CCNA Network Protocols Questions

30 questions · Network Protocols · All types, answers revealed

1
MCQhard

A technician is configuring a network for a branch office that will use a router to connect to the main office over the internet. The connection must be encrypted and authenticated to ensure data privacy. Which protocol should the technician configure on the router?

A.IPsec
B.SSL/TLS
C.PPTP
D.L2TP
AnswerA

IPsec encrypts and authenticates IP packets, providing a secure tunnel between routers over the internet.

Why this answer

This scenario tests knowledge of IPsec, a suite of protocols used for secure VPN connections. IPsec provides encryption and authentication for IP packets, making it suitable for site-to-site VPNs over the internet.

2
MCQmedium

During a network security audit, a technician finds that an employee is using a protocol that allows remote control of a computer with full graphical interface but without encryption. Which protocol should be replaced with a more secure alternative?

A.RDP
B.SSH
C.Telnet
D.FTP
AnswerA

RDP allows graphical remote control; if not configured with encryption, it is insecure and should be replaced with an encrypted version or alternative.

Why this answer

This question tests knowledge of RDP, which provides remote desktop access. Unencrypted RDP is a security risk; it should be replaced with RDP over TLS or a VPN.

3
MCQeasy

During a network upgrade, a technician installs a new wireless access point. Users on the new AP can access local resources but cannot browse the internet. The technician verifies that the AP has a valid IP address and can ping an external website by IP address. Which protocol is most likely misconfigured?

A.DNS
B.DHCP
C.ICMP
D.ARP
AnswerA

DNS translates domain names to IP addresses; if the AP or its clients have incorrect DNS server settings, browsing by name fails even though IP connectivity exists.

Why this answer

This scenario tests DNS configuration. Being able to ping by IP address confirms IP connectivity, so the failure to browse is likely due to DNS not resolving domain names correctly.

4
MCQeasy

A user complains that they cannot access any websites, but they can ping other devices on the local network by IP address. The network uses DHCP and DNS servers. Which protocol is most likely failing?

A.DHCP
B.DNS
C.HTTP
D.ICMP
AnswerB

DNS resolves domain names; if it fails, web browsing by name fails while local IP connectivity works.

Why this answer

This scenario isolates a DNS failure: local IP communication works, but name resolution fails. DNS translates domain names to IP addresses, so if it fails, web browsing by name will not work while local IP pings succeed.

5
MCQmedium

A network administrator notices that a managed switch is not reporting its status to the central monitoring system. The monitoring system uses a protocol that collects device information such as CPU load and interface errors. Which protocol is most likely not configured on the switch?

A.SNMP
B.SSH
C.HTTP
D.ICMP
AnswerA

SNMP is the standard protocol for collecting device statistics and status information from network devices.

Why this answer

This scenario tests knowledge of SNMP (Simple Network Management Protocol), which is used to monitor and manage network devices. SNMP agents on devices send data to a management system; if not configured, the device won't report.

6
MCQmedium

A technician is setting up a new web server that must be accessible from the internet using HTTPS. The server is behind a firewall that performs port forwarding. After configuration, external users cannot reach the server, but internal users can. Which protocol and port combination must be forwarded to the server?

A.TCP 80
B.UDP 443
C.TCP 443
D.TCP 3389
AnswerC

HTTPS uses TCP port 443, so forwarding this port allows secure web access from the internet.

Why this answer

HTTPS uses TCP port 443 by default. For external users to access the web server, the firewall must forward incoming traffic on port 443 to the server's internal IP address. Internal access works because it doesn't go through the firewall's external interface, so the issue is likely a missing or incorrect port forward for port 443.

7
MCQmedium

A technician is troubleshooting a user's laptop that cannot obtain an IP address via DHCP. The laptop shows an Automatic Private IP Addressing (APIPA) address of 169.254.x.x. Other devices on the same network obtain IPs correctly. Which protocol should the technician verify is functioning on the laptop?

A.DNS
B.ARP
C.DHCP
D.ICMP
AnswerC

DHCP is responsible for assigning IP addresses; its failure results in an APIPA address.

