client: FE80::21A:2BFF:FE3C:4D01 DUID: 0003000121A2B3C4D5E6 Username: unassigned VRF: default IA NA: IA ID 0x00040001, T1 302400, T2 483840 Address: 2001:DB8:1::100 Preferred lifetime 604800, valid lifetime 2592000 Expires at Mar 01 2025 12:00 PM (2592000 seconds) IA PD: IA ID 0x00040002, T1 302400, T2 483840 Prefix: 2001:DB8:1::/48 Preferred lifetime 604800, valid lifetime 2592000 Expires at Mar 01 2025 12:00 PM (2592000 seconds) What does this output indicate?

A.The DHCPv6 server has assigned only an IPv6 address to the client.
B.The DHCPv6 server has assigned both an IPv6 address and a prefix delegation to the client.
C.The DHCPv6 client is using stateless autoconfiguration (SLAAC) because no address is shown.
D.The DHCPv6 server has a pool with only one prefix available.
AnswerB

The IA NA section shows an address assignment, and the IA PD section shows a prefix delegation, both with lifetimes.

Why this answer

The show ipv6 dhcp binding command displays DHCPv6 bindings. This client has both a non-temporary address (IA NA) and a prefix delegation (IA PD). The address 2001:DB8:1::100 and prefix 2001:DB8:1::/48 are assigned with lifetimes.

38
MCQhard

A router configured as a DHCPv4 server uses a pool with 'bootfile' and 'next-server' options for PXE boot. Clients receive the DHCP offer with the correct bootfile, but they fail to download it. Which is the most likely explanation?

A.The 'next-server' is configured with a hostname, but the client does not have DNS resolution capabilities at boot time.
B.The 'bootfile' name is case-sensitive, and the client is requesting a different case.
C.The DHCP server is not configured with the 'option 150' for TFTP server.
D.The client's subnet does not have a route to the TFTP server, but the DHCP server cannot control that.
AnswerA

Correct: PXE clients typically cannot resolve hostnames; they need an IP address in the 'next-server' field.

Why this answer

The 'next-server' option specifies the TFTP server IP address. If the TFTP server is not reachable from the client's subnet, or if the client cannot route to it, the download fails. A subtle edge case is that the 'next-server' is set to a hostname instead of an IP address, and the client cannot resolve it.

39
Multi-Selecthard

Which TWO statements about DHCPv6 stateless autoconfiguration (SLAAC) are true? (Choose TWO.)

Select 2 answers
A.SLAAC requires the 'A' flag to be set in Router Advertisements.
B.When using SLAAC, DHCPv6 can still be used to provide DNS server information.
C.The 'M' flag in Router Advertisements must be set for SLAAC to operate.
D.The command 'ipv6 nd other-config-flag' sets the 'M' flag in Router Advertisements.
E.SLAAC can only be used on Ethernet interfaces.
AnswersA, B

Correct. The 'A' (autonomous) flag in the RA prefix information option indicates that hosts can use SLAAC to generate addresses from that prefix.

Why this answer

SLAAC allows hosts to generate their own IPv6 addresses using the prefix from Router Advertisements (RAs) and a modified EUI-64 or privacy extension. DHCPv6 can be used in stateless mode to provide additional information like DNS servers, but not addresses. The 'O' flag in RAs indicates that hosts should use DHCPv6 for other configuration parameters, while the 'M' flag indicates managed (stateful) DHCPv6.

The 'A' flag indicates that SLAAC is available. The 'ipv6 nd other-config-flag' command sets the 'O' flag, not the 'M' flag.

40
MCQmedium

Router R6 has the following DHCPv6 configuration: ipv6 dhcp pool DHCP6_POOL3 address prefix 2001:db8:3::/64 lifetime 3600 600 dns-server 2001:db8::1 ! interface GigabitEthernet0/2 ipv6 address 2001:db8:3::1/64 ipv6 dhcp server DHCP6_POOL3 ipv6 nd managed-config-flag no shutdown What is the effect of the lifetime parameters 3600 and 600?

A.The preferred lifetime is 3600 seconds and the valid lifetime is 600 seconds, which is invalid because the valid lifetime must be greater than or equal to the preferred lifetime.
B.The preferred lifetime is 600 seconds and the valid lifetime is 3600 seconds, which is a typical configuration.
C.The lifetimes are applied to the DNS server address, not the address prefix.
D.The configuration is valid and will work as expected.
AnswerA

Per RFC 4862, the valid lifetime must be greater than or equal to the preferred lifetime. A shorter valid lifetime is not allowed and will cause a configuration error.

Why this answer

Option A is correct because in the `ipv6 dhcp pool` configuration, the `lifetime` command specifies the preferred lifetime first (3600 seconds) and the valid lifetime second (600 seconds). According to RFC 4862, the valid lifetime must be greater than or equal to the preferred lifetime; otherwise, the configuration is invalid and will be rejected by the router. This mismatch causes the DHCPv6 pool to fail to apply the prefix.

