CCNA Network Services Questions

30 questions · Network Services · All types, answers revealed

1
MCQmedium

A user complains that their laptop cannot connect to the company's wireless network, but other devices work fine. The network uses WPA2-Enterprise with 802.1X authentication. Which service is most likely misconfigured on the laptop?

A.The DHCP server is out of addresses.
B.The DNS server address is incorrect.
C.The RADIUS server is offline.
D.The 802.1X authentication method is set to PEAP instead of EAP-TLS.
AnswerD

A mismatch in the EAP method (e.g., requiring certificates but using passwords) will cause authentication failure for that client.

Why this answer

This question tests knowledge of enterprise wireless authentication. WPA2-Enterprise uses RADIUS for centralized authentication. If the laptop's 802.1X settings are wrong, it will fail authentication even though the network is operational.

2
MCQhard

A technician is troubleshooting a network where users can access the internet but cannot reach a specific internal web server by its hostname. The server's IP is 10.0.0.5, and pinging 10.0.0.5 works. The technician checks the DNS server and finds an A record for the server's name pointing to 10.0.0.10. What is the most likely issue?

A.The DHCP server assigned the wrong IP to the server
B.The DNS A record is incorrect
C.The router's port forwarding is misconfigured
D.The server's firewall is blocking DNS queries
AnswerB

The A record points to 10.0.0.10 instead of 10.0.0.5, so DNS resolves to the wrong IP, preventing access by hostname.

Why this answer

The DNS A record points to the wrong IP address (10.0.0.10 instead of 10.0.0.5), causing hostname resolution to fail for that server. This is a common DNS misconfiguration where the record does not match the actual server IP. Correcting the A record resolves the issue.

3
MCQmedium

A technician is troubleshooting why a new employee cannot log into the company's VPN. The VPN uses RADIUS for authentication. Other employees can connect successfully. Which is the most likely cause?

A.The VPN server's IP address has changed.
B.The RADIUS server is not reachable from the VPN server.
C.The new employee's account is not configured in the RADIUS database.
D.The DNS server is not resolving the VPN server's hostname.
AnswerC

RADIUS authenticates against its user database; a missing account prevents that user's login.

Why this answer

This question tests understanding of RADIUS in VPN authentication. RADIUS authenticates users against a central database. If the new employee's account isn't in that database or is misconfigured, authentication fails for that user only.

4
MCQhard

A network administrator is deploying a new wireless network that requires users to authenticate using their domain credentials. The network uses WPA2-Enterprise. Which service must be configured to validate these credentials?

A.DHCP
B.DNS
C.RADIUS
D.NTP
AnswerC

RADIUS authenticates users for network access, commonly used with 802.1X.

Why this answer

This question tests knowledge of 802.1X and RADIUS. WPA2-Enterprise uses 802.1X for authentication, which typically relies on a RADIUS server to validate domain credentials against Active Directory. DHCP, DNS, and NTP don't handle authentication.

5
MCQeasy

A small office has a single internet connection and needs to allow multiple internal devices to share that connection. The router's public IP is assigned by the ISP. Which network service must be enabled on the router to allow internal devices to communicate with external servers?

A.DHCP
B.DNS
C.NAT
D.PAT
AnswerC

NAT translates private internal IP addresses to the router's public IP, allowing multiple devices to share the internet connection.

Why this answer

NAT (Network Address Translation) allows multiple devices on a private network to share a single public IP address by translating their private IPs to the public IP. DHCP assigns internal IPs but does not enable internet sharing. DNS resolves names, and PAT is a form of NAT but not the broad service name.

6
MCQhard

A company deploys a load balancer to distribute traffic across three web servers. Users report that they occasionally see outdated content or are asked to log in repeatedly. Which network service configuration is most likely missing to maintain session persistence?