Why this answer

APIPA addresses indicate that the DHCP client failed to get a response from a DHCP server. The DHCP protocol is used to automatically assign IP addresses. Since other devices work, the issue is likely on the laptop's DHCP client or its network stack, not the server.

Verifying that the DHCP client service is running and that the network adapter is configured to obtain an IP automatically is key.

8
MCQeasy

During a network upgrade, a technician needs to ensure that all devices on a small office LAN receive IP addresses automatically from a central server. Which protocol must be running on that server?

A.DNS
B.HTTP
C.DHCP
D.FTP
AnswerC

DHCP is the protocol used to automatically assign IP addresses and other network settings to clients.

Why this answer

This question tests the fundamental role of DHCP in automatic IP address assignment. DHCP (Dynamic Host Configuration Protocol) is the standard protocol for dynamically assigning IP addresses, subnet masks, default gateways, and other network parameters to clients.

9
MCQhard

A company deploys a new file server that uses SMB protocol for file sharing. Users on Windows 10 can connect to the server, but users on older Windows 7 machines cannot. The server is configured to require SMB 3.0 encryption. Which protocol version mismatch is causing the issue?

A.The server requires SMB 1.0, which Windows 7 does not support by default.
B.The server requires SMB 2.0, which Windows 7 does not support.
C.The server requires SMB 3.0, which Windows 7 does not support.
D.The server requires SMB 3.1.1, which Windows 10 also does not support.
AnswerC

SMB 3.0 is not supported on Windows 7, so the client cannot meet the server's encryption requirement.

Why this answer

SMB 3.0 introduced encryption and other features not supported by older SMB versions. Windows 7 typically uses SMB 2.1 by default, which cannot negotiate SMB 3.0 encryption. The server's requirement for SMB 3.0 encryption prevents Windows 7 clients from connecting, as they lack support for that version.

10
MCQmedium

During a network upgrade, a technician configures a new VoIP phone to use a dedicated VLAN for voice traffic. After connecting the phone to a switch port configured for voice VLAN, the phone powers on but cannot register with the call manager. The switch port is set to trunk mode. Which protocol is essential for the phone to obtain its VLAN assignment?

A.STP
B.CDP
C.RSTP
D.VTP
AnswerB

CDP advertises VLAN information to Cisco phones, allowing them to automatically use the correct voice VLAN.

Why this answer

VoIP phones often use CDP (Cisco Discovery Protocol) or LLDP (Link Layer Discovery Protocol) to receive voice VLAN information from a switch. In this scenario, the switch port is in trunk mode, but without CDP/LLDP, the phone won't know which VLAN to use for voice traffic. CDP is Cisco-proprietary and commonly used in such environments to dynamically assign the voice VLAN.

11
MCQmedium

A user reports that their email client can receive messages but cannot send any. The email server settings are correct, and the user can connect to the internet. The firewall is blocking outbound traffic on certain ports. Which protocol and port combination is likely blocked?

A.POP3 on port 110
B.IMAP on port 143
C.SMTP on port 25
D.HTTPS on port 443
AnswerC

SMTP on port 25 is used for sending email; blocking it prevents outgoing messages while receiving works.

Why this answer

Email sending typically uses SMTP on port 25 (or port 587 for submission). If the firewall blocks outbound traffic on port 25, the email client cannot send messages, but receiving (using POP3 or IMAP) remains unaffected. This is a common security measure to prevent spam, but it can interfere with legitimate email sending.

12
MCQeasy

A technician is setting up a new file server and needs to ensure that users can access shared folders using a friendly name like \\fileserver\share instead of an IP address. Which protocol must be configured correctly on the network?

A.DNS
B.DHCP
C.SMB
D.HTTP
AnswerA

DNS resolves the hostname 'fileserver' to its IP address, allowing users to use friendly names.

Why this answer

This question tests knowledge of DNS, which resolves hostnames to IP addresses. Without DNS, users would have to use IP addresses to access network resources.

13
MCQhard

A network administrator configures a router to use OSPF for dynamic routing between two branch offices. After configuration, routes from one office are not appearing in the other's routing table. Both offices can ping each other's directly connected interfaces. Which protocol issue is most likely preventing route exchange?

