CCNA Network Configuration Concepts Questions

30 questions · Network Configuration Concepts topic · All types, answers revealed

1
MCQhard

A technician is troubleshooting a network where users on one floor cannot access a server on another floor. Both floors are connected via a single fiber optic link. The technician checks the link and sees the switch port shows 'err-disabled' status. What is the most likely cause of this state?

A.The fiber cable is damaged
B.A duplex mismatch exists between the switches
C.Port security has been violated
D.The VLAN configuration is incorrect
AnswerC

Port security violations, such as exceeding the maximum MAC addresses, cause the switch to disable the port and place it in err-disabled state.

Why this answer

An 'err-disabled' state on a switch port typically occurs due to a port security violation, such as too many MAC addresses detected, or a loop detection mechanism like BPDU guard. This indicates a security or configuration issue that disabled the port automatically.

2
MCQhard

A technician is troubleshooting a network where users report intermittent connectivity. The technician finds that the switch logs show excessive CRC errors on multiple ports connected to different workstations. What is the most likely cause of these errors?

A.The switch is configured with the wrong VLAN assignments
B.The workstations have duplicate IP addresses
C.The Ethernet cables are run too close to power cables
D.The switch firmware is outdated
AnswerC

Electromagnetic interference from power cables can corrupt data signals, leading to CRC errors on multiple ports.

Why this answer

This question tests understanding of network errors and their causes. CRC errors indicate data corruption during transmission, often due to physical layer issues like faulty cabling, electromagnetic interference, or damaged connectors. Since multiple ports are affected, a common cabling problem is likely.

3
MCQmedium

During a network upgrade, a technician needs to connect two switches that are 120 meters apart using a copper Ethernet cable. The cable run must support 1 Gbps speeds. Which cable type and configuration should be used?

A.Cat 5e crossover cable
B.Cat 6a straight-through cable
C.Cat 6 crossover cable
D.Cat 5e straight-through cable
AnswerB

Cat 6a supports 1 Gbps beyond 100 meters (up to 100 meters at 10 Gbps, but for 1 Gbps it can reach slightly farther with good installation; 120 meters is acceptable with quality cable), and straight-through works with modern switches.

Why this answer

Cat 6a supports 10 Gbps up to 100 meters and is backward compatible with 1 Gbps. For switch-to-switch connections, a straight-through cable is used because modern switches have auto-MDIX, or the ports are already wired for straight connections.

4
MCQmedium

A technician is setting up a new VoIP phone system. To ensure voice quality, they need to prioritize voice traffic over data traffic on the network. Which QoS configuration method should be implemented?

A.Set the VoIP phones to use a static IP address
B.Configure DSCP markings on the VoIP traffic
C.Enable VLAN tagging on the switch ports
D.Use a crossover cable between the phone and switch
AnswerB

DSCP marks packets with a priority level (e.g., EF for voice), enabling network devices to treat them with higher priority than data traffic.

Why this answer

DSCP (Differentiated Services Code Point) is a Layer 3 QoS method that marks packets with priority values, allowing routers and switches to prioritize voice traffic. It is commonly used for VoIP to ensure low latency and jitter.

5
MCQeasy

A small office uses a single router with four LAN ports. The manager wants to connect 12 wired devices and ensure they can all communicate with each other without purchasing a new router. Which network device should be added to the existing setup?

A.Hub
B.Router
C.Switch
D.Repeater
AnswerC

A switch provides additional Ethernet ports and intelligently forwards frames only to the intended device, making it ideal for expanding a LAN.

Why this answer

A switch expands the number of available ports on a LAN, allowing more devices to connect and communicate locally. Routers connect different networks, while hubs are less efficient and repeaters only extend signal distance.

6
MCQmedium

A user reports that their computer cannot connect to a network share. The technician runs ipconfig and sees an IP address of 169.254.1.5. What is the most likely cause?

