Routing is where networking stops feeling like memorizing port numbers and starts feeling like actual troubleshooting. If a device can talk to the printer beside it but not the server across the VPN, you are probably looking at a routing, gateway, firewall, DNS, or subnet problem.
Here is the fast answer: for Network+, you do not need to be a CCIE. You do need to know what a default gateway does, why the most specific route wins, how static routes differ from dynamic routes, what traceroute is actually showing you, and how NAT can confuse a ticket if you skip the basics.
Use these Network+ routing practice questions like mini help desk scenarios. Read the situation, pick the best answer, then study the explanation.
If you are still shaky on IP addressing, start with the Network+ subnetting practice questions first. If VLANs are your weak spot, pair this with the Network+ VLAN practice questions.
Quick routing cheat sheet before the questions
| Concept | Plain-English meaning | Support-ticket clue |
|---|---|---|
| Default gateway | Where a host sends traffic for non-local networks | “Local works, internet does not” |
| Routing table | List of known paths | Wrong next hop, missing route, odd VPN route |
| Longest prefix match | Most specific matching route wins | A /24 route beats a /16 route |
| Static route | Manually configured path | Works until the environment changes |
| Dynamic routing | Routes learned by protocol | OSPF/BGP/EIGRP mentioned in escalations |
| Metric | Route preference/cost | Two possible paths, one chosen over the other |
| Traceroute | Shows hop-by-hop path attempt | Traffic dies after a certain router |
| NAT | Rewrites addresses | Works outbound, inbound needs extra rules |
Now let’s make it practical.
Practice question 1: local network works, internet fails
A user can print to a network printer on 192.168.10.50 and access a local file share on 192.168.10.20. They cannot browse external websites or ping 8.8.8.8. Their IP is 192.168.10.84/24. Their default gateway is blank.
What is the most likely issue?
A. DNS is down
B. The subnet mask is wrong
C. The default gateway is missing
D. The printer is on the wrong VLAN
Answer: C. The default gateway is missing.
The user can reach local devices because those addresses are in the same subnet. For anything outside 192.168.10.0/24, the device needs a default gateway. DNS is not the first answer because pinging 8.8.8.8 bypasses name resolution. If external IP traffic fails and local traffic works, check the gateway before you start blaming the browser.
Practice question 2: DNS or routing?
A laptop can ping 8.8.8.8 successfully but cannot browse to example.com. nslookup example.com times out. Other users on the same network are fine.
What should you check first?
A. The laptop’s configured DNS servers
B. The default gateway MAC address
C. The routing protocol on the core switch
D. The public IP address of the office
Answer: A. The laptop’s configured DNS servers.
If the laptop can reach an external IP, routing to the internet is probably working. The failure is name resolution. Check the DNS server handed out by DHCP, any manual DNS setting, VPN client DNS override, or security software that intercepts DNS. This is the same split you use in real tickets: IP works, names fail equals DNS path. IP fails too equals routing, firewall, gateway, or broader connectivity.
For a deeper flow, use the DNS troubleshooting guide.
Practice question 3: longest prefix match
A router has these routes:
| Destination | Next hop |
|---|---|
10.0.0.0/8 | Router A |
10.20.0.0/16 | Router B |
10.20.30.0/24 | Router C |
0.0.0.0/0 | Router D |
A packet is going to 10.20.30.55. Which next hop is used?
A. Router A
B. Router B
C. Router C
D. Router D
Answer: C. Router C.
Routers choose the most specific matching route, also called the longest prefix match. All four routes technically match in some way, but 10.20.30.0/24 is the most specific route for 10.20.30.55. This matters because broad routes can look correct until a more specific route sends traffic somewhere unexpected.
Practice question 4: static route after a network change
A branch office used to reach the data center through 10.1.1.1. After a firewall replacement, the new next hop is 10.1.1.254. Users at the branch can access the internet but cannot access a legacy app hosted in the data center. The old firewall still appears in a static route on the branch router.
What is the best fix?
A. Flush DNS on every workstation
B. Update the static route to the new next hop
C. Replace every switch at the branch
D. Disable DHCP at the branch
Answer: B. Update the static route to the new next hop.
Static routes do not magically adapt when the network changes. That is their benefit and their weakness. If a route points to an old next hop, traffic for that destination can disappear even while general internet access works. This is why change tickets should include route review, not just “firewall swapped successfully.”
Practice question 5: traceroute interpretation
A user reports that an internal web app is unreachable from home over VPN. You run traceroute from the user’s laptop and see traffic reach the VPN adapter, then the corporate VPN gateway, then stop after the internal firewall.
What does this suggest?
A. The user’s home Wi-Fi password is wrong
B. The packet reaches the corporate network, then fails after a network/security boundary
C. The user’s laptop has no route to the VPN gateway
D. The public website is down for everyone
Answer: B. The packet reaches the corporate network, then fails after a network/security boundary.
