Domain 5: Network Troubleshooting and Tools Flashcards

Question 1

Q

Which of the following troubleshooting steps involves prioritizing trouble tickets based on the severity of the problem?

A. Identify the problem

B. Establish a theory of probable cause

C. Test the theory to determine cause

D. Establish a plan of action to resolve the problem and identify potential effects

E. Implement the solution or escalate as necessary

F. Verify full system functionality and, if applicable, implement preventive measures

G. Document findings, actions, and outcomes

Answer

A

A. Identify the problem

The first step in troubleshooting is to identify the problem by establishing symptoms related to the network issue being reported. In this step, problems are typically reported as trouble tickets, which are prioritized based on the severity of the problem. You complete the other steps after the trouble ticket has been prioritized and is being investigated.

Question 2

Q

Which of the following is considered a system-wide error?

A. A problem with an order entry or customer service call center resource

B. A problem with a router that affects only one local area network (LAN)

C. A fatal error that causes a single computer to fail

D. A problem with an email server that affects all network users

Answer

A

C. A fatal error that causes a single computer to fail

A system-wide error is a problem that renders an individual user’s system (computer) completely unusable. All the other problems listed would affect more than one system or user.

Question 3

Q

Which of the following is a network-wide problem?

A. A problem with an order entry or customer service call center resource

B. A fatal error that causes a single computer to fail

C. A problem with an application server that affects a single local area network (LAN)

D. A problem with a router that connects an entire network to the Internet

Answer

A

D. A problem with a router that connects an entire network to the Internet

Any problem that affects all the users on the network is a network-wide problem and should be given the highest priority. An example of this would be a problem with an Internet router. All other problems listed do not affect the entire network.

Question 4

Q

A user reports that she can’t connect to a server on her network. Ed wants to identify the scope of the problem, so he tries to reproduce the problem on the user’s computer. The problem still remains. No other users are reporting this problem. What is the next logical step that Ed should perform to identify the affected area?

A. Verify that the local router is forwarding traffic

B. Try performing the same task on a computer attached to the same segment

C. Verify that the server is configured properly

D. Verify that the switch the client is connected to is functioning

Answer

A

B. Try performing the same task on a computer attached to the same segment

In this scenario only one user is reporting a problem. Therefore, the likeliest next step is to perform the same task on another computer attached to the same segment. If Ed can perform the task successfully, the problem most likely lies within the user’s computer or the connection to the switch. Since no other users are reporting the same problem, the server and switches on the network are probably up and functioning. Checking the router isn’t necessary since the user and server are on the same network.

Question 5

Q

Which of the following troubleshooting steps involves asking the user preliminary questions such as, “What were you doing when the problem occurred?”

A. Identify the problem

B. Establish a theory of probable cause

C. Test the theory to determine cause

D. Establish a plan of action to resolve the problem and identify potential effects

E. Implement the solution or escalate as necessary

F. Verify full system functionality and, if applicable, implement preventative measures

G. Document findings, actions, and outcomes

Answer

A

A. Identify the problem

The first step in troubleshooting is to identify the problem by establishing symptoms related to the network problem being reported. In this step you ask the user many questions to identify and define the symptoms of the problem and prioritize the trouble ticket. Although you might continue to ask the user questions throughout the troubleshooting process, this is typically associated with the first step of the troubleshooting process.

Question 6

Q

When troubleshooting, you begin by taking steps to identify the problem. After you do this, which of the following steps should you perform next?

A. Implement the solution

B. Establish a plan of action

C. Establish a theory of probable cause

D. Verify full system functionality

Answer

A

C. Establish a theory of probable cause

After identifying the problem, the next step is to establish a theory for the probable cause of the problem. After that, you can test your theory, establish a plan of action, implement a solution, verify the functionality of the system, and document the entire process.

Question 7

Q

In which troubleshooting step do you try to duplicate a network problem to “divide and conquer” by logically and methodically eliminate elements that aren’t the source of the problem?

A. Identify the problem

B. Establish a theory of probable cause

C. Test the theory to determine cause

D. Establish a plan of action to resolve the problem and identify potential effects

E. Implement the solution or escalate as necessary

F. Verify full system functionality and, if applicable, implement preventative measures

G. Document findings, actions, and outcomes

Answer

A

B. Establish a theory of probable cause

The second step in troubleshooting is to attempt to duplicate a problem and develop a theory of its probable cause. As you troubleshoot a problem, you then test your theory to confirm your findings. You complete the other troubleshooting steps after the specific cause has been identified.

Question 8

Q

You have a problem with a server or other network component that prevents many users from working. What type of problem is this?

A. A network-wide problem

B. A shared resource problem

C. A system-wide problem

D. A user application problem

Answer

A

B. A shared resource problem

If a problem lies within a specific server or other network component that prevents many users from working, it is a shared resource problem.

Question 9

Q

A single Windows user suddenly can’t connect to any hosts on the network (local or remote). Alice interviews the user and finds out that he made some changes to his computer’s Internet Protocol (IP) configuration properties. What should she do next?

A. Run the ipconfig command to view the local configuration

B. Check the Domain Name System (DNS) server to see if it is resolving IP hostnames

C. Check the Windows Internet Name Service (WINS) server to see if it is resolving Network Basic Input/Output System (NetBIOS) names

D. Verify that the router is functioning

Answer

A

A. Run the ipconfig command to view the local configuration

Since only one user is reporting the problem and he had admitted to making changes to his IP configuration, Alice should probably start by checking the configuration using the ipconfig command.

Question 10

Q

Alice has a network with a Domain Name System (DNS) server, a proxy server, and an Internet router. A user is complaining that she suddenly can’t connect to hosts on her own local area network (LAN) and other internal LANs, and she can’t access hosts on the Internet. What is the likeliest problem?

A. The user’s local configuration

B. The proxy server

C. The DNS server

D. The router

Answer

A

A. The user’s local configuration

Since only one user is reporting the problem, the user’s computer and its configuration are the likeliest suspect components. ADNS, proxy, or router problem would affect more than one user.

Question 11

Q

Alice is working the help desk when a user calls and reports that she is unable to connect to the Internet. Which of the following steps is the one Alice is least likely to perform first when troubleshooting the problem?

A. Check the configuration of the router connecting the LAN to the Internet.

B. Ask the user if she can access resources on the local network.

C. Check to see if anyone else is experiencing the same problem.

D. Check the user’s job title to see if she is an important person in the company.

Answer

A

A. Check the configuration of the router connecting the LAN to the Internet.

There are many possible causes for the problem that are more likely than a router configuration error, so this is not something Alice would check first. Asking if the user can access the local network attempts to isolate the problem. If she cannot, the problem could be in her computer; if she can, then the problem lies somewhere in the Internet access infrastructure. If other users are experiencing the problem, then the issue should receive a higher priority, and Alice knows that the problem does not lie in the user’s computer. While it might not be the first thing she checks, it is a political reality that higher ranking users get preferential treatment.

Question 12

Q

In the standard troubleshooting methodology, which of the following steps appears last but must actually be practiced throughout the troubleshooting process?

A. Test the theory to determine cause

B. Document findings, actions, and outcomes

C. Verify full system functionality and, if applicable, implement preventive measures

D. Implement the solution or escalate as necessary

E. Establish a plan of action to resolve the problem and identify potential effects

F. Establish a theory of probable cause

G. Identify the problem

Answer

A

B. Document findings, actions, and outcomes

Documenting everything you discover and everything you do is a crucial part of the troubleshooting method that must begin before you take any other action whatsoever. However, it appears as the last step in the troubleshooting methodology.

Question 13

Q

In which troubleshooting step is a trouble ticket created?

A. Establish a theory of probable cause

B. Verify full system functionality and, if applicable, implement preventive measures

C. Implement the solution or escalate as necessary

D. Test the theory to determine cause

E. Identify the problem

F. Document findings, actions, and outcomes

G. Establish a plan of action to resolve the problem and identify potential effects

Answer

A

E. Identify the problem

The first step in troubleshooting involves identifying the problem and creating a trouble ticket. You complete the other troubleshooting steps after the trouble ticket has been prioritized.

Question 14

Q

Which step of the troubleshooting model involves identifying whether hardware or software has been recently installed or reconfigured?

A. Identify symptoms

B. Establish a theory of probable cause

C. Establish a plan of action to resolve the problem and identify potential effects

D. Determine if anything has changed.

E. Test the theory to determine cause

F. Document findings, actions, and outcomes

Answer

A

D. Determine if anything has changed.

During the troubleshooting process, you must establish whether anything has changed. This typically involves asking the user whether any new or existing hardware or software has been installed or reconfigured.

Question 15

Q

Which step of the troubleshooting model involves replacing components until a faulty hardware device is identified?

A. Duplicate the problem

B. Gather information

C. Test the theory to determine the cause

D. Establish a plan of action to resolve the problem

E. Verify full system functionality

F. Document findings, actions, and outcomes

Answer

A

C. Test the theory to determine the cause

After you have established a theory of probable cause, you can try to test the theory by replacing hardware components one by one until you find the faulty device.

Question 16

Q

Ed is a first-tier support technician. He receives the help calls listed here. His job is to assign them priorities based on their severity. Which of the following should be the problem that receives the highest priority?

