Topic 4: Troubleshooting

Question 1

A network technician is using a network monitoring system and notices that every device on a particular segment has lost connectivity. Which of the following should the network technician do NEXT?
A. Establish a theory of probable cause.
B. Document actions and findings.
C. Determine next steps to solve the problem.
D. Determine if anything has changed.

Answer 1

Answer: D
Explanation: The technician has already identified the symptom: Loss of connectivity on a specific network segment. The next step in identifying the problem is to “Determine if anything has changed”.

Question 2

A user calls the help desk and states that he was working on a spreadsheet and was unable to print it. However, his colleagues are able to print their documents to the same shared printer. Which of the following should be the FIRST question the helpdesk asks?
A. Does the printer have toner?
B. Are there any errors on the printer display?
C. Is the user able to access any network resources?
D. Is the printer powered up?

Answer 2

Answer: C
Explanation: The user has already provided you with the information relevant to the first step in the 7-step troubleshooting process. The next step is to “Question the obvious.” The user has stated: “…his colleagues are able to print their documents to the same shared printer.” The obvious question in this instance is whether the user can access any network resources.

Question 3

A network technician has detected duplicate IP addresses on the network. After testing the behavior of rogue DHCP servers, the technician believes that the issue is related to an unauthorized home router. Which of the following should the technician do NEXT in the troubleshooting methodology?
A. Document the findings and action taken.
B. Establish a plan to locate the rogue DHCP server.
C. Remove the rogue DHCP server from the network.
D. Identify the root cause of the problem.

Answer 3

Answer: B
Explanation: By testing the behavior of rogue DHCP servers and determining that the issue is related to an unauthorized home router, the technician has completed the third step in the 7-step troubleshooting process. The next step is to establish a plan of action to resolve the problem and identify potential effects. Establishing a plan to locate the rogue DHCP server meets the requirements of this step.

Question 4

A technician is troubleshooting a client's connection to a wireless network. The client is asked to run a "getinfo" command to list information about the existing condition. myClient$ wificard --getinfo agrCtlRSSI:-72 agrExtRSSI:0 state:running op mode: station lastTxRate:178 MaxRate:300 802.11 auth:open 
link auth:wpa2-psk 
BSSID:0F:33:AE:F1:02:0A 
SSID:CafeWireless 
Channel:149,1 
Given this output, which of the following has the technician learned about the wireless network? (Select TWO).
A. The WAP is using RC4 encryption
B. The WAP is using 802.11a
C. The WAP is using AES encryption
D. The WAP issuing the 2.4GHz channel
E. The WAP is using the 5GHz channel
F. The WAP is using 802.11g

Answer 4

Answer: C,E
Explanation: WPA2 makes use of the Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) encryption protocol, which is an AES based protocol. The output shows that the wireless network operates on channel 149, which is a channel in the 5GHz band.

Question 5

An administrator only has telnet access to a remote workstation. Which of the following utilities will identify if the workstation uses DHCP?
A. tracert
B. ping
C. dig
D. ipconfig
E. netstat

Answer 5

Answer: D
Explanation: The ipconfig command displays the TCP/IP configuration of a Windows system. The ipconfig /all command displays the system’s TCP/IP configuration in detail. This output includes whether DHCP is enabled or not.

Question 6

A network technician is performing a tracert command to troubleshoot a website-related issue. The following output is received for each hop in the tracert: 1 * * * Request timed out. 2 * * * Request timed out. 3 * * * Request timed out. The technician would like to see the results of the tracert command. Which of the following will allow the technician to perform tracert on external sites but not allow outsiders to discover information from inside the network?
A. Enable split horizon to allow internal tracert commands to pass through the firewall
B. Enable IGMP messages out and block IGMP messages into the network
C. Configure the firewall to allow echo reply in and echo request out of the network
D. Install a backdoor to access the router to allow tracert messages to pass through

Answer 6

Answer: C
Explanation: Tracert makes use of ICMP echo packets to trace the route between two hosts. For the command to be successful, the firewall has to allow incoming echo replies and outgoing echo requests.

Question 7

A network technician has received comments from several users that cannot reach a particular website. Which of the following commands would provide the BEST information about the path taken across the network to this website?
A. ping
B. netstat
C. telnet
D. tracert

Answer 7

Answer: D
Explanation: The tracert command is used to determine the amount of hops a packet takes to reach a destination. It makes use of ICMP echo packets to report information at every step in the journey. This is how the path taken across the network is obtained.

