CCNA Practice Exam – Part 3/8 – 24 Questions with Answers
Practice for the CCNA exam with 24 multiple-choice questions. Answer each question before the reveal, then review the explanation to understand the reasoning.
This is Part 3/8 in the CertPunch CCNA practice exam series.
Topics covered: switching, routing, subnetting, access control lists, wireless, security fundamentals, and network troubleshooting.
More practice: certpunch.com
Chapters:
00:00 Intro
00:16 Question 1 of 24
00:58 Question 2 of 24
01:57 Question 3 of 24
02:49 Question 4 of 24
03:34 Question 5 of 24
04:26 Question 6 of 24
05:21 Question 7 of 24
06:10 Question 8 of 24
07:01 Question 9 of 24
08:08 Question 10 of 24
09:16 Question 11 of 24
10:16 Question 12 of 24
11:21 Question 13 of 24
12:00 Question 14 of 24
12:46 Question 15 of 24
13:32 Question 16 of 24
14:17 Question 17 of 24
15:12 Question 18 of 24
16:14 Question 19 of 24
17:03 Question 20 of 24
18:19 Question 21 of 24
19:14 Question 22 of 24
19:56 Question 23 of 24
20:42 Question 24 of 24
What you will practice
- Which standards-based First Hop Redundancy Protocol is a Cisco supported alternative to Hot Standby Router Pr…
- What are three advantages of VLANs? (Choose three.)
- What are three reasons that an organization with multiple branch offices and roaming users might implement a…
- What command visualizes the general NetFlow data on the command line?
- What is the function of the command switchport trunk native vlan 999 on a Cisco Catalyst switch?
- What information does a router running a link-state protocol use to build and maintain its topological databa…
Answers and explanations
Tap a question to expand the answer and the exam reasoning. Try to commit to your own pick first.
Q1. Which standards-based First Hop Redundancy Protocol is a Cisco supported alternative to Hot Standby Router Protocol?
Answer: C. VRRP
VRRP is the industry standard alternative to Cisco proprietary HSRP. Other options are unrelated protocols, not FHRP alternatives.
Q2. What are three advantages of VLANs? (Choose three.)
Answer: A,B,C. They establish broadcast domains in switched networks || They can simplify adding, moving, or changing hosts on the network. || They allow access to network services based on department, not physical location. They provide a method of conserving IP addresses in large networks.
VLANs create broadcast domains and simplify moves. The distractor in D confuses them with routing, and E misstates their function.
Q3. What are three reasons that an organization with multiple branch offices and roaming users might implement a Cisco VPN solution instead of point-to-point WAN links? (Choose three.)
Answer: A,B,D. reduced cost || increased security || scalability
VPNs offer cost savings, security, and scalability. C and E are distractors that confuse VPNs with physical links.
Q4. What command visualizes the general NetFlow data on the command line?
Answer: A. show ip cache flow
The show ip cache flow command provides a general overview of NetFlow data. Other options show specific subsets like top-talkers or sampling information.
Q5. What is the function of the command switchport trunk native vlan 999 on a Cisco Catalyst switch?
Answer: A. It designates VLAN 999 for untagged traffic.
This command designates VLAN 999 for untagged traffic on the trunk. Option D confuses this with the default VLAN for unknown traffic, which is not how native VLANs operate.
Q6. What information does a router running a link-state protocol use to build and maintain its topological database? (Choose two.)
Answer: B,F. hello packets || LSAs from other routers
Hello packets discover neighbors, and LSAs flood the topology database. Other options describe different protocols or concepts like SAP or TTL.
Q7. A switch is configured with all ports assigned to VLAN 2 with full duplex FastEthernet to segment existing departmental traffic. What is the effect of adding switch ports to a new VLAN on the switch?
Answer: D. An additional broadcast domain will be created.
Each VLAN is a separate broadcast domain. Creating a new VLAN increases the total number of broadcast domains on the switch.
Q8. Which of the following correctly detail FTP and TFTP? (Select 3)
Answer: A,B,C. * TFTP uses UDP port 69 || * TFTP does not require connection || * FTP uses TCP port 20 and 21
TFTP uses UDP port 69 and is connectionless. FTP uses TCP ports 20 and 21.
Q9. Which of the following are correct in regards to the comparisons between the IPv4 header and the IPv6 header (select 3)?
Answer: B,C,E. * The size of the IPv6 header is larger || * Checksum field is not in the IPv6 header || * The IPv6 header has less fields and processes are easier than IPv4
The correct answers verify that IPv6's header is larger, lacks a checksum, and is simpler. The ambiguity comes from the flawed original question text, which confuses 'Flora Bell' with 'Flow Label'.
