Network Troubleshooting and Tools (7)

Question 1

Ralph has a wired home network with three Windows computers, a switch, and a cable modem/router that provides access to the Internet. All three computers are able to access the Internet, but none of them can access file system shares on the others. Which of the following is the most likely cause of the problem on the three network computers?

Incorrect IP addresses

Incorrect Subnet mask

Incorrect ACL settings

Answer 1

Incorrect ACL settings

he problem is most likely incorrect ACL settings. Because the computers are all able to access the Internet, their TCP/IP settings, including their IP addresses, subnet mask, and default gateway address, must be correct. However, if the users do not have the correct permissions in the access control lists (ACLs) of the file system shares, they will not be able to access the shares over the network

Question 2

Alice has been asked to update an accounts receivable spreadsheet with information about the day’s incoming payments, a task she has never performed before. After locating and opening the spreadsheet on the network server, she types in her new information, but when she attempts to save the changes, she receives an error message that directs her to save the file on her local drive instead of the network server. Which of the following is the probable cause of the problem?

Blocked TCP/UDP ports

Incorrect filesystem ACL settings

Incorrect firewall settings

Answer 2

Incorrect filesystem ACL settings

Because Alice is able to access the server and open the spreadsheet file, the problem is not related to blocked ports, firewall settings, or an untrusted certificate. The problem is most likely that though she has the necessary filesystem access control list (ACL) permissions to open and read the file, she does not have the permissions needed to modify it

Question 3

Ralph is a network administrator attempting to use his workstation to remote into a web server called WebServ1 on the perimeter network. However, the remote desktop client software is unable to establish a connection to the server. Ralph can see all of the computers on his local network and on the perimeter network. He tries using the ping utility to test the WebServ1’s TCP/IP functionality, and the ping test is successful. Ralph then calls his colleague Ed and has him try to connect to WebServ1 using the same remote access tool. Ed connects successfully. Which of the following could be the cause of the problem Ralph is experiencing?

Unresponsive service on the web server

Blocked TCP/UDP ports on the web server

Incorrect firewall settings on Ralph’s workstation

Answer 3

Incorrect firewall settings on Ralph’s workstation

Because Ed can connect to WebServ1 successfully, the problem is not an unresponsive service or blocked ports on the server. The problem is not a name resolution failure because Ralph can successfully ping WebServ1 by name. Therefore, of the options listed, the only possible problem must be that the firewall on Ralph’s workstation is not configured to allow the remote desktop client’s traffic out

Question 4

A user calls the company’s IT help desk to report that she has received an error message on her Windows workstation. The error states that her computer has an IP address that is duplicated on the network. Ralph is concerned that there might be a configuration problem with the DHCP servers on the network. He suspects that there are DHCP servers configured with scopes that overlap, resulting in two DHCP servers assigning the same IP addresses to different clients. He is worried that they are about to receive a flood of calls reporting the same problem. Alice reassures Ralph, telling him that it cannot be a DHCP problem and that there must be two computers that are manually configured with the same IP address. How does Alice know this?

Because Windows computers check the routing table before accepting an IP address from a DHCP server

Because DHCP servers use DNS queries to check for duplicate IP addresses

Because DHCP clients use ARP broadcasts to check for duplicate IP addresses

Answer 4

Because DHCP clients use ARP broadcasts to check for duplicate IP addresses

When a Dynamic Host Configuration Protocol (DHCP) client is offered an IP address by a DHCP server, the client broadcasts Address Resolution Protocol (ARP) requests using that address before accepting it. If another computer on the local network is using the offered address, the computer responds to the ARP request and the DHCP client declines the address. The DHCP server then offers another address. DNS queries and routing table checks are not reliable means of checking for duplicate IP addresses. It is possible to have two DHCP servers on the same local network, but they must be configured with scopes that do not overlap

Question 5

A user, Ed, is reporting what appear to be intermittent traffic interruptions on his workstation. Sometimes he receives responses to his server requests, and sometimes not. It doesn’t seem to be an Internet issue, because the problem also occurs with local server requests. While troubleshooting the problem, Ralph performs a series of packet captures and analyzes the network traffic. He discovers that all of the request messages generated by Ed’s workstation have responses on the network, but in some cases, the responses are going to a workstation other than Ed’s. Which of the following conditions could be causing this to happen?