A.The DNS server is not resolving the share name
B.The network cable is unplugged or faulty
C.The DHCP server is unavailable or unreachable
D.The user's account does not have permission to access the share
AnswerC

When a DHCP server cannot be contacted, Windows automatically assigns an APIPA address in the 169.254.x.x range.

Why this answer

This question tests understanding of Automatic Private IP Addressing (APIPA). An address in the 169.254.x.x range indicates that the device could not reach a DHCP server and assigned itself a link-local address. The cause is likely a DHCP server issue or network connectivity problem preventing DHCP discovery.

7
MCQeasy

A small office has a single router with four LAN ports. The network uses 192.168.1.0/24. A new printer is assigned a static IP of 192.168.1.256. What will happen when the printer is connected?

A.The printer will work but only with devices that have a static IP
B.The printer will automatically obtain a valid IP via DHCP
C.The printer will not be able to communicate on the network
D.The printer will cause an IP address conflict with the router
AnswerC

192.168.1.256 is outside the valid 0-255 range, so the printer will have no network connectivity.

Why this answer

This question tests knowledge of IP address ranges and valid addresses. The address 192.168.1.256 is invalid because octets in IPv4 are limited to 0-255. The printer will not communicate on the network.

8
MCQmedium

A user complains that their laptop frequently disconnects from the Wi-Fi when they move to a different room, but other devices in that room work fine. The technician checks the laptop's wireless adapter settings. Which configuration is most likely causing the issue?

A.The SSID is hidden
B.The wireless mode is set to 802.11a only
C.Power saving mode is enabled on the wireless adapter
D.The channel width is set to 40 MHz
AnswerC

Power saving can cause the adapter to drop the connection to conserve battery, especially when signal fluctuates, leading to disconnections.

Why this answer

Power saving mode can cause the wireless adapter to reduce power or disconnect to save battery, especially when signal strength changes. This often results in intermittent disconnections when moving.

9
MCQeasy

A small office has a single router with four LAN ports. The network uses the 192.168.1.0/24 subnet, and the router's LAN IP is 192.168.1.1. A technician needs to add a new printer that must have a static IP address outside the DHCP range (192.168.1.100-192.168.1.200) but still be reachable by all devices. Which IP address should the technician assign to the printer?

A.192.168.1.150
B.192.168.1.50
C.10.0.0.50
D.192.168.2.50
AnswerB

This address is within the subnet (1-254) but outside the DHCP pool (100-200), making it a safe static assignment.

Why this answer

A static IP must be within the same subnet as the network but outside the DHCP pool to avoid conflicts. The subnet is 192.168.1.0/24, so valid addresses range from 192.168.1.1 to 192.168.1.254, with the router at .1 and DHCP pool from .100 to .200. Addresses like .50 are outside the pool and within the subnet.

10
MCQmedium

A technician is setting up a new wireless network for a small office. The office has three access points (APs) that should allow seamless roaming. The technician configures all APs with the same SSID and security settings. What additional configuration is necessary to prevent clients from staying connected to a weak signal?

A.Set each AP to a different channel to avoid interference
B.Enable WPA3 encryption on all APs
C.Configure the APs with different SSIDs for each AP
D.Adjust the minimum RSSI value on each AP
AnswerD

Minimum RSSI settings cause the AP to disconnect clients with weak signals, forcing them to associate with a stronger AP, enabling proper roaming.

Why this answer

This question tests knowledge of wireless roaming and signal management. To prevent sticky clients, the technician should adjust the minimum RSSI (Received Signal Strength Indicator) settings on the APs so that clients are disconnected when the signal is weak, encouraging them to roam to a stronger AP.

11
MCQeasy

A technician is configuring a new wireless router for a home office. The customer wants to ensure that guests can access the internet but cannot see other devices on the main network. Which feature should the technician enable on the router?

A.MAC address filtering
B.Port forwarding
C.Guest network
D.WPS (Wi-Fi Protected Setup)
AnswerC

Enabling a guest network creates a separate VLAN that isolates guest traffic, meeting the customer's requirement.

