ccna practice test Advanced Practice Exam: Hard Questions 2025

A network engineer is troubleshooting an OSPF adjacency issue between two routers connected via a point-to-point link. Both routers show OSPF process running, interfaces are up/up, and they're in the same area. Router A shows the neighbor in EXSTART/EXCHANGE state repeatedly cycling. MTU is 1500 on Router A and 1400 on Router B. After fixing the MTU mismatch, the adjacency still fails. Further investigation reveals Router A has authentication configured with 'ip ospf authentication message-digest' and 'ip ospf message-digest-key 1 md5 MyPassword'. Router B has 'ip ospf authentication' and 'ip ospf authentication-key MyPassword'. What is preventing the adjacency?

An enterprise network uses 802.1X authentication with RADIUS for all access layer switches. A critical legacy printer without 802.1X support needs network connectivity on a port where 802.1X is enforced. The security team mandates that 802.1X must remain enabled on all ports, and MAC Authentication Bypass (MAB) must be used for the printer. The printer is successfully authenticated via MAB and receives VLAN 20 assignment from the RADIUS server. However, the printer cannot obtain an IP address. The switch port shows 'dot1x pae authenticator', 'authentication port-control auto', and 'mab'. The interface is in access mode VLAN 10 with 'switchport mode access'. What is the most likely cause?

A company is implementing a dual-stack IPv4/IPv6 network with EIGRP as the routing protocol. The network has three sites connected in a hub-and-spoke topology. The engineer configures EIGRP for IPv4 (named mode) and separate EIGRP for IPv6 processes. After configuration, IPv4 routes are exchanging properly, but IPv6 routes are not appearing in the routing table of the spoke routers. The spoke routers can ping the hub's directly connected IPv6 interfaces. Configuration shows 'ipv6 unicast-routing' is enabled, EIGRP IPv6 process is running with correct AS number, interfaces have 'ipv6 eigrp 100' configured, but no IPv6 EIGRP neighbors form. What is the most likely issue?

A network administrator is configuring port security on an access switch to prevent unauthorized devices. The requirement is to allow only two specific MAC addresses on the port, maintain their learning across reboots, and if a violation occurs, the port should log the event and drop frames from the violating MAC but continue to forward traffic from authorized MACs. Which configuration best meets these requirements?

An organization is implementing a network automation solution using Python and RESTCONF to configure multiple Cisco devices. The script successfully authenticates and retrieves configuration data using GET requests, but POST requests to create new configurations return HTTP 415 errors. The script uses the 'requests' library with basic authentication. The device has RESTCONF enabled with 'ip http secure-server' and 'restconf' commands. What is the most likely cause of the POST failure?

A network engineer is troubleshooting DHCP issues in a multi-VLAN environment. Clients in VLAN 50 cannot obtain IP addresses from the central DHCP server located in VLAN 10. The Layer 3 switch serving as the default gateway for VLAN 50 has 'ip helper-address 10.1.1.100' configured on the VLAN 50 SVI. Packet captures show DHCP Discover packets arriving at the switch but no DHCP requests reaching the server. The switch can ping the DHCP server successfully. Access-list 101 is applied inbound on the VLAN 10 SVI with entries: 'permit udp any any eq 67', 'permit udp any any eq 68', 'permit ip any any'. What is preventing DHCP from working?

A company implements EtherChannel using LACP between two distribution switches (DS1 and DS2) with four physical links. The configuration on DS1 uses 'channel-group 1 mode active' on all four interfaces, while DS2 uses 'channel-group 1 mode passive'. After configuration, only two of the four links become active in the port-channel. Investigation shows all four physical interfaces are up/up, and all are configured identically with the same speed, duplex, and VLAN configuration. LACP system priority is default (32768) on both switches. DS1's MAC address is 0000.0c11.1111 and DS2's is 0000.0c22.2222. What is the most likely cause for only two links being active?

A network architect is designing QoS for a converged network carrying voice, video, and data traffic. The WAN links are 100 Mbps, and during congestion, voice (10 Mbps), video conferencing (30 Mbps), and critical data (20 Mbps) must be guaranteed, with remaining bandwidth shared between standard data and best-effort traffic. Which queuing mechanism and configuration approach best meets these requirements?

An enterprise network uses HSRP for first-hop redundancy with two routers (R1 and R2) serving VLAN 100. R1 is configured as priority 110 (higher than R2's default 100) and should be the active router. After a maintenance window where R1 was rebooted, network monitoring shows R2 became active and remained active even after R1 fully recovered. Users report no connectivity issues. R1 shows HSRP state as 'Standby', and both routers show the virtual IP responding. The configuration on R1 includes: 'standby 1 ip 192.168.100.1', 'standby 1 priority 110', 'standby 1 preempt delay minimum 60'. What explains the current behavior?

A security team is implementing an access control strategy using standard and extended ACLs on a router with multiple interfaces. They need to: (1) block Telnet access from network 192.168.50.0/24 to any destination, (2) block all traffic from host 192.168.50.10 to network 10.20.30.0/24, and (3) permit all other traffic. The router has interfaces in 192.168.50.0/24 (Gi0/0), 10.20.30.0/24 (Gi0/1), and other networks. Considering ACL best practices for router CPU efficiency and proper packet flow, where and in what direction should these ACLs be applied?