CCNA Practice Exam – Part 4/8 – 24 Questions with Answers
Practice for the CCNA exam with 24 multiple-choice questions. Answer each question before the reveal, then review the explanation to understand the reasoning.
This is Part 4/8 in the CertPunch CCNA practice exam series.
Topics covered: switching, routing, subnetting, access control lists, wireless, security fundamentals, and network troubleshooting.
More practice: certpunch.com
Chapters:
00:00 Intro
00:17 Question 1 of 24
01:15 Question 2 of 24
02:12 Question 3 of 24
02:57 Question 4 of 24
03:32 Question 5 of 24
04:38 Question 6 of 24
05:32 Question 7 of 24
06:13 Question 8 of 24
06:56 Question 9 of 24
08:16 Question 10 of 24
09:38 Question 11 of 24
10:39 Question 12 of 24
11:33 Question 13 of 24
12:18 Question 14 of 24
13:05 Question 15 of 24
13:53 Question 16 of 24
14:43 Question 17 of 24
15:27 Question 18 of 24
16:14 Question 19 of 24
17:02 Question 20 of 24
17:36 Question 21 of 24
18:16 Question 22 of 24
18:53 Question 23 of 24
19:39 Question 24 of 24
What you will practice
- Which of the following are correct descriptions of IEEE 802.1Q? (Choose four.)
- Which two tasks does the Dynamic Host Configuration Protocol perform? (Choose two.)
- What are two requirements for an HSRP group? (Choose two.)
- When communicating between sites, which topology connects via a central point?
- Which three are characteristics of an IPv6 anycast address? (Choose three.)
- What are two advantages of Layer 2 Ethernet switches over hubs? (Choose two.)
Answers and explanations
Tap a question to expand the answer and the exam reasoning. Try to commit to your own pick first.
Q1. Which of the following are correct descriptions of IEEE 802.1Q? (Choose four.)
Answer: A,C,E,F. * It inserts a 4-byte tag into a frame || * It can be used even when connecting a Cisco switch and other switches || * Supports native VLAN || * It is one of the VLAN encapsulation methods
802.1Q inserts a 4-byte tag, supports native VLAN, is a standard encapsulation, and allows inter-switch communication with different vendors.
Q2. Which two tasks does the Dynamic Host Configuration Protocol perform? (Choose two.)
Answer: A,B. Configure IP address parameters from DHCP server to a host. || Assign and renew IP address from the default pool.
DHCP assigns and renews IP addresses from a pool and delivers additional configuration parameters like IP addresses to hosts.
Q3. What are two requirements for an HSRP group? (Choose two.)
Answer: B,C. exactly one active router || one or more standby routers
An HSRP group requires exactly one active router and one or more standby routers to maintain redundancy.
Q4. When communicating between sites, which topology connects via a central point?
Answer: B. * Hub and Spoke
A hub and spoke topology uses a central hub to connect multiple spoke locations, unlike partial or full mesh topologies.
Q5. Which three are characteristics of an IPv6 anycast address? (Choose three.)
Answer: B,C,E. delivery of packets to the group interface that is closest to the sending device || the same address for multiple devices in the group || one-to-nearest communication model
Anycast provides one-to-nearest delivery. The correct options prove this by defining the closest interface and the one-to-nearest model. The other options describe multicast, unicast, or incorrect models.
Q6. What are two advantages of Layer 2 Ethernet switches over hubs? (Choose two.)
Answer: D,E. allowing simultaneous frame transmissions || filtering frames based on MAC addresses
Switches increase bandwidth by allowing simultaneous frame transmissions and filtering traffic by MAC address. The other options describe hub characteristics or are incorrect.
Q7. Which of the following are endpoints? (Select 3)
Answer: A,C,D. * PC || * Server || * Smartphone
Endpoints are end devices that send or receive data. The correct options identify user devices, while a switch is a network infrastructure device, not an endpoint.
Q8. Which command allows you to verify the encapsulation type (CISCO or IETF) for a Frame Relay link?
Answer: A. show frame-relay map
The 'show frame-relay map' command displays the encapsulation type. Distractors verify LMI or PVC status, not the encapsulation method.
Q9. Refer to the exhibit. The network administrator requires easy configuration options and minimal routing protocol traffic. What two options provide adequate routing table information for traffic that passes between the two routers and satis…
Answer: B. a static route on InternetRouter to direct traffic that is destined for 172.16.0.0/16 to CentralRouter.