A. A problem with an order entry or customer service call center resource that affects an entire department, with multiple local area networks (LANs)

B. A fatal error that causes a single computer to fail

C. A problem with a mission-critical backbone router that affects an entire network

D. A problem with an application server that affects a single LAN

Answer

A

C. A problem with a mission-critical backbone router that affects an entire network

A problem that affects the entire network should be given highest priority. This includes a mission-critical backbone router. Problems that affect multiple LANs or an entire department are generally given the next highest priority. An application problem that affects a shared application server on a LAN should be given the next highest priority. A problem with a single user’s computer should be given the lowest priority if the other problems have been reported.

Question 17

Q

Ed is a first-tier support technician. He receives the help calls listed here. His job is to assign them priorities based on their severity. Which of the following should be the problem that receives the lowest priority?

A. A problem with an order entry or customer service call center resource that affects an entire department, with multiple local area networks (LANs)

B. A fatal error that causes a single computer to fail

C. A problem with a mission-critical backbone router that affects an entire network

D. A problem with an application server that affects a single LAN

Answer

A

B. A fatal error that causes a single computer to fail

A problem that affects the entire network should be given highest priority. This includes a mission-critical backbone router. Problems that affect multiple LANs or an entire department are generally given the next highest priority. An application problem that affects a shared application server on a LAN should be given the next highest priority. A problem with a single user’s computer should be given the lowest priority if the other problems have been reported.

Question 18

Q

When you troubleshoot a network problem, it is possible to introduce another problem while attempting to fix the original one. In which step of the troubleshooting process should you be aware of the residual effects that changes might have on the network?

A. Identify the problem

B. Establish a theory of probable cause

C. Test the theory to determine cause

D. Establish a plan of action to resolve the problem

E. Implement the solution or escalate as necessary

F. Verify full system functionality

G. Document findings, actions, and outcomes

Answer

A

D. Establish a plan of action to resolve the problem

After you identify a problem and establish and test a theory of its probable cause, you must create a plan of action to resolve the problem and identify any potential effects (positive or negative) your solution might have. Then, you implement your solution, test the results, and finish documenting the incident.

Question 19

Q

In which troubleshooting step do you create a record of your activities and inform the user of what happened and why?

A. Identify the problem

B. Establish a theory of probable cause

C. Test the theory to determine cause

D. Establish a plan of action to resolve the problem and identify potential effects

E. Implement the solution or escalate as necessary

F. Verify full system functionality and, if applicable, implement preventive measures

G. Document findings, actions, and outcomes

Answer

A

G. Document findings, actions, and outcomes

The last step of the troubleshooting process is to document the solution and explain to the user what happened and why. In reality, documentation should begin when the problem is reported, and the documentation should be updated throughout the troubleshooting process.

Question 20

Q

Which of the following Windows tools uses ICMP messages and manipulates IPv4 time-to-live values to illustrate the route packets take through an internetwork?

A. Ping

B. Netstat

C. Route

D. Tracert

E. Nslookup

Answer

A

D. Tracert

he Windows tracert tool transmits a series of ICMP messages with incrementing time-to-live (TTL) values, which identify each router on the path the packets take through the network. ping uses ICMP, but it does not manipulate TTLvalues.

Question 21

Q

Users are having trouble connecting to Internet hosts. Alice suspects that there is a problem with the Domain Name System (DNS) server, and she wants to verify this. Which of the following steps can she take to determine whether the DNS server is resolving Internet hostnames?

A. Issue the ipconfig command from a local workstation

B. Try to connect to a host using the Internet Protocol (IP) address instead of the hostname

C. Ping the DNS server to see if it is functioning

D. Use the tracert command to test the functionality of the DNS server

Answer

A

B. Try to connect to a host using the Internet Protocol (IP) address instead of the hostname

If Alice suspects that a DNS server isn’t resolving hostnames, she should try connecting to a remote host using the IP address instead of the name. If she can connect, she knows that all internal local area network (LAN) components and the Internet gateway are functioning, and the remote host is functioning. The problem most likely lies within the DNS server itself. If Alice can’t connect to a remote host using the IP address, the problem isn’t the DNS server. She would need to do more testing to isolate the problem device and the affected area.

Question 22

Q

Which of the following types of wiring faults cannot be detected by a wiremap tester?

A. Split pairs

B. Open circuits

C. Short circuits

D. Transposed wires

Answer

A

A. Split pairs

A wiremap tester consists of a main unit that connects to all eight wires of a UTP cable at once and a loopback device that you connect to the other end, enabling you to test all of the wires at once. A wiremap tester can detect opens and shorts, as well as transposed wires. However, it cannot detect split pairs because, in that fault, the pins are properly connected.

Question 23

Q

After connecting a tone generator to the green wire at one end of a twisted pair cable run, Ralph proceeds to the other end of the cable and touches the locator to each of the eight pins in turn. The green wire and the green striped wire both produce a tone. What type of wiring fault has Ralph discovered?

A. Split pair

B. Far-end crosstalk

C. Transposed wires

D. Short circuit

E. Delay skew

Answer

A

D. Short circuit

The first and most essential test that installers must perform on every cable run is a continuity test, which ensures that each wire on both ends of the cable is connected to the correct pin and only the correct pin. If a pin on one end of a cable run is connected to two or more pins on the other end, you have a short circuit.

Question 24

Q

Which of the following Windows command-line utilities produced the output shown here?

A. ping

B. tracert

C. netstat

D. arp

Answer

A

D. arp

Running the arp utility with the -a parameter on a Windows system displays the contents of the Address Resolution Protocol (ARP) cache. The cache contains records of the IP addresses on the network that arp has resolved into MAC addresses. The ping, tracert, and netstat utilities are not capable of producing this output.

Question 25

Q

Which of the following Windows command-line utilities produced the output shown here?

A. ping

B. tracert

C. netstat

D. arp

Answer

A

B. tracert

The Windows tracert utility functions by transmitting a series of Internet Control Message Protocol (ICMP) Echo Request messages to a specified destination with incrementing time-to-live (TTL) values. Each successive message reaches one hop farther on the route to the destination before timing out. The tracert display therefore lists the names and addresses of the routers packets must traverse to reach the destination. The ping, netstat, and arp utilities are not capable of producing this output.

Question 26

Q

Which of the following Windows command-line utilities produced the output shown here?

A. ping

B. tracert

C. netstat

D. arp

Answer

A

A. ping

The Windows ping utility functions by transmitting a series of Internet Control Message Protocol (ICMP) Echo Request messages to a specified destination. The destination system responds with ICMP Echo Reply messages that are listed in the output display. The tracert, netstat, and arp utilities are not capable of producing this output.

Question 27

Q

Which of the following Windows command-line utilities produced the output shown here?

A. ping

B. tracert

C. netstat

D. arp

Answer

A

C. netstat

Running the Windows netstat utility with no parameters generates a list of the workstation’s active connections. The ping, tracert, and arp utilities are not capable of producing this output.

Question 28

Q

Which of the following command-line utilities is capable of performing the same basic function as traceroute or tracert?

A. ping

B. pathping

C. netstat

D. route

Answer

A

B. pathping

Like traceroute and tracert, pathping is capable of generating a list of the routers that packets pass through on the way to a specific destination system. pathping also displays the percentage of lost packets for each hop, which traceroute and tracert cannot do. The ping, netstat, and routeutilities are not capable of displaying route traces

Question 29

Q

What is the name for a device that determines the length of a cable by transmitting a signal at one end and measuring how long it takes for a reflection of the signal to return from the other end?

A. Fox and hound tester

B. Wiremap tester

C. Time domain reflectometer

D. Voltage event recorder

E. Butt set

Answer

A

C. Time domain reflectometer

The technique that provides this capability is called time domain reflectometry (TDR). The tester transmits a signal over the cable and measures how long it takes for a reflection of the signal to return from the other end. Using this information and the cable’s nominal velocity of propagation (NVP)—a specification supplied by the cable manufacturer—the device can calculate the length of a cable run.

Question 30

Q

Which TCP/IP utility should you use to most easily identify a malfunctioning router on your network?

A. ifconfig

B. ping

C. traceroute

D. netstat

Answer

A

C. traceroute

The traceroute (or tracert) utility can locate a malfunctioning router by using an Echo Request messages with incrementing TTL values. ifconfig is a network configuration utility for Unix and Linux systems; ping can test connectivity to another TCP/IP system, but it cannot locate a malfunctioning router; and netstat displays information about network connections and traffic but cannot locate a malfunctioning router.

Question 31

Q

Which of the following protocols does the ping program never use to carry its messages?

A. Ethernet

B. ICMP

C. IP

D. UDP

E. TCP

Answer

A

E. TCP

All Windows ping transactions use ICMP messages. ICMP messages are encapsulated directly within IP datagrams; they do not use transport layer protocols, such as UDP. ping transactions to destinations on the local network are encapsulated within Ethernet frames. On Unix and Linux, ping uses UDP, which is also encapsulated in IP datagrams.

Question 32

Q

Which of the following commands displays the routing table on the local computer?

A. arp –r

B. netstat –r

C. ifconfig –r

D. telnet –r

Answer

A

B. netstat –r

The netstat utility can display the routing table, along with other types of network traffic and port information. The arp utility is for adding addresses to the ARP cache; it cannot display the routing table. The ifconfig command displays TCP/IP configuration information on Unix and Linux systems; it cannot display the routing table. Telnet is a terminal emulation program; it cannot display the routing table.

