Troubleshooting

Question 1

PC1 wants to send data to another device on the same network but only knows its IP address. What protocol does it use to find the MAC address, and how does the switch and router respond if the MAC isn’t known?

Answer 1

PC1 uses ARP (Address Resolution Protocol). The switch forwards the request if it doesn’t know the MAC. If the destination is outside the local network, the router responds with its MAC address to forward the packet.

Question 2

A technician notices a spike in CRC errors on a network interface. What might this indicate?

Answer 2

Faulty cabling or electromagnetic interference.

Question 3

A technician is using the tracert command to diagnose routing issues. What do the -h, -w, and -d options do?

Answer 3

-h: Sets the maximum number of hops

-w: Sets the timeout for each reply in milliseconds

-d: Prevents DNS name resolution for faster results

Question 4

After you establish a theory of probable cause, what should you do next?

Answer 4

Test the Theory — confirm whether your hypothesis is correct before taking action. If the theory fails, reassess and try another.

Question 5

Why should you test the theory before creating a plan of action?

Answer 5

Testing prevents wasted effort. Acting on an unproven theory could lead to unnecessary changes, downtime, or missed root causes.

Question 6

After you implement the solution, what’s the next step?

Answer 6

Verify System Functionality — ensure the fix resolved the issue and didn’t introduce new problems. This confirms success before closing the case.

Question 7

What’s the first step in the troubleshooting methodology, and why is it critical?

Answer 7

Identify the Problem — it sets the foundation by gathering user input, observing symptoms, and performing backups if needed. Without this, later steps may target the wrong issue.

Question 8

You’re tasked with capturing and analyzing packets to troubleshoot a network issue. Which tool should you use?

Answer 8

Wireshark — it’s a protocol analyzer used for packet capture and inspection.

Question 9

Which tool helps you analyze when and where traffic is flowing across your network for performance tuning?

Answer 9

NetFlow Analyzer — ideal for monitoring, troubleshooting, and analyzing traffic flow data.

Question 10

What can Nmap do in network diagnostics, and why is it commonly used?

Answer 10

Nmap scans for open ports and active IP addresses. It’s widely used for network mapping, host discovery, and service enumeration.

Question 11

What do the commands ifconfig up and ifconfig down

Answer 11

ifconfig up → Activates a network interface

ifconfig down → Disables a network interface

Question 12

You need to analyze captured traffic with a graphical interface. How does tcpdump support this workflow?

Answer 12

Use tcpdump to save traffic into a PCAP file, then open it in Wireshark for deep packet analysis.

Question 13

You’re troubleshooting live network traffic from the command line. Which tool lets you view packets in real time and filter by protocol or port?

Answer 13

tcpdump — a CLI tool that captures and displays TCP/IP and other packets as they flow across the network.

Question 14

What are the primary capabilities of Nmap in network reconnaissance?

Answer 14

Host discovery — find active devices on a network

Service detection — identify open ports and running services

OS detection — determine the target’s operating system

Question 15

You need to check a port’s stats — including bandwidth, MTU size, and error counts — on a network device. Which command would you use?

Answer 15

show interface

Question 16

You need to review a device’s saved setup — including system, SNMP, IP, DNS, and logging settings — to confirm how it’s currently configured. Which command would you use?

Answer 16

show config

Question 17

You need to see a device’s list of known networks, along with how it reaches them and the cost of each path. Which command would you use?

Answer 17

show route

Question 18

Which switch command shows which MAC addresses are learned on which ports?

Answer 18

show mac address-table — maps MAC addresses to their corresponding switch ports.

Question 19

You need to find the MAC address associated with a specific IP address on a device. Which command do you use?

Answer 19

show arp — displays the ARP table mapping IP addresses to MAC addresses.

Question 20

Which command displays and manages power settings, including Power over Ethernet status?

Answer 20

show power — shows PoE configuration and power usage.

Question 21

What does LLDP allow devices on a network to do?

Answer 21

(Link Layer Discovery Protocol) Advertise themselves and discover information about other devices.

Question 22

Which discovery protocol is similar to LLDP but designed for Cisco-based environments?

Answer 22

CDP (Cisco Discovery Protocol).

Question 23

In network troubleshooting, which tool would you use for each of the following:

Testing attenuation and dB loss on fiber

Detecting interference on Wi‑Fi

Answer 23

Fiber: Fiber Light Meter

Wi‑Fi: Spectrum Analyzer

Question 24

What is the difference between a cable certifier and a cable analyzer?

Answer 24

Cable Certifier – Checks if a cable meets a specific standard (e.g., Cat 6) and passes required tests.

Cable Analyzer – Measures signal loss and other issues for troubleshooting, without certifying to a standard.

Question 25

Which tools can be used to test bad network ports?

Answer 25

Loopback Adapter & Loopback Plug – Plugs into a port to send the signal back into the device for testing.

Question 26

You’re troubleshooting a slow fiber link. What tool do you use to measure if there’s any dB loss on the connection, and what should you do if the loss is higher than normal?

Answer 26

Use a Fiber Light Meter to measure dB loss. If the loss is higher than normal, clean the fiber connectors.

Question 27

On a network device, what do the activity light and link speed light indicate?

Answer 27

Activity light:   * Off – No link/connection   * Solid orange – Link established   * Blinking orange – Data activity Link speed light:   * Off – 10 Mbps   * Orange – 100 Mbps   * Green – 1 Gbps

Question 28

Why should switches use full duplex communication?

