CCNA Practice Test

A. × Incorrect: 203.0.113.0/24 is incorrect because it represents a special-use address range designated for documentation purposes and cannot be used as private addressing.

B. ✓ Correct: 172.16.0.0/12 is correct because it is one of the three reserved ranges defined by RFC 1918 specifically for private use within networks, allowing organizations to utilize this block internally without conflicting with public IP addresses.

C. × Incorrect: 192.0.2.0/24 is incorrect because it represents a special-use address range designated for documentation purposes and cannot be used as private addressing.

D. × Incorrect: 10.0.0.0/8 is incorrect because it is also a private RFC 1918 range, but the stem is asking for the 172.16.0.0/12 private range.

A. × Incorrect: Incorrectly marked packets are dropped immediately by routers is incorrect because ly marked packets are not automatically dropped by routers; instead, they may be processed based on their markings.

B. × Incorrect: All traffic will automatically adjust to the highest priority queue is incorrect because all traffic does not adjust to the highest priority queue when there are marking errors; only correctly marked high-priority traffic gets preferential treatment.

C. × Incorrect: Marking errors do not affect queuing or congestion handling is incorrect because marking errors can indeed affect queuing and congestion handling negatively by misrouting packets according to their erroneous markings.

D. ✓ Correct: Traffic with incorrect markings may be queued incorrectly, leading to potential degradation of service for higher-priority traffic.

A. × Incorrect: Access mode is incorrect because places a port in a single VLAN for endpoint connectivity.

B. ✓ Correct: Trunk mode carries traffic for multiple VLANs across an inter-switch link.

C. × Incorrect: Routed mode is incorrect because makes the interface operate as a Layer 3 port instead of a VLAN trunk.

D. × Incorrect: Protected port mode is incorrect because limits Layer 2 communication and does not carry multiple VLANs between switches.

A. × Incorrect: Remote-access IPsec tunnel is incorrect because it is designed for individual users to connect securely from remote locations rather than connecting entire networks.

B. × Incorrect: Point-to-point IPsec tunnel is incorrect because it is a point-to-point tunnel connects two specific endpoints directly and does not scale well for multiple branch offices.

C. ✓ Correct: Site-to-site IPsec tunnel is correct because it is specifically designed to secure connections between two or more networks, such as headquarters and branch offices.

D. × Incorrect: Dynamic IPsec tunnel is incorrect because s are typically used for mobile devices and do not provide the stable connectivity needed for site-to-site communication.

A. ✓ Correct: ["\u0026","{\"key\":\"value\"}"] is correct because it correctly represents an array with a string containing special characters encoded in JSON and a nested object.

B. × Incorrect: {"specialChars":"\u0026","nestedObj":{"key":"value"}} is incorrect because it uses an object instead of an array to contain the elements.

C. × Incorrect: {"specialChars":"&","nestedObj":{"key":"value"}} is incorrect because although it includes a string with special characters, it does not use proper JSON encoding for them.

D. × Incorrect: ["&",{"key":"value"}] is incorrect because while it represents an array containing both a string and an object, it fails to encode the ampersand (&) character in JSON format.

A. ✓ Correct: Open Shortest Path First is correct because it indicates that this route was learned through OSPF.

B. × Incorrect: OSPF process ID is incorrect because it refers to a process identifier within OSPF and does not represent the protocol code in routing tables.

C. × Incorrect: Directly connected network is incorrect because 'O' specifically denotes routes discovered via OSPF, not directly connected networks.

D. × Incorrect: RIP version number is incorrect because rIP (Routing Information Protocol) uses different codes for its route types, unrelated to OSPF's protocol designation.

A. × Incorrect: /48 is incorrect because it is usually an assigned site or organization prefix, not the normal host-facing LAN prefix for SLAAC.

B. × Incorrect: /56 is incorrect because it is commonly delegated to a site or customer, but it is still larger than the usual LAN segment prefix.

C. ✓ Correct: /64 is the standard LAN prefix length used with IPv6 SLAAC host addressing.

D. × Incorrect: /127 is incorrect because it is used for point-to-point links, not normal LAN segments that need SLAAC.

A. × Incorrect: TFTP is faster due to its simple protocol is incorrect because it suggests TFTP is faster, but both FTP and TFTP have comparable transfer speeds.

B. ✓ Correct: FTP provides better security features like encryption, making it more suitable for environments where data integrity and confidentiality are critical.

C. × Incorrect: TFTP supports larger file sizes than FTP is incorrect because tFTP does not support larger file sizes than FTP; in fact, FTP can handle larger files due to its advanced features.

D. × Incorrect: FTP requires less bandwidth during transfers is incorrect because fTP does not necessarily require less bandwidth during transfers compared to TFTP.

A. × Incorrect: Controller-based mode is incorrect because it requires a connection to a centralized controller for configuration and management.