Question 8

After connecting a workstation directly to a small business firewall, a network administrator is trying to manage it via HTTPS without losing its stored configuration. The only two pieces of information that the network administrator knows about the firewall are the management interface MAC address, which is 01:4a:d1:fa:b1:0e, and the administrator’s password. Which of the following will allow the administrator to log onto the firewall via HTTPS if the management’s IP address is unknown and the administrator’s workstation IP address is 192.168.0.10/23?
A. Use the reset button on the back of the firewall to restore it to its factory default, and then log onto
B. Run the following command on the administrator’s workstation: arp –s 192.168.1.200 01:4a:d1:fa:b1:0e
C. Use an SNMP tool to query the firewall properties and determine the correct management IP address
D. Use a crossover cable to connect to the console port and reconfigure the firewall management IP to 192.168.0.1

Answer 8

Answer: B
Explanation: Address Resolution Protocol (ARP) is used to resolve IP addresses to MAC addresses. The arp –s command adds a static permanent address to the ARP cache. This will allow the administrator to access the firewall.

Question 9

A network technician has detected a personal computer that has been physically connected to the corporate network. Which of the following commands would the network technician use to locate this unauthorized computer and determine the interface it is connected to?
A. nbtstat –a
B. show mac address-table
C. show interface status
D. show ip access-list
E. nslookup hostname

Answer 9

Answer: B
Explanation: The show mac address-table command is used to view the ageing timer, and also the unicast and multicast MAC addresses stored in the MAC address table by the switch. Furthermore, you can view all of the addresses in the table or only the addresses learned or specified on a particular port or VLAN.

Question 10

A technician has verified that a recent loss of network connectivity to multiple workstations is due to a bad CAT5 cable in the server room wall. Which of the following tools can be used to locate its physical location within the wall?
A. Cable certifier
B. Multimeter
C. Cable tester
D. Toner probe

Answer 10

Answer: D
Explanation: Toner probes are specifically used to trace cables hidden in floors, ceilings, or walls. They can also be used to track cables from the patch panels to their destinations.

Question 11

A user connects to a wireless network at the office and is able to access unfamiliar SMB shares and printers. Which of the following has happened to the user?
A. The user is connected using the wrong channel.
B. The user is connected to the wrong SSID.
C. The user is experiencing an EMI issue.
D. The user is connected to the wrong RADIUS server.

Answer 11

Answer: B
Explanation: The user is connecting to an SSID assigned to a different subnet. Therefore, the user has access to SMB shares and printers that are not recognizable.

Question 12

A network technician is performing a wireless survey in the office and discovers a device that was not installed by the networking team. This is an example of which of following threats?
A. Bluesnarfing
B. DDoS
C. Brute force
D. Rogue AP

Answer 12

Answer: D
Explanation: A rogue access point is when a wireless access point is located on a network without the administrator being aware of it. Therefore, if the device was not installed by the networking team, the administrator would not know about it being there.

Question 13

Ann, a user, is experiencing an issue with her wireless device. While in the conference area, the wireless signal is steady and strong. However, at her desk the signal is consistently dropping, yet the device indicates a strong signal. Which of the following is the MOST likely cause of the issue?
A. Signal-to-noise ratio
B. AP configuration
C. Incorrect SSID
D. Bounce

Answer 13

Answer: D
Explanation: The signal between the access point and Ann’s wireless device is being bounced off walls, windows, glass mirrors, carpeted floors, and many other objects. This results in the slow connection. The radio waves are travelling at the same rate, but as a result of signal bounce, it’s taking longer to reach its destination.

Question 14

A network technician has received a help desk ticket indicating that after the new wireless access point was installed, all of the media department's devices are experiencing sporadic wireless connectivity. All other departments are connecting just fine and the settings on the new access point were copied from the baseline. Which of the following is a reason why the media department is not connecting?
A. Wrong SSID
B. Rogue access point
C. Placement
D. Channel mismatch

Answer 14

Answer: C
Explanation: The sporadic wireless connectivity is being caused by interference. Moving the access point to different location would solve the problem.

Question 15

A technician recently ran a 20-meter section of CAT6 to relocate a control station to a more central area on the production floor. Since the relocation, the helpdesk has received complaints about intermittent operation. During the troubleshooting process, the technician noticed that collisions are only observed on the switch port during production. Given this information, which of the following is the cause of the problem?
A. Distance limitation
B. Electromagnetic interference
C. Cross talk
D. Speed and duplex mismatch

Answer 15

Answer: B
Explanation: When cables are installed near electrical devices the signal within the cable might become corrupt. The cable connecting the control station to the switch port is now surrounded by the production machinery. Electromagnetic interference could occur when the machinery is running, causing the intermittent operation.

