5.3 Troubleshoot issues within Network Services Flashcards
A network administrator is testing a remote server’s network configuration and decides to ping the Internet Protocol (IP) address of a familiar office Windows workstation. No replies are received, but the admin confirms DHCP settings are enabled on the workstation and can successfully browse the Internet.
What is the MOST likely reason why the client workstation did not respond to a ping request?
- An IP address from another subnet is being used.
- The Ethernet port is bad.
- The IP address has expired.
- The same IP address of another client is being used
An IP address from another subnet is being used.
The client workstation has a valid Internet Protocol (IP) address from a different subnet range. This is possible with a rogue Dynamic Host Configuration Protocol (DHCP) server on the same local area network (LAN).
A network specialist is attempting to troubleshoot an issue where two systems are intermittently receiving traffic.
In addition to looking for duplicate internet protocol addresses, what could be another consideration for what is causing the problem?A network specialist is attempting to troubleshoot an issue where two systems are intermittently receiving traffic.
In addition to looking for duplicate internet protocol addresses, what could be another consideration for what is causing the problem?
- Duplicate MAC Address
- DNS Issues
- Expired IP Address
- Incorrect Network Mask
If there are two systems with duplicate IPs, a race condition will determine which receives traffic. A duplicate MAC address will cause a problem similar to a duplicate IP address.
What happens when a Topology Change Notification (TCN) is received in a network using STP?
- The network topology remains unchanged
- Ports may change their status from forwarding to blocked or vice versa
- All ports are set to the blocking state
- The root bridge is re-elected
When a TCN is received, it indicates that a device has been added or removed from the network. STP may then adjust the network topology by changing the status of ports (from forwarding to blocked or vice versa) to maintain a loop-free network.
A network engineer is tasked with resolving why certain printers are inaccessible by users next to those printers. The engineer realizes that the printer’s network port on the switch is not configured to the proper network.
The engineer sets the network configuration tag to 30 for those ports, resolving the issue.
What was most likely the cause of the issue?
- DNS issue
- IP Exclusions
- Untrusted SSL Certificate
- Incorrect VLAN
When setting up a virtual local area network (VLAN), all things that need to communicate must be assigned the correct VLAN or access within all network equipment.
A system administrator notices a server cannot access network services. Authentication is also failing. The error is an invalid token message.
Which of the following protocols should the system administrator verify early in the troubleshooting process?
- HTTP
- NTP
- SMB
- POP
The Network Time Protocol (NTP) enables the synchronization of time-dependent applications. A server or host that is configured with the incorrect time may not be able to access network services. Authentication, and other security mechanisms will often fail if the time is not synchronized on both communicating devices. Errors are likely to be generic failed or invalid token messages.
Windows workstations at a small company are not able to log on to a Windows server. Which of the following is the likely cause?
- A untrusted SSL certificate
- Incorrect ACL
- Blocked UDP ports
- Incorrect System Time
A server or host needs to be configured with the correct time. Authentication, and other security mechanisms will often fail if the time is not synchronized on both communicating devices.
A sysadmin is monitoring the logs of the network equipment in the corporate office and notices there are a lot of packet collisions. After digging around the individual network boxes, the sysadmin found that there was a misconfigured switch.
What setting most likely contributed to the packet collisions?
- Memory
- Packet County
- Speed Duplex
- Bandwidth
Half duplex refers to only being able to transfer or receive one at a time. Full duplex refers to being able to transfer and receive at the same time. Having multiple devices configured differently can cause collisions.
A user installs a financial software package that requires cloud access. For some reason, the application fails to connect to the cloud server.
What is the MOST likely cause of this issue?
- Incorrect Time
- Duplicate IP Address
- Incorrect host-based firewall settings
- Unresponsive Service
Incorrect host-based firewall settings
A host-based firewall is implemented as a software application running on a host. Often rules need to be manually added to a firewall allow for applications to communicate properly.
An organization asks a network consultant to assist in learning why the company’s network is getting overloaded. Upon monitoring the network, the consultant learns that the CPI utilization of the switches jumps up above 80% at various points.
What is happening in the network?
- Multicast Flooding
- Broadcast storm
- DNS Issues
- Certificate Issues
Broadcast Storm
A broadcast storm will cause network utilization to go to a near-maximum capacity and the CPU utilization of the switches to jump to 80 percent or more, making the switched segment effectively unusable until the broadcast storm stops.
If a switch is not multicast-aware, it will treat multicast transmissions as broadcasts and flood them across all ports in the broadcast domain, consuming much bandwidth and slow down the network.
If hosts are experiencing DNS issues, symptoms will include the inability to connect to a server by name, despite being accessible by IP address.
The most common reason for a certificate not to be trusted is that the certificate issuer is not trusted.
A computer system sporadically connects to network services. Which of the following is MOST likely causing this issue?
- Duplicate IP addresses
- Expired IP address
- Incorrect Gateway
- Rogue DHCP
Duplicate IP addresses
If Windows detects a duplicate Internet protocol (IP) address, it will display a warning and disable the IP. Hosts with the same IP will contend to respond to ARP queries, and communications could be split between them.
A system with an expired IP address may have lost connection with a DHCP server and will need to have its IP address information updated and/or lease times should be reduced.
A rogue Dynamic Host Configuration Protocol (DHCP) server is one that is distributing addresses to hosts and is not authorized to be on a network.
A default gateway is used by a host to find routes to other networks. If a default gateway Internet protocol (IP) address is incorrect, network communication will restricted to the local subnet for the host.
A system is unable to reach any other systems outside of the local subnet. This symptom is characteristic of which problem?