Question 33

Q

A routine test of a newlyinstalled twisted pair cable run with a wiremap tester indicates that there is a short circuit on one of the wires. Which of the following procedures might possibly correct the fault?

A. Use a different pinout on both ends of the cable

B. Replace the connectors at both ends of the cable run

C. Move the cable away from any potential sources of electromagnetic interference

D. Use a higher grade of UTP cable

Answer

A

B. Replace the connectors at both ends of the cable run

A short circuit is a wiring fault indicating that a pin at one end of a cable run is connected to two pins at the other end. To correct the problem, you must replace the connector with the faulty wiring. None of the other suggestions are solutions for a wiring fault.

Question 34

Q

Ralph is a new hire working on a network that uses Cat5 unshielded twisted pair cable, which was installed several years ago. Over time, some of the paper labels that the original cable installers used to identify the wall plates and patch panel connectors have worn away or fallen off. As a result, Ralph has quite a few cable runs that he is unable to identify. After checking with his supervisor, Ralph discovers that the company has no cable testing equipment and is unwilling to hire a consultant just to identify cable runs. What is the most inexpensive tool Ralph can use to associate unlabeled wall plates with the correct patch panel ports?

A. A wiremap tester

B. A cable certifier

C. A tone generator and locator

D. A time domain reflectometer

Answer

A

C. A tone generator and locator

All of the suggested tools are cable of associating wall plates with the correct patch panel ports, but the tone generator and locator is by far the most inexpensive solution.

Question 35

Q

Which of the following devices is an essential tool for technicians working on telephone cables but is not needed for data networking cable installations?

A. Tone generator and locator

B. Wiremap tester

C. Cable certifier

D. Butt set

Answer

A

D. Butt set

Telephone cable technicians have their own specialized tools, such as the butt set, a one-piece telephone handset with alligator clips that enables its operator to connect to a line anywhere that the cables are accessible.

Question 36

Q

Which of the following command lines will produce the output shown in the figure?

A. ping 10.0.0.1 -t

B. ping 10.0.0.1 -n 2048

C. ping 10.0.0.1 -l 2048 -n 11

D. ping 10.0.0.1 -l 2048 -t

E. ping 10.0.0.1 -n 2048 -t 11

Answer

A

C. ping 10.0.0.1 -l 2048 -n 11

Running ping with the -l parameter enables you to specify the size of the messages sent to the target, in this case, 2028 bytes. The -n parameter enables you to specify the number of messages the ping tool should transmit, in this case 11. Combining these two parameters generates the output in the figure. The -t parameter causes the ping tool to transmit messages until manually halted.

Question 37

Q

Which of the following parameters causes the ping tool to transmit messages continually until manually halted?

A. -n

B. -t

C. -i

D. -a

Answer

A

B. -t

Running the ping tool with the -t parameter causes it to send messages to the target continuously until you manually stop it. The -n parameter enables you to specify the number of messages the ping tool should transmit. The -i parameter enables you to specify the time-to-live (TTL) value of the messages ping transmits. The -a parameter resolves an IP address you specify as the target to a hostname.

Question 38

Q

Which of the following tools can you use to test the optical loss in a fiber-optic cable?

A. An OLTS

B. A TDR

C. A light meter

D. A wiremap tester

Answer

A

A. An OLTS

An optical loss test set (OLTS) identifies signal loss in fiber optic cabling. A time domain reflectometer (TDR) measures electrical signals in copper-based cabling, not light signals. A light meter measures the strength of light signals on fiber optic cable, but it cannot generate the signal needed to test optical loss. Wiremap testers are used only on copper cables, not fiber optic.

Question 39

Q

Which of the following commands enables you to view the ARP table stored in memory?

A. arp -c

B. arp -d

C. arp -a

D. arp -s

Answer

A

C. arp -a

The arp -a command displays the entries in the ARP table stored in its cache. The arp -dcommand is for deleting entries, and the arp -s command is for adding entries. The arp -ccommand is not a valid option.

Question 40

Q

Which of the following command-line utilities enables you to generate Domain Name System (DNS) request messages?

A. ifconfig

B. nslookup

C. nbtstat

D. netstat

Answer

A

B. nslookup

The nslookup tool enables you to generate DNS request messages from the command line and send them to a specific DNS server. The other options listed are not DNS utilities.

Question 41

Q

Which of the following troubleshooting tools can test cabling for length, attenuation, near end crosstalk (NEXT), equal level far end crosstalk (ELFEXT), propagation delay, delay skew, and return loss?

A. Wiremap tester

B. Cable certifier

C. Time domain reflectometer (TDR)

D. Optical loss test set (OLTS)

Answer

A

B. Cable certifier

You can use a cable certifier to identify a variety of cable performance characteristics, typically including cabling lengths, signal attenuation, crosstalk, propagation delay, delay skew, and return loss, in addition to providing all the functionality of a wiremap tester. The other tools listed are dedicated to a single testing modality and do not test for crosstalk.

Question 42

Q

Which of the following command-line utilities enables you to view the Internet Protocol (IP) configuration on a Unix or Linux host?

A. ifconfig

B. nslookup

C. ipconfig

D. netstat

Answer

A

A. ifconfig

On a Unix or Linux host, the ifconfig command displays the system’s current IP configuration settings and parameters. ipconfig is a Windows command-line utility that performs the same basic function. The other options are command-line utilities that do not display IP configuration information.

Question 43

Q

Which of the following Windows commands enables you to delete the entire ARP cache?

A. arp -c *

B. arp -d *

C. arp -a

D. arp -s

Answer

A

B. arp -d *

The arp -d command is for deleting cache entries, and by running it with the asterisk wildcard, the command deletes all of the entries in the cache. The arp -a command displays the entries in the ARP table stored in its cache, and the arp -s command is for adding entries. The arp -c * command is not a valid option.

Question 44

Q

Which of the following troubleshooting tools is not used to test copper cabling installations?

A. Wiremap tester

B. Multimeter

C. Tone generator and locator

D. OTDR

Answer

A

D. OTDR

An optical time domain reflectometer (OTDR) is a device that transmits light pulses over a fiber-optic network and measures the time interval and strength of the returning pulse, to measure the length of the cable run. An OTDR can be used to locate fiber-optic cable breaks, as well as characterize a cable run’s reflectance, optical return loss, and other characteristics. Multimeters, tone generators, and wiremap testers are all devices that work only with copper networks.

Question 45

Q

Ralph has been advised to check his Linux web servers for open ports that attackers might be able to use to penetrate the servers’ security. Which of the following utilities can Ralph use to do this?

A. tcpdump

B. dig

C. iptables

D. nmap

Answer

A

D. nmap

The nmap utility is capable of scanning a system for open ports that might be a security hazard. The tcpdump, dig, and iptables utilities cannot do this.

Question 46

Q

Which of the following parameters enables you to specify the time-to-live (TTL) value of the messages ping transmits?

A. -n

B. -t

C. -i

D. -a

Answer

A

C. -i

Running the ping tool with the -i parameter enables you to specify the time-to-live (TTL) value of the messages ping transmits. The -t parameter causes the ping tool to send messages to the target continuously until you manually stop it. The -n parameter enables you to specify the number of messages the ping tool should transmit. The -a parameter resolves an IP address you specify as the target to a hostname.

Question 47

Q

Ralph is the network administrator of his company’s network. He has had three users call the help desk to report that they are having problems connecting to the local application server. Comparing their stories, Ralph suspects that their Transmission Control Protocol (TCP) connections are being dropped. The users are not having problems connecting to any other hosts on the network. To troubleshoot this problem, Ralph decides to use a protocol analyzer. He wants to store and view only the traffic relating to the hosts and server that are having problems. How can Ralph do this?

A. Configure a display filter.

B. Configure a capture filter.

C. Set a trap on the analyzer.

D. Configure both a capture and a display filter.

Answer

A

B. Configure a capture filter.

Ralph wants to store and view only the traffic relating to the hosts that are experiencing problems. The best way to do this is to set a capture filter. Capture filters determine what is stored in the buffer. Display filters only determine what is displayed from the contents of the buffer. You do not set a trap on an analyzer—you set traps on Simple Network Management Protocol (SNMP) agents. Also, there is no need to configure both a capture filter and a display filter. If you set a capture filter that blocks all other traffic from entering the buffer, the display filter would be redundant.

Question 48

Q

Ralph is a new hire for a consulting firm that frequently performs cable installations. He is trying to learn more about the tools needed to install internal cable runs. To that end, which of the following statements about cable crimpers has Ralph found to be true?

A. Cable installers use a crimper to attach keystone connectors to lengths of bulk cable.

B. Cable installers use a crimper to attach RJ45 connectors to lengths of bulk cable.

C. You need to purchase a separate crimper for each type of cable to which you want to attach connectors.

D. Making your own patch cables by applying connectors yourself is always more economical than buying prefabricated patch cables.

Answer

A

B. Cable installers use a crimper to attach RJ45 connectors to lengths of bulk cable.

A crimper is a plier-like device that cable installers use to create patch cables by attaching RJ45 connectors to lengths of bulk cable.

Question 49

Q

Which of the following troubleshooting tools enables you to copy all of the packets transmitted over a network to a buffer, interpret the protocols used in the packets, and display the output?

