- A
High CPU utilization on router: Routing protocol issues
High CPU utilization typically indicates that the control plane is overwhelmed, often due to excessive routing updates, SNMP polling, or a routing loop. This is the most likely primary area to investigate first because control plane issues directly affect CPU usage.
- B
Intermittent connectivity on a single VLAN: Spanning Tree Protocol misconfiguration
This is incorrect because packet loss on a link usually points to physical layer issues such as faulty cables, bad optics, or interface errors. While high CPU can cause packet loss, the primary investigation for packet loss should be the physical layer.
- C
Slow file transfer between two sites: WAN bandwidth or latency
This is incorrect because slow network performance is typically due to congestion or bandwidth issues, not directly a control plane problem. The primary investigation should focus on traffic patterns and QoS configurations.
- D
Unable to ping a remote server: Layer 3 routing or firewall rules
This is incorrect because intermittent connectivity is often caused by flapping interfaces or unstable routing, which may be due to physical issues or misconfigurations. While high CPU can contribute, it is not the most likely primary area.
Quick Answer
The answer is to match each troubleshooting observation to the most likely primary area to investigate first, with the correct pairing being that an inability to ping a remote server points to Layer 3 routing or firewall rules. This is correct because connectivity failures at the network layer—where routing decisions and access control lists operate—directly prevent ICMP echo requests from reaching a distant host, unlike issues with name resolution or address assignment. On the CCNA 200-301 v2 exam, this question tests your ability to isolate symptoms across DNS, DHCP, NTP, and Syslog, a common troubleshooting scenario where you must differentiate between a Layer 3 path problem and a service-specific failure. A frequent trap is confusing a failed ping with a DNS issue, but remember: if you can ping by IP but not by hostname, DNS is the culprit; if you cannot ping by IP at all, suspect routing or firewall blocks. Use the mnemonic “Ping IP, then name; if IP fails, blame the route and flame.”
CCNA Network Services and Security Practice Question
This 200-301 practice question tests your understanding of network services and security. The scenario asks you to isolate a root cause — eliminate options that address a different problem before choosing. A key principle to apply: dNS failure with working IP reachability indicates the need to investigate DNS server configuration and name resolution settings first.. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.
Match each troubleshooting observation to the most likely primary area to investigate first.
Clue words in this question
Noticing these words before you look at the options changes how you read each choice.
Clue:
"first"Why it matters: Order matters here. You are being tested on which action comes before the others — not which action is generally useful.
Clue:
"most likely"Why it matters: Probability qualifier — the question wants the most probable cause or outcome, not a guaranteed one. Eliminate low-probability options.
Clue:
"primary"Why it matters: Asks for the main purpose or function, not a secondary benefit. Eliminate answers that describe side-effects or partial functions.
Answer choices
Why each option matters
Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.
Correct answer & explanation
High CPU utilization on router: Routing protocol issues
When users can reach servers by IP but not by hostname, DNS resolution is failing. Hosts not receiving addresses automatically indicate DHCP server or relay issues. Device logs with mismatched timestamps point to NTP misconfiguration. If engineers cannot see centralized events, syslog forwarding or collector configuration is likely at fault.
Key principle: DNS failure with working IP reachability indicates the need to investigate DNS server configuration and name resolution settings first.
Answer analysis
Option-by-option breakdown
For each option: why learners choose it and why it is or isn't the right answer here.
- ✓
High CPU utilization on router: Routing protocol issues
Why this is correct
High CPU utilization typically indicates that the control plane is overwhelmed, often due to excessive routing updates, SNMP polling, or a routing loop. This is the most likely primary area to investigate first because control plane issues directly affect CPU usage.
Clue confirmation
The clue words "first", "most likely", "primary" in the question point toward this answer.
Related concept
DNS failure with working IP reachability indicates the need to investigate DNS server configuration and name resolution settings first.
- ✓
Intermittent connectivity on a single VLAN: Spanning Tree Protocol misconfiguration
Why this is correct
This is incorrect because packet loss on a link usually points to physical layer issues such as faulty cables, bad optics, or interface errors. While high CPU can cause packet loss, the primary investigation for packet loss should be the physical layer.
Clue confirmation
The clue words "first", "most likely", "primary" in the question point toward this answer.
Related concept
DNS failure with working IP reachability indicates the need to investigate DNS server configuration and name resolution settings first.
- ✓
Slow file transfer between two sites: WAN bandwidth or latency
Why this is correct
This is incorrect because slow network performance is typically due to congestion or bandwidth issues, not directly a control plane problem. The primary investigation should focus on traffic patterns and QoS configurations.
