Practice questions · IT & Cloud
Cisco CCNA (200-301): Practice Questions
Original practice questions for the Cisco CCNA (200-301), with explanations of why each answer is right and the others wrong. Filter by domain or difficulty. These are concept and scenario checks - not real exam questions.
Answered 0 · Correct 0
-
How many usable host addresses are in a /24 IPv4 subnet?
Correct answer: B. A /24 has 256 total addresses minus the network and broadcast addresses, leaving 254 usable. 256 is the total; 255 and 253 are off by one. -
A standard switch primarily operates at which OSI layer?
Correct answer: B. Switches forward frames using MAC addresses at Layer 2. Layer 1 is cabling/hubs; Layer 3 is routing; Layer 4 is ports/segments. -
Which is a private (RFC 1918) IPv4 address?
Correct answer: C. 10.0.0.0/8 is private. 8.8.8.8 is public; 172.5.0.1 is outside the private 172.16.0.0–172.31.255.255 range; 192.0.2.5 is documentation space, not private. -
VLANs are primarily used to:
Correct answer: B. VLANs logically segment a switch into separate broadcast domains. They do not encrypt, extend cabling, or assign public IPs. -
A trunk port on a switch:
Correct answer: A. A trunk carries multiple VLANs, tagging frames with 802.1Q. An access port carries one VLAN; trunks neither disable VLANs nor are wireless-specific. -
Spanning Tree Protocol (STP) prevents:
Correct answer: D. STP blocks redundant paths to prevent Layer-2 loops and broadcast storms. Routing loops are a Layer-3 concern; STP does not address IP exhaustion or authentication. -
OSPF is which type of routing protocol?
Correct answer: C. OSPF is a link-state protocol that builds a topology map. RIP is distance-vector; BGP is path-vector; static routes are manually configured. -
A router learns the same network via OSPF (administrative distance 110) and a static route (AD 1). Which does it install?
Correct answer: A. Lower administrative distance is preferred, so the static route (AD 1) wins over OSPF (AD 110). They are not load-balanced because AD differs, and one route is always chosen. -
A default route is written as:
Correct answer: A. 0.0.0.0/0 matches any destination and is the default route. 255.255.255.255 is a broadcast; 127.0.0.1 is loopback; 169.254.x.x is link-local (APIPA). -
Administrative distance is used to:
Correct answer: B. Administrative distance ranks the trustworthiness of route sources when more than one offers a route. It is not bandwidth, a pure hop count, or VLAN priority. -
NAT is primarily used to:
Correct answer: C. NAT translates private addresses to public ones so internal hosts can reach the internet. It does not encrypt, route VLANs, or resolve names (that is DNS). -
DHCP provides:
Correct answer: A. DHCP automatically assigns IP addresses and options to hosts. Name resolution is DNS; routing is a router's job; DHCP does not encrypt. -
An access control list (ACL) on a router is used to:
Correct answer: D. ACLs permit or deny traffic based on criteria like source, destination and port. They do not speed routing, assign IPs, or create VLANs. -
Port security on a switch can:
Correct answer: B. Port security limits which MAC addresses use a port and reacts to violations (e.g., shutdown). It does not affect speed, gateways, or DHCP. -
REST APIs commonly exchange data in which format?
Correct answer: D. REST APIs typically use JSON (or XML). VLAN tags and SNMP traps are unrelated mechanisms, and APIs are not limited to raw binary. -
Which are common network-automation tools?
Correct answer: C. Ansible and Terraform are common tools for automating configuration and infrastructure. Excel macros, a label printer, and Photoshop and Illustrator are office or design tools, not network-automation platforms. -
Which OSI layer is responsible for logical addressing and routing (IP)?
Correct answer: A. Layer 3 handles IP addressing and routing. Layer 2 is framing/MAC, Layer 4 is segmentation/ports, Layer 7 is applications. -
TCP differs from UDP in that TCP:
Correct answer: B. TCP is connection-oriented and provides reliable, acknowledged delivery, unlike connectionless UDP. 'Is faster but unreliable' describes UDP, 'uses no ports' is false (TCP uses port numbers), and TCP is not limited to video. -
The default subnet mask for a Class C network is:
Correct answer: B. Class C defaults to /24 (255.255.255.0). The other masks correspond to different prefixes. -
The native VLAN on a trunk port carries:
Correct answer: A. On a trunk port the native VLAN carries untagged traffic, while all other VLANs are tagged. 'All tagged traffic' is the opposite of native-VLAN behaviour, and 'only voice traffic' or 'no traffic at all' are both incorrect. -
A switch builds its MAC address table by:
Correct answer: D. Switches learn source MACs from frames they receive. IP headers, DNS and routers are not how the MAC table is built. -
EtherChannel is used to:
Correct answer: B. EtherChannel aggregates links. Encryption, addressing and port security are separate functions. -
How many usable host addresses does a /30 subnet provide?
Correct answer: A. A /30 has 4 addresses, 2 usable (ideal for point-to-point links). The others miscount. -
A host's default gateway is:
Correct answer: A. A host's default gateway is the router it uses to reach networks outside its own subnet. A DNS server resolves names, a switch port connects a device at Layer 2, and a firewall rule filters traffic; none of these is the default gateway. -
Network Time Protocol (NTP) is used to:
Correct answer: A. Network Time Protocol synchronizes clocks across network devices, which matters for accurate logs and security. Resolving domain names is DNS, assigning IP addresses is DHCP, and encrypting traffic is the job of protocols like TLS or IPsec. -
SNMP is primarily used to:
Correct answer: B. SNMP collects and manages device information. Timing, routing and switching are separate functions. -
In network security, AAA stands for:
Correct answer: D. In network security AAA stands for Authentication, Authorization and Accounting. The other expansions, such as 'Access, Audit and Alert' and 'Availability, Authenticity and Access', are invented and not what AAA means. -
DHCP snooping protects a network against:
Correct answer: D. DHCP snooping protects against rogue DHCP servers handing out false addresses by trusting only authorised ports. Power failures, slow cables and DNS typos are unrelated problems that DHCP snooping does not address. -
A key benefit of network automation (for example with Python or Ansible) is:
Correct answer: D. Automation brings consistency and scale. It does not change physical cabling, port counts or hardware cost. -
The Domain Name System (DNS) is used to:
Correct answer: C. DNS translates names to IP addresses. MAC assignment, encryption and time sync are handled by other mechanisms.
Practice questions FAQ
- Are these real CCNA exam questions?
- No. These are original study questions written to test understanding. They are not real exam questions, exam dumps, or copied from any provider.
- How should I use these practice questions?
- Answer each one, read the explanation (including why the wrong options are wrong), and use the per-domain score below to focus your revision on weak areas. Revisit before exam day.
- How many questions should I do before the exam?
- Enough to score consistently across every domain, alongside full-length practice from official or reputable providers. Understanding why each answer is right matters more than raw volume.
- What score means I am ready?
- A good signal is consistently scoring around 80% or higher across all domains on questions you have not seen before, and being able to explain why the wrong options are wrong.
- Should I use exam dumps?
- No. Dumps (real or leaked questions) breach provider policy, can void your certification, and do not build the understanding the exam actually tests.