Duplicate IP addresses

Blocked TCP/UDP ports

Duplicate MAC addresses

Answer 5

Duplicate MAC addresses

If someone on the network is spoofing the MAC address of Ed’s workstation, the MAC address table in the switch handing the network traffic might be continually changing as packets from each computer reach the switch. This could cause some of the response packets to be forwarded to Ed’s workstation and some to the spoofer’s workstation. Duplicate IP addresses would not cause this problem because they would be detected by the operating system. Blocked ports and incorrect firewall settings could prevent Ed from receiving responses, but they would not be sent to another workstation

Question 6

A user calls Alice at the IT help desk and reports that she is having intermittent problems accessing both local servers and Internet websites. Which of the following potential problems can Alice rule out immediately?

Duplicate MAC addresses

Duplicate IP addresses

Malfunctioning router

Answer 6

Duplicate IP addresses

Operating systems detect duplicate IP addresses immediately and display error messages or notifications on the computers involved. Therefore, the user with the problem would have been informed immediately if another system was using her IP address. All of the other options are possible causes of the problem that are more difficult to troubleshoot

Question 7

The entire network at Adatum Corp. is unable to access the Internet. All of the users throughout the network are complaining that their browsers are displaying DNS failure messages. The company does not have an in-house network administrator, so they call Ralph at his consulting firm. Which of the following should be the first question that Ralph asks in his attempt to pinpoint the location of the malfunction?

What browser are the users running?

Where is the DNS server located?

What technology is used to provide access to the Internet?

Answer 7

Where is the DNS server located?

The users’ browsers are failing to resolve the host names of the requested web sites into IP addresses, which they must do before they can connect to the web servers. By asking where the company’s DNS server is located, Ralph can determine if the problem is the DNS server itself or the router that provides access to the Internet. If the DNS server is located on Adatum’s company network, then the DNS server could be failing to resolve the website names. However, the DNS server could be located on the Internet service provider’s network, in which case the problem might be in the router that provides access to the ISP’s network

Question 8

Ed has recently discovered a rogue DHCP server on his network. After disabling the server, he now needs to terminate all of the rogue IP address leases currently held by DHCP clients on the network and have them request new leases from the authorized DHCP server. Which of the following commands must he use on each client to do this? (Choose all correct answers.)

ipconfig /dump

ipconfig /renew

ipconfig /lease

ipconfig /discard

ipconfig /release

Answer 8

ipconfig /renew

ipconfig /release

The ipconfig /release command terminates the current DHCP address lease. Then, the ipconfig /renew causes the client to begin the process of negotiating a new lease, this time with an authorized DHCP server. Dump, lease, and discard are not valid ipconfig parameters

Question 9

Ed is implementing a web server farm on his company’s network and has created a perimeter network on which the web servers will be located. The perimeter network is using the network IP address 192.168.99.0/24. He has also installed a router connecting the perimeter network to the internal network, which uses the 192.168.3.0/24 network address. The IP addresses of the router’s interfaces are 192.168.3.100 and 192.168.99.1. Ed needs to access the web servers from his Windows workstation on the internal network, but right now, he cannot do so. Because he needs to have a different router specified as his default gateway, Ed decides to add a route for the perimeter network to his computer’s routing table. Which of the following commands will create a routing table entry that enables Ed to access the perimeter network?

route add 192.168.99.0 MASK 255.255.255.0 192.168.3.100

route add 192.168.3.0 MASK 255.255.255.0 192.168.3.100

route add 192.168.99.1 MASK 255.255.255.0 192.168.3.0

Answer 9

route add 192.168.99.0 MASK 255.255.255.0 192.168.3.100

The correct syntax for the Windows route add command is to specify the destination network address, followed by the subnet mask for the destination network, followed by the address of the router interface on the local network that provides access to the destination network. The other options do not specify the correct addresses in the syntax

Question 10

Alice has recently created a new perimeter network for the company’s web server cluster, along with a router to connect it to the internal network. When she is finished, she sends Ralph an email instructing him to run the following command on his Windows workstation so that he can access the servers on the perimeter network. What function does the IP address 192.168.87.226 perform in this command?

route add 192.168.46.0 MASK 255.255.255.0 192.168.87.226

192. 168.87.226 is the address of Ralph’s workstation.
193. 168.87.226 is the network address of the perimeter network.
194. 168.87.226 is the address of one of the router’s interfaces.

Answer 10

192.168.87.226 is the address of one of the router’s interfaces.