Q10. Which statement is correct regarding the operation of DHCP?
Answer: A. If an address conflict is detected, the address is removed from the pool and an administrator must resolve the conflict.
If a DHCP server detects an IP address conflict, it removes the address from the pool, requiring an administrator to resolve the issue.
Q11. Refer to the exhibit. An attempt to deny web access to a subnet blocks all traffic from the subnet. Which interface command immediately removes the effect of ACL 102?
Answer: A. no ip access-group 102 out
The correct answer proves the specific syntax to remove an ACL applied to outbound traffic. The distractors fail because they use incorrect commands like 'access-class' instead of 'access-group'.
Q12. The SERIAL0 interface of the router was shut down with the 'SHUTDOWN' command. If you execute the 'show interface serial 0' command, which of the following results is displayed?
Answer: A. * Serial 0 is administratively down and line protocol is down
The correct answer proves the output for an administratively shut-down interface. The distractors are traps for other states like link failure or protocol mismatch.
Q13. Which of the following is used to obtain the host name from the IP address with DNS lookup?
Answer: B. * Reverse lookup
Reverse lookup converts an IP address to a hostname. The trap is confusing it with forward lookup, which maps names to IP addresses.
Q14. Which two types of NAT addresses are used in a Cisco NAT device? (Choose two.)
Answer: A,C. inside local || inside global
Cisco NAT uses inside local and inside global address definitions. The other options are not standard NAT terminology.
Q15. Which of the following is IPv6's Loopback address.
Answer: A. * :: 1/128
::1/128 is the IPv6 loopback address. The other options are different address types like unspecified or link-local.
Q16. Which conversion method registered in advance to connect pre-converted local address with the post-converted local address in a 1-1 relationship?
Answer: A. * Static NAT transformation
Correct answer defines Static NAT as a manual, one-to-one IP mapping. The trap is confusing it with Dynamic NAT, which uses a pool of addresses.
Q17. Which statement about access lists that are applied to an interface is true?
Answer: C. You can configure one access list, per direction, per Layer 3 protocol.
Correct answer states the ACL rule of one per protocol per direction. The trap is allowing unlimited or multiple lists, which violates this fundamental rule.
Q18. Refer to the exhibit. The Bigtime router is unable to authenticate to the Littletime router. What is the cause of the problem?
Answer: A. The passwords do not match on the two routers.
Correct answer identifies CHAP authentication failure due to mismatched passwords. The trap is confusing the process as username or interface-specific.
Q19. Syslog was configured with a level 3 trap. Which 4 types of logs would be generated (choose four)
Answer: A,B,C,D. Emergencies || Alerts || Critical || Errors
Correct answer identifies the severity levels included in level 3 (Errors). The distractors represent lower-severity levels that would not be captured by a level 3 trap.
Q20. Which three statements about RSTP are true? (Choose three.)
Answer: B,C,D. RSTP significantly reduces topology reconverging time after a link failure. || RSTP expands the STP port roles by adding the alternate and backup roles. || RSTP provides a faster transition to the forwarding state on point-to-point links than STP does.
The correct answers prove that RSTP reduces convergence time, adds new port roles, and offers faster forwarding. The elimination cue is the fact that RSTP supersedes STP's timers and proposal process.
Q21. Which of the following is correct for IPSec communication mode. (select 2)
Answer: A,B. * Transport mode encrypts only data sections of packets || * Tunnel mode encrypts the entire packet
The correct answers prove that transport mode encrypts only the payload, while tunnel mode encrypts the entire packet. The trap is confusing the scope of encryption between the two modes.
Q22. Which command can you enter to verify that a 128-bit address is live and responding?
Answer: B. ping ipv6
The correct answer proves that ping ipv6 tests IPv6 reachability. Distractor D is eliminated because it tests IPv4, and distractor C is for service connectivity, not basic reachability.
Q23. Which two spanning-tree port states does RSTP combine to allow faster convergence? (Choose two.)
Answer: B,D. blocking || listening
The correct answers prove that RSTP merges blocking and listening into a single discarding state to speed up convergence. Distractor E is eliminated because learning is a distinct state in RSTP.
Q24. Which of the following items can be confirmed by the command 'show snmp chassis'?
Answer: C. * serial number
The 'show snmp chassis' command displays hardware-specific information, including the device serial number. The other options are SNMP configuration or trap details, not chassis data.
More CCNA (Cisco Certified Network Associate) Exams 2026 drills and other practice exams are on @CertPunch. New rounds drop every few days at certpunch.com.