Why this answer

A guest network creates a separate SSID and VLAN that isolates guest traffic from the main network, allowing internet access while preventing access to local devices. This is a common feature on modern routers for security and privacy.

12
MCQhard

A network administrator needs to segment traffic between the accounting and HR departments to prevent unauthorized access, while still allowing both to reach the internet. The company uses a single managed switch and a router. Which configuration approach meets these requirements?

A.Create two separate subnets and connect each department to a different physical switch
B.Configure VLANs on the switch and set up a trunk port to the router with subinterfaces
C.Assign static IPs to all devices and enable MAC address filtering on the switch
D.Use a firewall between the two departments and disable inter-VLAN routing
AnswerB

VLANs isolate traffic, and the trunk with subinterfaces (router-on-a-stick) allows the router to route between VLANs and to the internet.

Why this answer

VLANs logically separate network traffic on the same switch, allowing different departments to be isolated. A trunk port carries multiple VLANs to the router, which can route between them and to the internet using a router-on-a-stick configuration.

13
MCQmedium

A technician is configuring a small network with five computers and a printer. The network must use private IP addresses and allow all devices to communicate. The technician assigns IPs manually but forgets to set a default gateway on one computer. Which functionality will be lost on that computer?

A.Ability to communicate with the printer
B.Ability to access the internet
C.Ability to obtain an IP address via DHCP
D.Ability to resolve DNS names
AnswerB

Without a default gateway, the computer cannot send packets to destinations outside its own subnet, so internet access is lost.

Why this answer

The default gateway is required for routing traffic to other networks, such as the internet. Without it, the computer can still communicate with devices on the same subnet (local LAN) but cannot reach external networks.

14
MCQeasy

A user reports that their laptop cannot connect to the internet, but other devices on the same wired network work fine. The technician checks the IP configuration and sees the laptop has an IP address of 169.254.3.12. What is the most likely cause?

A.The DNS server is unreachable
B.The DHCP server is not responding
C.The default gateway is misconfigured
D.The network cable is faulty
AnswerB

APIPA addresses are assigned when DHCP fails, so the most likely cause is that the DHCP server is unreachable or not functioning.

Why this answer

An IP address in the 169.254.x.x range indicates that the device failed to obtain an address from a DHCP server, resulting in Automatic Private IP Addressing (APIPA). This typically points to a DHCP server issue or network connectivity problem preventing DHCP communication.

15
MCQeasy

A customer reports that their laptop connects to the office Wi-Fi but cannot access the internet. Other devices on the same network work fine. The technician checks the laptop's IP configuration and sees an IP address of 169.254.15.22. What is the most likely cause of this issue?

A.The DNS server is misconfigured.
B.The laptop's network adapter is faulty.
C.The DHCP server is out of available IP addresses.
D.The laptop's DHCP client is failing to obtain an IP address.
AnswerD

The 169.254 address is a self-assigned APIPA address, which occurs when the DHCP client cannot contact the DHCP server. This is the correct diagnosis.

Why this answer

An IP address starting with 169.254 indicates that the device was unable to obtain an IP address from a DHCP server, so it assigned itself an Automatic Private IP Addressing (APIPA) address. This typically means the DHCP server is unreachable or not responding, but since other devices work, the issue is likely with the laptop's DHCP request failing.

16
MCQhard

A network administrator is configuring a small business network with two subnets: 192.168.1.0/24 for employees and 192.168.2.0/24 for guests. The router has two LAN interfaces with IPs 192.168.1.1 and 192.168.2.1. A technician connects a new access point to the guest subnet switch and configures it with a static IP of 192.168.2.50. The access point can ping the router's guest interface but cannot reach the internet. The router's default route points to an ISP modem at 203.0.113.1. What is the most likely missing configuration?

