ccna practice test Intermediate Practice Exam: Medium Difficulty 2025

A network administrator is troubleshooting connectivity issues in a network that uses VLSM. The network 172.16.0.0/16 has been subnetted to support multiple departments. Department A uses 172.16.10.0/24, Department B uses 172.16.20.0/23, and Department C uses 172.16.22.0/25. A host with IP 172.16.22.100/25 cannot communicate with a host at 172.16.22.150/25. Both hosts have their default gateways configured correctly. What is the most likely cause?

A network engineer is configuring port security on a Cisco switch to allow only specific devices to connect. The requirement is to permit two MAC addresses per port, learn them dynamically, and ensure they persist across switch reboots. If a violation occurs, the port should drop unauthorized traffic but remain operational. Which configuration achieves these requirements?

An enterprise network uses OSPF for routing. Router R1 has interfaces in Area 0 and Area 10. Router R2 is entirely within Area 10. Router R3 is an ASBR redistributing routes from an external network into OSPF. R2 receives LSA Type 5 updates but the routes do not appear in its routing table, while R1 can see and use these external routes. What is the most likely explanation?

A company is implementing a new wireless network using WPA3-Enterprise. The IT manager wants to ensure that user credentials are never sent in cleartext and that mutual authentication occurs between clients and the authentication server. Which EAP method should be selected?

A network administrator needs to configure DHCP snooping on a Cisco switch to prevent rogue DHCP servers. The legitimate DHCP server is connected to interface Gi0/1. Client devices are connected to interfaces Gi0/10 through Gi0/20. After enabling DHCP snooping globally and on VLAN 10, clients cannot obtain IP addresses. What additional configuration is required?

A network engineer is configuring inter-VLAN routing using a router-on-a-stick topology. VLAN 10 (172.16.10.0/24) and VLAN 20 (172.16.20.0/24) are configured on Switch1. The router's Gi0/0 interface connects to the switch's Gi0/1 port. Users in VLAN 10 cannot communicate with users in VLAN 20. The switch port is configured as a trunk allowing VLANs 10 and 20. What is the most likely missing configuration on the router?

A company's network uses NTP for time synchronization. Router R1 is configured as an NTP client receiving time from an external stratum 1 server. Routers R2 and R3 should synchronize their time with R1. After configuration, R2 and R3 show R1 as a configured server but time synchronization fails. The command 'show ntp status' on R1 displays 'Clock is synchronized, stratum 2'. What configuration is missing on R1?

A network administrator is troubleshooting HSRP between two routers. R1 is configured with priority 150 and R2 with priority 100 (default). R1 initially becomes active, but after a reload, R2 remains active even though R1 has returned to operation with higher priority. Both routers can ping each other and HSRP messages are being exchanged. What explains this behavior?

A security team is implementing port security and AAA authentication on access switches. They want to use 802.1X authentication for corporate devices while allowing guest devices to access a restricted VLAN without authentication. Phones should also be supported on the same ports as PCs. Which feature combination achieves this requirement?

A DevOps team wants to automate network configuration changes using Python scripts that interact with Cisco devices. They need a solution that uses structured data formats, provides programmatic access to configuration and operational data, and works over secure connections. Which combination of technologies best fits these requirements?