Exam trap

The trap here is that Cisco tests whether candidates know the correct order of the preferred and valid lifetime parameters in the `lifetime` command, as many mistakenly assume the valid lifetime comes first or that the router will accept an invalid lifetime relationship.

How to eliminate wrong answers

Option B is wrong because it reverses the order of the lifetimes: the preferred lifetime is 3600 seconds (first value) and the valid lifetime is 600 seconds (second value), not the other way around. Option C is wrong because the `lifetime` command applies exclusively to the address prefix defined in the pool, not to the DNS server address; DNS server lifetimes are not configurable in this context. Option D is wrong because the configuration is invalid due to the valid lifetime being shorter than the preferred lifetime, so the router will not accept it and the DHCPv6 pool will not function as expected.

41
MCQeasy

Which DHCPv6 option carries the DNS recursive name server information?

A.Option 6 (Domain Name Server)
B.Option 23 (DNS Recursive Name Server)
C.Option 24 (Domain Search List)
D.Option 21 (SIP Server Domain Name)
AnswerB

Option 23 is the DHCPv6 option for DNS servers.

Why this answer

Option 23 (DNS Recursive Name Server) in DHCPv6 provides the list of DNS servers to clients, per RFC 3646.

42
MCQmedium

Router R3 has the following DHCP configuration: ip dhcp pool POOL2 network 10.10.10.0 255.255.255.0 default-router 10.10.10.1 dns-server 10.10.10.2 lease 7 ! interface GigabitEthernet0/0 ip address 10.10.10.1 255.255.255.0 ip dhcp relay information option no shutdown What is the problem with this configuration?

A.The relay information option should not be configured on the server interface; it is intended for relay agents and may cause DHCP packets to be dropped or misprocessed.
B.The lease duration of 7 days is invalid; valid lease values are in hours or minutes only.
C.The default-router address is missing the subnet mask, which will cause clients to receive an incomplete configuration.
D.The DNS server address is on the same subnet as the clients, which is not allowed.
AnswerA

The ip dhcp relay information option is meant for interfaces acting as DHCP relay agents. On a server interface, it can cause the server to add Option 82 to its own packets, leading to confusion or packet rejection.

Why this answer

The 'ip dhcp relay information option' command is intended for DHCP relay agents to insert Option 82 (Relay Agent Information) into DHCP packets. When configured on a DHCP server interface, it causes the server to expect and process Option 82, but since the server itself is not a relay agent, this can lead to malformed packets, dropped requests, or misprocessing of DHCP messages. In this scenario, R3 is acting as the DHCP server on GigabitEthernet0/0, so the command should be removed to ensure normal DHCP operation.

Exam trap

Cisco often tests the misconception that 'ip dhcp relay information option' is a generic DHCP feature that can be applied anywhere, when in fact it is strictly for relay agents and causes problems if enabled on a DHCP server interface.

How to eliminate wrong answers

Option B is wrong because the lease duration of 7 days is valid; Cisco IOS DHCP supports lease values in days, hours, or minutes (e.g., 'lease 7' means 7 days). Option C is wrong because the 'default-router' command does not require a subnet mask; the mask is derived from the 'network' statement, and clients receive the default gateway IP without a mask. Option D is wrong because there is no restriction preventing the DNS server from being on the same subnet as the clients; in fact, it is common and fully supported.

43
Multi-Selecthard

Which TWO configuration steps are required to enable a Cisco IOS router as a stateful DHCPv6 server for clients on interface GigabitEthernet0/0? (Choose TWO.)

Select 2 answers
A.Configure a DHCPv6 pool with the 'ipv6 dhcp pool POOL_NAME' command and define an address prefix.
B.Apply the DHCPv6 pool to the interface using 'ipv6 dhcp server POOL_NAME' under the interface configuration.
C.Configure the interface with 'ipv6 dhcp client POOL_NAME'.
D.Set the 'ipv6 nd managed-config-flag' on the interface.
E.Enable IPv6 on the interface with 'ipv6 enable'.
AnswersA, B

The pool defines the address range and parameters for stateful assignment.

Why this answer

Option A is correct because the 'ipv6 dhcp pool POOL_NAME' command creates a DHCPv6 pool, and defining an address prefix within that pool is required to specify the IPv6 addresses that the server can assign to clients. This is the fundamental step for configuring a stateful DHCPv6 server, as the pool holds the address allocation parameters.

Exam trap

Cisco often tests the distinction between server-side and client-side DHCPv6 commands, and the trap here is that candidates confuse 'ipv6 dhcp server' (server) with 'ipv6 dhcp client' (client) or think that enabling IPv6 on the interface alone is sufficient for DHCPv6 operation.

44
MCQhard

A network engineer is troubleshooting a DHCPv6 prefix delegation issue on router R1 and runs the following command: R1# debug ipv6 dhcp detail Output: IPv6 DHCP: Received SOLICIT message from FE80::21A:2BFF:FE3C:4D01 on GigabitEthernet0/0 IPv6 DHCP: Using interface pool DHCP_POOL IPv6 DHCP: Sending ADVERTISE message to FE80::21A:2BFF:FE3C:4D01 IPv6 DHCP: Received REQUEST message from FE80::21A:2BFF:FE3C:4D01 IPv6 DHCP: Client requests prefix 2001:DB8:1::/48 IPv6 DHCP: Prefix 2001:DB8:1::/48 not available in pool DHCP_POOL IPv6 DHCP: Sending REPLY message with Status Code NoPrefixAvail What does this output indicate?