A. Event Viewer

B. Traffic monitor

C. Protocol analyzer

D. Management console

Answer

A

C. Protocol analyzer

A protocol analyzer copies all network traffic, interprets the protocol headers and fields, and displays the output. The Event Viewer displays system, application, and security event logs on a single computer. There is no network troubleshooting tool called a traffic monitor. A management console is a remote monitoring and management device that queries Simple Network Management Protocol (SNMP) agents.

Question 50

Q

Which of the following are tools that run only on Unix or Linux systems?

A. tcpdump

B. dig

C. iptables

D. ifconfig

E. route

Answer

A

E. route

Of the utilities listed, tcpdump, dig, iptables, and ifconfig are all tools that run on Unix/Linux systems only. The route utility runs on both Unix/Linux and Windows.

Question 51

Q

Which of the following Windows command-line utilities produced the output shown here?

A. nslookup

B. pathping

C. netstat

D. route

Answer

A

A. nslookup

nslookup is a command-line utility that generates DNS resource record requests and sends them to a specific DNS server. The output shown here specifies first the name and address of the DNS server to which the request was sent and then the response to the request, containing the name to be resolved and the IP addresses contained in the server’s resource record for that name. The pathping, netstat, and route utilities cannot perform DNS queries.

Question 52

Q

Which of the following parameters enables you to specify the number of messages the pingtool transmits?

A. -n

B. -t

C. -i

D. -a

Answer

A

A. -n

Running the ping tool with the -n parameter enables you to specify the number of messages the ping tool should transmit with each execution. The -t parameter causes the ping tool to send messages to the target continuously until you manually stop it. The -i parameter enables you to specify the time-to-live (TTL) value of the messages ping transmits. The -aparameter resolves an IP address you specify as the target to a hostname.

Question 53

Q

Which of the following cable testing tools are used only on fiber-optic networks?

A. OTDR

B. Multimeter

C. Tone generator

D. Punchdown tool

Answer

A

A. OTDR

An optical time domain reflectometer (OTDR) is a device that transmits light pulses over a fiber-optic network and measures the time interval and strength of the returning pulse, to measure the length of the cable run. An OTDR can be used to locate fiber-optic cable breaks, as well as characterize a cable run’s reflectance, optical return loss, and other characteristics. Multimeters, tone generators, and punchdown tools are all devices that work only with copper networks.

Question 54

Q

Which of the following command-line utilities can only run on Unix and Linux systems?

A. ping

B. ipconfig

C. tracert

D. ifconfig

E. netstat

Answer

A

D. ifconfig

The ifconfig command runs only on Unix and Linux systems. The ping and netstatutilities run on both Windows and Unix/Linux systems. The ipconfig and tracertcommands run only on Windows, although there is a Unix/Linux version of tracert called traceroute.

Question 55

Q

Which of the following command-line utilities can only run on Windows systems?

A. ping

B. ipconfig

C. traceroute

D. ifconfig

E. netstat

Answer

A

B. ipconfig

The ipconfig command runs only on Windows, although there is a similar Unix/Linux-only command called ifconfig. The ping and netstat utilities run on both Windows and Unix/Linux systems. The traceroute utility runs only on Unix/Linux systems, although there is a Windows version called tracert.

Question 56

Q

Which of the following netstat commands can tell you how many IPv6 packets have been received on a particular Windows workstation?

A. netstat -a

B. netstat -s

C. netstat -e

D. netstat -r

Answer

A

B. netstat -s

The netstat -s command displays packet counts and other traffic statistics for the IPv6, IPv4, ICMP, TCP, and UDP protocols. The netstat -a command displays all of a workstation’s current connections and ports on which it is listening. The netstat -ecommand displays Ethernet statistics, such as the number of bytes and packets sent and received. The netstat -r command displays the computer’s routing table.

Question 57

Q

Which of the following commands can Ralph use to display the number of bytes that a Windows workstation has transmitted?

A. netstat

B. tcpdump

C. ipconfig

D. iptables

Answer

A

A. netstat

Running netstat with the -e parameter on a Windows workstation displays Ethernet statistics, including the number of bytes and packets the workstation has sent and received. The ipconfig command displays TCP/IP configuration data; it does not display network traffic statistics. The tcpdump and iptables commands both run only on Unix and Linux workstations.

Question 58

Q

Alice is troubleshooting a Windows server, and while doing so she runs the following command: ping 127.0.0.1. The command completes successfully. What has Alice proven by doing this?

A. That the computer’s network adapter is functioning properly

B. That the computer’s TCP/IP networking stack is loaded and functioning

C. That the computer’s IP address is correct for the network

D. Nothing at all

Answer

A

B. That the computer’s TCP/IP networking stack is loaded and functioning

The IP address 127.0.0.1 is a dedicated loopback address that directs outgoing IP traffic directly into the incoming IP traffic buffer. A successful ping test using that address indicates that the computer’s TCP/IP stack is functioning properly, but the traffic never reaches the network adapter or the network, so the test does not confirm that the adapter is functioning or that the computer has a correct IP address for the network.

Question 59

Q

Ralph is the administrator of his company’s network. He has a Dynamic Host Configuration Protocol (DHCP) server configured to supply Internet Protocol (IP) addresses and configuration information to all of the Windows computers on the network. One of the Windows users reports that she cannot connect to the network. Which of the following commands can Ralph run on her computer to verify the status of the computer’s IP settings and configuration parameters?

A. ifconfig

B. ipconfig

C. msinfo32

D. tracert

Answer

A

B. ipconfig

ipconfig is a Windows command that displays a computer’s current IP address and TCP/IP configuration settings, including whether the computer has obtained its address from a DHCP server.

Question 60

Q

Which of the following cable installation tools is likely to be the most expensive?

A. A crimper

B. A cable certifier

C. A punchdown tool

D. A wiremap tester

Answer

A

B. A cable certifier

Crimpers and punchdown tools are relatively simple and inexpensive mechanical devices that cable installers use to connect bulk cable to connectors. A wiremap tester is an electronic device for cable testing, but it is still relatively simple. A cable certifier is a complex electronic device that can perform a battery of tests on a cable run, confirm that the cable conforms to the required wiring standards, and maintains records of the testing procedure. Cable certifiers are by far the most expensive of the devices listed.

Question 61

Q

\Which of the following route commands displays the contents of a Windows computer’s IPv6 routing table only?

A. route print

B. route print -6

C. route list -6

D. route list

Answer

A

B. route print -6

The route print command displays both the IPv4 and IPv6 routing tables. To display only the IPv6 routing table, you add the -6 parameter to the route print command. route list and route list -6 are not valid commands.

Question 62

Q

What is the function of the tool shown in the following figure?

A. By placing the tool at one end of a wire, it generates a tone that can be detected at the other end.

B. To connect a bulk cable to a keystone connector, you use the tool to punch each wire down into the correct receptacle on the connector.

C. By touching the end of the tool to a copper cable, you can detect and measure the electrical current flowing through it.

D. By connecting the tool to the end of a fiber-optic cable, you can measure the length of the cable run.

Answer

A

C. By touching the end of the tool to a copper cable, you can detect and measure the electrical current flowing through it.

The device shown in the figure is a multimeter, which is used to measure the electric current on a copper conductor, such as an unshielded twisted pair network. This tool is not capable of performing any of the tasks described in the other options.

Question 63

Q

What is the function of the tool shown in the following figure?

A. When you place the tool at one end of a wire, it generates a tone that can be detected at the other end.

B. To connect a bulk cable to a keystone connector, you use the tool to punch each wire down into the correct receptacle on the connector.

C. By touching the end of the tool to a copper cable, you can detect and measure the electrical current flowing through it.

D. By connecting the tool to the end of a fiber-optic cable, you can measure the length of the cable run.

Answer

A

B. To connect a bulk cable to a keystone connector, you use the tool to punch each wire down into the correct receptacle on the connector.

The device shown in the figure is a punchdown tool, used to connect unshielded twisted pair cable ends to the keystone connectors used in modular wall plates and patch panels. After lining up the individual wires in the cable with the connector, you use the tool to press each wire into its slot. The tool also cuts the wire sheath to make an electrical contact and trims the end of the wire. This tool is not capable of performing any of the tasks described in the other options.

Question 64

Q

What is the function of the tool shown in the following figure?

A. When you place the tool at one end of a wire, it generates a tone that can be detected at the other end.

B. To connect a bulk cable to a keystone connector, you use the tool to punch each wire down into the correct receptacle on the connector.

C. By touching the end of the tool to a copper cable, you can detect and measure the electrical current flowing through it.

D. By connecting the tool to the end of a fiber-optic cable, you can measure the length of the cable run.

Answer

A

A. When you place the tool at one end of a wire, it generates a tone that can be detected at the other end.

The device shown in the figure is a tone generator and locator, used to test unshielded twisted pair wiring and detect certain basic wiring faults. This tool is not capable of performing any of the tasks described in the other options.

Answer 65

A

D. By connecting the clips to pins in a punchdown block, you can access telephone circuits in order to test them or place telephone calls.

The device shown in the figure is a butt set, a basic tool of telephone installers and linesworkers. This tool is not capable of performing any of the tasks described in the other options.

Answer 66

A

B. To attach a bulk cable end to an RJ45 connector, you use the tool to squeeze the connector closed, forcing the wire ends to contact the connector’s pins.

The device shown in the figure is a crimper, which is used to create patch cables by attaching connectors to both ends of a relatively short length of bulk cable. This tool is not capable of performing any of the tasks described in the other options.