A.DNS round-robin
B.Session persistence (sticky sessions)
C.DHCP reservation
D.Port forwarding
AnswerB

Session persistence ensures a user is directed to the same server for the duration of their session, preventing login and data inconsistencies.

Why this answer

Load balancers distribute traffic but without session persistence (sticky sessions), a user may be directed to different servers during a session, losing login state or cached data. Configuring the load balancer to use cookies or source IP affinity ensures the same server handles the session. DNS round-robin alone would cause similar issues.

7
MCQeasy

A user configures their laptop to use a static IP address, subnet mask, and default gateway. They can ping other devices on the same subnet but cannot reach the internet. What network service is most likely missing from their configuration?

A.DHCP server
B.DNS server
C.NAT
D.Proxy server
AnswerB

Without a DNS server address, the laptop cannot resolve domain names, making internet access fail even with correct IP settings.

Why this answer

With a static IP, the user must also configure a DNS server address to resolve domain names. Without DNS, they can communicate locally but cannot access internet resources by name. DHCP would auto-assign these settings, but static configuration requires manual entry.

8
MCQeasy

A company wants to allow employees to securely access the corporate network from home using their laptops. Which network service should be deployed to provide encrypted remote access?

A.DHCP
B.DNS
C.VPN
D.Port forwarding
AnswerC

VPN establishes an encrypted connection over the internet, enabling secure remote access to the corporate network.

Why this answer

A VPN (Virtual Private Network) creates an encrypted tunnel between a remote device and the corporate network, ensuring secure data transmission over the internet. DHCP and DNS do not provide encryption, and port forwarding alone does not secure remote access.

9
MCQmedium

A user reports that they can access internal resources using IP addresses but cannot access them using hostnames. Other users on the same network have no issues. What is the most likely cause?

A.The DHCP server is out of addresses
B.The DNS server is down
C.The user's DNS settings are incorrect
D.The router's NAT is misconfigured
AnswerC

Incorrect DNS settings on the user's device prevent hostname resolution while IP-based access still works.

Why this answer

The ability to use IP addresses but not hostnames points to a DNS resolution problem on the user's device. This could be due to a misconfigured DNS server address in the network settings or a local hosts file issue. Other users working normally suggests the problem is client-specific.

10
MCQmedium

A company's web server is accessible from the internet, but users report that the website loads slowly. The server's public IP is 203.0.113.10, and the internal IP is 192.168.1.10. The network administrator notices that the router's port forwarding rule is set to forward port 80 to 192.168.1.10:8080. What is the likely cause of the slow performance?

A.The DNS server is misconfigured
B.The NAT table is full
C.The port forwarding rule uses the wrong internal port
D.The DHCP scope is exhausted
AnswerC

If the web server listens on port 80 but the rule forwards to 8080, traffic is sent to a closed port, causing timeouts or slowness.

Why this answer

Port forwarding should map external port 80 to the server's internal port 80, not 8080 unless the server listens on 8080. If the server listens on port 80, the mismatch causes connection delays or errors as the router forwards to a closed port. Correcting the internal port resolves the issue.

11
MCQeasy

A user reports that they cannot access any websites, but they can ping the IP address of a public DNS server (8.8.8.8). What is the most likely misconfigured network service?

A.DHCP
B.DNS
C.NAT
D.Proxy
AnswerB

DNS resolves domain names; without it, domain-based access fails even though IP-based connectivity works.

Why this answer

The ability to ping an external IP but not access websites indicates that DNS resolution is failing. DNS translates domain names to IP addresses, and without it, web browsing fails even if the internet connection is working. The DHCP server or static DNS settings should be checked.

12
MCQeasy

A small office uses a single public IP address for internet access. The network administrator wants internal web servers to be reachable from the internet on port 80. Which network service should be configured on the router to allow this?

A.DHCP
B.Port forwarding
C.DNS
D.VPN
AnswerB

Port forwarding maps an external port to an internal IP and port, enabling external access to internal services.