A.The routers are using different OSPF area IDs.
B.The routers are using different OSPF process IDs.
C.Multicast is not being forwarded between the routers.
D.The routers have mismatched subnet masks on their interfaces.
AnswerC

OSPF relies on multicast for neighbor discovery and route exchange; blocking multicast prevents this.

Why this answer

OSPF uses multicast addresses (224.0.0.5 and 224.0.0.6) to exchange routing information. If the network does not support multicast or if multicast is blocked by access lists or switch configurations, OSPF neighbors cannot form and routes are not exchanged. Since direct pings work, unicast connectivity is fine, but multicast is required for OSPF.

14
MCQmedium

A company deploys a new web server and wants to ensure that data transmitted between clients and the server is encrypted. The technician configures the server to use a certificate. Which protocol should be enabled on the server?

A.HTTPS
B.HTTP
C.FTP
D.SSH
AnswerA

HTTPS uses TLS/SSL to encrypt data between client and server, and requires a certificate.

Why this answer

This scenario tests knowledge of HTTPS, which is HTTP over TLS/SSL for encrypted communication. Using a certificate is a key part of setting up HTTPS.

15
MCQhard

A company's remote employees use VPN to connect to the office network. Recently, some users report that they can connect to the VPN but cannot browse the internet or access internal servers by name, though they can ping internal IP addresses. The VPN is configured to push DNS settings. Which protocol is likely misconfigured on the VPN server?

A.DHCP
B.DNS
C.IPsec
D.SSL/TLS
AnswerB

DNS is responsible for name resolution; if the VPN server does not push correct DNS servers, name resolution fails.

Why this answer

This scenario isolates a DNS issue within a VPN connection. If users can ping internal IPs but not resolve names, the VPN server's DNS configuration (likely using DHCP over VPN or DNS forwarding) is failing. The protocol involved is DNS, which the VPN should push to clients.

16
MCQeasy

A user complains that they can browse the internet but cannot access network shares on a file server by hostname, though they can access them by IP address. The DNS server is responding to queries for other domains. Which protocol is most likely malfunctioning?

A.HTTP
B.NetBIOS
C.DHCP
D.ARP
AnswerB

NetBIOS resolves hostnames to IP addresses in local networks; its failure explains why hostnames fail but IPs work.

Why this answer

The ability to access shares by IP address but not by hostname indicates a name resolution problem. Since DNS works for other domains, the issue is likely with NetBIOS name resolution, which is used in Windows networks to resolve computer names to IP addresses. NetBIOS over TCP/IP (NBT) or LLMNR could be failing, but NetBIOS is the traditional protocol for this in local networks.

17
MCQhard

A technician is troubleshooting a network where users can access internal resources but cannot reach any external websites. The internal network uses a proxy server. The technician finds that the proxy server is configured to use a specific protocol to forward requests to the internet. Which protocol is the proxy server most likely using to communicate with external web servers?

A.FTP
B.DNS
C.HTTP
D.SNMP
AnswerC

HTTP is the protocol used by proxy servers to forward web requests to external servers.

Why this answer

This question tests understanding of proxy servers and HTTP/HTTPS forwarding. A proxy server typically uses HTTP or HTTPS to forward client requests to external web servers, acting as an intermediary. The scenario implies the proxy is working internally but failing externally, pointing to the protocol used for external communication.

18
MCQmedium

A company's web server is accessible from the internet, but users report that they cannot upload files to it using a web browser. The server is configured to allow file uploads via HTTP. Which protocol is most likely being blocked by the firewall?

A.HTTPS
B.FTP
C.HTTP
D.SMTP
AnswerC

HTTP uses port 80 and is commonly used for web uploads; if blocked, uploads fail while the server may still be reachable via HTTPS.

Why this answer

This scenario tests understanding of HTTP vs HTTPS and common firewall rules. HTTP uses port 80 for web traffic, and if uploads are failing while the server is reachable, the issue may be that the firewall is blocking HTTP traffic while allowing HTTPS (port 443) or vice versa.