Answer 67

A

B. Crimper

The device shown in the figure is a crimper, which is used to create patch cables by attaching RJ45 connectors to both ends of a relatively short length of bulk cable. You use the tool to squeeze the connector closed, forcing the wire ends to contact the connector’s pins.

Answer 68

A

A. Butt set

The device shown in the figure is a butt set, a basic tool of telephone installers and linesworkers. By connecting the clips to pins in a punchdown block, you can access telephone circuits in order to test them or place telephone calls.

Answer 69

A

D. Punchdown tool

The device shown in the figure is a punchdown tool, used to connect unshielded twisted pair cable ends to the keystone connectors used in modular wall plates and patch panels. After lining up the individual wires in the cable with the connector, you use the tool to press each wire into its slot. The tool also cuts the wire sheath to make an electrical contact and trims the end of the wire.

Answer 70

A

C. Tone generator and locator

The device shown in the figure is a tone generator and locator, used to test unshielded twisted pair wiring and detect certain basic wiring faults. When you place the tool at one end of a wire, it generates a tone that can be detected at the other end.

Answer 71

A

A. Multimeter

The device shown in the figure is a multimeter, a versatile device used to measure electrical current on copper cable connections. Multimeters are available with a wide range of features at a wide range of costs.

Answer 72

A

C. The customer has an incorrect default gateway address.

Because the customer can access the other two computers in the house, Ed knows that her IP address and subnet mask are properly configured that the network cable is plugged in and functional. Ed also knows that the computer’s DNS record does not play a role in outgoing connections. The problem is most likely the default gateway because the gateway address the customer specified is on another network, 172.16.43.0, rather than on her own network, 172.16.41.0.

Answer 73

A

A. Configure a display filter.

Once the frames are in the buffer, Alice can configure a display filter to block the unwanted frames from view. This does not delete them from the buffer. Since the capture was already performed, there is no need to restart the capture. Configuring a capture filter will not meet the requirements, because the filter will eliminate the other frames completely from the buffer. It is not possible to delete frames from an analyzer buffer.

Answer 74

A

A. The customer’s network cable is unplugged.

The customer’s IP address, subnet mask, and default gateway are appropriate for her home network. There is nothing wrong with having a zero in the network address. Therefore, of the options presented, the only logical choice is that the network cable is unplugged.

Answer 75

A

A. Open

The failure to detect a tone on a wire indicates that there is either a break in the wire somewhere inside the cable or a bad connection with the pin in one or both connectors. This condition is called an open circuit. A short is when a wire is connected to two or more pins at one end of the cable. A split pair is a connection in which two wires are incorrectly mapped in exactly the same way on both ends of the cable. Crosstalk is a type of interference caused by signals on one wire bleeding over to other wires.

Answer 76

A

B. Short

A short is when a wire is connected to two or more pins at one end of the cable or when the conductors of two or more wires are touching inside the cable. This would cause a tone applied to a single pin at one end to be heard on multiple pins at the other end. An open circuit would manifest as a failure to detect a tone on a wire, indicating that there is either a break in the wire somewhere inside the cable or a bad connection with the pin in one or both connectors. A split pair is a connection in which two wires are incorrectly mapped in exactly the same way on both ends of the cable. Crosstalk is a type of interference caused by signals on one wire bleeding over to other wires.

Answer 77

A

C. Split pair

A split pair is a connection in which two wires are incorrectly mapped in exactly the same way on both ends of the cable. Each pin on one end of the cable is correctly wired to the corresponding pin at the other end, but the wires inside the cable used to make the connections are incorrect. In a properly wired connection, each twisted pair should contain a signal and a ground wire. In a split pair, you can have two signal wires twisted together as a pair. This can generate excessive amounts of crosstalk, corrupting both of the signals involved. Because all of the pins are connected properly, a tone generator and locator cannot detect this fault.

Answer 78

A

D. Cable certifier

A split pair is a connection in which two wires are incorrectly mapped in exactly the same way on both ends of the cable. Each pin on one end of the cable is correctly wired to the corresponding pin at the other end, but the wires inside the cable used to make the connections are incorrect. In a properly wired connection, each twisted pair should contain a signal and a ground wire. In a split pair, you can have two signal wires twisted together as a pair. This can generate excessive amounts of crosstalk, corrupting both of the signals involved. Because all of the pins are connected properly, a tone generator and locator cannot detect this fault, and neither can a wiremap tester or a multimeter. However, a cable certifier is a highly sophisticated electronic device that can detect all types of cable faults, including split pairs, as well as measure cable performance characteristics.

Answer 79

A

C. Jitter

When individual packets in a data stream are delayed, the resulting connectivity problem is called jitter. Although this condition might not cause problems for asynchronous applications, real-time communications, such as Voice over IP or streaming video, can suffer interruptions, from which the phenomenon gets its name. Latency describes a generalized delay in network transmissions, not individual packet delays. Attenuation is the weakening of a signal as it travels through a network medium. A bottleneck is a condition in which all traffic is delayed, due to a faulty or inadequate component.

Answer 80

A

C. The existing cable is not rated for use with Gigabit Ethernet.

Of the options provided, the only possible source of the problem is that the cable runs are using a cable type not rated for Gigabit Ethernet. Some older buildings might still have Category 3 cable installed, which was used in the original twisted pair Ethernet specification. Cat3 is unsuitable for use with Gigabit Ethernet in many ways and can result in the poor performance that Alice is experiencing. A cable installation with runs wired using different pinout standards will not affect performance as long as each run uses the same pinouts at both ends. Gigabit Ethernet will not function at all if only two wire pairs are connected. The transceivers are located in the equipment that Alice company brought from the old location, so they are not mismatched.

Answer 81

A

D. Ralph must use all four wire pairs for a Gigabit Ethernet connection.

The auto negotiation mechanism is not the problem, nor is the pinout standard or Ralph’s wire pair selection. The speed auto negotiation mechanism in Gigabit Ethernet uses only two wire pairs, so although the LEDs do light up successfully, a functional Gigabit Ethernet data connection requires all four wire pairs.

Answer 82

A

D. Do nothing. The cable runs will function properly as is.

Cable runs are traditionally wired “straight through,” that is, with the transmit pins at one end wired to the transmit pins at the other end. It is the switch that is supposed to implement the crossover circuit that connects the transmit pins to the receive pins. Cable runs wired using T568A at one end and T568B at the other end create a crossover circuit in the cable run. At one time, this would have been a serious problem, but today’s switches automatically configure crossover circuits as needed, so they will adjust themselves to adapt to the cable runs. All of the other options would correct the problem, but doing nothing is certainly the best option.

Answer 83

A

A. Duplex mismatch

There should be no collisions at all on a full-duplex network, so the problem is clearly related to the duplexing of the communications. Ethernet running over twisted pair cable, in its original half-duplex mode, detects collisions by looking for data on the transmit and receive pins at the same time. In full-duplex mode, data is supposed to be transmitted and received at the same time. When one side of a connection is configured to use full duplex, as Alice’s new computers are, and the other end is configured to use half duplex (as the switches must be), the full-duplex communications on the one side look like collisions to the half-duplex side.

Answer 84

A

A. Move the port 4 cable to port 2.

The problem is unlikely to be a bad hub port or a bad cable, so moving the cable from port 4 to port 2 will not help. The problem is the crossover circuit between the two computers. The two systems were once connected directly together, which means that Ralph was using a crossover cable. The hub also provides a crossover circuit (except in the X port), and old hubs often do not auto negotiate crossovers. Therefore, the connection has two crossovers, which is the equivalent of wiring transmit pins to transmit pins, instead of transmit pins to receive pins. All of the other options eliminate one of the crossover circuits, enabling the computers to be wired correctly.

Answer 85

A

B. Attenuation

Attenuation is the weakening of a signal as it travels long distances, whether on a wired or wireless medium. The longer the transmission distance, the more the signal weakens. Cable length specifications are designed in part to prevent signals from attenuating to the point at which they are unviable.

Answer 86

A

B. One of the cables is a crossover cable.

Older Ethernet hubs do not auto negotiate crossovers. Instead, they have an X (or uplink) port that provides a connection without a crossover circuit, so you can connect one hub to another. If both of the cables had been standard straight-through Ethernet cables or if both had been crossover cables, then plugging them into two regular ports should have worked. Because plugging one cable into the X port worked, this means that only one of the cables must be a crossover cable. The problem, therefore, was the cable, not the port. The X port does not provide extra strength to the signals.

Answer 87

A

D. EMI

Fluorescent light fixtures and other devices in an office environment can generate magnetic fields, resulting in electromagnetic interference (EMI). When a copper-based cable runs too near to such a device, the magnetic fields can generate an electric current on the cable that interferes with the signals exchanged by network devices. Jitter, crosstalk, and attenuation are all conditions that can affect the performance of a wired network, but they are not directly related to the cables’ proximity to light fixtures.

Answer 88

A

B. One of the connectors on the 12th computer has a bent pin.

A bent pin on one of the twelfth computer’s connections would cause a break in the bus, essentially forming two networks that operate independently. The failure to terminate or ground the network would not produce this type of fault. Reversing the transmit and receive pins is not possible on a coaxial connection, due to the architecture of the cable.