Traceroute is not perfect, but it helps you see where the path gets weird. If traffic reaches the VPN gateway and dies after the internal firewall, the user’s coffee-shop Wi-Fi is probably not the interesting part anymore. The next check is whether the VPN user group is allowed to reach that app subnet, whether the internal route exists, and whether a firewall rule changed.
This pairs well with the VPN troubleshooting checklist when you need a full remote-access flow.
Practice question 6: split tunnel VPN
A company VPN uses split tunneling. Corporate subnets go through the VPN, but general internet traffic goes out the user’s home connection. A user can browse the internet while connected to VPN but cannot reach 10.50.20.15, an internal app server.
What should you check?
A. Whether a VPN route exists for the 10.50.20.0/24 or broader internal network
B. Whether the user’s monitor is connected
C. Whether the public DNS record for Google exists
D. Whether the printer has paper
Answer: A. Whether a VPN route exists for the internal network.
Split tunneling means not all traffic uses the VPN. The client needs a route for the internal destination, and the corporate side needs a return path plus firewall permission. If internet access works during VPN, that does not prove the VPN can reach every private subnet.
A good ticket note would say: “Internet works off local connection. VPN authenticates. Missing route or blocked access to 10.50.20.0/24 suspected.” That is much more useful than “VPN broken.”
Practice question 7: NAT and inbound access
A small office server at 192.168.1.25 needs to be reachable from the internet on TCP 443. Outbound internet from the server works. External users cannot connect inbound.
What is most likely needed?
A. A port-forwarding or NAT rule on the edge firewall, plus an allow rule
B. A new default gateway on every client
C. A different subnet mask on the server
D. A printer driver update
Answer: A. A port-forwarding or NAT rule on the edge firewall, plus an allow rule.
Private RFC1918 addresses are not reachable directly from the public internet. NAT lets internal devices initiate outbound connections, but inbound access requires explicit translation and firewall permission. In real environments, you would also ask whether exposing that server is actually approved. “Can we?” and “Should we?” are different questions, and security people get twitchy when you skip the second one.
Practice question 8: what to collect before escalating
A department cannot access one internal subnet after a firewall change. You are help desk and need to escalate to networking.
Which escalation note is most useful?
A. “Network is down. Please fix.”
B. “Several users are annoyed and need this ASAP.”
C. “Accounting users on VLAN 20 can reach internet and file shares, but cannot reach 10.60.5.0/24 since firewall change CHG-1042. Tested from two machines. Ping and app connection fail. Traceroute reaches core gateway then stops.”
D. “I rebooted one laptop. No change.”
Answer: C. The scoped escalation note.
Networking teams can move faster when you give them source network, destination network, what works, what fails, timing, change reference, and test results. You do not have to solve the whole routing problem before escalating. But you should hand off enough evidence that the next person does not have to start from “user says network bad.”
If writing tickets is a weak spot, bookmark the help desk ticket notes examples. Good notes make you look senior earlier than you think.
How to study routing for Network+ without melting your brain
Do not start by memorizing every routing protocol acronym. Start with the support patterns:
- Can the device reach its own gateway?
- Can it reach another device on the same subnet?
- Can it reach an external IP?
- Can it resolve names with DNS?
- Does the route table contain the expected path?
- Does traffic die at a consistent hop?
- Is a VPN, firewall, NAT rule, or VLAN boundary involved?
Then layer in exam vocabulary:
- Static route: manually configured path.
- Default route: where traffic goes when no better match exists.
- Dynamic routing: routers sharing route information automatically.
- OSPF: common internal dynamic routing protocol.
- BGP: internet-scale/external routing protocol.
- Metric: route preference or cost.
- Administrative distance: trustworthiness of a route source on some platforms.
- NAT/PAT: address translation, often many private devices sharing one public IP.
Run ipconfig /all, route print, tracert, ip route, and traceroute when your network works. That gives you a known-good baseline. Waiting until everything is broken to learn what normal looks like is how you end up staring at a route table like it insulted your family.
FAQ
What is the difference between routing and switching?
Switching usually moves traffic within a local network using MAC addresses. Routing moves traffic between networks using IP addresses. VLANs blur the conversation because they create separate logical networks that need routing between them.
Why does default gateway matter so much?
Because it is the exit door for non-local traffic. If the default gateway is wrong or missing, local subnet traffic may still work while internet, VPN, cloud app, or cross-site traffic fails.
Should help desk techs learn traceroute?
Yes. You do not need to overinterpret every hop, but traceroute helps show whether traffic leaves the device, reaches the gateway, crosses the VPN, or dies near a firewall. That is valuable evidence.
Bottom line
Routing questions get easier when you stop treating them like abstract router trivia. Ask where the traffic starts, where it is trying to go, what route matches, what next hop is used, and whether return traffic can get back.
That is the same mental model you will use on the job, on Network+, and during interviews. If you are using cert study to break into IT, subscribe to the IT Support Group newsletter and keep practicing the boring, useful stuff. Boring and useful pays the bills.