Chapter 5 Troubleshooting

Question 1

What is Netflow?

Answer 1

A packet analyzer can be used to measure network traffic statistics but trying to record each frame imposes a heavy processing overhead on the network tap or mirror port. Collecting just the packet metadata, rather than the whole packet
payload, reduces the bandwidth required by the sniffer. Technologies such as Cisco’s NetFlow (cisco.com/c/en/us/products/ios-nx-os-software/ios-netflow/index.html) gather traffic metadata only and report it to a structured database.

Question 2

NetFlow involves deploying three types of components:

Answer 2

• A NetFlow exporter is configured on network appliances (switches, routers, and firewalls)
• A NetFlow collector aggregates flows from multiple exporters.
• A NetFlow analyzer reports and interprets information by querying the collector and can be configured to generate alerts and notifications.

Question 3

What advantage does collecting only packet metadata offer?

a) It reduces the risk of data loss
b) It increases network security
c) It reduces the processing overhead on the network tap
d) It decreases the likelihood of network congestion

Answer 3

c) It reduces the processing overhead on the network tap

Collecting just the packet metadata, rather than the whole packet
payload, reduces the bandwidth required by the sniffer. Technologies such as** Cisco’s NetFlow** gather traffic metadata only and report it to a structured database.

Question 4

What remote management service is associated with TCP port 23?

Answer 4

Telnet is both a protocol and a terminal emulation software tool.

In order to support Telnet access, the remote computer must run a service known as the Telnet
Daemon. The Telnet Daemon listens on TCP port 23 by default.

Question 5

is Putty a terminal emulator?

Answer 5

Yes

Question 6

What is the purpose of software utilities like iperf3, Ttcp, and bwping in networking?

a) To encrypt network traffic
b) To measure network throughput
c) To block unauthorized access
d) To optimize network latency

Answer 6

b) To measure network throughput

Question 7

ping can be used to perform a basic

Answer 7

connectivity test

Question 8

if ping is not reach a remote device, it might mean that a ROUTER of FIREWALL blocks it for security purposes. So do not assume that a device is down, it might just be a router or firewall that is blocking your ping request.

Question 9

ping: 5 steps to ping

Answer 9

1. loopback address
2. Local IP
3. Another Node
4. default gateway
5. ping a remote node

Question 10

ipconfig without any switches will display the:

Answer 10

• IP address
• subnet mask, and
• default gateway (router) for all network interfaces to which TCP/IP is bound.

Question 11

ipconfig /all displays complete TCP/IP configuration parameters for each interface, including:

Answer 11

• whether the Dynamic Host Configuration Protocol (DHCP) is enabled
• DHCP server IP
• hardware (MAC) address.
• Lease Obtian
• Lease Expire

Question 12

What does ipconfig /release interface do?

Answer 12

releases the IP address obtained from a DHCP Server so that the interface(s) will no longer have an IP address.

Question 13

DNS Troubleshooting

What is the purpose of name resolution troubleshooting in networking?

a) To encrypt network traffic
b) To optimize network latency
c) To measure network throughput
d) To resolve issues related to domain name resolution

Answer 13

d) To resolve issues related to domain name resolution

Question 14

DNS Troubleshooting

Why might configuration errors occur in name resolution troubleshooting?

a) Due to encryption of network traffic
b) Due to optimization of network latency
c) Due to caching and the distributed nature of the system
d) Due to measuring network throughput

Answer 14

c) Due to caching and the distributed nature of the system

Question 15

DNS Troubleshooting

What is one way to verify the name configured on a host in Windows?

a) Using the command ipconfig /all
b) Using the command hostname –fqdn
c) Using the command nslookup
d) Using the command ifconfig

Answer 15

a) Using the command ipconfig /all

Question 16

DNS Troubleshooting

What command can be used in Linux to display the fully qualified domain name (FQDN) of the local host?

a) ipconfig /all
b) hostname –fqdn
c) nslookup
d) ifconfig

Answer 16

b) hostname –fqdn

Question 17

nslookup

Host can be either a:

a) Host ID, subnet mask, and gateway
b) IP address, subnet mask, and MAC address
c) Host name, domain name, FQDN, or IP address
d) DNS server, DHCP server, and gateway

Answer 17

c) Host name, domain name, FQDN, or IP address

Question 18

In a Windows environment, which command can be used to troubleshoot DNS name resolution?

a) ping
b) tracert
c) nslookup
d) ipconfig

Answer 18

c) nslookup

Question 19

What is the purpose of the ipconfig /displaydns command in Windows?

a) To troubleshoot network connectivity issues
b) To display the DNS configuration of the local host
c) To measure network latency
d) To display the contents of the DNS resolver cache

Answer 19

d) To display the contents of the DNS resolver cache

Question 20

What type of information does the ipconfig /displaydns command provide?

a) Network throughput statistics
b) Fully Qualified Domain Names (FQDNs)
c) IP addresses of DNS servers
d) Cached DNS records