A.The DHCPv6 client successfully received the prefix 2001:DB8:1::/48.
B.The DHCPv6 server has a pool configured but the requested prefix is not in that pool or is already allocated.
C.The DHCPv6 client is using a relay agent because the SOLICIT was received on a different interface.
D.The DHCPv6 server is configured with a stateless configuration because it sent an ADVERTISE without a prefix.
AnswerB

The server used pool DHCP_POOL but the prefix 2001:DB8:1::/48 is not available, likely because it is not included in the pool or is already assigned to another client.

Why this answer

The debug output shows a DHCPv6 client requesting a specific prefix delegation, but the server's pool does not have that prefix available. The server responds with a NoPrefixAvail status code, indicating the prefix cannot be assigned.

45
Multi-Selecthard

Which TWO statements about DHCPv6 rapid commit are true? (Choose TWO.)

Select 2 answers
A.The client includes the Rapid Commit option in the Solicit message to request rapid commit.
B.The server must be configured with the 'ipv6 dhcp server rapid-commit' command to honor rapid commit requests.
C.If the server does not support rapid commit, it sends a Reply message with an error code.
D.Rapid commit reduces the DHCPv6 exchange from six messages to four.
E.Rapid commit is enabled by default on Cisco IOS DHCPv6 servers.
AnswersA, B

Correct. The client sets the Rapid Commit option in the Solicit message to indicate that it wants a two-message exchange.

Why this answer

DHCPv6 rapid commit (RFC 3315) allows a two-message exchange (Solicit + Reply) instead of the normal four-message exchange (Solicit, Advertise, Request, Reply). The client indicates support by including a Rapid Commit option in the Solicit message. The server must also support and be configured for rapid commit.

If the server does not support it, it ignores the option and the client falls back to the normal four-message exchange. The 'ipv6 dhcp server rapid-commit' command enables rapid commit on the server. The client does not need explicit configuration; it includes the option automatically if it supports it.

46
MCQhard

An engineer configures DHCP snooping on a switch to prevent rogue DHCP servers. After enabling, legitimate DHCP clients on VLAN 10 cannot obtain addresses. The DHCP server is connected to a trusted port. The switch shows 'show ip dhcp snooping binding' with no entries. Which is the most likely explanation?

A.The DHCP server is on a different subnet, and no DHCP relay is configured; the switch only snoops broadcast traffic within the VLAN.
B.The trusted port is configured as an access port in VLAN 10, but the server is in VLAN 20.
C.The switch has 'ip dhcp snooping information option' disabled, preventing binding creation.
D.The DHCP server is using a different MAC address than expected, causing the switch to drop the packets.
AnswerA

Correct: DHCP snooping relies on seeing the DHCP packets. Without a relay, the server may not be reachable, or the packets may not traverse the switch.

Why this answer

DHCP snooping builds a binding database by snooping DHCPACK messages. If the switch does not see the DHCPACK (e.g., due to asymmetric routing or the server responding on a different VLAN), no bindings are created. A common edge case is that the DHCP server is on a different subnet and the relay agent is not configured, so the DHCP requests are broadcast and not forwarded.

47
MCQhard

A router is configured as a DHCPv6 client on an interface using 'ipv6 address dhcp'. The router receives a valid IPv6 address from the server, but the address is not used for outgoing traffic. Which is the most likely explanation?

A.The router has a static IPv6 address configured on the same interface, and the DHCP-assigned address is not preferred for source selection.
B.The DHCPv6 server assigned a temporary address (IA_TA) instead of a non-temporary address (IA_NA).
C.The router's 'ipv6 unicast-routing' is disabled.
D.The DHCP-assigned address is in a different subnet than the default gateway.
AnswerA

Correct: If a static address is present, the router may use it as the source, especially if it is in the same subnet as the destination.

Why this answer

When a router uses 'ipv6 address dhcp', it requests a non-temporary address (IANA). However, the router may also have a link-local address and possibly a static address. The source address selection for outgoing traffic is based on the destination and the routing table.

If the router has a static global unicast address configured, it may prefer that over the DHCP-assigned address. A common edge case is that the DHCP-assigned address is not preferred due to the 'ipv6 dhcp client' command not setting the address as the primary.

48
MCQmedium

A network engineer is troubleshooting a DHCPv4 issue on a Cisco router configured as a DHCP server. Clients on VLAN 10 are unable to obtain IP addresses. The engineer verifies that the DHCP pool is correctly configured and that the router interface facing the clients has 'ip helper-address 192.168.1.1' pointing to the DHCP server. However, the DHCP server is on a different subnet and the router's interface is in a VRF. The DHCP DISCOVER messages are not reaching the server. What is the most likely cause?