Question 16

A technician is troubleshooting a wired device on the network. The technician notices that the link light on the NIC does not illuminate. After testing the device on a different RJ-45 port, the device connects successfully. Which of the following is causing this issue?
A. EMI
B. RFI
C. Cross-talk
D. Bad wiring

Answer 16

Answer: D
Explanation: The question states that the device worked on a different port. This indicates that the wiring is faulty.

Question 17

A technician is tasked with connecting a router to a DWDM. The technician connects the router to the multiplexer and confirms that there is a good signal level. However, the interface on the router will not come up. Which of the following is the MOST likely cause?
A. The wrong wavelength was demuxed from the multiplexer.
B. The SFP in the multiplexer is malfunctioning.
C. There is a dirty connector on the fiber optic cable.
D. The fiber optic cable is bent in the management tray.

Answer 17

Answer: A
Explanation: A multiplexer (or mux) is a device that selects one of several analog or digital input signals and forwards the selected input into a single line. A demultiplexer (or demux) is a device taking a single input signal and selecting one of many data-output-lines, which is connected to the single input. Since the signal going in is good, the problem must be with the signal output. If the correct wavelength was demultiplexed, the interface will be displayed on the router.

Question 18

While troubleshooting a network outage, a technician finds a 100-meter fiber cable with a small service loop and suspects it might be the cause of the outage. Which of the following is MOST likely the issue?
A. Maximum cable length exceeded
B. Dirty connectors
C. RF interference caused by impedance mismatch
D. Bend radius exceeded

Answer 18

Answer: D
Explanation: The excessive bending of fiber-optic cables can increase microbending and macrobending losses. Microbending causes light attenuation induced by deformation of the fiber, while macrobending causes the leakage of light through the fiber cladding and this is more likely to happen where the fiber is excessively bent.

Question 19

A network technician has been assigned to install an additional router on a wireless network. The router has a different SSID and frequency. All users on the new access point and the main network can ping each other and utilize the network printer, but all users on the new router cannot get to the Internet. Which of the following is the MOST likely cause of this issue?
A. The gateway is misconfigured on the new router.
B. The subnet mask is incorrect on the new router.
C. The gateway is misconfigured on the edge router.
D. The SSID is incorrect on the new router.

Answer 19

Answer: A
Explanation: A missing or incorrect default gateway parameter limits communication to the local segment. The question states: “All users on the new access point and the main network can ping each other and utilize the network printer, but all users on the new router cannot get to the Internet”.

Question 20

While troubleshooting a connectivity issue, a network technician determines the IP address of a number of workstations is 169.254.0.0/16 and the workstations cannot access the Internet. Which of the following should the technician check to resolve the problem?
A. Default gateway address
B. Misconfigured DNS
C. DHCP server
D. NIC failure

Answer 20

Answer: C
Explanation: If a DHCP server fails, the workstations are assigned an address from the 169.254.0.0 address range by Automatic Private IP Addressing (APIPA). APIPA also configures a suitable subnet mask, but it doesn’t configure the system with a default gateway address. This allows communication on the local network, but not externally.

Question 21

A network engineer is troubleshooting an issue with a computer that is unable to connect to the Internet. The network engineer analyzes the following output from a command line utility:
Network Destination Netmask Gateway Interface
192.168.1.0 255.255.255.0 192.168.1.254 eth0
192.168.1.10 255.255.255.255 192.168.1.10 eth0
127.0.0.1 255.0.0.0 On-Link lo
127.0.0.0 255.0.0.0 On-Link lo
255.255.255.255 255.255.255.255 102.168.1.10 eth0
Which of the following is the reason for the computer issue, given the above output?
A. Wrong default gateway netmask
B. Incorrect default gateway address
C. Default gateway on the wrong interface
D. Missing default gateway

Answer 21

Answer: D
Explanation: The output appears to be a result of running the netstat –r command. If the default gateway was present, the first line would show the Network Destination as 0.0.0.0 and the Netmask as 0.0.0.0.

Question 22

A company has changed ISPs for their office and ordered a new 250 Mbps symmetrical Internet connection. As a result, they have been given a new IP range. The ISP has assigned the company 10.10.150.16 /28. The company gateway router has the following interface configuration facing the ISP: Interface A: IP address: 10.10.150.16 Subnet mask: 255.255.255.240 Default gateway: 10.10.150.32 Speed: 1000 Mbps Duplex: Auto State: No Shutdown None of the workstations at the company are able to access the Internet. Which of the following are the reasons? (Select TWO).
A. There is a duplex mismatch between the router and ISP.
B. The router interface is turned off.
C. The interface is set to the incorrect speed.
D. The router is configured with the incorrect subnet mask.
E. The router interface is configured with the incorrect IP address.
F. The default gateway is configured incorrectly.