Answer 20

d) Cached DNS records

Question 21

What are the two modes of operation for the nslookup command?
a) Query and Configuration
b) Diagnostic and Interactive
c) Recursive and Iterative
d) Quick and Advanced

Answer 21

b) Diagnostic and Interactive

Question 22

What is the primary purpose of the traceroute tool in networking?

a) To measure network latency
b) To encrypt network traffic
c) To test the entire path between two nodes
d) To configure network adapters

Answer 22

c) To test the entire path between two nodes

Question 23

How can the traceroute tool help in troubleshooting network connectivity issues?

a) By measuring network latency between two hosts
b) By displaying the entire path between two nodes and identifying problematic nodes or links
c) By configuring DNS settings on the local host
d) By analyzing network traffic patterns

Answer 23

b) By displaying the entire path between two nodes and identifying problematic nodes or links

Question 24

What type of information does the traceroute (or tracert) tool provide?

a) Network throughput statistics
b) Fully Qualified Domain Names (FQDNs)
c) IP addresses of routers along the path
d) MAC addresses of network devices

Answer 24

c) IP addresses of routers along the path

Question 25

What command is used to perform the same function as traceroute on a Windows system?

a) ping
b) ipconfig
c) tracert
d) nslookup

Answer 25

c) tracert

Question 26

What does the mtr tool calculate, in addition to latency?

a) Bandwidth
b) Packet loss
c) Jitter
d) MAC addresses

Answer 26

c) Jitter

Question 27

What are the three planes commonly used in network functions, especially in terms of Quality of Service (QoS)?

a) Priority plane, Switching plane, and Monitoring plane
b) Decision plane, Transmission plane, and Analysis plane
c) Control plane, Data plane, and Management plane
d) Routing plane, Forwarding plane, and Observation plane

Answer 27

c) Control plane, Data plane, and Management plane

In terms of QoS, network functions are commonly divided into three planes:
* Control plane—makes decisions about how traffic should be prioritized and where it should be switched.
* Data plane—handles the actual switching of traffic.
* Management plane—monitors traffic conditions.

Question 28

is a command-line packet capture utility for Linux, providing a user interface to the libpcap library.

Answer 28

tcpdump

tcpdump is often used with some sort of filter expression:
* Type—filter by host, net, port, or portrange.
* Direction—filter by source (src) or destination (dst) parameters (host, network, or port).
* Protocol—filter by a named protocol rather than port number (for example,
arp, icmp, ip, ip6, tcp, udp, and so on).

Question 29

What is the basic syntax of the tcpdump command for listening on a specific network interface?

a) tcpdump -a eth0
b) tcpdump -i eth0
c) tcpdump -listen eth0

Answer 29

The basic syntax of the command is: tcpdump -i eth0 Where eth0 is the interface to listen on (you can substitute with the keyword any to listen on all interfaces of a multi-homed host).

Question 30

What is the primary purpose of the netstat command in networking?

a) To discover hosts on a network
b) To establish what services a host is running
c) To measure network latency
d) To encrypt network traffic

Answer 30

As well as discovering hosts, one other visibility challenge is to establish what services a host is running. The netstat command allows you to check the state of ports on the local host.

b) To establish what services a host is running

Question 31

What suspicious connections can be identified using the netstat command?

a) Connections to authorized services
b) Connections from the host to remote IP addresses
c) Connections within the local network
d) Connections to the loopback address

Answer 31

b) Connections from the host to remote IP addresses

Question 32

How does the netstat command provide visibility into the state of ports on the local host?

a) By displaying a list of all open ports
b) By displaying a list of all closed ports
c) By displaying a list of established connections
d) By displaying a list of listening ports

Answer 32

d) By displaying a list of TCP connection and UDP listening ports

Question 33

What does the command netstat /? do?

a) Displays a list of available network interfaces
b) Opens a help menu providing information about netstat options
c) Lists all established network connections
d) Measures network latency

Answer 33

b) Opens a help menu providing information about netstat options

Question 34

What information does the netstat -a command provide?

a) Displays all available network interfaces
b) Lists all established network connections and listening ports
c) Measures network throughput
d) Shows detailed statistics for each network interface

Answer 34

b) Lists all established network connections and listening ports

Question 35

What is the purpose of the netstat -o command?

a) Opens a help menu providing information about netstat options
b) Lists all listening ports on the local host
c) Displays the process ID associated with each network connection
d) Measures network latency

Answer 35

c) Displays the process ID associated with each network connection

Question 36

Wireless Obstacle examples:

Answer 36

Metal
Concrete and Bricks (can absorbed signal)
Water (refraction)
Mirrors
Weather condition

Question 37

Open Authentication and Captive Portal Issues

What does configuring an access point for open authentication mean?

a) Clients are required to authenticate using a username and password
b) Clients are not required to authenticate
c) Clients are authenticated automatically without user intervention

Answer 37

b) Clients are not required to authenticate

Question 38

In what scenario would open authentication be typically used?

a) In a corporate network with strict security policies
b) In a public access point or hotspot
c) In a private home network
d) In a network with multiple authentication mechanisms

Answer 38

b) In a public access point or hotspot

Question 39

How can open authentication be combined with a secondary authentication mechanism in public hotspots?

a) By using a certificate-based authentication
b) By using biometric authentication
c) By redirecting clients to a captive portal or splash page
d) By encrypting all communication over the link

Answer 39

c) By redirecting clients to a captive portal or splash page

When the client associates with the open hotspot and
launches the browser, the client is redirected to a captive portal or splash page. This will allow the client to authenticate to the hotspot providerʼs network (over HTTPS, so the login is secure).