Answer 28

Because each switch port is its own collision domain, allowing simultaneous send and receive without collisions.

Question 29

What does “power budget” mean in a PoE (Power over Ethernet) network? And why must this be kept in mind?

Answer 29

It’s the total DC power available to all endpoint devices — not just per port. The switch must support the full combined power demand.

Question 30

You suspect data corruption on a network link. Which method can detect errors in transmitted data, and why is it effective?

Answer 30

CRC (Cyclic Redundancy Check) — uses checksums to detect errors, making it ideal for spotting data corruption during troubleshooting.

Question 31

You’re troubleshooting a weak Wi‑Fi connection. Which measurement tells you the signal strength your device is receiving, and how much is being pushed out by the access point? Also, what does the general range indicate weak vs strong?

Answer 31

RSSI – Shows received signal strength; around ‑90 dB is very weak, around ‑30 dB is very strong. EIRP – The maximum power an access point could radiate.

Question 32

You’re connected to Wi‑Fi but can’t access the internet. What steps should you take to troubleshoot a possible captive portal issue?

Answer 32

Try going to any website to trigger the portal and rule out HTTP issues Go to the default gateway IP in a browser Verify DNS is working and DHCP is allowed to autoconfigure

Question 33

You’re troubleshooting multicast flooding on a switch. What configuration change can prevent unknown multicast packets from being forwarded to all ports?

Answer 33

Configure the switch to block unknown multicast packets.

Question 34

You suspect a DNS server isn’t responding properly. What steps should you take to troubleshoot?

Answer 34

Use nslookup to verify A records and CNAME records Check that TTL values aren’t set too long, which can delay updates

Question 35

What steps can help prevent broadcast storms?

Answer 35

Use Layer 3 devices to break up large broadcast domains Limit MAC addresses per port Set up loop prevention mechanisms like BPDUs (Bridge Protocol Data Units)

Question 36

Users are reporting poor VoIP call quality. What network configuration can help prioritize voice traffic and improve performance?

Answer 36

Implement QoS (Quality of Service) to prioritize VoIP traffic over other types of data.

Question 37

Match each Nmap switch to its function: -sn -sS -sT -sU -O -p

Answer 37

-sn → Host discovery only (ping sweep, skip port scan) -sS → TCP SYN scan (half‑open, stealthier) Is the port open, closed, or filtered? -sT → TCP connect scan (full handshake) Is the port open, closed, or filtered? -sU → UDP scan (check for open UDP services) -O → Determine OS (OS fingerprinting) -p → Scan specific ports

Question 38

What is TCPdump? Match each switch to its function: -i -nn -w

Answer 38

TCPdump → analyzer/sniffer that captures and displays network traffic in real time or saves it for later analysis. Switches: -i → Specify the interface to capture from (e.g., -i eth0) -nn → Show numeric IPs and ports (no DNS/service name resolution) -w → Write captured packets to a file for later review

Question 39

What does each of these ip commands do? ip link show ip -s link ip addr list ip route show

Answer 39

ip link show → Shows network interfaces and whether they are UP or DOWN ip -s link → Adds interface statistics (packets, errors) ip addr list → Shows IP addresses assigned to interfaces ip route show → Displays the routing table

Question 40

How do you start nslookup in interactive mode to perform multiple DNS queries?

Answer 40

Run nslookup with no arguments → enters interactive mode Allows querying multiple domains or record types (A, MX, SOA) without restarting

Question 41

How do you use dig to query a specific DNS server for a record type and get minimal output?

Answer 41

+short → Shows only the essential result, no extra stats or comments

Question 42

What do these common netstat flags do and when would you use them? -l, -a, -p

Answer 42

-l → Listening services -a → All connections (listening + active) -p → Shows process names (sometimes useful for troubleshooting)

Question 43

What is the first step to configure a router-on-a-stick for a VLAN?

Answer 43

Create a subinterface on the router for the VLAN: Syntax: interface [physical interface].[VLAN ID] → e.g., G0.30 Encapsulation (dot1Q) and IP address are configured after the subinterface is created.

Question 44

What do these common arp flags do and when would you use them? -a, -s, -d

Answer 44

arp -a → View current ARP cache (IP → MAC mappings) arp -s → Add a static ARP entry arp -d → Delete an ARP cache entry

Question 45

What is an OTDR and what does it do?

Answer 45

Optical Time-Domain Reflectometer tests fiber optic cables by sending light pulses and measuring reflections to locate faults, breaks, bends, and measure attenuation.

Question 46

What's the difference between an OTDR and a Fiber Light Meter, and when should each be used?

Answer 46

An OTDR detects faults, and measures distance and signal loss—ideal for troubleshooting and installation. A Fiber Light Meter measures the strength of the optical signal

Question 47

What is ngrep, and how is it used in network analysis?

Answer 47

ngrep is a command-line packet capture and analysis tool that searches network traffic using regular expressions, useful for monitoring and debugging protocols without a graphical interface.

Question 48

What is the first step when diagnosing VLAN assignment issues with ping?

Answer 48

ing the loopback address (127.0.0.1) and then the host’s own IP to verify the device’s TCP/IP stack and local IP configuration before testing network connectivity.

Question 49

What could cause a custom client application to fail communicating with a server even though ping and telnet to the IP/FQDN work?

Answer 49

TCP ports are blocked — Firewalls or ACLs could prevent traffic on the required port (usually 80 for HTTP or 443 for HTTPS), even though ping works.