CCNA part: 2 Practice Exam Questions and Answers – Part 1/3
Test your CCNA knowledge with 19 exam-style questions, clean answer reveals, and concise explanations. Topics include: Which of the following Port Security violation modes will neither disable the interface nor increment the violation coun. Follow @CertPunch and visit certpunch.com for more certification practice videos and study content.
Chapters:
00:00 Intro
00:28 Question 1 of 19
01:07 Question 2 of 19
02:04 Question 3 of 19
02:47 Question 4 of 19
03:31 Question 5 of 19
04:21 Question 6 of 19
05:24 Question 7 of 19
06:43 Question 8 of 19
07:17 Question 9 of 19
08:21 Question 10 of 19
09:16 Question 11 of 19
09:53 Question 12 of 19
10:34 Question 13 of 19
11:14 Question 14 of 19
12:04 Question 15 of 19
13:10 Question 16 of 19
13:47 Question 17 of 19
14:31 Question 18 of 19
15:54 Question 19 of 19
What you will practice
- Which of the following Port Security violation modes will neither disable the interface nor increment the vio…
- The DR of an OSPF broadcast network segment of four routers goes down due to a hardware failure. Which of the…
- Which protocol should you use to securely connect to the GUI of a WLC?
- Which IPv6 address type is automatically configured on an interface when the ipv6 enable command is used?
- Which version(s) of WPA support(s) Enterprise mode?
- You must subnet the 192.168.1.0/24 network to make the following subnets: Engineering: 67 hosts Sales: 33 hos…
Answers and explanations
Tap a question to expand the answer and the exam reasoning. Try to commit to your own pick first.
Q1. Which of the following Port Security violation modes will neither disable the interface nor increment the violation counter when an unauthorized frame is received?
Answer: A. protect
The 'protect' mode simply discards violating frames without taking more drastic action. The other options disable the interface or log violations.
Q2. The DR of an OSPF broadcast network segment of four routers goes down due to a hardware failure. Which of the following statements is true?
Answer: B. The BDR will become the DR, and an election will be held to decide the new BDR.
The correct answer proves that the BDR immediately becomes the new DR upon failure, triggering an election for a new BDR. The distractor trap is assuming a full re-election for both roles occurs simultaneously.
Q3. Which protocol should you use to securely connect to the GUI of a WLC?
Answer: D. HTTPS
The correct answer proves that HTTPS provides encrypted communication for sensitive data like credentials. SSH, Telnet, and HTTP are eliminated because they are either unencrypted or not the standard for web-based GUI access.
Q4. Which IPv6 address type is automatically configured on an interface when the ipv6 enable command is used?
Answer: B. Link Local
The correct answer proves that the ipv6 enable command automatically configures a Link Local address. The distractor cue is knowing that other address types require specific configuration commands.
Q5. Which version(s) of WPA support(s) Enterprise mode?
Answer: D. WPA, WPA2, and WPA3
The correct answer proves that all WPA versions support Enterprise mode with 802.1X and a RADIUS server. The distractor trap is assuming newer versions removed this feature.
Q6. You must subnet the 192.168.1.0/24 network to make the following subnets: Engineering: 67 hosts Sales: 33 hosts HR: 15 hosts Finance: 7 hosts. Following best practice, if you make each subnet only as large as necessary, what should be the…
Answer: D. 192.168.1.192/27
The correct answer proves that a /27 subnet provides exactly 30 usable addresses for 15 hosts. The distractor cue is recognizing that a /26 is unnecessarily large and wastes addresses.
Q7. You are configuring a DHCP pool (192.168.1.0/24) on R1 to be used for client devices in the LAN. However, you want to reserve the first 10 usable IP addresses to be used for R1's own IP address as well as servers. Which command should you…
Answer: C. R1(config)# ip dhcp excluded-address 192.168.1.1 192.168.1.10
The answer proves the correct command, ip dhcp excluded-address, used in global configuration mode to exclude a range of addresses from being assigned by DHCP. The distractors are syntactically incorrect commands.
Q8. Which action does a switch take on an unknown unicast frame?
Answer: D. Flood
The answer proves that a switch floods frames when it cannot find a destination MAC in its table. The distractors describe actions for known unicast, broadcast, or dropped frames.
Q9. Which of the following lists the Syslog severity levels from most to least severe?
Answer: B. Emergency, Alert, Critical, Error, Warning, Notice, Informational, Debugging
The answer proves the correct order of Syslog severity levels from highest to lowest. The distrators list the levels in an incorrect sequence.
Q10. Which of the following commands will cause a GigabitEthernet interface to have an OSPF cost of 10?
Answer: C. auto-cost reference-bandwidth 10000
The correct answer proves the reference-bandwidth calculation for OSPF cost. The trap is a distractor with a bandwidth value that produces an incorrect cost.
Q11. Which of the following features drops traffic if the traffic rate exceeds the configured limit?
Answer: A. Policing
The correct answer proves the function of policing in QoS. Shaping is a trap, as it buffers excess traffic instead of dropping it.
Q12. Which of the following configures a router as a DHCP client?
Answer: B. R1(config-if)# ip address dhcp
The correct answer proves the command to configure a router interface as a DHCP client. The trap is the command for configuring a DHCP server.
Q13. Which of the following FHRPs can be used to provide a redundant IP address between a Cisco and Juniper router?
Answer: A. VRRP
The correct answer proves that VRRP is an open standard suitable for multi-vendor environments. HSRP is a Cisco-proprietary trap.
Q14. Which of the following commands uses an industry standard protocol to negotiate the creation and maintenance of a LAG?
Answer: A. channel-group 1 mode active
The correct answer proves the LACP protocol for negotiating a LAG. The 'on' mode is a trap, as it is a static, non-negotiating configuration.
Q15. Which of the following static routes relies on proxy ARP to function?
Answer: B. ip route 203.0.113.0 255.255.255.0 gigabitethernet0/0
The correct answer proves that a static route with only an exit interface depends on proxy ARP. The option with an explicit next-hop IP is a trap.
Q16. Which HTTP response code is expected if a client tries to access a resource that doesn't exist on the server?
Answer: C. 404
The correct answer proves the meaning of the 404 Not Found status code. The 200 OK option is a trap for a successful request.
Q17. Which of the following commands can be used to configure a pre-hashed password (using MD5) to protect privileged EXEC mode?
Answer: D. enable secret 5 <hash>
The correct answer proves the syntax for configuring a pre-hashed secret password. The trap is a command that hashes the password on the local device.
Q18. R1 learns a route to 10.0.0.0/24 via OSPF. Which of the following commands configures a floating static route with an AD 1 higher than the OSPF route?
Answer: B. ip route 10.0.0.0 255.255.255.0 192.168.1.1 111
The correct answer proves that OSPF's default AD is 110, so 111 is 1 higher. Distractors use values that are either too high or lower than OSPF's AD.
Q19. An enterprise installs keypads that require staff to enter a code to gain access to secure rooms. What is this an example of?
Answer: C. Physical access control
The correct answer demonstrates understanding of physical security controls. User awareness and training are not the type of control, and MFA involves multiple factors.
More CCNA part: 2 drills and other practice exams are on @CertPunch. New rounds drop every few days at certpunch.com.