A.The DHCP pool is missing the 'default-router' command.
B.The router needs the 'ip dhcp relay information option' command to insert Option 82.
C.The 'ip helper-address' command must be configured under the interface with the VRF name using 'ip helper-address vrf <vrf-name> <server-ip>'.
D.The DHCP server is not configured with a scope for the client subnet.
AnswerC

Correct because when the interface is in a VRF, the helper address must specify the VRF to ensure the DHCP broadcast is forwarded into the correct routing table.

Why this answer

The DHCP relay agent (the router) must be configured to forward DHCP broadcasts across VRFs using the 'ip helper-address vrf <name>' command, otherwise the packets are dropped because the interface is in a VRF and the helper address is not VRF-aware.

49
Drag & Dropmedium

Drag and drop the steps to configure a DHCP pool and relay agent on a Cisco router into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

First, you must define the DHCP pool with a name and network. Then, you set the default router and DNS server. Next, you exclude any addresses from the pool.

Finally, you enable the DHCP relay agent on the interface facing clients to forward requests to the DHCP server.

50
Multi-Selecthard

Which TWO actions will prevent a Cisco IOS router from acting as a DHCPv4 server for a specific VLAN? (Choose TWO.)

Select 2 answers
A.Configure 'no ip dhcp server' under the interface associated with the VLAN.
B.Configure 'ip dhcp excluded-address' for the entire subnet of the VLAN.
C.Disable DHCP snooping on the VLAN using 'no ip dhcp snooping vlan <vlan-id>'.
D.Configure 'ip dhcp relay information trusted' on the interface.
E.Use the global command 'no service dhcp'.
AnswersA, C

Correct. This command disables the DHCP server functionality on that specific interface, preventing it from responding to DHCP requests on that VLAN.

Why this answer

To prevent a router from offering DHCP services on a VLAN, you can either disable DHCP snooping on that VLAN (if snooping is enabled globally) or use the 'no ip dhcp server' command under the interface. Alternatively, you can configure the interface with 'ip dhcp relay information trusted' but that does not prevent server operation. The 'ip dhcp excluded-address' command only excludes specific addresses from the pool, not entire VLANs.

The 'service dhcp' command globally enables or disables DHCP, not per-VLAN.

51
MCQhard

An engineer configures DHCPv6 prefix delegation on a Cisco router acting as a requesting client. The router receives a valid IA_PD prefix from the server, but no route for the delegated prefix appears in the routing table. Which is the most likely explanation?

A.DHCPv6 prefix delegation automatically installs a connected route; the issue is a missing 'ipv6 route' command to point the prefix to the DHCP-learned next-hop.
B.The router's 'ipv6 dhcp client pd' command does not install a route; the engineer must manually configure a static route for the delegated prefix.
C.The DHCPv6 server must also send a route option; the requesting client cannot install a route without it.
D.The router's 'ipv6 unicast-routing' is disabled, preventing route installation.
AnswerB

Correct: DHCPv6 PD only assigns the prefix to an interface; no route is created. A static route or dynamic routing is needed.

Why this answer

DHCPv6 prefix delegation does not automatically install a route for the delegated prefix. The engineer must configure a static route or use a routing protocol to advertise the prefix. This is a common oversight.

52
MCQhard

An engineer is troubleshooting a DHCPv6 stateful (DHCPv6) deployment. The router is configured as a DHCPv6 server with a pool for prefix 2001:db8:2::/64. Clients on the LAN are configured to use DHCPv6, but they are not receiving IPv6 addresses. The router interface has 'ipv6 address 2001:db8:2::1/64' and 'ipv6 dhcp server DHCP_POOL'. The engineer sees that the clients are sending SOLICIT messages, but the router sends no REPLY. What is the issue?

A.The interface is missing the 'ipv6 nd managed-config-flag' command.
B.The DHCPv6 pool is missing the 'address prefix 2001:db8:2::/64' command.
C.The router needs the 'ipv6 dhcp relay' command on the interface.
D.The 'ipv6 unicast-routing' command is missing globally.
AnswerB

Correct because without an address prefix in the pool, the DHCPv6 server has no addresses to assign and will not send a REPLY to SOLICIT messages.

Why this answer

For stateful DHCPv6, the router must also send Router Advertisements with the 'M' (Managed) flag set to indicate that clients should use DHCPv6. Without the 'ipv6 nd managed-config-flag' command, clients may not request addresses via DHCPv6, or the server may not respond appropriately. However, the symptom says clients are sending SOLICIT messages, so they are attempting DHCPv6.

The router is not replying, which could be due to a misconfigured pool or the server not being enabled. The most likely cause is that the DHCPv6 pool does not have an 'address prefix' statement, so the server has no addresses to assign.

53
MCQeasy

A network engineer runs the following command to verify DHCPv4 server conflict detection on router R1: R1# show ip dhcp conflict Output: IP address Detection method Detection time VRF 192.168.1.50 Ping Mar 01 2025 10:00 AM default 192.168.1.75 Gratuitous ARP Mar 01 2025 11:00 AM default What does this output indicate?