Why this answer

Port forwarding allows external requests on a specific port to be redirected to an internal IP address and port. This is the standard method to make internal servers accessible from the internet when using NAT. Other options like DHCP or DNS do not handle port-based redirection.

13
MCQmedium

A technician is configuring a new file server and wants to ensure that when users type \\fileserver in File Explorer, it resolves to the correct IP address. The network uses a Windows domain with Active Directory. Which network service should the technician configure to allow hostname resolution for this server?

A.DHCP
B.DNS
C.WINS
D.NAT
AnswerB

DNS resolves hostnames like 'fileserver' to IP addresses. Adding an A record in the DNS zone will allow users to connect via the hostname.

Why this answer

In a Windows domain, DNS is the primary method for resolving hostnames to IP addresses, especially for servers. The technician should add an A record for the file server in the DNS zone. DHCP assigns IPs but does not provide name resolution, and WINS is legacy for NetBIOS names.

14
MCQmedium

A small business reports that employees can access the internet but cannot reach the internal company website hosted on a local server. The server's IP address is 192.168.1.10, and clients use DHCP. What is the most likely cause?

A.The DHCP server is not assigning the correct subnet mask.
B.The DNS server lacks a host record for the internal website.
C.The switch port connecting the server is administratively down.
D.The firewall is blocking port 443 inbound.
AnswerB

A missing A or host record prevents name resolution for the internal site, while internet DNS works fine.

Why this answer

This question tests understanding of DNS resolution for internal resources. When a server hosts an internal website, clients need a DNS record (often a host record) to resolve its hostname to the private IP address. Without it, clients can't reach the site by name even with internet access.

15
MCQeasy

A technician is setting up a new file server and wants to ensure that clients can automatically obtain the server's IP address via a friendly name without manual configuration. Which network service should be configured on the server?

A.DHCP
B.DNS
C.RADIUS
D.NTP
AnswerB

DNS maps hostnames to IP addresses, enabling name-based access.

Why this answer

This question tests basic understanding of DNS. DNS resolves hostnames to IP addresses, allowing clients to use a friendly name like 'fileserver' instead of an IP. DHCP assigns IPs, but DNS provides name resolution.

16
MCQhard

A technician is troubleshooting an issue where a user's computer can access the internet but cannot connect to a network printer by its IP address. The printer is on the same subnet and is powered on. Pinging the printer's IP from the computer fails. Which network service is most likely causing the problem?

A.DNS
B.DHCP
C.ARP
D.NAT
AnswerC

ARP resolves the printer's IP to its MAC address. If ARP fails, the computer cannot send frames to the printer, causing ping failure.

Why this answer

Since the printer is on the same subnet, no routing is needed; ARP is required to resolve the printer's IP to its MAC address. If ARP fails, the ping will fail. DNS is not used when connecting by IP, and DHCP is not involved since the computer already has an IP.

17
MCQmedium

A technician needs to configure a router to allow internal users to access a web server on the internet using a public IP address. The web server is hosted internally on a private IP. Which network service must be configured on the router?

A.DNS
B.DHCP
C.NAT
D.RADIUS
AnswerC

NAT (specifically port forwarding) maps the public IP to the internal server's private IP.

Why this answer

This question tests knowledge of NAT. Network Address Translation (NAT) translates private IPs to public IPs and vice versa, enabling internal servers to be reachable from the internet. DNS resolves names, but NAT handles the IP translation.

18
MCQhard

A network administrator is setting up a new branch office. The branch router must automatically obtain a public IP address from the ISP, and internal devices must receive private IP addresses from the router. Which combination of network services should be configured on the router?

A.DHCP client and DNS server
B.DHCP client and DHCP server
C.DHCP server and NAT
D.DNS server and NAT
AnswerB

The router acts as a DHCP client on the WAN side to get a public IP, and as a DHCP server on the LAN side to assign private IPs.