Answer 89

A

A. Crosstalk

Crosstalk is a type of interference that occurs on copper-based networks when in a signal transmitted on one conductor bleeds over onto another nearby conductor. Twisted pair cables, which have eight or more conductors compressed together inside one sheath, are particularly susceptible to crosstalk. Twisting each of the separate wire pairs tends to reduce the amount of crosstalk to manageable levels. Twisting the wire pairs does not prevent signals from being affected by electromagnetic interference (EMI) or attenuation. Latency is a measurement of the time it takes for a signal to travel from its source to its destination.

Answer 90

A

C. Link pulse LED

The link pulse LED indicates the adapter is connected to a functioning hub or switch. The speed LED specifies the data rate of the link. The collision LED lights up when collisions occur. There is no status LED on a network interface adapter.

Answer 91

A

D. Use either standard, as long as both ends are the same

Either the T568A or the T568B pinout standard is acceptable. The patch cables will function properly as long as both ends are wired using the same pinout standard.

Answer 92

A

C. Crosstalk

Crosstalk is a type of interference that occurs on copper-based networks when in a signal transmitted on one conductor bleeds over onto another nearby conductor. Twisted pair cables, which have eight or more conductors compressed together inside one sheath, are particularly susceptible to crosstalk. Twisting each of the separate wire pairs tends to reduce the amount of crosstalk to manageable levels. Untwisting the pairs leaves them more susceptible to crosstalk.

Answer 93

A

C. Split pairs

A split pair is a connection in which two wires are incorrectly mapped in exactly the same way on both ends of the cable. Each pin on one end of the cable is correctly wired to the corresponding pin at the other end, but the wires inside the cable used to make the connections are incorrect. In a properly wired connection, each twisted pair should contain a colored signal wire and a striped ground wire. In a split pair, you can have two signal wires twisted together as a pair. This can generate excessive amounts of crosstalk, corrupting both of the signals involved. Because all of the pins are connected properly, a tone generator and locator cannot detect this fault.

Answer 94

A

A. White/orange, orange, white/green, blue, white/blue, green, white/brown, brown

Option A is the T568B pinout that Ralph should use when attaching connectors to the cables. Option B is the T568A pinout, which would also work but that Ralph has been instructed not to use. Options C and D are both incorrect and can result in excessive amounts of crosstalk.

Answer 95

A

A. Incorrect passphrase

Specifying the wrong passphrase for the encryption protocol is the most common cause of a failure to connect to the network with no indication of an error. Channel overlap or a poor signal-to-noise ratio, caused by a microwave oven or other device, could result in a weak signal, either of which would be indicated in the list of available networks. Incorrect SSID is not likely to be the error, as long as Ralph selected the access point from the list.

Answer 96

A

C. Patch

A patch antenna is a flat device that transmits signals in a half-spherical pattern. By placing the antenna against the building’s outer wall, Ralph can provide coverage inside the building and minimize coverage extending to the outside. A dipole antenna is another name for the omnidirectional antenna usually provided with an access point. A unidirectional antenna directs signals in a straight line, which would not provide the coverage Ralph needs. A Yagi antenna is a type of unidirectional antenna.

Answer 97

A

B. Type the SSID in manually.

It is possible that the wireless access point has been configured not to broadcast the network’s SSID as a security measure, so Alice should first attempt to access it by typing the SSID in manually. She would not be able to type in the WPA2 passphrase until she is connecting to the SSID. Moving the laptop closer to the access point or away from possible sources of electromagnetic interference might be solutions to the problem, but they should not be the first thing Alice tries.

Answer 98

A

D. Security type mismatch

The most likely cause of Alice’s problem is that she has selected an incorrect security type. Wired Equivalent Privacy (WEP) is still provided as an option on many wireless devices, but it has long since been found to be insecure and is almost never used. Alice should try selecting the other security types that enable her to enter her passphrase, such as Wi-Fi Protected Access II (WPA2). Although the other options are possible causes of the problem, security type mismatch is the most likely cause.

Answer 99

A

D. Nothing. 802.11a equipment cannot connect to an 802.11g network.

Wireless LAN equipment built to the 802.11a standard can only use the 5 GHz frequency. However, an 802.11g access point can only use the 2.4 GHz frequency. Therefore, the network adapters cannot connect to Ralph’s access point.

Answer 100

A

B. The 802.11g standard does not support communication using the 5 GHz band. Ralph must configure the access point to support 2.4 GHz for all the laptops to connect successfully.

The 802.11b and 802.11g standards do not support 5 GHz communications. Configuring the access point to support 2.4 GHz is the only way for the 802.11g computers to connect to the network. The 5 GHz band does support automatic channel selection, so there is no need to configure the channel on each laptop manually. The 5 GHz band does support MIMO, and the 802.11n laptops should be able to connect. Replacing the adapters with 802.11g will prevent them from connecting, as that standard does not support 5 GHz communications. The 802.11a standard does support the 5 GHz band, and those laptops should be able to connect.

Answer 101

A

D. The room containing the problematic computers might be at the limit of the access point’s range.

As wireless computers move farther away from the access point, their signals attenuate (weaken) and the maximum speed of their connections drops. If the computers were using a different encryption protocol than the access point, there would be no connection at all, not a diminished connection speed. An SSID mismatch would cause the computers to connect to a different network, not necessarily connect at a slower speed. If the computers had 802.11a adapters, they would fail to connect to the access point at all, because 802.11a requires the use of the 5 GHz frequency band, and 802.11g uses 2.4 GHz.

Answer 102

A

C. Attenuation

Attenuation is the weakening of a signal as it travels long distances, whether on a wired or wireless medium. The longer the transmission distance, the more the signal weakens. Absorption is the tendency of a wireless signal to change as it passes through different materials. Latency is a measurement of the time it takes for a signal to travel from its source to its destination. Crosstalk is a type of interference that occurs on wired networks when a signal bleeds over to an adjacent wire.

Answer 103

A

B. Replace the access point with a model that supports 802.11n.

Replacing the access point with an 802.11n model is not going to have any effect at all unless you upgrade the computer’s network adapter as well. Installing a higher gain antenna on the access point can improve its range, enabling the computer to connect more readily. Moving the computer closer to the access point can strengthen the signal, enabling it to connect more reliably. Changing the channel on the access point to a lesser used one can enable the computer to connect more easily.

Answer 104

A

A. The router connecting the problem LAN to the backbone

In this scenario, only users on one LAN are experiencing problems connecting to the Internet and other internal LANs. This isolates the problem to a component within that LAN only. Since users can connect successfully to local resources, the problem doesn’t lie within the individual computers,the switch that connects the users to the network, or the backbone network cable. The likeliest problem is in the router connecting problem LAN to the backbone network. Since users on the other internal LANs are not reporting problems connecting to the Internet, the problem most likely doesnot involve the Internet router.

Answer 105

A

B. The Internet router

In this scenario, all of the internal users are experiencing problems connecting to the Internet, so the router that provides access to the Internet is the suspected component. Since users can connect to resources on the internal LANs, the problem probably is not in any of the routers connecting the LANs to the backbone or the backbone cable itself. This also eliminates the probability that the switches on the LANs are the problem.

Answer 106

A

C. The common switch to which the VLAN2 users are connected is not functioning.

In this scenario, some, but not all, users on VLAN2 can’t connect to local and remote resources. Since users connected to other switches within the same VLAN and on other VLANs are not reporting any problems, the router is not the issue. This also excludes a VLAN2 configuration problem, because this would affect the VLAN2 users on all of the switches. VLAN3 and VLAN4 users can communicate through the router, so they are also not the problem. The likeliest problem is the common component, which is the switch to which the VLAN2 users experiencing the outage are connected.

Answer 107

A

C. Default gateway

The problem is most likely the default gateway address, which directs all traffic intended for the Internet to the cable modem/router. If that address is incorrect, the traffic will never reach the router. Because the computer can access the other two systems on the local network, the IP address and subnet mask are not the problem. It is not necessary (and not always possible) to change the MAC address on a Windows workstation.

Answer 108

A

D. Incorrect ACL settings

The problem is most likely incorrect ACL settings. Because the computers are all able to access the Internet, their TCP/IP settings, including their IP addresses, subnet mask, and default gateway address, must be correct. However, if the users do not have the correct permissions in the access control lists (ACLs) of the file system shares, they will not be able to access the shares over the network.

Answer 109

A

B. The Default Gateway setting is incorrect.

The Default Gateway setting should contain the address of a router on the local network that provides access to other networks, such as the Internet. In this case, therefore, the Default Gateway address should be on the 192.168.4.0 network, but it contains an address on the 192.168.6.0” network, which is not local. Therefore, the user can only access systems on the 192.168.4.0 network. The Subnet Mask setting must be correct, or the user would not be able to access any other systems. Unlike the default gateway, the DNS server does not have to be on the local network, so the address shown can be correct. DHCP is not necessary to access the Internet.

Answer 110

A

C. The DHCP scope is exhausted.

The 169.254.203.42 address assigned to the workstation is from the 169.254.0.0/16 network address assigned to Automatic Private IP Addressing (APIPA), a standard for the assignment of IP addresses to DHCP clients when they cannot obtain an address from a DHCP server. Since no one else is experiencing a problem, the DHCP server is presumably functioning. The Subnet Mask value is correct for an APIPA address, and APIPA does not provide Default Gateway or DNS server addresses. Therefore, an exhausted DHCP scope is the only one of the explanations provided that could be the cause of the problem.