Question 40

What is the purpose of NTP service?

Answer 40

important for time synchronization

Question 41

Certificate

What does it mean if you got NET::ERR_CERT_DATE_INVALID?

Answer 41

The Certificate has expired or revoked

Question 42

Certificate

What does it mean if you got NET::ERR_CERT_AUTHORITY_INVALID?

Answer 42

It was self-signed it the machine generate its own certificate OR it means untrusted root

Question 43

What does asymmetrical routing refer to in networking?

a) A topology where all paths have the same latency
b) A topology where the forward and return paths are different
c) A topology where routing is configured in a symmetric manner
d) A topology where all traffic flows through a single path

Answer 43

b) A topology where the forward and return paths are different

Question 44

Why is asymmetrical routing problematic in some cases?

a) It increases network latency
b) It may cause security devices to filter or drop communications
c) It simplifies network management
d) It reduces network throughput

Answer 44

b) It may cause security devices to filter or drop communications

Question 45

In what scenarios is asymmetrical routing common?

a) In networks with no redundancy
b) In networks with a single access point
c) In networks with load balancers and redundant paths
d) In networks with strict security policies

Answer 45

c) In networks with load balancers and redundant paths

Question 46

How can misconfigured routing topology causing asymmetrical routing be identified?

a) By analyzing network traffic patterns
b) By performing load testing on network devices
c) By using traceroute from both sender and receiver to compare per-hop latency
d) By increasing the number of redundant paths

Answer 46

c) By using traceroute from both sender and receiver to compare per-hop latency

Question 47

What type of devices should not be placed in the middle of a network where forward and return paths could diverge?

a) Load balancers
b) Routers
c) Firewalls and NAT devices
d) Switches

Answer 47

c) Firewalls and NAT devices

Question 48

Routing Loop Issues

What is a routing loop in networking?

a) A situation where routers continuously forward packets in a loop
b) A situation where routers use each other as the path to a network
c) A situation where routers drop packets due to congestion
d) A situation where routers fail to forward packets

Answer 48

b) A situation where routers use each other as the path to a network

it is an L3 Issue

Question 49

What happens to packets caught in a routing loop?

a) They are dropped immediately
b) They are forwarded indefinitely
c) They circle around until the Time-To-Live (TTL) expires
d) They are rerouted to the destination

Answer 49

c) They circle around until the Time-To-Live (TTL) expires

Question 50

How can traceroute be used to diagnose a routing loop?

a) By analyzing the TTL values in the output
b) By looking for IP addresses that appear multiple times in the output
c) By measuring network latency between hosts
d) By identifying the source and destination IP addresses

Answer 50

b) By looking for IP addresses that appear multiple times in the output

Question 51

What does the appearance of IP addresses multiple times in the traceroute output indicate?

a) That the routing path is functioning properly
b) That there is a routing loop in the network
c) That there is a firewall blocking some packets
d) That there is congestion in the network

Answer 51

b) That there is a routing loop in the network

Question 52

What does traceroute primarily display in its output?

a) Round-trip time for packets
b) IP addresses of routers along the path
c) Number of packets sent
d) Network throughput statistics

Answer 52

b) IP addresses of routers along the path
(USES ICMP)

Question 53

Routing protocols use various mechanisms to prevent loops. For example, distance
vector protocols use the following mechanisms:

Answer 53

Maximum hop count—If the cost exceeds a certain value (16 in RIP), the
network is deemed unreachable. A poison route is one advertised with a hop
count of 16. This can provide an explicit failure notice to other routers.

Holddown timer—If a node declares a network unreachable, its neighbors start
a holddown timer. Any updates about that route received from other nodes are
discarded for the duration of the timer. This is designed to ensure that all nodes
have converged information about an unreachable network.

Split horizon—Prevents a routing update from being copied back to the source.

Question 54

Router Installation and

Troubleshooting

A router must forward traffic received over a single physical interface connected to a switch trunk port to the appropriate virtual LAN (VLAN).
What feature must be configured on the router?

Answer 54

A subinterface for each VLAN carried over the trunk. Each subinterface must be configured with an IP address and mask for the subnet mapped to the VLAN.

Question 55

Your network monitor is recording high numbers of ICMP Time Exceeded notifications. What type of routing issue does this typically indicate?

Answer 55

This is typical of a routing loop, where packets circulate between two routers until the time to live (TTL) is exceeded.