Topic 4: Troubleshooting Flashcards
A network technician is using a network monitoring system and notices that every device on a particular segment has lost connectivity. Which of the following should the network technician do NEXT?
A. Establish a theory of probable cause.
B. Document actions and findings.
C. Determine next steps to solve the problem.
D. Determine if anything has changed.
Answer: D
Explanation: The technician has already identified the symptom: Loss of connectivity on a specific network segment. The next step in identifying the problem is to “Determine if anything has changed”.
A user calls the help desk and states that he was working on a spreadsheet and was unable to print it. However, his colleagues are able to print their documents to the same shared printer. Which of the following should be the FIRST question the helpdesk asks?
A. Does the printer have toner?
B. Are there any errors on the printer display?
C. Is the user able to access any network resources?
D. Is the printer powered up?
Answer: C
Explanation: The user has already provided you with the information relevant to the first step in the 7-step troubleshooting process. The next step is to “Question the obvious.” The user has stated: “…his colleagues are able to print their documents to the same shared printer.” The obvious question in this instance is whether the user can access any network resources.
A network technician has detected duplicate IP addresses on the network. After testing the behavior of rogue DHCP servers, the technician believes that the issue is related to an unauthorized home router. Which of the following should the technician do NEXT in the troubleshooting methodology?
A. Document the findings and action taken.
B. Establish a plan to locate the rogue DHCP server.
C. Remove the rogue DHCP server from the network.
D. Identify the root cause of the problem.
Answer: B
Explanation: By testing the behavior of rogue DHCP servers and determining that the issue is related to an unauthorized home router, the technician has completed the third step in the 7-step troubleshooting process. The next step is to establish a plan of action to resolve the problem and identify potential effects. Establishing a plan to locate the rogue DHCP server meets the requirements of this step.
A technician is troubleshooting a client's connection to a wireless network. The client is asked to run a "getinfo" command to list information about the existing condition. myClient$ wificard --getinfo agrCtlRSSI:-72 agrExtRSSI:0 state:running op mode: station lastTxRate:178 MaxRate:300 802.11 auth:open link auth:wpa2-psk BSSID:0F:33:AE:F1:02:0A SSID:CafeWireless Channel:149,1 Given this output, which of the following has the technician learned about the wireless network? (Select TWO). A. The WAP is using RC4 encryption B. The WAP is using 802.11a C. The WAP is using AES encryption D. The WAP issuing the 2.4GHz channel E. The WAP is using the 5GHz channel F. The WAP is using 802.11g
Answer: C,E
Explanation: WPA2 makes use of the Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) encryption protocol, which is an AES based protocol. The output shows that the wireless network operates on channel 149, which is a channel in the 5GHz band.
An administrator only has telnet access to a remote workstation. Which of the following utilities will identify if the workstation uses DHCP? A. tracert B. ping C. dig D. ipconfig E. netstat
Answer: D
Explanation: The ipconfig command displays the TCP/IP configuration of a Windows system. The ipconfig /all command displays the system’s TCP/IP configuration in detail. This output includes whether DHCP is enabled or not.
A network technician is performing a tracert command to troubleshoot a website-related issue. The following output is received for each hop in the tracert: 1 * * * Request timed out. 2 * * * Request timed out. 3 * * * Request timed out. The technician would like to see the results of the tracert command. Which of the following will allow the technician to perform tracert on external sites but not allow outsiders to discover information from inside the network?
A. Enable split horizon to allow internal tracert commands to pass through the firewall
B. Enable IGMP messages out and block IGMP messages into the network
C. Configure the firewall to allow echo reply in and echo request out of the network
D. Install a backdoor to access the router to allow tracert messages to pass through
Answer: C
Explanation: Tracert makes use of ICMP echo packets to trace the route between two hosts. For the command to be successful, the firewall has to allow incoming echo replies and outgoing echo requests.
A network technician has received comments from several users that cannot reach a particular website. Which of the following commands would provide the BEST information about the path taken across the network to this website? A. ping B. netstat C. telnet D. tracert
Answer: D
Explanation: The tracert command is used to determine the amount of hops a packet takes to reach a destination. It makes use of ICMP echo packets to report information at every step in the journey. This is how the path taken across the network is obtained.