A.The DHCP server has detected two IP address conflicts on the network.
B.The DHCP server has successfully assigned IP addresses 192.168.1.50 and 192.168.1.75.
C.The DHCP server uses only ping to detect conflicts.
D.The DHCP server has cleared all conflicts from the database.
AnswerA

Two IP addresses are listed with detection methods and times, indicating conflicts.

Why this answer

The show ip dhcp conflict command displays IP addresses that were found to be already in use on the network. Two conflicts are shown: one detected by ping, another by gratuitous ARP. These addresses are removed from the pool and not assigned until cleared.

54
MCQmedium

In DHCPv6, what is the purpose of the 'managed-config-flag' in Router Advertisement messages?

A.It indicates that hosts should use DHCPv6 to obtain their IPv6 address and other configuration parameters.
B.It indicates that hosts should use SLAAC for addressing and DHCPv6 for other configuration only.
C.It indicates that the router is a DHCPv6 server.
D.It indicates that hosts should use only stateless address autoconfiguration.
AnswerA

The M flag signals stateful DHCPv6, where hosts get both addresses and other info from a DHCPv6 server.

Why this answer

The 'managed-config-flag' (M flag) in Router Advertisement (RA) messages, as defined in RFC 3315 and RFC 4861, tells hosts to use stateful DHCPv6 for both IPv6 address assignment and other configuration parameters (e.g., DNS servers). When set to 1, hosts must use DHCPv6 to obtain their IPv6 address, overriding SLAAC for addressing. This flag is part of the RA's prefix information option and directly controls whether hosts perform stateful or stateless address configuration.

Exam trap

Cisco often tests the distinction between the M flag and the O flag, and the trap here is confusing the 'managed-config-flag' (for addressing + other config) with the 'other-config-flag' (for other config only), leading candidates to incorrectly select option B.

How to eliminate wrong answers

Option B is wrong because it describes the 'other-config-flag' (O flag), not the managed-config-flag; the O flag indicates hosts should use SLAAC for addressing and DHCPv6 for other configuration only. Option C is wrong because the managed-config-flag does not indicate that the router is a DHCPv6 server; it is a directive to hosts, and the router sending the RA may or may not be a DHCPv6 server itself. Option D is wrong because it describes the behavior when both the M and O flags are set to 0, meaning hosts should use only stateless address autoconfiguration (SLAAC) without DHCPv6.

55
MCQmedium

In DHCPv6, what is the purpose of the SOLICIT message?

A.To request a renewal of an existing lease
B.To confirm a previously allocated prefix
C.To discover available DHCPv6 servers
D.To release an IP address
AnswerC

SOLICIT is the initial discovery message in DHCPv6.

Why this answer

The SOLICIT message is sent by a DHCPv6 client to locate DHCPv6 servers, similar to DHCPDISCOVER in DHCPv4, as per RFC 8415.

56
Multi-Selecthard

Which TWO statements about DHCPv4 option 82 are true? (Choose TWO.)

Select 2 answers
A.Option 82 is inserted by the DHCP client to identify itself to the server.
B.The relay agent must be configured with the 'ip dhcp relay information option' command to insert option 82.
C.The DHCP server can use option 82 to select an IP address from a specific pool based on the circuit ID.
D.Option 82 is only supported in DHCPv6.
E.The 'ip dhcp relay information trusted' command must be configured on the relay agent to insert option 82.
AnswersB, C

Correct. This command enables the relay agent to add option 82 to DHCP packets before forwarding them to the server.

Why this answer

DHCP option 82 (Relay Agent Information) is used by DHCP relay agents to insert information about the client's location (e.g., circuit ID, remote ID). It helps DHCP servers assign IP addresses based on the client's network location. The relay agent must be configured to add option 82.

The server can use this information to assign addresses from different pools. Option 82 is not used by the client; it is inserted by the relay agent. The 'ip dhcp relay information option' command enables option 82 insertion on the relay agent.

57
MCQmedium

Examine the following DHCP configuration on router R1: ip dhcp excluded-address 192.168.1.1 192.168.1.10 ! ip dhcp pool POOL1 network 192.168.1.0 255.255.255.0 default-router 192.168.1.1 dns-server 8.8.8.8 lease 0 2 30 ! interface GigabitEthernet0/0 ip address 192.168.1.1 255.255.255.0 ip helper-address 192.168.2.2 no shutdown What is the effect of this configuration?

A.Clients on the 192.168.1.0/24 subnet will receive IP addresses from the local DHCP pool, and the ip helper-address will forward DHCP requests to 192.168.2.2, causing duplicate offers.
B.The ip helper-address command will be ignored because the router is the DHCP server for that subnet.
C.The excluded-address range is misconfigured because it includes the router's own interface IP, which will prevent the router from functioning.
D.The DHCP pool will not assign addresses because the network statement does not match the interface subnet exactly.
AnswerA

The local DHCP server will respond to requests, but the helper address will also forward broadcasts to the remote server, leading to duplicate DHCP offers and potential address conflicts.

