CCNA Practice Exam – Part 5/8 – 24 Questions with Answers
Practice for the CCNA exam with 24 multiple-choice questions. Answer each question before the reveal, then review the explanation to understand the reasoning.
This is Part 5/8 in the CertPunch CCNA practice exam series.
Topics covered: switching, routing, subnetting, access control lists, wireless, security fundamentals, and network troubleshooting.
More practice: certpunch.com
Chapters:
00:00 Intro
00:17 Question 1 of 24
00:56 Question 2 of 24
01:47 Question 3 of 24
02:52 Question 4 of 24
03:40 Question 5 of 24
04:35 Question 6 of 24
05:38 Question 7 of 24
06:42 Question 8 of 24
07:33 Question 9 of 24
08:21 Question 10 of 24
09:03 Question 11 of 24
09:56 Question 12 of 24
11:07 Question 13 of 24
11:55 Question 14 of 24
12:50 Question 15 of 24
13:31 Question 16 of 24
14:39 Question 17 of 24
15:33 Question 18 of 24
16:24 Question 19 of 24
17:18 Question 20 of 24
17:57 Question 21 of 24
18:46 Question 22 of 24
19:48 Question 23 of 24
20:41 Question 24 of 24
What you will practice
- Which statement about MPLS is true?
- What are three reasons that an organization with multiple branch offices and roaming users might implement a…
- Refer to the exhibit. A network administrator configures a new router and enters the copy startup-config runn…
- Which of the following is done to establish a virtual communication path, while TCP is performed to ensure co…
- Which of the following are correct descriptions of Message Integrity Check? (Select 2)
- Which of the following is a correct description of IPv6's unique local address? (Select 3)
Answers and explanations
Tap a question to expand the answer and the exam reasoning. Try to commit to your own pick first.
Q1. Which statement about MPLS is true?
Answer: C. It operates between Layer 2 and Layer 3.
MPLS operates between Layer 2 and Layer 3. The distractors incorrectly assign it to a single OSI layer.
Q2. What are three reasons that an organization with multiple branch offices and roaming users might implement a Cisco VPN solution instead of point-to-point WAN links? (Choose three.)
Answer: A,D,E. * Increasing convergence speed || * Closes the impact of network failure only within the area || * Routing table can be reduced
OSPF areas improve speed and fault isolation. The distractors are benefits of other technologies or incorrect.
Q3. Refer to the exhibit. A network administrator configures a new router and enters the copy startup-config running-config command on the router. The network administrator powers down the router and sets it up at a remote location. When the r…
Answer: D. The network administrator failed to save the configuration.
The configuration was not saved. The running-config was copied to an empty startup-config.
Q4. Which of the following is done to establish a virtual communication path, while TCP is performed to ensure communication reliability?
Answer: A. * 3 way hand shake
TCP's three-way handshake establishes a virtual channel. Distractors like sequence numbers and FIN bits relate to data ordering and connection teardown, not establishment.
Q5. Which of the following are correct descriptions of Message Integrity Check? (Select 2)
Answer: A,E. * Michael, CBC-MAC, GMAC in MIC algorithm || * Used to check if the data has not been tampered with
Message Integrity Check verifies data has not been tampered with and uses algorithms like Michael and GMAC. Option B confuses MIC with Layer 2 addresses, and C confuses it with encryption.
Q6. Which of the following is a correct description of IPv6's unique local address? (Select 3)
Answer: A,B,C. * Address starts with ""FD || * Global ID is 40 bits || * Subnet is 16 bits
Unique local addresses start with 'FD', have a 40-bit Global ID, and a 16-bit Subnet ID. Option F describes link-local addresses, not unique local.
Q7. Which of the following are downsides of using point-to-point connections? (Select 2)
Answer: B,D. * Physical wiring is required between the points and this lacks flexibility || * A dedicated line using point-to-point connection is more expensive than VPN and other WAN services
Point-to-point connections require physical wiring, which lacks flexibility, and are more expensive than WAN services like VPN. Options C and E incorrectly suggest low quality or reliability.
Q8. Which of the following is a correct description of an IPv6 multicast address?
Answer: D. * It is a destination addressed to a specific group
An IPv6 multicast address is a destination address used to send packets to a specific group of nodes.
Q9. Assuming a subnet mask of 255.255.248.0, three of the following addresses are valid host addresses. Which are these addresses? (Choose three.)
Answer: A,B,C. 172.16.31.0 || 172.16.20.0 || 172.16.9.0
The correct answers demonstrate valid host address calculation within a /21 subnet. The distractor trap is confusing the network address with a usable host address.
Q10. Which tab should be opened to manipulate WLC with a GUI and change QoS?