19
MCQeasy

A customer reports that their new VoIP phone cannot register with the company's call server, but their computer on the same switch port works fine. The network uses VLANs for voice and data traffic. Which protocol must be configured on the switch port to separate the voice traffic from the data traffic?

A.DHCP
B.802.1Q
C.DNS
D.ARP
AnswerB

802.1Q is the VLAN tagging protocol used to mark frames for different VLANs, enabling voice and data to share a port.

Why this answer

This question tests knowledge of VLAN tagging protocols used to separate voice and data traffic on a single switch port. IEEE 802.1Q is the standard VLAN tagging protocol that allows multiple VLANs to share the same physical link, which is essential for VoIP deployments where a phone and PC share a port.

20
MCQhard

A technician is troubleshooting a network where users intermittently lose connectivity to a critical database server. The technician notices that the server's IP address is being duplicated on the network. Which protocol is responsible for detecting and reporting this conflict?

A.ARP
B.DHCP
C.ICMP
D.DNS
AnswerA

ARP resolves IP to MAC; a duplicate IP causes ARP table instability, and some systems use ARP probes to detect conflicts.

Why this answer

This question tests knowledge of ARP, which is used to map IP addresses to MAC addresses. When an IP address conflict occurs, ARP may show multiple MAC addresses for the same IP, and some operating systems or network devices can detect and report this via ARP.

21
MCQeasy

A small office uses a network printer that is shared via a print server. Users report that print jobs are not reaching the printer. The technician pings the print server successfully but cannot connect to the printer's web interface using its IP address. Which protocol is most likely blocked or malfunctioning?

A.HTTP
B.TCP
C.UDP
D.SNMP
AnswerA

The web interface typically uses HTTP or HTTPS; if this protocol is blocked or the service is down, the interface becomes unreachable despite network connectivity.

Why this answer

This question tests understanding of the HTTP/HTTPS protocol used for accessing device management interfaces. Successful ping indicates IP connectivity, so the issue is likely with the application layer protocol (HTTP) used for the web interface.

22
MCQmedium

A technician is troubleshooting a VoIP phone that cannot register with the call server. The phone has a valid IP address and can ping the call server by IP. Which protocol is most likely not functioning correctly?

A.SIP
B.RTP
C.DHCP
D.DNS
AnswerA

SIP is used to register VoIP phones with the call server; if SIP is blocked or misconfigured, registration fails.

Why this answer

This question tests knowledge of SIP, the protocol used for VoIP call setup and registration. Successful ping shows IP connectivity, so the issue is at the application layer with SIP registration.

23
MCQeasy

A customer reports that their new all-in-one printer can scan and copy locally, but they cannot send scanned documents to their email address. The printer is connected to the office network and can ping other devices. Which protocol is most likely misconfigured on the printer?

A.FTP
B.IMAP
C.SMTP
D.SNMP
AnswerC

SMTP is the protocol used to send outgoing email, making it the likely misconfigured protocol here.

Why this answer

The scenario describes a printer that can perform local functions but fails to send scanned documents via email, which typically uses SMTP (Simple Mail Transfer Protocol) for outgoing mail. Since the printer can ping other devices, basic network connectivity is working, pointing to a higher-layer protocol issue. SMTP is the standard protocol for sending email, so its misconfiguration would prevent email delivery.

24
MCQmedium

A small office has a single public IP address and uses a router to provide internet access to 20 devices. Users report that some websites load slowly or time out, while others work fine. The router's NAT table shows many entries. Which protocol is most likely being exhausted, causing these intermittent issues?

A.DNS
B.DHCP
C.NAT
D.ICMP
AnswerC

NAT table exhaustion prevents new outbound connections, causing timeouts for some sites while others work.

Why this answer

NAT (Network Address Translation) uses a translation table to map private IPs to a public IP. If the table fills up due to many simultaneous connections, new connections may fail or time out. This is a common issue in small offices with limited NAT resources, leading to intermittent access problems.

25
MCQeasy

A customer reports that their new laptop cannot connect to the internet at a coffee shop, but their smartphone works fine. The technician checks the laptop's network settings and sees the Wi-Fi adapter is enabled and connected to the correct SSID. Which protocol is most likely not configured correctly on the laptop?