Why this answer

Option A is correct because the router R1 is configured as a DHCP server for the 192.168.1.0/24 subnet via the local pool POOL1, and the ip helper-address 192.168.2.2 on the same interface will forward broadcast DHCP requests from clients to the remote DHCP server at 192.168.2.2. This results in both the local pool and the remote server offering IP addresses, leading to duplicate offers on the subnet.

Exam trap

Cisco often tests the misconception that a router acting as a DHCP server on an interface will automatically suppress the ip helper-address relay function, but in reality, both processes operate independently, leading to duplicate offers.

How to eliminate wrong answers

Option B is wrong because the ip helper-address command is not ignored when the router is also a DHCP server; it still forwards DHCP broadcasts to the specified server, causing potential duplicate offers. Option C is wrong because the excluded-address range includes the router's own interface IP (192.168.1.1), but this is valid and does not prevent the router from functioning; it simply prevents the DHCP pool from assigning that address. Option D is wrong because the network statement 192.168.1.0 255.255.255.0 exactly matches the interface subnet 192.168.1.0/24, so the pool will assign addresses correctly.

58
MCQmedium

An engineer is troubleshooting a DHCPv4 issue where a Cisco router acting as a DHCP client on interface Gi0/0 is not receiving an IP address from an ISP modem. The router has 'ip address dhcp' on the interface. The engineer sees that the interface is up/up, but no IP address is assigned. Debug shows that the router is sending DHCP DISCOVER messages but receives no OFFER. The ISP modem is known to work with other devices. What is the most likely cause?

A.The router needs the 'ip dhcp client broadcast-flag' command.
B.The router is sending the client identifier as the MAC address in a non-standard format; the modem expects the client identifier to be the MAC address only.
C.The router's interface is in a VRF, and the DHCP client needs VRF awareness.
D.The ISP modem requires DHCP Option 82 to be present.
AnswerB

Correct because Cisco routers by default send the client identifier as the MAC address with a type byte (0x01), while some modems expect only the MAC address; configuring 'ip dhcp client client-id' with the correct format resolves the issue.

Why this answer

The router is sending DHCP DISCOVER messages but receiving no OFFER, indicating the ISP modem is ignoring the requests. By default, Cisco routers send the client identifier in DHCP packets as a concatenation of the hardware type (1 for Ethernet) and the MAC address (e.g., '0100.1122.3344'). Many ISP modems expect the client identifier to be just the MAC address (without the hardware type prefix), or they may not use client identifier matching at all.

The 'ip dhcp client client-id' command can be used to override this behavior, making the router send only the MAC address as the client identifier, which resolves the incompatibility.

Exam trap

Cisco often tests the subtle default behavior of the DHCP client identifier format, where candidates assume the MAC address alone is sent, but the router prepends a hardware type byte, causing incompatibility with non-Cisco servers.

How to eliminate wrong answers

Option A is wrong because the 'ip dhcp client broadcast-flag' command forces the DHCP server to send replies as broadcasts, but the issue is that no OFFER is received at all, not that the reply is unicast and not processed. Option C is wrong because if the interface were in a VRF, the DHCP client would need VRF awareness (via 'ip vrf forwarding' under the interface), but the debug shows DISCOVER messages are being sent, and the interface is up/up, so VRF misconfiguration would typically prevent sending or receiving DHCP messages, not cause the modem to ignore valid DISCOVERs. Option D is wrong because DHCP Option 82 (Relay Agent Information) is typically inserted by a DHCP relay agent, not by a DHCP client; the ISP modem as a DHCP server does not require Option 82 from a directly connected client, and the absence of Option 82 would not cause the server to ignore DISCOVER messages.

59
MCQmedium

A network engineer runs the following command to verify DHCPv4 server statistics on router R1: R1# show ip dhcp server statistics Output: Memory usage: 12345 Address pools: 2 Database agents: 0 Automatic bindings: 150 Manual bindings: 5 Expired bindings: 10 Malformed messages: 0 Message Received BOOTREQUEST 0 DHCPDISCOVER 200 DHCPREQUEST 180 DHCPDECLINE 2 DHCPRELEASE 5 DHCPINFORM 10 What does this output indicate?

A.The DHCP server has 150 active automatic bindings and 5 manual bindings.
B.The DHCP server has received 200 DHCPREQUEST messages.
C.The DHCP server has 10 malformed messages, indicating a configuration issue.
D.The DHCP server has 2 database agents configured.
AnswerA

The output shows 'Automatic bindings: 150' and 'Manual bindings: 5', indicating the number of active leases.

Why this answer

The show ip dhcp server statistics command provides counts of various DHCP messages and bindings. Here, 200 DISCOVERs were received but only 180 REQUESTs, indicating some clients did not proceed after the OFFER. There are 150 automatic bindings and 5 manual (static) bindings.

60
Multi-Selecthard

Which TWO statements about DHCP IPv6 (DHCPv6) operation are true? (Choose TWO.)

