Chapter 20 Flashcards
Analyzing System Properties and Remediation
Describe network troubleshooting tools.
If your network is experiencing high latency, the tools to help troubleshoot this are iperf, iperf3, iftop, mtr, nc (netcat), ping, ping6, ss, tracepath, tracepath6, traceroute, and traceroute6. These utilities also assist in detecting network saturation problems. If failing or faulty adapters are a problem, the tools to diagnose this issue are ethtool, ifconfig, ip, and netstat. These utilities along with nmcli also help with NIC configuration problems. For incorrect or duplicate MAC addresses in a router, employ the arp or ip neigh command. To research slow or incorrect name server responses, the host, dig, nslookup, and whois utilities help.
Summarize potential disk problems and solutions.
The du and df utilities help in preventing the system from running out of filesystem space and with troubleshooting when it does. If it is a logical volume, employ the LVM tools to add additional space when needed. I/O wait times, which may slow overall system performance, are seen with the iostat command. Changing a system’s I/O scheduler may help relieve this problem. The ioping utility tests a disk to determine if it is usable for a particular application. To repair an ext* filesystem, use the fsck command. The partprobe command works well for newly created partitions in that it forces a reread of a disk’s partition table without rebooting the system.
Clarify CPU troubleshooting procedures.
It is important to understand your system’s current processors’ information, which you can find in the /proc/cpuinfo file. To view CPU usage, employ the uptime and/or the sar commands. If needed and appropriate, you can tweak kernel parameters related to processor handling using the sysctl utility.
Explain memory problems and solutions.
To view detailed system RAM information, look at the /proc/meminfo file’s contents. If your system does not have properly sized memory, you can see high RAM usage via the free command. In addition, the vmstat tool allows you to view disk I/O specific to swapping, which increases when RAM is improperly sized. If you need to add additional swap space, the mkswap utility will “format” a partition/file into swap, and the swapon command will put it into swap space. If you need to uncouple a partition/file from swap space, use the swapoff utility. If memory use hits critical levels, the kernel releases the OOM killer, which kills off particular processes to bring memory usage back to reasonable levels. Memory management can be modified using certain kernel parameters and the sysctl tool.
Which of the following is true concerning network sockets? (Choose all that apply.)
Numbers used to identify which service is transmitting data A single endpoint of a network connection's two endpoints Uses a combination of an IP address and a port number Endpoints between processes on a local system Provides better IPC than localhost
B, C. A network socket is a single endpoint of a network connection’s two endpoints. That single endpoint is on the local system, bound to a particular port, and uses a combination of an IP address and a port number. Therefore, options B and C are correct answers. Ports use numbers to identify which service or application is transmitting data, and thus option A is a wrong answer. Unix sockets are endpoints between processes on a local system and provide better interprocess communication (IPC) than localhost. Therefore, options D and E are incorrect choices.
The system administrator, Preston, has noticed that the IPv4 network seems sluggish. He decides to run some tests to check for high latency. Which of the following utilities should he use? (Choose all that apply.)
iperf ping ip neigh dig traceroute
A, B, E. The iperf, ping, and traceroute utilities will help test the network for high latency (slowness) in order to determine the cause. Thus, options A, B, and E are correct answers. The ip neigh command is used to check the routing tables and is often employed in situations where a duplicate or incorrect MAC address is causing problems on a local network segment. Therefore, option C is a wrong answer. The dig utility checks name server resolutions, not high latency. Thus, option D is also an incorrect choice.
Scott has formulated a problem cause theory that routers are saturated with traffic and dropping TCP packets from their queues. Which of the following tools should he employ to test this theory? (Choose all that apply.)
mtr ifconfig ethtool -s tracepath traceroute
A, D, E. The mtr, tracepath, and traceroute utilities all allow Mr. Scott to view router packets traveling through certain network segments and isolate which routers may be dropping packets. Therefore, options A, D, and E are correct answers. The ifconfig tool is for viewing and configuring network adapters. Therefore, option B is a wrong answer. The ethtool -s command will show adapter statistics but not router information, and therefore option C is also an incorrect choice.
The network engineer, Keenser, believes the choices of name servers in the system’s /etc/resolv.conf file are inefficient. Which of the following tools can he employ to test new server choices?
dnsmasq whois nmap nslookup ipset list
D. The nslookup utility can be used along with the time command to test new name servers to see if they are more efficient (faster). Thus, option D is the correct answer. Option A’s dnsmasq is caching-only name server software, so it is a wrong answer. The whois utility performs queries of Whois servers, not name servers. Thus, option B is an incorrect answer. The nmap utility is used for network mapping and analysis (or pentesting), and therefore, option C is a wrong choice. The ipset list command displays the various IPsets on a system but is not involved with name resolution. Thus, option E is an incorrect choice.