A.The access point's default gateway is set to 192.168.1.1.
B.NAT is not enabled for the 192.168.2.0/24 subnet on the router.
C.The access point has a duplicate IP address.
D.The ISP modem is blocking traffic from the guest subnet.
AnswerB

Without NAT, the router will not translate private IPs from the guest subnet to the public IP, so traffic cannot reach the internet. The employee subnet works because NAT is likely enabled for it.

Why this answer

The access point can reach the router's guest interface, but not the internet. This suggests the router is not performing NAT for the guest subnet, or the router lacks a route back from the ISP modem. Typically, for internet access, the router must have NAT enabled for the guest subnet, and the ISP modem must have a route back to the guest subnet.

Since the employee subnet works, the router likely has NAT for 192.168.1.0/24 but not for 192.168.2.0/24.

17
MCQmedium

During a network upgrade, a technician replaces an old 10/100 Mbps switch with a new gigabit switch. After the change, several users report that their internet connection is slow. The technician checks the switch and sees that some ports show 100 Mbps instead of 1000 Mbps. What is the most likely cause?

A.The switch ports are configured for half-duplex
B.The Ethernet cables are Cat5 instead of Cat5e or Cat6
C.The connected devices have 10/100 Mbps NICs
D.The switch has a faulty power supply causing reduced performance
AnswerC

If the client NIC only supports 100 Mbps, the switch will negotiate to that speed, resulting in slower performance than gigabit.

Why this answer

This question tests understanding of Ethernet speed negotiation. When a device's NIC only supports 100 Mbps, the switch will auto-negotiate down to that speed. The slow speed is due to the client's hardware limitation, not the switch.

18
MCQmedium

A technician is troubleshooting a connectivity issue where a user's computer can ping the default gateway but cannot access a web server at 203.0.113.50. The technician runs a tracert and sees that the first hop responds, but subsequent hops time out. What is the most likely cause?

A.The default gateway is down.
B.The web server is offline.
C.A router along the path is misconfigured or dropping packets.
D.The user's computer has a duplicate IP address.
AnswerC

The first hop works, but subsequent hops timing out indicates a routing issue beyond the local network, likely a misconfigured router or firewall blocking traffic.

Why this answer

Tracert shows the path packets take to a destination. If the first hop (default gateway) responds but later hops time out, it suggests a routing issue beyond the local network, such as a misconfigured router or a firewall blocking ICMP. The fact that the gateway is reachable rules out local connectivity problems.

19
MCQeasy

A customer reports that their laptop connects to the office Wi-Fi but cannot access the internet. Other devices on the same network work fine. What is the most likely cause of this issue?

A.The laptop's DNS server address is set to a public DNS like 8.8.8.8
B.The laptop's default gateway address is incorrect
C.The laptop's IP address is set to a static address in the same subnet as the router
D.The office Wi-Fi network is using a different SSID than expected
AnswerB

A wrong default gateway prevents the device from sending traffic outside its local subnet, which is exactly what is described.

Why this answer

This question tests understanding of common network configuration issues. A mismatched gateway address is the most likely cause because the device can connect locally but cannot route traffic to the internet. Incorrect DNS or IP address conflicts usually cause different symptoms.

20
MCQmedium

A company's network uses a /24 subnet mask. The IT manager asks a technician to configure a new server with a static IP address of 192.168.1.300. The technician knows this is invalid. What is the reason this IP address cannot be used?

A.The address is outside the private IP range.
B.The address is a broadcast address.
C.The address is a network address.
D.The octet value 300 exceeds the maximum of 255.
AnswerD

Each octet in an IPv4 address must be between 0 and 255. 300 is invalid, so the address cannot be used.

Why this answer

IPv4 addresses are 32-bit numbers, and each octet ranges from 0 to 255. The value 300 exceeds the maximum of 255, making the address invalid. This is a fundamental concept in IP addressing.

21
MCQeasy

A user complains that their desktop computer cannot connect to any network shares, but they can access the internet. The technician pings the file server by IP address successfully, but pinging by hostname fails. Which network configuration issue is most likely causing this problem?

