Question 1,056 of 1,819
Network Services and SecuritymediumMatchingObjective-mapped

Quick Answer

The answer is to match each troubleshooting observation to the most likely primary area to investigate first, with the correct pairing being that an inability to ping a remote server points to Layer 3 routing or firewall rules. This is correct because connectivity failures at the network layer—where routing decisions and access control lists operate—directly prevent ICMP echo requests from reaching a distant host, unlike issues with name resolution or address assignment. On the CCNA 200-301 v2 exam, this question tests your ability to isolate symptoms across DNS, DHCP, NTP, and Syslog, a common troubleshooting scenario where you must differentiate between a Layer 3 path problem and a service-specific failure. A frequent trap is confusing a failed ping with a DNS issue, but remember: if you can ping by IP but not by hostname, DNS is the culprit; if you cannot ping by IP at all, suspect routing or firewall blocks. Use the mnemonic “Ping IP, then name; if IP fails, blame the route and flame.”

CCNA Network Services and Security Practice Question

This 200-301 practice question tests your understanding of network services and security. The scenario asks you to isolate a root cause — eliminate options that address a different problem before choosing. A key principle to apply: dNS failure with working IP reachability indicates the need to investigate DNS server configuration and name resolution settings first.. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.

Match each troubleshooting observation to the most likely primary area to investigate first.

Clue words in this question

Noticing these words before you look at the options changes how you read each choice.

  • Clue: "first"

    Why it matters: Order matters here. You are being tested on which action comes before the others — not which action is generally useful.

  • Clue: "most likely"

    Why it matters: Probability qualifier — the question wants the most probable cause or outcome, not a guaranteed one. Eliminate low-probability options.

  • Clue: "primary"

    Why it matters: Asks for the main purpose or function, not a secondary benefit. Eliminate answers that describe side-effects or partial functions.

Question 1mediummatching
Full question →

Answer choices

Why each option matters

Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.

Correct answer & explanation

High CPU utilization on router: Routing protocol issues

When users can reach servers by IP but not by hostname, DNS resolution is failing. Hosts not receiving addresses automatically indicate DHCP server or relay issues. Device logs with mismatched timestamps point to NTP misconfiguration. If engineers cannot see centralized events, syslog forwarding or collector configuration is likely at fault.

Key principle: DNS failure with working IP reachability indicates the need to investigate DNS server configuration and name resolution settings first.

Answer analysis

Option-by-option breakdown

For each option: why learners choose it and why it is or isn't the right answer here.

  • High CPU utilization on router: Routing protocol issues

    Why this is correct

    High CPU utilization typically indicates that the control plane is overwhelmed, often due to excessive routing updates, SNMP polling, or a routing loop. This is the most likely primary area to investigate first because control plane issues directly affect CPU usage.

    Clue confirmation

    The clue words "first", "most likely", "primary" in the question point toward this answer.

    Related concept

    DNS failure with working IP reachability indicates the need to investigate DNS server configuration and name resolution settings first.

  • Intermittent connectivity on a single VLAN: Spanning Tree Protocol misconfiguration

    Why this is correct

    This is incorrect because packet loss on a link usually points to physical layer issues such as faulty cables, bad optics, or interface errors. While high CPU can cause packet loss, the primary investigation for packet loss should be the physical layer.

    Clue confirmation

    The clue words "first", "most likely", "primary" in the question point toward this answer.

    Related concept

    DNS failure with working IP reachability indicates the need to investigate DNS server configuration and name resolution settings first.

  • Slow file transfer between two sites: WAN bandwidth or latency

    Why this is correct

    This is incorrect because slow network performance is typically due to congestion or bandwidth issues, not directly a control plane problem. The primary investigation should focus on traffic patterns and QoS configurations.

    Clue confirmation

    The clue words "first", "most likely", "primary" in the question point toward this answer.

    Related concept

    DNS failure with working IP reachability indicates the need to investigate DNS server configuration and name resolution settings first.

  • Unable to ping a remote server: Layer 3 routing or firewall rules

    Why this is correct

    This is incorrect because intermittent connectivity is often caused by flapping interfaces or unstable routing, which may be due to physical issues or misconfigurations. While high CPU can contribute, it is not the most likely primary area.

    Clue confirmation

    The clue words "first", "most likely", "primary" in the question point toward this answer.

    Related concept

    DNS failure with working IP reachability indicates the need to investigate DNS server configuration and name resolution settings first.

Common exam traps

Common exam trap: answer the scenario, not the keyword

Candidates may confuse DHCP and DNS symptoms, or mistakenly suspect routing when reachability by IP works but hostname fails.

Detailed technical explanation

How to think about this question

IP services such as DNS, DHCP, NTP, and Syslog provide essential network functionality beyond basic IP routing and switching. DNS translates human-readable domain names into IP addresses, enabling hostname resolution. DHCP automates IP address assignment to hosts, reducing manual configuration errors. NTP synchronizes device clocks to ensure consistent timestamps across logs and events. Syslog collects and centralizes event messages from network devices for monitoring and troubleshooting. Each service operates at the application layer but depends on underlying IP connectivity. Troubleshooting these IP services requires understanding their distinct failure symptoms and the corresponding configuration or network areas to investigate first. For example, if name resolution fails despite IP connectivity, the primary focus should be DNS server reachability and configuration. If hosts do not receive IP addresses automatically, DHCP server availability, scopes, and relay agents must be checked. Inconsistent timestamps indicate NTP synchronization issues, often caused by unreachable or misconfigured NTP servers. Missing event visibility points to Syslog server configuration or network path problems. A common exam trap is to confuse IP service failures with lower-layer network issues such as routing, VLANs, or ACLs. While these can impact service reachability, the first-pass troubleshooting should isolate the IP service itself. For instance, DHCP failures are often due to server or relay misconfiguration rather than subnetting errors. Similarly, DNS failures usually stem from server or forwarding issues, not routing protocol problems. Understanding the distinct symptoms and their primary investigation areas aligns with Cisco’s operational troubleshooting methodology and improves exam success.