A.DNS
B.DHCP
C.HTTP
D.ARP
AnswerB

DHCP automatically assigns IP configuration; if the laptop's DHCP client is disabled or misconfigured, it won't get a usable IP address, causing no internet.

Why this answer

This scenario tests knowledge of the DHCP protocol, which automatically assigns IP addresses, subnet masks, gateways, and DNS servers. Without a properly configured DHCP client, the laptop may connect to the Wi-Fi but fail to obtain a valid IP address, preventing internet access.

26
MCQhard

A technician is setting up a new file server that needs to be accessible to employees both from the local network and remotely over the internet. The server will host shared folders. Which protocol should the technician ensure is properly configured and secured on the server for file access?

A.FTP
B.SMB
C.NFS
D.HTTP
AnswerB

SMB is the native Windows file sharing protocol, used for accessing shared folders over a network.

Why this answer

This question tests knowledge of file sharing protocols. SMB (Server Message Block) is the standard protocol for Windows file sharing, used both locally and over VPN/internet (with proper security). NFS is for Unix/Linux, FTP is less secure, and HTTP is for web files.

27
MCQmedium

A user reports that their email client cannot send messages but can receive them. The technician verifies that the email server is reachable and that the user's credentials are correct. Which protocol is most likely misconfigured in the email client?

A.SMTP
B.POP3
C.IMAP
D.HTTP
AnswerA

SMTP is used for outgoing mail; if its server address, port, or authentication settings are wrong, sending fails.

Why this answer

This scenario tests knowledge of SMTP, the protocol used for sending email. Receiving email typically uses POP3 or IMAP, so a sending issue points to SMTP configuration.

28
MCQhard

A technician is configuring a network printer for secure printing using IPsec. After enabling IPsec on the printer and the print server, print jobs fail to reach the printer. The technician can ping the printer from the server. Which protocol negotiation step is most likely failing?

A.The printer is not responding to ARP requests.
B.The IPsec security association (SA) is not being established due to IKE failure.
C.The printer's TCP/IP stack is misconfigured.
D.The print server is using the wrong port number.
AnswerB

IKE negotiates SAs; failure here prevents IPsec from securing traffic, causing print jobs to fail.

Why this answer

IPsec requires both endpoints to agree on security associations (SAs) using Internet Key Exchange (IKE). If IKE negotiation fails—due to mismatched authentication methods, encryption algorithms, or certificates—IPsec will not establish, and traffic will be dropped. Pings work because ICMP may be allowed by default, but IPsec-secured traffic is blocked without proper SAs.

29
MCQmedium

A user reports that they can send emails but cannot receive any. The email client is configured with SMTP for outgoing and POP3 for incoming. The server is reachable. Which port is most likely blocked on the firewall for the incoming mail protocol?

A.Port 25
B.Port 110
C.Port 443
D.Port 53
AnswerB

Port 110 is the default port for POP3, used for receiving email; if blocked, incoming mail fails.

Why this answer

This question tests knowledge of default ports: POP3 uses port 110 (or 995 for SSL). If sending works (SMTP on port 25/587) but receiving fails, the firewall likely blocks port 110 (POP3) or 995.

30
MCQmedium

A technician is configuring a new email server for a small business. Employees need to send and receive email from their desktop clients (Outlook) and also access email via a web browser. Which combination of protocols should the technician configure on the server to support both client types?

A.SMTP, POP3, and HTTP
B.FTP, SMTP, and DNS
C.IMAP, SNMP, and HTTPS
D.DHCP, SMTP, and POP3
AnswerA

SMTP sends email, POP3 receives it on clients, and HTTP provides webmail access.

Why this answer

This question tests knowledge of email protocols: SMTP for sending, POP3/IMAP for receiving, and HTTP/HTTPS for webmail. The correct combination is SMTP (for sending from clients) and either POP3 or IMAP (for receiving), plus HTTP/HTTPS for web access.

Ready to test yourself?

Try a timed practice session using only Network Protocols questions.