A.The DHCP server is not assigning a default gateway.
B.The subnet mask is incorrect.
C.The DNS server is not resolving local hostnames.
D.The file server has a firewall blocking ICMP.
AnswerC

Since IP pings work but hostname pings fail, the DNS server is not providing the correct A record for the file server, causing the resolution failure.

Why this answer

Successful ping by IP but failure by hostname indicates that the computer cannot resolve the server's name to an IP address. This points to a DNS issue, as DNS is responsible for translating hostnames to IP addresses. The internet access suggests the DNS server is reachable but may not have the correct records for the local server.

22
MCQeasy

A user wants to connect a new laptop to a wired network that uses 802.1X authentication. What must be configured on the laptop to ensure successful network access?

A.A static IP address in the same subnet as the network
B.The correct SSID and wireless security key
C.Valid 802.1X credentials (username and password or certificate)
D.A crossover cable to connect to the switch
AnswerC

802.1X requires authentication credentials to gain access to the network; without them, the port will not forward traffic.

Why this answer

This question tests knowledge of network authentication methods. 802.1X requires a username and password (or certificate) to authenticate to the network, typically via RADIUS. Without proper credentials, the switch port will remain blocked.

23
MCQmedium

A company's web server is accessible from the internal network but not from the internet. The server has a static IP of 192.168.1.10. The firewall is configured to allow HTTP and HTTPS traffic. What is the most likely missing configuration?

A.The server's default gateway is set to the firewall's LAN IP
B.The firewall's NAT is disabled
C.Port forwarding rules are not configured on the firewall
D.The server has a public IP address assigned
AnswerC

Without port forwarding, the firewall does not know which internal device should receive incoming traffic on ports 80/443, so external requests are dropped.

Why this answer

Port forwarding directs external requests to a specific internal IP address. Without it, the firewall blocks inbound connections even if the server is reachable internally.

24
MCQhard

A company's IT policy requires that all network traffic from the guest Wi-Fi be isolated from the internal corporate network. The guest network uses a separate SSID and VLAN. Which additional configuration is necessary to ensure complete isolation?

A.Enable DHCP snooping on the guest VLAN
B.Configure a router-on-a-stick with subinterfaces
C.Implement an ACL that denies traffic from the guest VLAN to the corporate VLAN
D.Set the guest network to use a different subnet mask
AnswerC

An ACL on the router or Layer 3 switch can block all traffic from the guest VLAN to the corporate VLAN, ensuring isolation.

Why this answer

Access Control Lists (ACLs) on the router or firewall can block traffic between VLANs. Even with separate VLANs, inter-VLAN routing must be explicitly denied to prevent guest devices from reaching the corporate network.

25
MCQmedium

A network administrator is configuring a new firewall to allow remote employees to securely access internal resources. The requirement is to encrypt all traffic between the remote client and the internal network. Which protocol should be used?

A.SSL/TLS
C.L2TP
AnswerB

IPsec is a standard protocol suite for secure IP communications by encrypting and authenticating each IP packet in a VPN tunnel.

Why this answer

This question tests knowledge of VPN protocols and their purposes. IPsec is a suite of protocols that provides encryption and authentication for VPN connections, making it the correct choice for secure remote access. Other options like SSL/TLS are used for web traffic, and L2TP alone does not provide encryption.

26
MCQhard

A technician is troubleshooting a slow network connection for a user. The user's computer has an IP address of 192.168.1.100, subnet mask 255.255.255.0, and default gateway 192.168.1.1. The technician runs a ping to the gateway and gets replies with times around 2ms. However, pinging a server at 192.168.1.200 results in times over 500ms. The technician checks the switch and finds that the port for the user's computer is set to 10 Mbps half-duplex, while the computer's NIC is set to auto-negotiation. What is the most likely cause of the high latency?

A.The server at 192.168.1.200 is overloaded.
B.The user's computer has a faulty network cable.
C.There is a duplex mismatch between the switch port and the NIC.
D.The default gateway is misconfigured.
AnswerC

The switch port is set to 10 Mbps half-duplex, while the NIC is auto-negotiating. This often results in a mismatch where the NIC runs at half-duplex, causing collisions and high latency.