B. × Incorrect: Cloud-managed mode is incorrect because relies on a cloud service provider for managing the access point's configurations and policies, not independent operation.

C. × Incorrect: Hybrid mode is incorrect because combines elements of both local and controller-based modes but still involves some level of central control or cloud management.

D. ✓ Correct: Local mode allows an autonomous AP to operate independently without any external controller or centralized management.

A. × Incorrect: To reduce password complexity requirements is incorrect because it reduces password complexity requirements but does not address securing access to network resources.

B. × Incorrect: To eliminate the need for certificate-based authentication is incorrect because eliminating certificate-based authentication contradicts the purpose of MFA which aims to strengthen security measures.

C. × Incorrect: To simplify user account management is incorrect because simplifying user account management is unrelated to the core objective of verifying authorized users' identities through multiple factors.

D. ✓ Correct: To ensure that only authorized users can access resources is correct because it ensures that only individuals with proper authorization can access network resources, thereby enhancing security.

A. × Incorrect: Traditional manual configuration on each device is incorrect because manually configuring each device in a large network would be time-consuming and prone to human error.

B. ✓ Correct: Centralized controller-based policy enforcement allows for consistent security policies across the entire network infrastructure efficiently.

C. × Incorrect: Decentralized control with local device autonomy is incorrect because decentralized control with local autonomy can lead to inconsistent application of security policies, increasing risk.

D. × Incorrect: Hybrid model combining both traditional and controller-based methods is incorrect because while a hybrid model might work in some cases, it does not provide the same level of consistency and efficiency as centralized management.

A. × Incorrect: Static route because it has a higher administrative distance is incorrect because it is a lower administrative distance indicates higher preference for routing, so static routes with a higher AD are less preferred.

B. ✓ Correct: EIGRP because it has a lower administrative distance is correct because it has the lowest administrative distance, making EIGRP the preferred path in this scenario.

C. × Incorrect: Both routes are equally preferred as they have identical metrics is incorrect because while both routes have identical metrics, the route selection process prioritizes administrative distance over metric value when comparing different routing protocols.

D. × Incorrect: Neither route is preferred due to conflicting administrative distances is incorrect because there's no conflict between the two routes; one simply has a lower AD and thus takes precedence.

A. × Incorrect: Incorrect VLAN configuration is incorrect because vLAN configuration issues typically cause problems like broadcast storms or connectivity issues between different VLANs, rather than frequent errors and dropped packets.

B. × Incorrect: Inadequate power supply to switches is incorrect because it would likely result in the devices not functioning at all or experiencing intermittent operation, but it wouldn't specifically lead to speed-related packet loss.

C. ✓ Correct: Speed mismatch between devices is correct because it is a speed mismatch between devices can cause data transmission issues such as collisions, excessive retries, and dropped packets due to incompatible speeds like 10 Mbps vs. 1 Gbps.

D. × Incorrect: Misconfigured access control lists is incorrect because it would restrict or deny traffic based on rules set by the administrator but wouldn't directly result in frequent errors and dropped packets.

A. × Incorrect: configure terminal, hostname <hostname>, ip domain-name <domainname>, crypto key generate rsa general-switched modulus 1024, line vty 0 4, login local is incorrect because it includes unnecessary commands like setting a hostname and domain name which are unrelated to configuring RSA key-based SSH access.

B. × Incorrect: configure terminal, hostname <hostname>, ip domain-name <domainname>, crypto key generate rsa modulus 512, line vty 0 4, login local is incorrect because although the sequence starts correctly, using a modulus size of 512 bits is too small for secure encryption; 1024 bits or higher is recommended.

C. × Incorrect: configure terminal, hostname <hostname>, ip domain-name <domainname>, crypto key generate rsa general-switched modulus 512, line vty 0 4, login local is incorrect because it specifies 'general-switched' in the crypto command which is not relevant to RSA key generation for SSH access and may cause configuration errors.

D. ✓ Correct: configure terminal, hostname <hostname>, ip domain-name <domainname>, crypto key generate rsa modulus 1024, line vty 0 4, login local is correct because it includes all necessary commands in the right sequence, generating an RSA key with a secure modulus size of 1024 bits and configuring VTY lines for SSH login.

A. ✓ Correct: Set up MAC address filtering is correct because it restricts access to only those devices with MAC addresses that are explicitly allowed.

B. × Incorrect: Configure SSID broadcast settings is incorrect because it controls whether the SSID is visible but does not manage client authorization based on MAC address.

C. × Incorrect: Enable WPA3 encryption is incorrect because while WPA3 encryption secures data, it does not control which specific devices can connect via their MAC addresses.

D. × Incorrect: Disable DHCP server is incorrect because disabling the DHCP server affects IP assignment but does not influence device access based on MAC address filtering.