The correct syntax for the Windows route add command is to specify the destination network address, followed by the subnet mask for the destination network, followed by the address of the router interface on the local network that provides access to the destination network. Therefore, 192.168.87.226 is the address of the router interface on the internal network, where Ralph’s workstation is located

Question 11

To save the company money and to provide some new hires with Gigabit Ethernet connectivity, Ralph has installed some new Category 5e cable runs, connecting his company’s datacenter with a newly rented office at the far end of the building. However, the new users are complaining of intermittent connectivity problems. The company brings in a cabling contractor to investigate, and his diagnosis is attenuation. Which of the following solutions will most likely be a sure solution to the problem?

Repull the runs using Category 6 cable.

Shorten the cable runs.

Configure the hardware to run at a slower speed.

Answer 11

Shorten the cable runs.

Attenuation is the weakening of the signals as they traverse the network medium. In this case, it is most likely the result of cable runs that exceed the 100 meter maximum defined in the Ethernet twisted pair specification. Therefore, shortening the cable runs will be likely to solve the problem. All of the Ethernet twisted pair specifications have a 100 meter maximum length, so running the network at a slower speed, installing a higher grade cable, and installing higher end network adapters might have no effect if the runs are overly long

Question 12

Alice’s network has been experiencing intermittent service slowdowns and outages ever since the company moved into their new building. She has tried every troubleshooting procedure she can think of and hasn’t been able to determine the cause. One particularly irritating user, hoping to be the squeaky wheel that gets the grease, has taken to calling Alice every time he experiences a problem. One day, as she is working in the datacenter, Alice notices that the user calls her every time she hears an additional humming noise begin. After examining the doors in the hallway, Alice realizes that the racks containing her switches are located right next to the elevator machinery room. Which of the following conditions is probably causing the network communication problem?

EMI

NEXT

FEXT

Attenuation

Answer 12

EMI

Elevator machinery, fluorescent light fixtures, and other electrical devices in an office environment can generate magnetic fields, resulting in electromagnetic interference (EMI). When copper-based cables are located too near to such a device, the magnetic fields can generate an electric current on the cable that interferes with the signals exchanged by network devices. If the network users experience a problem every time the elevator machinery switches on, EMI is a likely cause of the problem. Near end crosstalk (NEXT), far end crosstalk (FEXT), and attenuation can all cause intermittent network communication problems, but they cannot be caused by elevator machinery

Question 13

Ralph is setting up a workstation for the company’s new vice president. He has installed the computer in the VP’s office and plugged it into the wall plate. Then, back in the datacenter, he uses a patch cable to connect the corresponding port in the patch panel to a port in the network switch. However, the computer is unable to access the network. There are no complaints from other users. Which of the following could be the source of the problem? (Choose all correct answers.)

The DNS server is malfunctioning.

The switch port is disabled.

The NAT server is not functioning.

The switch is configured to use port security.

Answer 13

The switch port is disabled.

The switch is configured to use port security.

It is common practice on many networks to disable switch ports that are not in use so that unauthorized individuals can’t plug devices into them. Some networks also use port security, in which switches are configured with access control lists (ACLs) that specify the MAC addresses of devices that are permitted to use them. Either of these could be the source of Ralph’s problem. Because there are no other network users reporting problems, malfunctioning services such as NAT and DNS are not likely to be the cause

Question 14

Ed has configured his workstation to use IPsec encryption for network communications. Which of the following tools can he use to verify that his network traffic is encrypted?

Packet sniffer

Port scanner

Protocol analyzer

Answer 14

Protocol analyzer

A protocol analyzer is a tool that enables a user to view the contents of packets captured from a network. In Ed’s case, if IPsec is properly implemented, he should be able to see that the data in packets captured from his workstation is encrypted. A packet sniffer is a tool that captures packets for the purpose of traffic analysis, but cannot view their contents. In practice, however, packet sniffer and protocol analyzer capabilities are usually integrated into a single tool. A port scanner examines a system, looking for open TCP and UDP ports, and a multimeter is a tool that reads voltages on electrical circuits. Neither of these tools can examine packet contents

Question 15

Which of the following statements describes the difference between a packet sniffer and a protocol analyzer?

A packet sniffer captures network traffic, and a protocol analyzer examines packet contents.

A protocol analyzer captures network traffic, and a packet sniffer examines packet contents.

A packet sniffer only captures the local workstation’s traffic, whereas a protocol analyzer can capture all the traffic on the network.

Answer 15

A packet sniffer captures network traffic, and a protocol analyzer examines packet contents.