- Exhausted DHCP scope
- Incorrect netmask
- Incorrect gateway
- Duplicate IP Addresses
Incorrect gateway
A default gateway is used by a host to find routes to other networks. If a default gateway address is incorrect, network communication will be restricted to the local subnet.
Nodes on a subnet use the same address for a subnet mask. A system with an incorrect subnet mask will behave as if it is on another network than its peers.
If systems are failing to obtain an Internet Protocol (IP) configuration, they will not be able to communicate. An exhausted Dynamic Host Configuration Protocol (DHCP) scope has no more available addresses to assign.
If Windows detects a duplicate Internet Protocol (IP) address, it will display a warning and disable IP. Linux does not typically check for duplicate addresses.
You manage a local area network with several switches. A new employee has started today, so you connect her workstation to a switch port.
After connecting the workstation, you find that it can’t get an IP address from the DHCP server. You check the link and status lights and see that the connection is working properly. A ping to the workstation’s loopback address succeeds. No other computers seem to have the problem.
Which of the following is the MOST likely cause of the problem?
- Switching loop
- Incorrect Default gateway
- Half-duplex setting on the switch and workstation
- Incorrect VLAN Assignment
Incorrect VLAN assignment
The most likely cause is that the switch port is a member of a VLAN that’s different from the one for the DHCP server and other devices. It’s possible that unused ports on the switch were assigned to a VLAN that’s different from the one used by other devices.
The duplex setting would probably not prevent traffic between the workstation and the switch. It would simply mean that both devices would perform collision detection. A problem might occur if one device were manually configured for full-duplex, and the other were configured for half-duplex.
A switching loop occurs when there are multiple active paths between two switches. Switching loops lead to incorrect entries in a MAC address table, making a device appear to be connected to the wrong port and causing unicast traffic to circulate endlessly between switches. Switching loops would typically affect multiple devices, not just one.
The default gateway setting affects whether a device can communicate with hosts on different subnets, but this value is typically received from the DHCP server.
You are configuring a new network segment that includes three switches: Switch A, Switch B, and Switch C. Switch A is connected to Switch B, Switch B is connected to Switch C, and Switch C is connected back to Switch A, forming a triangle.
To prevent loops, you decide to implement the Spanning Tree Protocol (STP). After enabling STP, you notice that one of the links between the switches is not forwarding traffic.
Which of the following links is MOST likely to be in a blocking state due to STP?
- The link between Switch B and Switch C
- Any of the links could be in a blocking state depending on the bridge IDs
- You Were Unsure and incorrect
- The link between Switch C and Switch A
- The link between Switch A and Switch B
Any of the links could be in a blocking state depending on the bridge IDs
Any of the links could be in a blocking state depending on the bridge IDs is the correct answer. In STP, the decision to place a port in a blocking state depends on the bridge IDs and the path costs to the root bridge. Since the bridge ID is a combination of a priority value and the MAC address, and without specific information about these values or the path costs, any of the links could potentially be in a blocking state. The specific link that ends up being blocked is determined by the STP algorithm based on the bridge ID and path cost calculations to ensure a loop-free topology.
Without information about the bridge IDs and path costs, it’s not possible to definitively say which specific link would be in a blocking state. STP calculations could result in any link being blocked to prevent loops.
The link between Switch B and Switch C answer assumes specific conditions about the network’s bridge IDs and path costs without providing that information. The blocking state is determined by the STP algorithm, which considers the overall topology and bridge IDs.
The link between Switch C and Switch A answer makes an assumption without considering the necessary information about bridge IDs and path costs that STP uses to determine the blocking state.
You are unsure if the gateway address is correct for one of your subnetworks because traffic is not leaving the network.
Which of the following tables could you look at to check if the gateway address is correct?
- State table
- Routing table
- ARP table
- MAC address table
Routing table
Routing tables contain gateway address information.
MAC address tables, IP address tables, and state tables do not contain gateway address information. MAC address tables contain information about source MAC addresses and destination MAC addresses. ARP tables contain neighbor information and link MAC addresses to IP addresses. Stateful devices keep track of the state of network connections, like TCP streams in a state table.
What might be a symptom of a malicious attack on a DHCP server?
- Address pool exaustion
- Increased network speed
- Decreased number of DHCP requests
- Frequent IP Address changes
Address pool exhaustion
Address pool exhaustion can be a symptom of a malicious attack, such as a DHCP flood where numerous fake DHCP requests are sent to the server to deplete its pool of available IP addresses, preventing legitimate clients from obtaining an IP address.
Increased network speed is not typically a symptom of a malicious attack on a DHCP server.
Frequent IP address changes are more likely due to short lease times or network configuration issues, not necessarily a malicious attack.
A decrease in the number of DHCP requests would not indicate an attack; an attack would likely increase the number of requests to exhaust the address pool.
Recently booted computer systems at a large company are not able to access any network resources. IT investigates and finds the systems configured with automatic private IP addressing (APIPA) addresses.
Which of the following is MOST likely causing the issue?
- Expired IP Address
- Exhausted DHCP scope
- Incorrect network mask
- Unresponsive service
Exhausted DHCP scope
If systems are failing to obtain an Internet protocol (IP) configuration, a Dynamic Host Configuration Protocol (DHCP) scope may be exhausted which results in the assignment of APIPA addresses.
An unresponsive service on a system can be caused by many factors. These services may include important network functions such as the dynamic host configuration protocol (DHCP).
Nodes on a local network/subnet use the same Internet protocol (IP) configuration for a subnet mask. A system with an incorrect subnet mask will experience communication problems.
A system with an expired IP address may have lost connection with a DHCP server and will need to have its IP address information updated and/or lease times should be reduced.