Why this answer

The router needs DHCP client mode to obtain a public IP from the ISP, and DHCP server mode to assign private IPs to internal devices. DNS and NAT are also needed but the question asks for the services that provide IP addresses. NAT is required to translate private IPs to the public IP for internet access.

19
MCQmedium

A user reports that their computer cannot connect to the internet after being moved to a new office. The computer receives an IP address starting with 169.254.x.x. Which network service is failing to provide a valid IP configuration?

A.DNS
B.DHCP
C.NAT
D.ARP
AnswerB

DHCP assigns IP addresses. The 169.254.x.x address is an APIPA address, meaning the DHCP server did not respond.

Why this answer

An IP address in the 169.254.x.x range indicates that the computer has assigned itself an Automatic Private IP Address (APIPA) because it did not receive a response from a DHCP server. The DHCP service is failing or unreachable. DNS and NAT are not involved in IP assignment.

20
MCQhard

A company uses a proxy server for internet access. Users report that they can access internal websites but cannot reach external sites. The proxy server's IP is configured in the browser settings. Which network service is most likely failing?

A.DNS
B.DHCP
C.Proxy server
D.NAT
AnswerC

The proxy server is responsible for forwarding external requests. If it is down or misconfigured, users cannot reach external sites while internal access remains unaffected.

Why this answer

The proxy server acts as an intermediary for external requests. If users can reach internal sites (which bypass the proxy) but not external ones, the proxy server itself or its connection to the internet is failing. DNS and DHCP are likely working since internal access is fine.

21
MCQhard

A company uses a cloud-based VoIP service, and users report intermittent call drops and poor audio quality. Network monitoring shows high jitter and packet loss. Which service is most likely contributing to the problem?

A.The DHCP server is leasing IP addresses with a short lease time.
B.The DNS server is responding slowly to queries.
C.The SIP server is overloaded with registration requests.
D.The network is not prioritizing VoIP traffic via QoS.
AnswerD

Without QoS, real-time traffic like VoIP competes with other data, causing jitter and packet loss.

Why this answer

This question tests understanding of network services affecting real-time traffic. SIP is the signaling protocol for VoIP, but jitter and packet loss are typically caused by network congestion or QoS misconfiguration. DHCP, DNS, or RADIUS don't directly cause these symptoms.

22
MCQeasy

A user complains that they cannot access any websites, but they can ping external IP addresses like 8.8.8.8 successfully. Other devices on the same network work fine. Which network service is most likely failing on this user's computer?

A.DHCP
B.DNS
C.NAT
D.Proxy
AnswerB

DNS resolves domain names to IPs. The user can ping by IP but not by name, so DNS is likely misconfigured or not responding on that machine.

Why this answer

The user can ping by IP but not access websites, indicating that name resolution is failing. DNS translates domain names to IP addresses; since other devices work, the issue is likely local to the user's DNS configuration. DHCP and NAT are network-wide and would affect all devices.

23
MCQmedium

A technician is troubleshooting a network where users can access the internet but cannot connect to a specific internal application server by its hostname. Pinging the server's IP address works. The DNS server is configured correctly for external names. What is the most likely cause?

A.The DHCP server is out of IP addresses
B.The DNS server does not have an A record for the application server
C.NAT is misconfigured for the internal network
D.The proxy server is blocking the hostname
AnswerB

Without an A record, DNS cannot resolve the hostname to the server's IP, even though the server is reachable by IP.

Why this answer

The DNS server resolves external names but not the internal hostname, indicating a missing or incorrect DNS record (A or CNAME) for the internal server. DHCP is not involved, and NAT is working since internet access is fine. A proxy server could interfere but is less likely than a missing DNS record.

24
MCQeasy

A user reports that their computer's clock is consistently off by several minutes, causing authentication failures with the domain. The network uses Active Directory. Which service should be checked first?

A.DHCP
B.DNS
C.NTP
D.RADIUS
AnswerC

NTP synchronizes system clocks, preventing time-related authentication issues.