Mera, a Linux system admin, believes a new application on her system is producing too much I/O for a particular partition, causing the system’s processor to appear sluggish. Which tool should she use to test her problem cause theory?
iostat ioping du df iotop
A. The iostat command displays I/O wait, which is a performance statistic showing the amount of time a processor must wait on disk I/O. Therefore, option A is the correct answer. The ioping utility is more for testing new disks on performance items such as disk I/O latency, seek rates, sequential speeds, and so on. Therefore, option B is a wrong answer. The du and df commands are useful for situations where disk space is an issue but do not provide I/O wait statistics. Therefore, options C and D are incorrect answers. The iotop utility is helpful in locating an application or process causing high I/O but not CPU latency due to high I/O. Thus, option E is also an incorrect answer.
From analysis, Arthur believes the system’s I/O throughput will improve by changing the I/O scheduler. On his system is a real-time application, which uses a database located on a solid-state drive. Which I/O scheduler should Arthur choose?
scheduler deadline queue cfq noop
B. The deadline I/O scheduler is good for situations where increased database I/O and overall reduced I/O latency are needed, and/or an SSD is employed, and/or a real-time application is in use. Therefore, option B is the correct answer. Option A is the I/O scheduler configuration file’s name, and therefore it is a wrong answer. Option C is one of the subdirectories in the directory that contains the I/O scheduler configuration file, such as /sys/block/sdc/queue/. Thus, option C is also an incorrect answer. The cfq scheduler is best for situations where more balanced I/O handling is needed and/or the system has a multiprocessor. Therefore, option D is a wrong answer. The noop I/O scheduler is good for situations where an SSD is employed but less CPU usage is needed. Therefore, option E is an incorrect choice.
Using the uptime command, you will see CPU load averages in what increments? (Choose all that apply.)
1 minute 5 minutes 10 minutes 15 minutes 20 minutes
A, B, D. The uptime command displays CPU load averages in 1-, 5-, and 15-minute increments. Thus, options A, B, and D are correct answers and options C and E are incorrect choices.
Mary wants to view her system’s processor performance over time. Which is the best utility for her to employ?
uptime sysstat sar cat /proc/cpuinfo sysctl
C. The sar utility is the best one for viewing a system’s processor performance over time. It uses data stored by the sadc program in the /var/log/sa/ directory, which contains up to a month’s worth of data. Therefore, option C is the correct answer. The uptime utility is handy to view processor performance, but sar is a better one for viewing it over time. Thus, option A is a wrong answer. sysstat is a package that provides the sar utility, and therefore, option B is an incorrect answer. The /proc/cpuinfo file contains detailed processor information, but it is not the best for viewing CPU performance. Thus, option D is also a wrong choice. The sysctl utility is used to view or tweak kernel parameters. Therefore, option E is an incorrect choice.
Gertie needs to determine a swap space element’s type, name, and priority. Which command should she use?
vmstat free fstab swapoff swapon -s
E. The swapon -s command will allow Gertie to view a swap space element’s type, name, and priority. Therefore, option E is the correct answer. The vmstat utility provides a lot of memory statistics, including disk I/O specific to swapping as well as total blocks in and blocks out to the device. However, it does not provide the information Gertie needs, so option A is a wrong answer. The free command shows memory items such as free memory, used memory, and buffer/cache usage. Thus, option B is an incorrect answer. fstab is not a command, but a file. This file is where swap partitions/files must have records in order for the swap space to remain persistent through reboots. Therefore, option C is a wrong choice. The swapoff utility disengages a partition/file from swap space, and thus, option D is an incorrect choice.
Elliot is administering a Linux system that has multiple swap spaces. One is on a logical volume, but it needs more space to accommodate additional RAM that is to be installed in the near future. What is the best way for Elliot to add swap space?
Add a partition and format it with the mkswap command. Add a file and format it with the mkswap command. Add a partition using the swapon utility. Add a file using the swapon utility. Use LVM tools to increase the logical volume.
E. In this scenario, since multiple swap spaces already exist and the one swap partition or file is on a logical volume, Elliot should add more swap space by using LVM tools to increase the logical volume. Thus, option E is the correct answer. While Elliot would need to employ mkswap and swapon on the logical volume after it is extended, options A, B, C, and D are using those utilities on files or partitions, instead of logical volumes. Therefore, those options are incorrect choices.