A. ✓ Correct: Define a pre-shared key in the wireless settings is correct because defining a pre-shared key (PSK) in the wireless settings ensures secure client connections using WPA2 PSK.

B. × Incorrect: Configure an open network with no encryption is incorrect because configuring an open network with no encryption would leave the WLAN vulnerable to unauthorized access and attacks, which contradicts the requirement for secure connection via WPA2 PSK.

C. × Incorrect: Set up a RADIUS server for user authentication is incorrect because setting up a RADIUS server for user authentication is not necessary when using WPA2 PSK with pre-shared keys; this option is relevant for enterprise-level security solutions that require dynamic key management and individual user authentication.

D. × Incorrect: Enable SSID broadcast on the access point is incorrect because enabling SSID broadcast on the access point, while potentially useful for visibility, does not address the requirement to secure client connections via WPA2 PSK. Broadcasting the SSID alone does not provide any encryption or security.

A. × Incorrect: It increases manual configuration speed is incorrect because faster manual work still leaves every device exposed to typing and copy-paste mistakes.

B. × Incorrect: It decreases operational scale is incorrect because reducing operational scale does not explain how automation prevents configuration drift.

C. × Incorrect: It eliminates the need for network monitoring is incorrect because eliminating network monitoring would increase, not decrease, the risk of misconfiguration.

D. ✓ Correct: It ensures consistent configurations across all devices is correct because automation applies the same approved configuration pattern across many devices.

A. × Incorrect: HSRP automatically elects a new active router from other HSRP groups is incorrect because hSRP does not automatically elect a new active router from other HSRP groups when the current active router fails.

B. ✓ Correct: The network traffic is dropped until manual intervention if the standby router does not take over after the active router fails.

C. × Incorrect: VRRP takes control of the virtual IP address is incorrect because vRRP is a separate protocol and does not intervene in an HSRP scenario unless explicitly configured to do so.

D. × Incorrect: The backup router remains in standby mode indefinitely is incorrect because it is the backup router should transition from standby mode to active mode when it detects that the current active router has failed.

A. ✓ Correct: Layer 3 switch is correct because it is a Layer 3 switch forwards packets based on IP addresses and can route between different networks.

B. × Incorrect: Firewall is incorrect because it is a firewall primarily focuses on security by filtering traffic based on rules rather than routing packets between networks.

C. × Incorrect: Router is incorrect because while routers do forward packets between different networks, the question specifies a Layer 3 device, which in this context is more accurately described as a Layer 3 switch.

D. × Incorrect: Layer 2 switch is incorrect because it is a Layer 2 switch operates at the data link layer and forwards frames based on MAC addresses within the same network.

A. ✓ Correct: Informational is correct because it indicates messages that provide useful information for debugging and monitoring system operations without requiring immediate action.

B. × Incorrect: Alert is incorrect because s are reserved for conditions that require immediate correction by the system administrator to prevent serious operational problems.

C. × Incorrect: Emergency is incorrect because severity levels denote situations where an action must be taken immediately to avoid loss of critical data or system integrity, which does not align with informational messages.

D. × Incorrect: Warning is incorrect because s indicate potential problems that may need attention but do not require immediate correction, making them less specific for purely informative debugging purposes.

A. × Incorrect: The port with higher bandwidth is incorrect because higher bandwidth does not determine the root port; path cost to the root bridge does.

B. ✓ Correct: The port with lower path cost to the root bridge is designated as the root port in Rapid PVST+.

C. × Incorrect: The port that connects directly to the root bridge is incorrect because direct connection to the root bridge is not necessary for a port to be selected as the root port.

D. × Incorrect: The port that is in blocking state is incorrect because it is a blocking state port cannot become the root port, regardless of its path cost.

A. × Incorrect: Dynamic ARP Inspection (DAI) is blocking all traffic is incorrect because it blocks ARP traffic rather than DHCP traffic.

B. × Incorrect: The switch's global DHCP snooping policy is disabled is incorrect because disabling global DHCP snooping would prevent any port from filtering unauthorized DHCP servers.

C. × Incorrect: Port security settings are too restrictive is incorrect because restrictive port security settings do not affect the trust status of a port for DHCP snooping purposes.

D. ✓ Correct: The switch port connected to the host is not trusted is correct because if the switch port connected to the host is not trusted, it can still receive IP addresses from unauthorized DHCP servers.

A. × Incorrect: Terraform's state file management overhead is incorrect because it focuses on Terraform's state file management overhead rather than cost implications in a rapid deployment scenario.

B. × Incorrect: Cost of proprietary software licenses is incorrect because neither Terraform nor Ansible require proprietary software licenses that would significantly impact costs for frequent changes.

C. ✓ Correct: Ansible's agentless architecture reduces the need for additional infrastructure, which can lower costs in environments requiring frequent and rapid changes.