Static routes provide necessary connectivity without routing traffic. Distractors suggest dynamic protocols, which generate unwanted traffic.
Q10. Refer to the exhibit. Hosts in network 192.168.2.0 are unable to reach hosts in network 192.168.3.0. Based on the output from RouterA, what are two possible reasons for the failure? (Choose two.)
Answer: C,D. The encapsulation that is configured on S0/0 of RouterB does not match the encapsulation that is configured on S0/0 of RouterA || Interface S0/0 on RouterA is not receiving a clock signal from the CSU/DSU.
A serial interface protocol down can be caused by mismatched encapsulation or a missing clock signal. Distractors suggest unrelated issues like wrong IP masks.
Q11. The Company WAN is migrating from RIPv1 to RIPv2. Which three statements are correct about RIP version 2? (Choose three)
Answer: B,D,E. It is a classless routing protocol. || It has the same maximum hop count as version 1. || It supports authentication.
RIPv2 is classless, supports authentication, and has the same 15-hop limit as RIPv1. It uses multicast, not broadcast, and has the same administrative distance.
Q12. What OSPF command, when configured, will include all interfaces into area 0?
Answer: A. network 0.0.0.0 255.255.255.255 area 0
The correct answer proves the OSPF network command syntax using a wildcard mask of all ones to match any IP address. The trap is the difference between the all-zeros network address and all-ones wildcard mask.
Q13. How can an administrator determine if a router has been configured when it is first powered up?
Answer: D. An unconfigured router goes into the setup dialog.
The correct answer proves that an unconfigured router initiates the setup dialog. The distractors describe the state of a router after it has already been configured.
Q14. A network engineer wants to allow a temporary entry for a remote user with a specific username and password so that the user can access the entire network over the Internet. Which ACL can be used?
Answer: A. dynamic
The correct answer proves that dynamic ACLs create temporary entries based on user authentication. The distractors describe different types of ACLs without user-based authentication.
Q15. Of the following options, which are security measures (select 3)
Answer: A,B,D. * User Awareness || * Physical security measures || * Training
User awareness, physical security, and training are proactive security measures. Spear fishing and Trojan horses are attacks, not defenses.
Q16. Refer to the exhibit. An administrator pings the default gateway at 10.10.10.1 and sees the output as shown. At which OSI layer is the problem?
Answer: A. network layer
Ping uses ICMP, a Layer 3 protocol, so failures indicate network layer issues. Application layer and access layer are distractors.
Q17. Which of the following describes the implementation method, owned by a cloud vendor, is aimed for general public so that anyone can use cloud computing resources. * Community Cloud
Answer: A. * Public cloud
Public cloud is vendor-owned and accessible to the public. Community, hybrid, private, and IaaS are distractors.
Q18. Which of the following options are characteristics of on-premises environment (select 2)
Answer: A,C. * You need to manage servers and networks in-house || * Initial expenses are high
On-premises requires in-house management and has high initial costs. AWS and cloud models are incorrect.
Q19. If the network address is "206.140.3.0" and the subnet mask is "255.255.255.224", which of the following is the correct notation?
Answer: A. * 206.140.3.0/27
A subnet mask of 255.255.255.224 has a CIDR prefix of /27, not /25. The other prefix values do not match the mask.
Q20. On which type of device is every port in the same collision domain?
Answer: A. a hub
A hub operates at Layer 1, putting all ports in the same collision domain. Switches and routers create separate collision domains for each port.
Q21. Which type of address is the public IP address of a NAT device?
Answer: B. inside global
The inside global address is the public IP address assigned to the NAT device that represents hosts on the private network.
Q22. Which command displays CPU utilization?
Answer: A. show process
Correct answer confirms knowledge of IOS monitoring commands. The distractors are eliminated as they show different system information, not CPU usage.
Q23. Which version of SNMP first allowed user-based access?
Answer: A. SNMPv3
SNMPv3 introduced user-based security models. SNMPv2C uses community strings and SNMPv1 has minimal security, making SNMPv3 the clear answer.
Q24. Which of the following is used by the network to notify the Cisco DNA Center (select 2)?
Answer: A,D. * SNMP || * Syslog
SNMP and Syslog are standard notification methods. VPN and Netconf are not notification protocols.
More CCNA (Cisco Certified Network Associate) Exams 2026 drills and other practice exams are on @CertPunch. New rounds drop every few days at certpunch.com.