Why this answer

This question tests basic understanding of NTP. Time synchronization is critical for Kerberos authentication in Active Directory. NTP keeps clocks accurate, and a drift can cause logon failures.

25
MCQhard

A technician is configuring a network for a new branch office. The branch has 50 users and needs to access resources at the main office via a secure tunnel over the internet. Which service is required to establish this connection?

A.DHCP
B.DNS
C.VPN
D.NAT
AnswerC

VPN creates an encrypted tunnel over the internet for secure communication between sites.

Why this answer

This question tests understanding of VPNs. A VPN creates an encrypted tunnel over the internet, allowing branch users to securely access main office resources. DHCP, DNS, and NAT are not sufficient for creating a secure site-to-site connection.

26
MCQmedium

A customer complains that their VoIP phone intermittently drops calls. A technician checks the network and finds high latency and jitter during peak hours. Which network service should be configured to prioritize VoIP traffic?

A.DHCP
B.QoS
C.DNS
D.VPN
AnswerB

QoS prioritizes VoIP traffic to maintain call quality by reducing latency and jitter.

Why this answer

Quality of Service (QoS) is used to prioritize time-sensitive traffic like VoIP, reducing latency and jitter during congestion. DHCP assigns IPs, DNS resolves names, and VPN encrypts traffic but none prioritize packets. QoS markings (e.g., DSCP) ensure voice packets are handled first.

27
MCQeasy

A customer reports that their laptop can connect to the internet via a wired connection but cannot access any network shares or printers by hostname. They can ping the IP address of the file server. Which network service is most likely misconfigured?

A.DHCP
B.DNS
C.NAT
D.ARP
AnswerB

DNS resolves hostnames to IP addresses. Since the customer can access resources by IP but not by hostname, DNS is misconfigured or not resolving local names.

Why this answer

This scenario describes a failure in name resolution for local network resources. DNS translates hostnames to IP addresses; since the customer can ping by IP but not by name, the DNS service is the likely culprit. DHCP provides IP configuration, not name resolution, and ARP resolves IP to MAC addresses.

28
MCQmedium

A company's internal website is accessible by IP address but not by its hostname. The website is hosted on a server with a static IP. Which service is most likely misconfigured?

A.DHCP
B.NAT
C.DNS
D.RADIUS
AnswerC

DNS resolves hostnames to IPs; a missing or incorrect record prevents name-based access.

Why this answer

This question tests DNS resolution for internal resources. Access by IP works, so the server is reachable. The problem is name resolution, which points to a missing or incorrect DNS record for that hostname.

29
MCQmedium

A network administrator wants to ensure that all devices on a subnet automatically receive IP addresses from a specific range, and that the lease time is set to 8 hours. Which configuration file or service should be modified?

A.DNS zone file
B.DHCP scope
C.NAT rules
D.QoS policy
AnswerB

The DHCP scope defines the IP address range and lease time for automatic assignment to clients.

Why this answer

The DHCP server configuration controls IP address ranges (scopes) and lease times. By modifying the DHCP scope, the administrator can set the desired IP range and lease duration. DNS and NAT do not manage IP assignment, and QoS handles traffic prioritization.

30
MCQmedium

A company's web server is hosted internally and must be accessible from the internet using the domain name www.company.com. The public IP address of the router is 203.0.113.5. Which two network services must be correctly configured to make this work?

A.DNS and DHCP
B.DNS and NAT
C.NAT and ARP
D.DHCP and NAT
AnswerB

DNS resolves the domain to the public IP, and NAT (with port forwarding) directs traffic to the internal server.

Why this answer

DNS must resolve the domain name to the public IP, and NAT (specifically port forwarding) must translate that public IP to the internal web server's private IP. DHCP and ARP are not directly involved in internet-facing access.

Ready to test yourself?

Try a timed practice session using only Network Services questions.