Answer 111

A

B. The Subnet Mask setting is incorrect.

For a computer connected to the 192.168.32.0/20 network, the Subnet Mask value should be 255.255.240.0, not 255.255.255.0, as shown in the ipconfig output. The IPv4 Address, Default Gateway, and DNS Servers settings are appropriate for the network.

Answer 112

A

B. There is a rogue DHCP server on the network.

The DHCP client on the workstation is enabled, but the IP address assigned to the workstation is not from the 192.168.4.0/24 network. The assigned address is not an APIPA address, nor is it expired, so the only conclusion is that there is a rogue DHCP server on the network assigning addresses from a wholly different subnet.

Answer 113

A

B. Incorrect filesystem ACL settings

Because Alice is able to access the server and open the spreadsheet file, the problem is not related to blocked ports, firewall settings, or an untrusted certificate. The problem is most likely that though she has the necessary filesystem access control list (ACL) permissions to open and read the file, she does not have the permissions needed to modify it.

Answer 114

A

D. Incorrect firewall settings on Ralph’s workstation

Because Ed can connect to WebServ1 successfully, the problem is not an unresponsive service or blocked ports on the server. The problem is not a name resolution failure because Ralph can successfully ping WebServ1 by name. Therefore, of the options listed, the only possible problem must be that the firewall on Ralph’s workstation is not configured to allow the remote desktop client’s traffic out.

Answer 115

A

C. Because DHCP clients use ARP broadcasts to check for duplicate IP addresses

When a Dynamic Host Configuration Protocol (DHCP) client is offered an IP address by a DHCP server, the client broadcasts Address Resolution Protocol (ARP) requests using that address before accepting it. If another computer on the local network is using the offered address, the computer responds to the ARP request and the DHCP client declines the address. The DHCP server then offers another address. DNS queries and routing table checks are not reliable means of checking for duplicate IP addresses. It is possible to have two DHCP servers on the same local network, but they must be configured with scopes that do not overlap.

Answer 116

A

C. Duplicate MAC addresses

If someone on the network is spoofing the MAC address of Ed’s workstation, the MAC address table in the switch handing the network traffic might be continually changing as packets from each computer reach the switch. This could cause some of the response packets to be forwarded to Ed’s workstation and some to the spoofer’s workstation. Duplicate IP addresses would not cause this problem because they would be detected by the operating system. Blocked ports and incorrect firewall settings could prevent Ed from receiving responses, but they would not be sent to another workstation.

Answer 117

A

B. Duplicate IP addresses

Operating systems detect duplicate IP addresses immediately and display error messages or notifications on the computers involved. Therefore, the user with the problem would have been informed immediately if another system was using her IP address. All of the other options are possible causes of the problem that are more difficult to troubleshoot.

Answer 118

A

B. Where is the DNS server located?

The users’ browsers are failing to resolve the host names of the requested web sites into IP addresses, which they must do before they can connect to the web servers. By asking where the company’s DNS server is located, Ralph can determine if the problem is the DNS server itself or the router that provides access to the Internet. If the DNS server is located on Adatum’s company network, then the DNS server could be failing to resolve the website names. However, the DNS server could be located on the Internet service provider’s network, in which case the problem might be in the router that provides access to the ISP’s network.

Answer 119

A

A. route add 192.168.99.0 MASK 255.255.255.0 192.168.3.100

The correct syntax for the Windows route add command is to specify the destination network address, followed by the subnet mask for the destination network, followed by the address of the router interface on the local network that provides access to the destination network. The other options do not specify the correct addresses in the syntax.

Answer 120

A

C. 192.168.87.226 is the address of one of the router’s interfaces.

The correct syntax for the Windows route add command is to specify the destination network address, followed by the subnet mask for the destination network, followed by the address of the router interface on the local network that provides access to the destination network. Therefore, 192.168.87.226 is the address of the router interface on the internal network, where Ralph’s workstation is located.

Answer 121

A

B. Shorten the cable runs.

Attenuation is the weakening of the signals as they traverse the network medium. In this case, it is most likely the result of cable runs that exceed the 100 meter maximum defined in the Ethernet twisted pair specification. Therefore, shortening the cable runs will be likely to solve the problem. All of the Ethernet twisted pair specifications have a 100 meter maximum length, so running the network at a slower speed, installing a higher grade cable, and installing higher end network adapters might have no effect if the runs are overly long.

Answer 122

A

A. EMI

Elevator machinery, fluorescent light fixtures, and other electrical devices in an office environment can generate magnetic fields, resulting in electromagnetic interference (EMI). When copper-based cables are located too near to such a device, the magnetic fields can generate an electric current on the cable that interferes with the signals exchanged by network devices. If the network users experience a problem every time the elevator machinery switches on, EMI is a likely cause of the problem. Near end crosstalk (NEXT), far end crosstalk (FEXT), and attenuation can all cause intermittent network communication problems, but they cannot be caused by elevator machinery.

Answer 123

A

D. Protocol analyzer

A protocol analyzer is a tool that enables a user to view the contents of packets captured from a network. In Ed’s case, if IPsec is properly implemented, he should be able to see that the data in packets captured from his workstation is encrypted. A packet sniffer is a tool that captures packets for the purpose of traffic analysis, but cannot view their contents. In practice, however, packet sniffer and protocol analyzer capabilities are usually integrated into a single tool. A port scanner examines a system, looking for open TCP and UDP ports, and a multimeter is a tool that reads voltages on electrical circuits. Neither of these tools can examine packet contents.

Answer 124

A

A. A packet sniffer captures network traffic, and a protocol analyzer examines packet contents.

A packet sniffer is a tool that captures packets for the purpose of traffic analysis, but cannot view their contents. A protocol analyzer is a tool that enables a user to view the contents of packets captured from a network. In practice, however, packet sniffer and protocol analyzer capabilities are usually integrated into a single tool. Both tools can function in promiscuous mode to capture packets from an entire network.

Answer 125

A

C. Configure his equipment to use channel 9

The 2.4 GHz band used by wireless LANs (WLANs) consists of channels that are 20 (or 22) MHz wide. However, the channels are only 5 MHz apart, so there is channel overlap that can result in interference. Channels 1, 6, and 11 are the only channels that are far enough apart from each other to avoid any overlap with the adjacent channels. This is why they are often recommended. However, in Ralph’s case, these channels are too crowded with other networks. Ralph should therefore use a channel that is as far as possible from the crowded ones. Channels 2, 5, and 10 are all immediately adjacent to a crowded channel, but channel 9 is at least two channels away from the nearest crowded channel. Therefore, Ralph should configure his equipment to use channel 9.

Answer 126

A

B. The routing table does not specify a default gateway address

To access the Internet, the workstation’s routing table must include a default gateway entry, which would have a Network Destination value of 0.0.0.0. A workstation’s routing table does not specify the address of a DNS server. The loopback and 224.0.0.0 multicast addresses are normal routing table entries.

Answer 127

A

A. There is a duplex mismatch between the laptop and the network switch.

A duplex mismatch is the most likely of the options. Ethernet running over twisted pair cable, in its original half-duplex mode, detects collisions by looking for data on the transmit and receive pins at the same time. In full-duplex mode, data is supposed to be transmitted and received at the same time. When one side of a connection is configured to use full duplex and the other end is configured to use half duplex, the full-duplex communications on the one side look like collisions to the half-duplex side. The half-duplex adapter transmits a jam signal as a result of each collision, which causes the full-duplex side to receive an incomplete frame. Both sides then start to retransmit frames in a continuing cycle, causing network performance to diminish drastically. If the problem was a crossover cable or a disabled switch port, the link pulse LED would not light. Outdated drivers would not be likely to slow network performance, and if they did, the slowdown would be minor.

Answer 128

A

D. Ralph should use Wi-Fi Protected Access II (WPA2) instead of WPA, because it is more resistant to certain types of attacks.

WPA has been found to be vulnerable, and WPA2 was designed to address those vulnerabilities, so Ralph should use WPA2 instead of WPA. Suppressing SSID broadcasts does not prevent users from connecting to the network, and MAC filtering strengthens security without exposing MAC addresses to undue risk.

Answer 129

A

C. The orange LEDs indicate that the device is connected to the switch at a relatively slow speed.

Green LEDs indicate the device is running at the full speed supported by the switch, whereas orange LEDs indicate that the device is running at a reduced speed. If no device is connected, the LED does not illuminate at all. The LED does not indicate the occurrence of collisions or the type of device connected to the port.

Answer 130

A

C. Configure the computer’s network adapter to run at 10 Mbps.

Ralph’s new computer is probably equipped with a network adapter that supports at least Fast Ethernet (100Base-TX). Fast Ethernet and newer network adapters support auto negotiation of the connection speed, but 10Base-T does not. Therefore, if the computer tries to negotiate a connection speed with the 10Base-T hub, it will fail and run at its default speed, which the hub does not support. By manually configuring the adapter in the computer to run at 10 Mbps, it should be able to communicate with the network. Setting the computer’s adapter to run at 100 Mbps will not change anything. It is not possible to change the speed of a 10Base-T hub.

Answer 131

A

A. DNS

Only DNS servers perform FQDN resolutions, so that is likely to be the source of the problem. It is possible to ping a device on the local network using its computer name without the use of DNS. Electromagnetic interference (EMI) would inhibit all network communication, and access control lists have no effect on ping tests.