Answer 22

Answer: E,F
Explanation: According to the IP Address Range Calculator, for the given subnet mask and the IP range address range assigned by the ISP, the first host address should be 10.10.150.17 and the broadcast address should be 10.10.150.31. Therefore, the router interface is configured with the incorrect IP address and the default gateway is configured incorrectly.

Question 23

Which of the following WAN technologies is associated with high latency?
A. T1
B. Satellite
C. Cable
D. OCx

Answer 23

Answer: B
Explanation: Latency in this instance is the time it takes for the signal to and from the satellite. Since signal has to travel to the satellite, then from the satellite to the ground station, and then out to the Internet (or IP WAN). Not forgetting the return trip, and processing delays.

Question 24

PC technician has installed a new network printer that was preconfigured with the correct static IP address, subnet mask, and default gateway. The printer was installed with a new cable and appears to have link activity, but the printer will not respond to any network communication attempts. Which of the following is MOST likely the cause of the problem?
A. Damaged cable
B. Duplex mismatch
C. Incorrect VLAN assignment
D. Speed mismatch

Answer 24

Answer: C
Explanation: If a port is accidentally assigned to the wrong VLAN in a switch, it’s as if that client was magically transported to another place in the network. This would explain the inability to communication with the printer, as it is on a different VLAN.

Question 25

A network administrator recently installed a web proxy server at a customer’s site. The following week, a system administrator replaced the DNS server overnight. The next day, customers began having issues accessing public websites. Which of the following will resolve the issue?
A. Update the DNS server with the proxy server information.
B. Implement a split horizon DNS server.
C. Reboot the web proxy and then reboot the DNS server.
D. Put the proxy server on the other side of the demarc.

Answer 25

Answer: A
Explanation: Proxy servers act as an intermediary for requests from clients seeking resources from other servers. If the DNS server is not communicating with the proxy server, these requests are not forwarded. Therefore, updating the DNS server with the proxy server information will solve the problem.

Question 26

Two weeks after installation, a network technician is now unable to log onto any of the newly installed company switches. The technician suspects that a malicious user may have changed the switches’ settings before they were installed in secure areas. Which of the following is the MOST likely way in which the malicious user gained access to the switches?
A. Via SSH using the RADIUS shared secret
B. Via HTTP using the default username and password
C. Via console using the administrator’s password
D. Via SNMP using the default RO community

Answer 26

Answer: B
Explanation: A new network switch is accessed via HTTP to perform the initial configuration. The username and password used is a factory default.

Question 27

A network technician is troubleshooting a problem at a remote site. It has been determined that the connection from router A to router B is down. The technician at the remote site re-terminates the CAT5 cable that connects the two routers as a straight through cable. The cable is then tested and is plugged into the correct interface. Which of the following would be the result of this action?
A. The normal amount of errors and the connection problem has been resolved.
B. The interface status will indicate that the port is administratively down.
C. The traffic will flow, but with excessive errors.
D. The interface status will show line protocol down.

Answer 27

Answer: D
Explanation: Devices of different types are connected with a straight through cable (patch cable). In this case, it is used to connect two devices of the same type. It is for this reason that the interface will display the line protocol down status.

Question 28

Which of the following helps prevent routing loops?
A. Routing table
B. Default gateway
C. Route summarization
D. Split horizon

Answer 28

Answer: D
Explanation: Routing loops occur when the routing tables on the routers are slow to update and a redundant communication cycle is created between routers. Split horizon, which prevents the router from advertising a route back to the other router from which it was learned, can be used to resist routing loops. Poison reverse, also known as split horizon with poison reverse, is also used to resist routing loops.

Question 29

After repairing a computer infected with malware, a technician determines that the web browser fails to go to the proper address for some sites. Which of the following should be checked?
A. Server host file
B. Subnet mask
C. Local hosts file
D. Duplex settings

Answer 29

Answer: C
Explanation: The local hosts file is a text file that contains hostname-to-IP address mappings. By default, host to IP address mappings that are configured in the Hosts file supersede the information in DNS. If there is an entry for a domain name in the Hosts file, then the server will not attempt to query DNS servers for that name. Instead, the IP address that is configured in the Hosts file will be used. If the IP address corresponding to a name changes and the Hosts file is not updated, you may be unable to connect to the host.