CCNA Practice Exam – Part 6/8 – 23 Questions with Answers
Practice for the CCNA exam with 23 multiple-choice questions. Answer each question before the reveal, then review the explanation to understand the reasoning.
This is Part 6/8 in the CertPunch CCNA practice exam series.
Topics covered: switching, routing, subnetting, access control lists, wireless, security fundamentals, and network troubleshooting.
More practice: certpunch.com
Chapters:
00:00 Intro
00:17 Question 1 of 23
01:07 Question 2 of 23
01:47 Question 3 of 23
03:04 Question 4 of 23
04:04 Question 5 of 23
04:54 Question 6 of 23
06:07 Question 7 of 23
07:43 Question 8 of 23
08:23 Question 9 of 23
09:08 Question 10 of 23
10:10 Question 11 of 23
10:47 Question 12 of 23
11:39 Question 13 of 23
12:16 Question 14 of 23
12:52 Question 15 of 23
13:34 Question 16 of 23
14:37 Question 17 of 23
15:23 Question 18 of 23
16:14 Question 19 of 23
16:54 Question 20 of 23
17:30 Question 21 of 23
18:16 Question 22 of 23
19:09 Question 23 of 23
What you will practice
- What is the purpose of introducing a DNS cache server? (select 2)
- Which transport layer protocol supports VoIP?
- Which of the following are the correct descriptions of DHCP Snooping (select 3)
- The network administrator cannot connect to Switch 1 over a Telnet session, although the hosts attached to Sw…
- In the communication path from the router to a destination, which command should be used to examine the point…
- Which three statements about Syslog utilization are true? (Choose three.)
Answers and explanations
Tap a question to expand the answer and the exam reasoning. Try to commit to your own pick first.
Q1. What is the purpose of introducing a DNS cache server? (select 2)
Answer: A,B. * To reduce the load on the authoritative DNS server || * In order to increase the response to the client
Correct answer states the purpose of a caching server to reduce load and speed up responses. The distractors describe other network services like DHCP or Syslog.
Q2. Which transport layer protocol supports VoIP?
Answer: B. * UDP
The correct answer proves that UDP is the transport protocol for VoIP due to its low overhead and connectionless nature. TCP is a distractor because its connection-oriented, reliable delivery unsuitable for real-time traffic.
Q3. Which of the following are the correct descriptions of DHCP Snooping (select 3)
Answer: A,B,C. * Prevents attacks from an unauthorized client in which they send a large number of DHCP requests to the DHCP server || * Classifies each port as trusted port or untrusted ports || * Prevents an attack from an incorrect DHCP server
The correct answers prove that DHCP snooping prevents rogue servers, classifies ports, and mitigates DHCP starvation attacks. The elimination cue is distinguishing it from port security, 802.1X, and SPAN features.
Q4. The network administrator cannot connect to Switch 1 over a Telnet session, although the hosts attached to Switch1 can ping the interface Fa0/0 of the router. Given the information in the graphic and assuming that the router and Switch2 ar…
Answer: A. Switch1(config)# ip default-gateway 192.168.24.1
The correct answer proves that a default gateway is needed for Layer 3 access to the switch. The distractors are traps involving Layer 2 interface configuration or console access settings.
Q5. In the communication path from the router to a destination, which command should be used to examine the point where the failure is occurring?
Answer: A. * traceroute
The correct answer proves that traceroute identifies failure points by probing the path. Distractor F is a Windows equivalent, and distractor D only checks reachability, not the specific failure location.
Q6. Which three statements about Syslog utilization are true? (Choose three.)
Answer: A,B,C. A Syslog server provides the storage space necessary to store log files without using router disk space. || There are more Syslog messages available within Cisco IOS than there are comparable SNMP trap messages. || A Syslog server helps in aggregation of logs and alerts.
Syslog servers provide centralized storage and log aggregation, which offers more messages than SNMP traps. Using Syslog does not inherently improve network performance or auto-notify administrators.
Q7. When can it be said that a switched network where Spanning Tree Protocol is running has fully converged?
Answer: E. * When all switch ports are either ""blocking"" or ""forwarding
STP convergence is complete when all ports are in a stable forwarding or blocking state, which eliminates all listening and learning states.