Answer 132

A

C. Change the channel the devices are using

If the users are losing their connections due to interference from other types of devices, changing the channel alters the frequency the network uses and can enable it to avoid the interference. The other options are not likely to affect any condition that would cause users to drop their connections.

Answer 133

A

A. Incorrect time

If the time on the Active Directory domain controller at the new office is more than five minutes off of the time held by domain controller with the PDC Emulator role at the home office, then the new domain controller will not sync. Duplicate IP addresses or an incorrect default gateway address would prevent the new domain controller from connecting to the home office network. A server hardware failure would manifest as an outage far more serious than a domain controller synchronization issue.

Answer 134

A

D. route add 0.0.0.0 MASK 0.0.0.0 192.168.2.99 METRIC 25 IF 192.168.2.37

To access the Internet, the workstation’s routing table must include a default gateway entry. To create a default gateway entry in the routing table, you use the route add command with a Network Destination value of 0.0.0.0, a MASK value of 0.0.0.0, and the address of a router on the local network (in this case, 192.168.2.99). The entry must also have a METRIC value that is lower than the other entries in the table so that it will be used first.

Answer 135

A

D. UDP

On Unix and Linux systems, the traceroute utility tests TCP/IP connectivity by transmitting User Datagram Protocol (UDP) messages. This is unlike the tracert utility on Windows systems, which uses Internet Control Message Protocol (ICMP) messages. Neither version uses TCP or HTTP.

Answer 136

A

D. Verify that the user’s IP configuration settings are correct.

Since only one user is reporting the problem, the user’s computer is the likeliest source of the problem. The user has probably changed or removed the WINS server address. If the user is working with an incorrect WINS address, he can access local network resources but not resources on another internal LAN. Also, he can access resources on the Internet, which means the Internet router and the DNS server are not the problem.

Answer 137

A

B. dig microsoft.com ns

The dig utility in Linux can display the authoritative DNS servers for a particular domain when you specify the domain name and the ns (name server) parameter. The netstat, nslookup, and routecommands cannot generate this particular output.

Answer 138

A

C. The IP address leases assigned by the DHCP server have expired.

The 169.254.0.0/16 network is used by Automatic Private IP Addressing (APIPA), a standard that provides DHCP clients with an IP address when they cannot contact a DHCP server. Unknown to Ralph, the DHCP server on his network has been down for over a week, and the users’ IP address leases have begun to expire. This causes them to revert to APIPA addresses. Multiple users changing their IP addresses would not result in them all using the same network address. A rogue DHCP would not be likely to deploy APIPA addresses to clients. Malware infections that modify IP addresses are rare.

Answer 139

A

B. Test network connectivity to the printer using the ping utility

The first phase of the troubleshooting process is gathering information. Learning whether the printer is accessible over the network can help Alice to isolate the location of the problem and develop a theory of probable cause. Installing drivers, checking switches, and upgrading firmware are all part of a later phase in the troubleshooting process: testing a theory to determine the cause of the problem.

Answer 140

A

D. Make sure that the consultants’ laptops are configured to use the correct wireless security protocol.

The use of an incorrect wireless security protocol is a well-known source of errorless connection failures, so checking this will most likely enable Ed to locate the source of the problem. Channel overlap is a problem that Ed would check and resolve at the access point, not the users’ workstations. It is not possible to change the frequency on the access point because the 802.11g standard only supports the 2.4 GHz frequency. Although signal interference could conceivably be the cause for a connection failure, the users can see the network, so this is probably not the problem.

Answer 141

A

D. Plug a computer into the wall plate.

For the link pulse LED on the switch port to light up, there must be a completed connection between the switch and a computer at the other end. None of the other options will cause the LED to light.

Answer 142

A

B. Activate the DHCP client on the workstation and close the trouble ticket.

Because Ed knows that the network workstations should be using DHCP to obtain their IP addresses, the best thing to do is to enable the DHCP client and close the ticket rather than configure the system with another static address. There is no indication that there is a rogue DHCP server on the network, since the workstation’s DHCP client is disabled. This is not the first time that Ed has had a user lie to him, nor will it be the last. He should just let it go and work on addressing the problem.

Answer 143

A

D. Absorption

Absorption is a type of interference that occurs when radio signals have to pass through barriers made of dense materials, such as walls and doors. In this case, the construction of the barriers has made them more formidable. Reflection is when signals bounce off of certain surfaces, such as metal. Refraction is when signals bend as they pass through certain barriers, such as glass or water. Diffraction is when signals have to pass around barriers to reach a particular destination. All of these phenomena can weaken the radio signals used in wireless networking, but absorption is the primary problem for Ralph in this case.

Answer 144

A

A. Install an additional access point nearer to the offices.

The closer the users are to the access point, the stronger the signals will be. Installing an additional access point nearer to the executive offices will likely enable the signals to pass through the barriers more efficiently. The channel used by the access point, the standard on which the access point is based, and the broadcasting of SSID signals have no effect on the strength of the signals reaching the executive offices and will not resolve Ralph’s problem.

Answer 145

A

B. Create patch cables

The plier-like device is a crimper, which cable installers use to attach RJ45 connectors, like those in the bag, to lengths of bulk cable. This is the process of creating patch cables, which are used to connect computers to wall plates and patch panels to switches. The boss is telling Ralph to start making patch cables in five and ten foot lengths. You do not use a crimper to attach keystone connectors, and the boss has not given Ralph the tools and components needed to pull cable runs or install a patch panel.

Answer 146

A

D. Absorption

Absorption is a type of interference that occurs when radio signals have to pass through barriers made of dense materials, such as concrete or cinderblock walls. The density of the material’s molecular structure causes the radio signals to be partially converted to heat, which weakens them. Reflection is when signals bounce off of certain surfaces, such as metal. Refraction is when signals bend as they pass through certain barriers, such as glass or water. Diffraction is when signals have to pass around barriers to reach a particular destination. All of these phenomena can weaken the radio signals used in wireless networking, but absorption is the primary problem for Alice in this case.

Answer 147

A

A. Obtain an SSL certificate from a trusted third-party company.

For the website’s Secure Socket Layer (SSL) certificate to be trusted, it must be signed by a source that both parties in the transaction trust. Many security firms are in the business of providing SSL certificates to companies that have provided them with confirmation of their identities. This is what Ralph must do to prevent the error message from appearing to the company’s clients. Creating a self-signed certificate or installing a certification authority in-house are not sufficient and are probably already the cause of the problem. Users are not likely to be convinced that everything is all right.

Answer 148

A

C. Disable SSID broadcasting.

Moving the access point to the center of the building will keep as much of its operational range inside the structure as possible. If the signals still reach outside the building, Ed can reduce the power level of the access point until the network is only accessible inside.

Disabling SSID broadcasts will not defeat dedicated attackers, but it can prevent casual intruders from accessing the network. MAC filtering would require Ed to configure the access point with the MAC addresses of all devices that will access the network, which would be impractical in this case. The network is unsecured, so there is no passphrase to change, and a frequency change will have no effect on the problem.

Answer 149

A

B. Clients self-assign APIPA addresses.

When there are no IP addresses available in a DHCP scope, Automatic Private IP Addressing (APIPA) takes over, and the system self-assigns an address on the 169.254.0.0/16 network. Clients are not assigned a 0.0.0.0 address, nor are their requests forwarded to another DHCP server. Sharing IP addresses is not possible on a TCP/IP network.

Answer 150

A

C. tcpdump

The tcpdump utility is a command-line tool that captures network packets and displays their contents. The iptables, nmap, and pathping utilities cannot capture and analyze packets. iptables manages Unix/Linux kernel firewall rules, nmap is a port scanner, and pathping is a Windows route tracing tool.

Answer 151

A

B. 104.33

The destination system is the last one listed in the trace. By averaging the response times of 99, 106, and 108 ms, you can calculate the average response time: 104.33 ms.

Answer 152

A

A. Nothing. The network is functioning at its top speed.

The 802.11b standard calls for a maximum speed of 11 Mbps, so there is nothing that Ralph can do to increase his network’s speed except purchase new equipment.

Answer 153

A

B. arp -e

Running the arp -e command on a Linux system displays the contents of the ARP cache in the format shown here. The arp -a command displays the cache using an alternative format. The arp -dcommand is for deleting cache entries, and the arp -s command is for creating cache entries.

Answer 154

A

D. arp -s

The arp -s command enables you to create a cache record specifying the MAC address and its associated IP address. The arp -N command enables you to display the ARP cache entries for a specified network interface. The arp -d command is for deleting cache entries. The arp -a command displays the entries in the ARP table stored in its cache.

Answer 155

A

B. Tone generator and locator

Ralph can use a tone generator and locator to locate the correct cable associated with each office connection. By connecting the tone generator to one end of a cable run, he can use the locator to find the other end. A cable certifier identifies a variety of cable performance characteristics, typically including cabling length, signal attenuation, and crosstalk. An optical time delay reflectometer is a device for measuring the lengths and other characteristics of fiber optic cables. A multimeter is a device for measuring the electric current on a copper cable.

Answer 156

A

C. netstat

Running the Windows netstat command with the -e parameter displays Ethernet statistics, including the number of bytes and packets that have been transmitted and received. The ping, tracert, and arputilities are not capable of producing this output.

Brainscape's Knowledge GenomeTM

Domain 5: Network Troubleshooting and Tools Flashcards

Brainscape's Knowledge Genome^TM