Clue confirmation
The clue words "first", "most likely", "primary" in the question point toward this answer.
Related concept
DNS failure with working IP reachability indicates the need to investigate DNS server configuration and name resolution settings first.
- ✓
Unable to ping a remote server: Layer 3 routing or firewall rules
Why this is correct
This is incorrect because intermittent connectivity is often caused by flapping interfaces or unstable routing, which may be due to physical issues or misconfigurations. While high CPU can contribute, it is not the most likely primary area.
Clue confirmation
The clue words "first", "most likely", "primary" in the question point toward this answer.
Related concept
DNS failure with working IP reachability indicates the need to investigate DNS server configuration and name resolution settings first.
Common exam traps
Common exam trap: answer the scenario, not the keyword
Candidates may confuse DHCP and DNS symptoms, or mistakenly suspect routing when reachability by IP works but hostname fails.
Detailed technical explanation
How to think about this question
IP services such as DNS, DHCP, NTP, and Syslog provide essential network functionality beyond basic IP routing and switching. DNS translates human-readable domain names into IP addresses, enabling hostname resolution. DHCP automates IP address assignment to hosts, reducing manual configuration errors. NTP synchronizes device clocks to ensure consistent timestamps across logs and events. Syslog collects and centralizes event messages from network devices for monitoring and troubleshooting. Each service operates at the application layer but depends on underlying IP connectivity. Troubleshooting these IP services requires understanding their distinct failure symptoms and the corresponding configuration or network areas to investigate first. For example, if name resolution fails despite IP connectivity, the primary focus should be DNS server reachability and configuration. If hosts do not receive IP addresses automatically, DHCP server availability, scopes, and relay agents must be checked. Inconsistent timestamps indicate NTP synchronization issues, often caused by unreachable or misconfigured NTP servers. Missing event visibility points to Syslog server configuration or network path problems. A common exam trap is to confuse IP service failures with lower-layer network issues such as routing, VLANs, or ACLs. While these can impact service reachability, the first-pass troubleshooting should isolate the IP service itself. For instance, DHCP failures are often due to server or relay misconfiguration rather than subnetting errors. Similarly, DNS failures usually stem from server or forwarding issues, not routing protocol problems. Understanding the distinct symptoms and their primary investigation areas aligns with Cisco’s operational troubleshooting methodology and improves exam success.
KKey Concepts to Remember
- DNS failure with working IP reachability indicates the need to investigate DNS server configuration and name resolution settings first.
- Lack of automatic IP address assignment suggests DHCP server availability and scope configuration should be the primary troubleshooting focus.
- Inconsistent timestamps on devices point to NTP server synchronization issues and require checking NTP configuration and connectivity.
- Missing event visibility in network monitoring typically means Syslog server configuration or network path to the Syslog server must be examined.
- IP services troubleshooting requires isolating application-layer service issues before investigating underlying routing or switching problems.
- Each IP service failure symptom maps to a specific service area, enabling targeted and efficient troubleshooting in Cisco networks.
- Understanding the role and behavior of DNS, DHCP, NTP, and Syslog is critical for effective IP services troubleshooting in the CCNA context.
- Misattributing IP service failures to routing or subnetting errors is a common mistake that wastes troubleshooting time and effort.
TExam Day Tips
- Watch for words such as best, first, most likely and least administrative effort.
- Review why wrong options are wrong, not only why the correct option is correct.
Key takeaway
DNS failure with working IP reachability indicates the need to investigate DNS server configuration and name resolution settings first.
Real-world example
How this comes up in practice
A help-desk technician troubleshoots why a newly connected PC cannot reach shared printers on the same floor. The cable is good, the switch port is active, but the PC is in VLAN 20 and the printers are in VLAN 10. The uplink trunk only allows VLAN 10. A trunk being up does not mean every VLAN crosses it.
What to study next
Got this wrong? Here's your next step.
Review dNS failure with working IP reachability indicates the need to investigate DNS server configuration and name resolution settings first., then practise related 200-301 questions on the same topic to reinforce the concept.
- →
Network Services and Security — study guide chapter
Learn the concepts, then practise the questions
- →
Network Services and Security practice questions
Targeted practice on this topic area only
- →
All 200-301 questions
1,819 questions across all exam domains
- →
CCNA 200-301 v2 study guide
Full concept coverage aligned to exam objectives
- →
200-301 practice test guide
How to use practice tests most effectively before exam day
Related practice questions
Related 200-301 practice-question pages
Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.
Network Infrastructure and Connectivity practice questions
Practise 200-301 questions linked to Network Infrastructure and Connectivity.