A packet sniffer is a tool that captures packets for the purpose of traffic analysis, but cannot view their contents. A protocol analyzer is a tool that enables a user to view the contents of packets captured from a network. In practice, however, packet sniffer and protocol analyzer capabilities are usually integrated into a single tool. Both tools can function in promiscuous mode to capture packets from an entire network

Question 16

Ralph is experiencing poor performance on his home 802.11n wireless network. Ralph lives in a large apartment complex, and when he runs a Wi-Fi analyzer, he sees many other nearby networks using the often-recommended channels 1, 6, and 11 on the 2.4 GHz frequency. Using the 5 GHz frequency is not an option for Ralph’s equipment. What should Ralph do to improve his network performance?

Configure his equipment to use channel 2

Configure his equipment to use channel 5

Configure his equipment to use channel 9

Answer 16

Configure his equipment to use channel 9

The 2.4 GHz band used by wireless LANs (WLANs) consists of channels that are 20 (or 22) MHz wide. However, the channels are only 5 MHz apart, so there is channel overlap that can result in interference. Channels 1, 6, and 11 are the only channels that are far enough apart from each other to avoid any overlap with the adjacent channels. This is why they are often recommended. However, in Ralph’s case, these channels are too crowded with other networks. Ralph should therefore use a channel that is as far as possible from the crowded ones. Channels 2, 5, and 10 are all immediately adjacent to a crowded channel, but channel 9 is at least two channels away from the nearest crowded channel. Therefore, Ralph should configure his equipment to use channel 9

Question 17

Ralph is setting up a network connection for the company’s new vice president, who is supplying his own laptop. He plugs the computer into the wall plate, and the link pulse LED lights up. Then, back in the datacenter, he uses a patch cable to connect the corresponding port in the patch panel to a port in the network switch. Later, the VP calls Ralph to report that data transfers between his laptop and the network servers are extremely slow. Which of the following could explain the problem?

There is a duplex mismatch between the laptop and the network switch.

Ralph used a crossover cable to connect the laptop to the wall plate.

The switch port is disabled.

Answer 17

There is a duplex mismatch between the laptop and the network switch.

A duplex mismatch is the most likely of the options. Ethernet running over twisted pair cable, in its original half-duplex mode, detects collisions by looking for data on the transmit and receive pins at the same time. In full-duplex mode, data is supposed to be transmitted and received at the same time. When one side of a connection is configured to use full duplex and the other end is configured to use half duplex, the full-duplex communications on the one side look like collisions to the half-duplex side. The half-duplex adapter transmits a jam signal as a result of each collision, which causes the full-duplex side to receive an incomplete frame. Both sides then start to retransmit frames in a continuing cycle, causing network performance to diminish drastically. If the problem was a crossover cable or a disabled switch port, the link pulse LED would not light. Outdated drivers would not be likely to slow network performance, and if they did, the slowdown would be minor

Question 18

Ralph is deploying an 802.11n wireless network for a client that calls for the best possible security without deploying additional servers. When setting up the wireless access point, Ralph disables SSID broadcasts, selects Wi-Fi Protected Access security with preshared keys (WPA-PSK), and configures MAC address filtering. Which of the following statements about the security of this arrangement is true?

Ralph should not disable SSID broadcasts, since this prevents users from connecting to the network.

Ralph should not use MAC address filtering, because it exposes MAC addresses to possible attacks.

Ralph should use Wi-Fi Protected Access II (WPA2) instead of WPA, because it is more resistant to certain types of attacks.

Answer 18

Ralph should use Wi-Fi Protected Access II (WPA2) instead of WPA, because it is more resistant to certain types of attacks.

WPA has been found to be vulnerable, and WPA2 was designed to address those vulnerabilities, so Ralph should use WPA2 instead of WPA. Suppressing SSID broadcasts does not prevent users from connecting to the network, and MAC filtering strengthens security without exposing MAC addresses to undue risk

Question 19

While working in her company’s datacenter, Alice notices that the LEDs on most of the network switch ports are green, but there are several that are orange. Alice asks several people why this is so and receives several different answers. Which one of the following answers is correct?

The orange LEDs indicate that no device is connected to the switch port.

The orange LEDs indicate that the connected device is experiencing an excessive number of collisions.

The orange LEDs indicate that the device is connected to the switch at a relatively slow speed.

Answer 19

The orange LEDs indicate that the device is connected to the switch at a relatively slow speed.

Green LEDs indicate the device is running at the full speed supported by the switch, whereas orange LEDs indicate that the device is running at a reduced speed. If no device is connected, the LED does not illuminate at all. The LED does not indicate the occurrence of collisions or the type of device connected to the port

Question 20

Ralph recently bought an old 10Base-T Ethernet hub at a garage sale and wants to use it to connect his various computers into a home network. He plugs three computers into the hub and finds that although two of his older computers can communicate with each other, his newest computer cannot connect to the network. Which of the following tasks will most likely resolve the problem?

