Cisco CCNA Sample Questions with Explanations

These original sample questions are designed to help you check how the exam topics appear in decision-style prompts. They are not taken from the live exam.

Use these sample questions as a guided self-assessment for Cisco Certified Network Associate (CCNA) topics such as subnetting, VLANs, trunks, inter-VLAN routing, routing tables, OSPF basics, ACL direction, secure management, wireless concepts, automation vocabulary, and packet-path troubleshooting. The prompts emphasize evidence and layer order rather than acronym recall.

Where these questions fit in the CCNA guide

The sample set below is part of the Cisco CCNA guide path:

• Cisco certification hub
• CCNA exam guide
• CCNA cheat sheet
• CCNA study plan
• CCNA FAQ
• CCNA resources
• CCNA glossary

CCNA networking sample questions

Work through each prompt before opening the explanation. CCNA questions usually reward answers that follow the packet path and prove the lower layer before changing the next one.

---

Question 1

Topic: Same-VLAN connectivity failure

Two hosts are connected to the same access switch and should be in VLAN 20. Host A can reach its default gateway, but Host B cannot reach Host A or the gateway. Host B has the correct IP address, mask, and gateway. Which check is strongest next?

• A. Replace the default route on the upstream router.
• B. Verify Host B’s switchport status and access VLAN assignment.
• C. Configure OSPF on the access switch before checking the port.
• D. Change Host A’s subnet mask because Host B is unreachable.

Best answer: B

Explanation: For same-VLAN symptoms, stay at Layer 1 and Layer 2 before routing. Port status and VLAN assignment directly control whether Host B is in the intended broadcast domain.

Why the other choices are weaker:

• A changes routed-path behavior before proving local switching.
• C introduces dynamic routing where same-VLAN switching is the likely boundary.
• D ignores that Host B’s addressing was already stated as correct.

What this tests: VLAN membership, switchport status, same-subnet communication, and troubleshooting order.

Related topics: VLANs; Switching; Layer 2; Troubleshooting

---

Question 2

Topic: Inter-VLAN routing clue

Users in VLAN 10 can reach other VLAN 10 hosts, and users in VLAN 30 can reach other VLAN 30 hosts. Traffic between VLAN 10 and VLAN 30 fails. Trunks are up and allow both VLANs. What should be checked next?

• A. The Ethernet cable on every endpoint in both VLANs.
• B. The SSID authentication method.
• C. The Layer 3 gateway path, such as SVIs or router subinterfaces, plus routes and ACLs between the VLANs.
• D. The DNS server, because DNS controls all VLAN routing.

Best answer: C

Explanation: Same-VLAN traffic works, so the access VLANs are likely functioning. Inter-VLAN traffic needs a routed gateway path and may also be affected by ACLs or missing routes.

Why the other choices are weaker:

• A conflicts with the evidence that same-VLAN traffic works.
• B is wireless-specific and not tied to the stated VLAN problem.
• D may affect name resolution but does not route packets between VLANs.

What this tests: Inter-VLAN routing, SVIs, router-on-a-stick, trunks, routes, and ACL boundaries.

Related topics: Inter-VLAN routing; SVI; Trunks; ACLs

---

Question 3

Topic: ACL direction mistake

An extended ACL is intended to block HTTP traffic from a user subnet to one server while allowing other traffic. The ACL entries look correct, but users can still browse to the server. What is the strongest troubleshooting focus?

• A. Convert the ACL to a standard ACL because standard ACLs filter destination ports.
• B. Remove the implicit deny because it allows unmatched traffic.
• C. Change the server’s default gateway before checking ACL placement.
• D. Confirm the ACL is applied to the correct interface and direction for the traffic path.

Best answer: D

Explanation: CCNA ACL questions often hinge on placement and direction. Correct entries do not help if the ACL is applied where the target traffic never crosses it.

Why the other choices are weaker:

• A is backwards; extended ACLs can match protocol and port.
• B misunderstands implicit deny behavior.
• C changes routing before checking the stated filtering control.

What this tests: Extended ACLs, interface direction, traffic path, rule order, and implicit deny.

Related topics: ACLs; Security; Direction; Traffic path

---

Question 4

Topic: Route selection

A router has routes to the same destination through a static route, an OSPF-learned route, and a less-specific default route. Which rule should be applied first when deciding the forwarding path?

• A. Always choose the default route because it has the broadest reach.
• B. Always choose OSPF because dynamic routing is newer than static routing.
• C. Choose the route with the longest matching prefix before comparing administrative distance or metric.
• D. Choose the route with the lowest interface number.

Best answer: C

Explanation: Forwarding starts with the most specific matching prefix. Administrative distance and metric matter after route candidates are comparable for the destination prefix.

Why the other choices are weaker:

• A ignores that a more-specific route beats the default route.
• B ignores longest-prefix match and route selection rules.
• D invents a route-selection rule that does not apply.

What this tests: Longest-prefix match, default routes, static routes, OSPF routes, administrative distance, and metrics.

Related topics: Routing; Longest match; OSPF; Default route

Independent study note

Tech Exam Lexicon and IT Mastery are independent study tools. They are not affiliated with, endorsed by, or sponsored by Cisco or any certification body.