Switching and Network Access practice questions
Practise 200-301 questions linked to Switching and Network Access.
IP Routing practice questions
Practise 200-301 questions linked to IP Routing.
Network Services and Security practice questions
Practise 200-301 questions linked to Network Services and Security.
AI and Network Operations practice questions
Practise 200-301 questions linked to AI and Network Operations.
CCNA subnetting practice questions
Practise IPv4 subnetting, CIDR, masks, host ranges and subnet selection.
CCNA OSPF practice questions
Practise OSPF neighbours, router IDs, metrics, areas and routing-table interpretation.
CCNA VLAN practice questions
Practise VLANs, access ports, trunks, allowed VLANs and switching scenarios.
CCNA STP practice questions
Practise spanning tree, root bridge election, port roles and STP troubleshooting.
CCNA EtherChannel practice questions
Practise LACP, PAgP, port-channel behaviour and bundle requirements.
CCNA ACL practice questions
Practise standard and extended ACLs, permit/deny logic and traffic filtering.
CCNA NAT practice questions
Practise static NAT, dynamic NAT, PAT and inside/outside address translation.
Practice this exam
Start a free 200-301 practice session
Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.
FAQ
Questions learners often ask
What does this 200-301 question test?
Network Services and Security — This question tests Network Services and Security — DNS failure with working IP reachability indicates the need to investigate DNS server configuration and name resolution settings first..
What is the correct answer to this question?
The correct answer is: High CPU utilization on router: Routing protocol issues — When users can reach servers by IP but not by hostname, DNS resolution is failing. Hosts not receiving addresses automatically indicate DHCP server or relay issues. Device logs with mismatched timestamps point to NTP misconfiguration. If engineers cannot see centralized events, syslog forwarding or collector configuration is likely at fault.
What should I do if I get this 200-301 question wrong?
Review dNS failure with working IP reachability indicates the need to investigate DNS server configuration and name resolution settings first., then practise related 200-301 questions on the same topic to reinforce the concept.
Are there clue words in this question I should notice?
Yes — watch for: "first", "most likely", "primary". Order matters here. You are being tested on which action comes before the others — not which action is generally useful.
What is the key concept behind this question?
DNS failure with working IP reachability indicates the need to investigate DNS server configuration and name resolution settings first.
About these practice questions
Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →
Same concept, more angles
2 more ways this is tested on 200-301
These questions test the same concept from different angles. Work through them to make sure you can recognise it however the exam phrases it.
Variation 1. Match each symptom to the first service area most likely involved.
medium- ✓ A.Slow network performance: Network infrastructure
- ✓ B.Application crashes: Application support
- ✓ C.Cannot log in: Identity and access management
- ✓ D.Data loss: Data protection and backup
Why A: Works by IP but not by hostname indicates that name resolution is failing, pointing to DNS. No automatic address on the host means DHCP is not providing an IP, so DHCP is the likely problem. Logs that do not line up in time suggest inconsistent clocks, which is a symptom of NTP failure. No centralized device event view means log messages are not being aggregated, which is the role of Syslog.
Variation 2. Match each observation to the service area it most strongly suggests first.
medium- ✓ A.High CPU utilization on a router
- B.CRC errors on an interface
- C.Authentication failures in logs
- D.High latency on a link
Why A: The given observations directly map to network services: 'Application works by IP but not by name' indicates the host can reach the destination but cannot resolve its name to an IP address, pointing to a DNS issue. 'Host does not receive IP settings automatically' means the DHCP process failed, so the host cannot obtain an IP address automatically, implicating the DHCP service. 'Device logs show inconsistent timestamps' reveals that time synchronization is broken, which is the role of NTP. Finally, 'Operations team cannot review centralized event messages' suggests that logging messages are not being sent to a central server, indicating a problem with the syslog service.
Keep practising
More 200-301 practice questions
- A switchport connected to another switch should carry multiple VLANs, but it was manually configured as an access port.…
- What problem is HSRP designed to solve?
- Which TWO statements correctly describe the causes or implications of CRC errors, runts, giants, or output errors as see…
- You are connected to R1. Configure IPv4 and IPv6 addressing on R1's interfaces and verify reachability to R2. The curren…
- Which TWO statements accurately describe how AI/ML concepts are applied to network operations in modern enterprise netwo…
- Which TWO switch port configurations are required when connecting a Cisco IP phone and a desktop PC to a single access p…
Last reviewed: May 17, 2026
This 200-301 practice question is part of Courseiva's free Cisco certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the 200-301 exam.
Question Discussion
Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.
Sign in to join the discussion.