Configure the hub to run at 10 Mbps.

Configure the hub to run at 100 Mbps.

Configure the computer’s network adapter to run at 10 Mbps.

Answer 20

Configure the computer’s network adapter to run at 10 Mbps.

Ralph’s new computer is probably equipped with a network adapter that supports at least Fast Ethernet (100Base-TX). Fast Ethernet and newer network adapters support autonegotiation of the connection speed, but 10Base-T does not. Therefore, if the computer tries to negotiate a connection speed with the 10Base-T hub, it will fail and run at its default speed, which the hub does not support. By manually configuring the adapter in the computer to run at 10 Mbps, it should be able to communicate with the network. Setting the computer’s adapter to run at 100 Mbps will not change anything. It is not possible to change the speed of a 10Base-T hub

Question 21

Alice is troubleshooting a problem that some users are having connecting to an application server on the local network. While testing connectivity using the ping tool, she discovers that she can ping the server successfully using its computer name, but pinging the computer’s fully qualified domain name (FQDN) fails. Which of the following is most likely the source of the problem?

DNS

DHCP

EMI

Answer 21

DNS

Only DNS servers perform FQDN resolutions, so that is likely to be the source of the problem. It is possible to ping a device on the local network using its computer name without the use of DNS. Electromagnetic interference (EMI) would inhibit all network communication, and access control lists have no effect on ping tests

Question 22

Several accounting consultants are working in Ed’s office for the first time, and they are unable to connect to the 802.11n wireless network with their laptops. Which of the following tasks should Ed perform first to try to resolve the problem?

Check the network adapters in the laptops for channel overlap.

Make sure that the consultants are attempting to connect to the correct SSID.

Examine the area where the consultants are working for possible sources of signal interference.

Make sure that the consultants’ laptops are configured to use the correct wireless security protocol.

Answer 22

Make sure that the consultants are attempting to connect to the correct SSID.

Make sure that the consultants’ laptops are configured to use the correct wireless security protocol.

Of the options provided, the ones most likely to be causing the problem are the use of an incorrect SSID or security protocol. Although signal interference could possibly be a cause, it is more likely that the new users have devices that are incorrectly configured for Ed’s network. Channel overlap is a problem that Ed would check and resolve at the access point, not the users’ workstations

Question 23

On Monday morning, Alice arrives at work to find multiple email and telephone messages from users who are unable to access the Accounting department’s file server. Which of the following are the best questions to ask during the beginning stage of the troubleshooting process? (Choose two.)

What has changed since the users were last able to access the server?

Are there any software updates that Alice should apply to the server?

Has the server suffered a hard disk failure?

Which users are reporting a problem and where are they located?

Answer 23

What has changed since the users were last able to access the server?

Which users are reporting a problem and where are they located?

The first stage of the troubleshooting process calls for Alice to identify the problem by gathering information. Learning about who is reporting the problem and what has changed since the server was last accessible can provide Alice with information that could help her determine whether the problem is located in the users’ workstations, somewhere in the network, or in the server itself. The other options are intended to test a theory about a probable cause, a troubleshooting stage that comes later

Question 24

Users on Ed’s 802.11n wireless network are dropping their connections intermittently. Which of the following might help to resolve the problem?

Restart the wireless access point

Change the network’s SSID

Change the channel the devices are using

Answer 24

Change the channel the devices are using

If the users are losing their connections due to interference from other types of devices, changing the channel alters the frequency the network uses and can enable it to avoid the interference. The other options are not likely to affect any condition that would cause users to drop their connections

Question 25

Alice’s company is opening a new branch office, and Alice is responsible for building the Active Directory domain controller for that office. She installs a new Windows server and configures it as a domain controller and then ships it to the new office site. However, once it arrives and is connected to the home office network, the new domain controller fails to synchronize with the existing ones at the home office. Which of the following could be the cause of the problem?

Incorrect time

Server hardware failure

Duplicate IP addresses

Answer 25

Incorrect time

If the time on the Active Directory domain controller at the new office is more than five minutes off of the time held by domain controller with the PDC Emulator role at the home office, then the new domain controller will not sync. Duplicate IP addresses or an incorrect default gateway address would prevent the new domain controller from connecting to the home office network. A server hardware failure would manifest as an outage far more serious than a domain controller synchronization issue