Select 2 answers
A.DHCPv6 servers listen on UDP port 547.
B.Stateless DHCPv6 is used to provide DNS server information to clients that obtain their IPv6 address via SLAAC.
C.DHCPv6 can only be used in stateless mode.
D.DHCPv6 uses UDP ports 67 and 68, just like DHCPv4.
E.DHCPv6 relies on ARP to discover DHCPv6 servers.
AnswersA, B

DHCPv6 uses UDP port 547 for server communication.

Why this answer

DHCPv6 servers listen on UDP port 547, while DHCPv6 clients use UDP port 546. This is defined in RFC 3315 and is a key distinction from DHCPv4, where servers listen on port 67 and clients on port 68. The server uses port 547 to receive requests from clients, ensuring proper separation of DHCPv6 traffic.

Exam trap

Cisco often tests the misconception that DHCPv6 uses the same UDP ports as DHCPv4 (67/68) or that it can only run in stateless mode, leading candidates to incorrectly select options D or C.

61
MCQeasy

A network engineer is troubleshooting a DHCPv4 issue where clients on a subnet are getting IP addresses from the correct pool, but they cannot reach the default gateway. The router is configured as a DHCP server with pool 'POOL' that includes 'default-router 192.168.1.1'. The router's interface IP is 192.168.1.1/24. Clients receive the address and default gateway, but pings to 192.168.1.1 fail. What is the most likely cause?

A.The DHCP pool has the wrong subnet mask.
B.The router interface Gi0/0 is administratively down.
C.The 'ip helper-address' command is interfering with DHCP.
D.The clients have a static ARP entry for the gateway.
AnswerB

Correct because if the interface is down, the router cannot respond to ARP requests or pings from clients, even though DHCP assignments are still possible (the server process runs independently).

Why this answer

If the router's interface is up and has the correct IP, but clients cannot ping the gateway, the issue is often that the interface is in a different VLAN or the clients are on a different broadcast domain. However, the most common misconfiguration is that the 'default-router' command points to an IP that is not actually configured on the router's interface, or the interface is down. Given that the symptom is specific to the gateway, the likely cause is that the interface is shut down or has a different IP.

62
MCQhard

A network engineer is troubleshooting a DHCPv4 issue where a router configured as a DHCP server is not assigning addresses from a pool to clients on a specific VLAN. The pool is configured with 'network 10.1.1.0 255.255.255.0' and 'default-router 10.1.1.1'. The router's interface Gi0/0.10 (subinterface) has encapsulation dot1Q 10 and IP 10.1.1.1/24. Clients send DISCOVER messages, but the router does not respond. The engineer notices that the router has multiple DHCP pools configured. What is the most likely cause?

A.The DHCP pool is configured under a VRF, but the interface is not in that VRF.
B.The subinterface is missing the 'ip helper-address' command.
C.The 'ip dhcp server' command is missing globally.
D.The encapsulation dot1Q 10 is misconfigured, causing the router to not receive broadcasts.
AnswerA

Correct because if the pool is defined with 'vrf <name>', it will only respond to DHCP requests on interfaces belonging to that VRF; the subinterface is not in any VRF, so the pool is ignored.

Why this answer

The router has multiple DHCP pools configured, and the pool for VLAN 10 is likely bound to a VRF. When a DHCP pool is configured under a VRF, the router only responds to DHCP DISCOVER messages received on interfaces that belong to that same VRF. Since the subinterface Gi0/0.10 is not in the VRF, the router ignores the client broadcasts, even though the IP address and subnet match the pool.

Exam trap

Cisco often tests the VRF-aware DHCP concept by presenting a scenario where a DHCP server has multiple pools and clients are not getting addresses, leading candidates to incorrectly suspect missing helper addresses or global DHCP commands, when the real issue is a VRF mismatch between the pool and the interface.

How to eliminate wrong answers

Option B is wrong because the 'ip helper-address' command is used to forward DHCP broadcasts to a remote DHCP server, not to enable a local DHCP server to respond; the router is acting as the DHCP server itself, so this command is unnecessary. Option C is wrong because the global 'ip dhcp server' command does not exist in Cisco IOS; DHCP server functionality is enabled by default when a pool is configured, and the correct global command is 'service dhcp' (which is enabled by default). Option D is wrong because the encapsulation dot1Q 10 is correctly configured for the subinterface to receive VLAN 10 traffic; if it were misconfigured, the router would not receive any frames from that VLAN, but the question states clients send DISCOVER messages, implying the router receives them.

63
Drag & Dropmedium

Drag and drop the steps to verify and validate DHCP (IPv4 and IPv6) operational state into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

Start by checking the DHCP pool utilization and bindings. Then, verify that clients have received addresses from the correct pool. Next, confirm that the DHCP relay agent is forwarding packets.

After that, validate DHCPv6 prefix delegation if used. Finally, ensure that the DHCP server is not running out of addresses.