Q8. Which NAT function can map multiple inside addresses to a single outside address?
Answer: A. PAT
PAT allows multiple inside hosts to share a single public IP address. The other options are not NAT functions, making them easy eliminations.
Q9. You want to start using the cloud service, but would like to emphasize QoS and security and also connect directly with the operator. Which connection method is appropriate?
Answer: D. * Private WAN
A Private WAN provides a direct, high-performance connection with guaranteed QoS and security. The distractors are either insecure, not a connection method, or offer indirect access.
Q10. Which of the following is true about the ENABLE PASSWORD and ENABLE SECRET commands?
Answer: F. * ""Enable Secret"" is encrypted by MD5 by default
Enable Secret uses MD5 encryption for higher security. Enable Secret overrides Enable Password, not the reverse, and does not require both passwords.
Q11. Which command can you use to set the hostname on a switch?
Answer: C. switch-mdf-c1(config)#hostname switch-mdf1
The 'hostname' command is used in global configuration mode. Distractors use incorrect modes like privileged or interface configuration.
Q12. How to use the unused port to increase the security level of the switch (select 3)
Answer: A,E,F. * Change native VLAN || * Shutdown || * Access port
Unused ports should be shut down, set as access ports, or have their native VLAN changed. Default native VLANs and trunk ports increase risk.
Q13. In the network layer, what is the destination based on?
Answer: B. * IP address
The correct answer proves that Layer 3 routing decisions are made based on the destination IP address. The other options are attributes of other layers.
Q14. Which network topology allows all traffic to flow through a central hub?
Answer: D. star
The correct answer proves that a star topology uses a central hub or switch as a single point of communication. The distractors describe different topologies.
Q15. What Cisco IOS feature can be enabled to pinpoint an application that is causing slow network performance?
Answer: D. Netflow
The correct answer proves that NetFlow provides per-application traffic analysis. The distractors are other monitoring or optimization features with different primary functions.
Q16. Router (config) #boot system flash c181x-advIpservicesk9-mz.124-15.t11.bin Which is the correct description of this command?
Answer: D. * Specify where to search for iOS
The correct answer proves the `boot system` command specifies the location for IOS image lookup. The distractors describe completely different router configuration commands.
Q17. Which of the following is characteristic of DMVPN?
Answer: D. * Dynamically establishes multiple VPN connections
DMVPN dynamically establishes multiple VPN connections to reduce hub router load. SSL, encryption, and multi-vendor support are incorrect characteristics.
Q18. Which of the following are the correct descriptions of SVI (select 3) * Router interface used by WAN connection
Answer: A,C,D. * Is a VLAN's default gateway || * SVI sets and uses IP addresses || * SVI is a virtual interface
SVI is a virtual interface, a VLAN gateway, and uses IP addresses. STP and physical interfaces are incorrect.
Q19. Which entity assigns IPv6 addresses to end users?
Answer: A. RIR
RIR assigns blocks to ISPs who then assign to end users. Option B is also technically correct as ISPs directly assign addresses, creating ambiguity.
Q20. What parameter can be different on ports within an EtherChannel?
Answer: D. DTP negotiation settings
DTP negotiation is allowed to vary. The distractors are Layer 1/2 parameters that must match.
Q21. Which of the following is the correct description about broadcast (select 2)?
Answer: A,B. * Sends packets to all devices on the same network || * Has been discontinued on IPv6
Broadcast is a one-to-all transmission method. The distractors describe unicast and multicast.
Q22. Which two are the limitations of the service password-encryption command? (Choose two.)
Answer: A,D. The algorithm used by this command cannot protect the configuration files against detailed analysis by attackers. || It uses the Vigenere cipher algorithm.
This command uses a weak Vigenere cipher that can be cracked easily and cannot protect against detailed configuration analysis. Option B describes an advantage, not a limitation.
Q23. Of the information displayed when using the 'show interfaces' command, which number does not increase if the interface is operating at full duplex?
Answer: C. * COLLISIONS
Collisions do not occur on a full-duplex interface, so the counter does not increase. The other options all increase with traffic or errors.
More CCNA (Cisco Certified Network Associate) Exams 2026 drills and other practice exams are on @CertPunch. New rounds drop every few days at certpunch.com.