After connecting a workstation directly to a small business firewall, a network administrator is trying to manage it via HTTPS without losing its stored configuration. The only two pieces of information that the network administrator knows about the firewall are the management interface MAC address, which is 01:4a:d1:fa:b1:0e, and the administrator’s password. Which of the following will allow the administrator to log onto the firewall via HTTPS if the management’s IP address is unknown and the administrator’s workstation IP address is 192.168.0.10/23?
A. Use the reset button on the back of the firewall to restore it to its factory default, and then log onto
B. Run the following command on the administrator’s workstation: arp –s 192.168.1.200 01:4a:d1:fa:b1:0e
C. Use an SNMP tool to query the firewall properties and determine the correct management IP address
D. Use a crossover cable to connect to the console port and reconfigure the firewall management IP to 192.168.0.1
Answer: B
Explanation: Address Resolution Protocol (ARP) is used to resolve IP addresses to MAC addresses. The arp –s command adds a static permanent address to the ARP cache. This will allow the administrator to access the firewall.
A network technician has detected a personal computer that has been physically connected to the corporate network. Which of the following commands would the network technician use to locate this unauthorized computer and determine the interface it is connected to? A. nbtstat –a B. show mac address-table C. show interface status D. show ip access-list E. nslookup hostname
Answer: B
Explanation: The show mac address-table command is used to view the ageing timer, and also the unicast and multicast MAC addresses stored in the MAC address table by the switch. Furthermore, you can view all of the addresses in the table or only the addresses learned or specified on a particular port or VLAN.
A technician has verified that a recent loss of network connectivity to multiple workstations is due to a bad CAT5 cable in the server room wall. Which of the following tools can be used to locate its physical location within the wall? A. Cable certifier B. Multimeter C. Cable tester D. Toner probe
Answer: D
Explanation: Toner probes are specifically used to trace cables hidden in floors, ceilings, or walls. They can also be used to track cables from the patch panels to their destinations.
A user connects to a wireless network at the office and is able to access unfamiliar SMB shares and printers. Which of the following has happened to the user?
A. The user is connected using the wrong channel.
B. The user is connected to the wrong SSID.
C. The user is experiencing an EMI issue.
D. The user is connected to the wrong RADIUS server.
Answer: B
Explanation: The user is connecting to an SSID assigned to a different subnet. Therefore, the user has access to SMB shares and printers that are not recognizable.
A network technician is performing a wireless survey in the office and discovers a device that was not installed by the networking team. This is an example of which of following threats? A. Bluesnarfing B. DDoS C. Brute force D. Rogue AP
Answer: D
Explanation: A rogue access point is when a wireless access point is located on a network without the administrator being aware of it. Therefore, if the device was not installed by the networking team, the administrator would not know about it being there.
Ann, a user, is experiencing an issue with her wireless device. While in the conference area, the wireless signal is steady and strong. However, at her desk the signal is consistently dropping, yet the device indicates a strong signal. Which of the following is the MOST likely cause of the issue? A. Signal-to-noise ratio B. AP configuration C. Incorrect SSID D. Bounce
Answer: D
Explanation: The signal between the access point and Ann’s wireless device is being bounced off walls, windows, glass mirrors, carpeted floors, and many other objects. This results in the slow connection. The radio waves are travelling at the same rate, but as a result of signal bounce, it’s taking longer to reach its destination.
A network technician has received a help desk ticket indicating that after the new wireless access point was installed, all of the media department's devices are experiencing sporadic wireless connectivity. All other departments are connecting just fine and the settings on the new access point were copied from the baseline. Which of the following is a reason why the media department is not connecting? A. Wrong SSID B. Rogue access point C. Placement D. Channel mismatch
Answer: C
Explanation: The sporadic wireless connectivity is being caused by interference. Moving the access point to different location would solve the problem.
A technician recently ran a 20-meter section of CAT6 to relocate a control station to a more central area on the production floor. Since the relocation, the helpdesk has received complaints about intermittent operation. During the troubleshooting process, the technician noticed that collisions are only observed on the switch port during production. Given this information, which of the following is the cause of the problem? A. Distance limitation B. Electromagnetic interference C. Cross talk D. Speed and duplex mismatch
Answer: B
Explanation: When cables are installed near electrical devices the signal within the cable might become corrupt. The cable connecting the control station to the switch port is now surrounded by the production machinery. Electromagnetic interference could occur when the machinery is running, causing the intermittent operation.