64
MCQmedium

An engineer is troubleshooting an IPv6 deployment where hosts on a subnet are not receiving IPv6 addresses via SLAAC. The router is configured with 'ipv6 unicast-routing' and the interface has 'ipv6 address 2001:db8:1::1/64' and 'ipv6 nd other-config-flag'. The hosts are sending Router Solicitations but receive no Router Advertisements. What is the root cause?

A.The interface is missing the 'ipv6 enable' command.
B.The 'ipv6 nd ra suppress' command is configured on the interface.
C.The 'ipv6 nd prefix' command is missing for the subnet.
D.The hosts are using DHCPv6 instead of SLAAC.
AnswerB

Correct because this command suppresses Router Advertisements, preventing hosts from receiving RAs even though the interface has an IPv6 address.

Why this answer

For SLAAC to work, the router must send Router Advertisements (RAs). The 'ipv6 nd other-config-flag' only sets the 'O' flag for additional information (like DNS), but does not enable RA generation. The interface must have an 'ipv6 enable' command or a configured unicast address to automatically enable RA generation, but here the address is configured, so RA generation should be on by default.

However, the 'ipv6 nd prefix' command may be missing or the interface may be administratively down. The most common cause is that the interface is not 'no shutdown' or the RA interval is set to 0. Given the symptom, the likely cause is that the interface is in a state where RAs are suppressed, such as when 'ipv6 nd ra suppress' is configured.

65
MCQeasy

Which DHCP message type is used by a client to renew its lease before it expires?

A.DHCPREQUEST
B.DHCPDISCOVER
C.DHCPACK
D.DHCPRELEASE
AnswerA

The client uses DHCPREQUEST to renew its lease, sent unicast to the DHCP server.

Why this answer

When a DHCP client wants to renew its existing lease before it expires, it sends a unicast DHCPREQUEST message directly to the DHCP server that originally granted the lease. This is part of the renewal process defined in RFC 2131, where the client transitions from the BOUND state to the RENEWING state and uses the server's IP address to request an extension of the lease time.

Exam trap

Cisco often tests the distinction between the unicast DHCPREQUEST used for lease renewal and the broadcast DHCPREQUEST used during the initial DORA process, leading candidates to mistakenly think DHCPDISCOVER is involved in renewal.

How to eliminate wrong answers

Option B (DHCPDISCOVER) is wrong because it is used by a client to locate available DHCP servers when it has no current lease or is starting from the INIT state, not for renewing an existing lease. Option C (DHCPACK) is wrong because it is a server-to-client response that acknowledges and grants the lease or renewal, not a message sent by the client. Option D (DHCPRELEASE) is wrong because it is used by a client to voluntarily relinquish its IP address lease to the server, not to renew it.

66
MCQmedium

What is the default DHCPv4 renewal time (T1) as a percentage of the lease time?

A.25%
B.50%
C.75%
D.87.5%
AnswerB

T1 is 50% of the lease time per RFC 2131.

Why this answer

RFC 2131 specifies that T1 defaults to 50% of the lease time, at which the client attempts to renew the lease.

67
MCQmedium

A network engineer runs the following command on Router R1: R1# show ip dhcp binding Bindings from all pools not associated with VRF: IP address Client-ID/ Lease expiration Type Hardware address/ User name 192.168.1.10 0063.6973.636f.2e30. Mar 01 2020 12:00 AM Automatic 3030.3030.2e30.3030 312e.3130.3030.2e30 3030.312d.4574.682d 302f.31 192.168.1.11 0063.6973.636f.2e30. Mar 01 2020 12:00 AM Automatic 3030.3030.2e30.3030 312e.3130.3030.2e30 3030.312d.4574.682d 302f.31 Based on this output, which statement is correct?

A.The DHCP server is functioning correctly with two unique bindings.
B.The DHCP server has a duplicate client-id issue, likely caused by two clients using the same client identifier.
C.The DHCP server has run out of addresses in the pool.
D.The DHCP server is not assigning addresses because the lease time is set to 0.
AnswerB

The hex client-id is identical for both bindings, indicating a duplicate.

Why this answer

The output shows two DHCP bindings with identical client identifiers (the long hexadecimal string). This indicates that two clients are using the same client-ID, which violates RFC 2131 and causes the DHCP server to treat them as the same client, leading to duplicate address assignments or conflicts. Option B correctly identifies this duplicate client-id issue.

Exam trap

Cisco often tests the distinction between a duplicate client-ID and a normal DHCP binding, where candidates mistakenly assume two different IP addresses mean two unique clients, ignoring the identical client-ID field in the output.

How to eliminate wrong answers

Option A is wrong because the DHCP server is not functioning correctly; it has two bindings with the same client-ID, which indicates a misconfiguration or duplicate client identifier, not a healthy state. Option C is wrong because there is no evidence of address exhaustion; the pool still has addresses available (only two bindings are shown, and no 'out of addresses' message appears). Option D is wrong because the lease expiration is set to 'Mar 01 2020 12:00 AM', which is a valid date, not a lease time of 0; a lease time of 0 would show 'Infinite' or '0' explicitly, not a specific date.

Ready to test yourself?

Try a timed practice session using only DHCP (IPv4 and IPv6) questions.