D. × Incorrect: Complexity of declarative configuration syntax is incorrect because while Terraform uses a declarative syntax, this does not directly address cost implications or deployment speed.

A. × Incorrect: A new election is held until a single DR is determined is incorrect because it is a new election is unnecessary; once priorities are equal, IP addresses decide.

B. × Incorrect: Both routers become backup designated routers (BDRs) is incorrect because both routers cannot simultaneously become BDRs when only one DR and one BDR can exist per segment.

C. × Incorrect: Neither router will become the DR and OSPF adjacency fails is incorrect because oSPF adjacency does not fail due to a tie in priority or IP address; instead, the router with the higher IP becomes the DR.

D. ✓ Correct: The router with the higher IP address becomes the DR is correct because if priorities are equal, the router with the numerically higher IP address wins the election and becomes the Designated Router.

A. × Incorrect: Implementing full server virtualization with multiple VMs per physical host is incorrect because implementing full server virtualization increases hardware costs due to the overhead of running multiple VMs on each physical host.

B. × Incorrect: Deploying VRF instances for network segmentation across different departments is incorrect because deploying VRF instances for network segmentation requires additional configuration and may not minimize hardware costs as effectively as containers do.

C. ✓ Correct: Using containers to run isolated applications on shared operating systems is correct because using containers provides logical isolation while sharing the same operating system, which minimizes hardware costs compared to other options.

D. × Incorrect: Creating separate VLANs for each application environment to ensure security is incorrect because creating separate VLANs for each application environment can be costly in terms of network resources and does not reduce server hardware expenses.

A. ✓ Correct: The client fails to receive necessary DNS configuration is correct because without a specified DNS server address in DHCP options, the client cannot receive the necessary configuration to resolve hostnames.

B. × Incorrect: The client relies on WINS servers instead of DNS is incorrect because clients do not rely on WINS servers for name resolution when DNS information is missing; WINS is used primarily for NetBIOS over TCP/IP name resolution.

C. × Incorrect: The client cannot query DNS without an IP address is incorrect because it is a client can query DNS after obtaining an IP address, but it needs the DNS server's address to perform hostname resolution.

D. × Incorrect: The client uses default gateway for name resolution is incorrect because clients do not use default gateways for name resolution when DNS information is missing; they rely on DNS servers for resolving hostnames.

A. ✓ Correct: Link-Layer Discovery Protocol (LLDP) is correct because lLDP is the standards-based protocol for discovering directly connected network neighbors.

B. × Incorrect: Cisco Discovery Protocol (CDP) is incorrect because cDP is Cisco proprietary and is not the protocol named in the stem.

C. × Incorrect: Spanning Tree Protocol (STP) is incorrect because it manages network loops and does not provide neighbor discovery capabilities.

D. × Incorrect: Dynamic Trunking Protocol (DTP) is incorrect because negotiates trunk settings and does not provide LLDP neighbor discovery.

A. × Incorrect: The 'line con 0' password has been disabled is incorrect because disabling the 'line con 0' password would prevent both local and remote access to the console.

B. × Incorrect: VTY line passwords are set to expire immediately is incorrect because vTY line passwords expiring immediately does not affect whether users can log in initially; it only affects subsequent logins after expiration.

C. × Incorrect: Remote login attempts exceed the configured threshold limit is incorrect because exceeding a login threshold limit would typically result in account lockout or temporary restriction, not an inability to connect at all.

D. ✓ Correct: Console privilege levels are higher than VTY privilege levels is correct because higher console privilege levels compared to VTY lines restrict remote access while allowing local console access.

A. × Incorrect: Basic HTTP authentication is incorrect because sends credentials in plain text and lacks robust security features for REST APIs.

B. × Incorrect: SSH tunneling is incorrect because it is used to secure network connections rather than API calls specifically.

C. × Incorrect: TLS encryption is incorrect because while TLS encryption secures data transmission, it does not provide the authorization mechanisms OAuth 2.0 offers for REST-based APIs.

D. ✓ Correct: OAuth 2.0 provides a flexible and standardized method for securing REST-based APIs with various authorization flows.

A. ✓ Correct: Network route with lower administrative distance is correct because it is a network route with a lower administrative distance ensures that traffic destined for subnet 172.16.5.0/24 takes precedence over other routes.

B. × Incorrect: Host route for the gateway IP is incorrect because it is a host route applies only to individual IP addresses, not entire subnets, and does not address the need to prioritize one subnet over default routes.

C. × Incorrect: Floating static route with higher metric is incorrect because it is a floating static route with a higher metric would actually lower its priority compared to other routes, including default routes, which contradicts the requirement of prioritizing traffic.

D. × Incorrect: Default route with lower metric is incorrect because lowering the metric on a default route would make it more preferred for all destinations not explicitly routed elsewhere, rather than just prioritizing one specific subnet.