KKey Concepts to Remember

  • DNS failure with working IP reachability indicates the need to investigate DNS server configuration and name resolution settings first.
  • Lack of automatic IP address assignment suggests DHCP server availability and scope configuration should be the primary troubleshooting focus.
  • Inconsistent timestamps on devices point to NTP server synchronization issues and require checking NTP configuration and connectivity.
  • Missing event visibility in network monitoring typically means Syslog server configuration or network path to the Syslog server must be examined.
  • IP services troubleshooting requires isolating application-layer service issues before investigating underlying routing or switching problems.
  • Each IP service failure symptom maps to a specific service area, enabling targeted and efficient troubleshooting in Cisco networks.
  • Understanding the role and behavior of DNS, DHCP, NTP, and Syslog is critical for effective IP services troubleshooting in the CCNA context.
  • Misattributing IP service failures to routing or subnetting errors is a common mistake that wastes troubleshooting time and effort.

TExam Day Tips

  • Watch for words such as best, first, most likely and least administrative effort.
  • Review why wrong options are wrong, not only why the correct option is correct.

Key takeaway

DNS failure with working IP reachability indicates the need to investigate DNS server configuration and name resolution settings first.

Real-world example

How this comes up in practice

A help-desk technician troubleshoots why a newly connected PC cannot reach shared printers on the same floor. The cable is good, the switch port is active, but the PC is in VLAN 20 and the printers are in VLAN 10. The uplink trunk only allows VLAN 10. A trunk being up does not mean every VLAN crosses it.

What to study next

Got this wrong? Here's your next step.

Review dNS failure with working IP reachability indicates the need to investigate DNS server configuration and name resolution settings first., then practise related 200-301 questions on the same topic to reinforce the concept.

Related practice questions

Related 200-301 practice-question pages

Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.

Practice this exam

Start a free 200-301 practice session

Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.

FAQ

Questions learners often ask

What does this 200-301 question test?

Network Services and Security — This question tests Network Services and Security — DNS failure with working IP reachability indicates the need to investigate DNS server configuration and name resolution settings first..

What is the correct answer to this question?

The correct answer is: High CPU utilization on router: Routing protocol issues — When users can reach servers by IP but not by hostname, DNS resolution is failing. Hosts not receiving addresses automatically indicate DHCP server or relay issues. Device logs with mismatched timestamps point to NTP misconfiguration. If engineers cannot see centralized events, syslog forwarding or collector configuration is likely at fault.

What should I do if I get this 200-301 question wrong?

Review dNS failure with working IP reachability indicates the need to investigate DNS server configuration and name resolution settings first., then practise related 200-301 questions on the same topic to reinforce the concept.

Are there clue words in this question I should notice?

Yes — watch for: "first", "most likely", "primary". Order matters here. You are being tested on which action comes before the others — not which action is generally useful.

What is the key concept behind this question?

DNS failure with working IP reachability indicates the need to investigate DNS server configuration and name resolution settings first.

About these practice questions

Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →

How Courseiva writes practice questions · Editorial policy

Same concept, more angles

2 more ways this is tested on 200-301

These questions test the same concept from different angles. Work through them to make sure you can recognise it however the exam phrases it.

Variation 1. Match each symptom to the first service area most likely involved.

medium
  • A.Slow network performance: Network infrastructure
  • B.Application crashes: Application support
  • C.Cannot log in: Identity and access management
  • D.Data loss: Data protection and backup

Why A: Works by IP but not by hostname indicates that name resolution is failing, pointing to DNS. No automatic address on the host means DHCP is not providing an IP, so DHCP is the likely problem. Logs that do not line up in time suggest inconsistent clocks, which is a symptom of NTP failure. No centralized device event view means log messages are not being aggregated, which is the role of Syslog.

Variation 2. Match each observation to the service area it most strongly suggests first.

medium
  • A.High CPU utilization on a router
  • B.CRC errors on an interface
  • C.Authentication failures in logs
  • D.High latency on a link

Why A: The given observations directly map to network services: 'Application works by IP but not by name' indicates the host can reach the destination but cannot resolve its name to an IP address, pointing to a DNS issue. 'Host does not receive IP settings automatically' means the DHCP process failed, so the host cannot obtain an IP address automatically, implicating the DHCP service. 'Device logs show inconsistent timestamps' reveals that time synchronization is broken, which is the role of NTP. Finally, 'Operations team cannot review centralized event messages' suggests that logging messages are not being sent to a central server, indicating a problem with the syslog service.

Keep practising

More 200-301 practice questions

Last reviewed: May 17, 2026

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

This 200-301 practice question is part of Courseiva's free Cisco certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the 200-301 exam.