Why this answer

A mismatch in duplex and speed settings between the switch port and the NIC can cause performance issues. When one side is set to a fixed speed/duplex and the other is set to auto-negotiation, the auto side may fail to negotiate correctly, often resulting in half-duplex operation and high error rates, leading to high latency. The switch port is manually set to 10 Mbps half-duplex, while the NIC is auto-negotiating, likely resulting in a mismatch.

27
MCQmedium

A company has a network with multiple VLANs. A user in VLAN 10 cannot access a server in VLAN 20, but other users in VLAN 10 can access the server. The technician checks the switch configuration and finds that the port for the user is set to access mode for VLAN 10. What should be configured to allow this user to reach the server?

A.Change the user's port to trunk mode
B.Configure a static route on the user's computer
C.Enable inter-VLAN routing on the router or Layer 3 switch
D.Assign the user's port to VLAN 20
AnswerC

Inter-VLAN routing allows traffic to pass between different VLANs; without it, devices in separate VLANs cannot communicate.

Why this answer

This question tests understanding of VLAN routing. Devices in different VLANs require a router or Layer 3 switch to communicate. The access port is correctly configured for VLAN 10, but inter-VLAN routing must be enabled on the router or switch.

28
MCQhard

A company deploys a new VoIP system. Users report that calls drop frequently. The network uses a single flat subnet with no QoS configured. The technician monitors traffic and sees high bandwidth utilization during peak hours. What is the most effective solution to improve call quality?

A.Increase the bandwidth of the internet connection
B.Replace all switches with managed switches and enable QoS
C.Change all VoIP phones to use static IP addresses
D.Disable DHCP on the network to reduce broadcast traffic
AnswerB

Managed switches with QoS can prioritize VoIP traffic, reducing latency and jitter, which directly improves call quality.

Why this answer

This question tests knowledge of Quality of Service (QoS) and network segmentation. VoIP traffic is sensitive to latency and jitter. Implementing QoS prioritizes voice traffic over other data, ensuring call quality even during high utilization.

VLANs can also help by separating voice and data traffic.

29
MCQmedium

A user reports that their laptop can connect to the corporate Wi-Fi but cannot access any network resources. The technician checks the IP configuration and sees an IP address of 192.168.1.105 with a subnet mask of 255.255.255.0 and a default gateway of 192.168.1.1. The technician pings the gateway successfully but cannot ping a server at 192.168.2.10. What is the most likely issue?

A.The laptop's DNS server is misconfigured.
B.The server at 192.168.2.10 is offline.
C.The default gateway does not have a route to the 192.168.2.0 subnet.
D.The laptop's subnet mask is incorrect.
AnswerC

The laptop can reach its own gateway, but the gateway must have a route to forward traffic to the 192.168.2.x network. Without that route, packets are dropped.

Why this answer

The laptop can ping its own gateway (192.168.1.1) but not a server on a different subnet (192.168.2.10). This indicates that the gateway is reachable, but routing between subnets is failing. The default gateway may not have a route to the 192.168.2.x network, or the server's gateway is not configured to route back.

30
MCQmedium

A technician is setting up a new office network with 50 devices. The network must support growth up to 100 devices. The technician chooses a subnet mask of 255.255.255.0. How many usable host addresses does this subnet provide?

A.254
B.255
C.256
D.128
AnswerA

With a /24 subnet, there are 256 addresses total, minus 2 for network and broadcast, leaving 254 usable host addresses.

Why this answer

A subnet mask of 255.255.255.0 (or /24) provides 256 total addresses, with 254 usable for hosts (the first address is the network ID and the last is the broadcast address). This is sufficient for the current 50 devices and allows for growth up to 100, but not beyond 254.

Ready to test yourself?

Try a timed practice session using only Network Configuration Concepts questions.