Answer: B. * QoS tab
The correct answer identifies the QoS tab for policy configuration. The distractor cue is distinguishing it from tabs for layer-specific or general settings.
Q11. Refer to the exhibit. If the router Cisco returns the given output and has not had its router ID set manually, what value will OSPF use as its router ID?
Answer: D. 2.2.2.2
OSPF uses the highest active IP address on a loopback interface, or the highest active interface IP address if no loopbacks exist. The router's router ID is based on these IP addresses, not hostname or command output.
Q12. Which of the following settings has the same meaning as 'Access-List 100 permit IP Any Host 192.168.1.1' (select all that apply)?
Answer: A,C. * (Config) # Access-List 100 Permit IP 0.0.0.0 255.255.255.255 192.168.1.1 0.0.0.0 || * (Config) # Access-List 100 permit IP 0.0.0.0 255.255.255.255 Host 192.168.1.1
'Any' is equivalent to '0.0.0.0 255.255.255.255' and 'Host' is equivalent to '0.0.0.0' for a specific destination IP.
Q13. Which of the following are correct descriptions of a centralized wireless LAN network configuration (select 2)?
Answer: B,D. * LAP and WLC send and receive data using CAPWAP tunnels || * LAP and switch connect with LAN cable
In a centralized model, LAPs and WLCs communicate via CAPWAP tunnels, and LAPs connect to the wired network with a LAN cable.
Q14. What is the purpose of Inverse ARP?
Answer: D. to map a known DLCI to an IP address
Inverse ARP maps a known DLCI to a remote device's IP address to dynamically populate a router's address-to-DLCI mapping table.
Q15. When using PSK authentication on WPA or WPA2, which pre-shared key formats can be selected (select 2)?
Answer: A,E. * ASCII || * Hex
The standard PSK formats supported for configuration are ASCII and hexadecimal.
Q16. Which of the following are correct descriptions of a subnet mask (select 3)?
Answer: A,B,C. * In binary notation, the number starting with ""1"" is lined up from left to right || * Numbers are used to distinguish the network parts and host parts || * In decimal notation, it is divided into decimal numbers, separated by dots every 8 bits.
In binary, the network portion consists of consecutive 1s from the left. In decimal, it's represented as four 8-bit groups. CIDR notation indicates the prefix length.
Q17. What are two benefits of private IPv4 IP addresses? (Choose two.)
Answer: E. They can be assigned to devices without Internet connections.
The correct answer proves that private IPs allow device assignment without Internet access. The distractors are false because they claim elimination of NAT, conflicts, or identical routing to public addresses.
Q18. What command disables 802.1x authentication on a port and permits traffic without authentication?
Answer: D. dot1x port-control force-authorized
The correct answer proves the command to set a port to bypass authentication. The distractors are traps for other 802.1x states or invalid syntax.
Q19. What will happen if a private IP address is assigned to a public interface connected to an ISP?
Answer: B. Addresses in a private range will not be routed on the Internet backbone.
The correct answer proves the fundamental routing issue with private IP addresses on the internet. The distractors are traps that incorrectly invoke NAT or conflict states.
Q20. What are the first 24 bits of the MAC address called?
Answer: D. * OUI
The first 24 bits of a MAC address are the OUI, which identifies the vendor. NIC is a hardware device, not a part of an address.
Q21. Which command is used to enable port security?
Answer: C. * (config-if) #switchport port-security
The switchport port-security command enables port security on an interface. Other options enable different, unrelated features.
Q22. Which of the following is the correct description of WLC's management access control. (select 2) * You can disable the SSH service and strengthen security
Answer: A,B. * You can disable HTTP service and strengthen security || * You can disable the Telnet service and strengthen security
Disabling unencrypted services like HTTP and Telnet strengthens security. Encrypted services like SSH and HTTPS should not be disabled for security.
Q23. Which of the following are the correct descriptions of PSE and PD (select 2)? PD points to the side that supplies power.
Answer: C,D. * The access points correspond to PD || * PSE points to the side that supplies power
Correct answer identifies the Power Sourcing Equipment and Powered Device roles. The trap is confusing which device is which; remember PD receives power.
Q24. Which of the following are the correct descriptions of syslog (select 2)? Time is automatically synchronized using syslog.
Answer: A,B. * It records and displays information, such as timestamps, severity level and messages || * Used to collect logs
Correct answer describes standard syslog functions. The question is ambiguous due to the inaccurate premise about automatic time synchronization; NTP is required for that.
More CCNA (Cisco Certified Network Associate) Exams 2026 drills and other practice exams are on @CertPunch. New rounds drop every few days at certpunch.com.