CCNA Troubleshooting Questions

24 of 99 questions · Page 2/2 · Troubleshooting topic · Answers revealed

76
Multi-Selectmedium

A cloud administrator is troubleshooting a virtual machine that is experiencing high CPU utilization during peak hours. The VM runs a web application and is hosted on a public cloud platform. Which TWO steps should the administrator take first to diagnose the issue?

Select 2 answers
A.Adjust the autoscaling policy to add more instances immediately.
B.Check for memory leaks in the application that could indirectly affect CPU.
C.Review the load balancer health check and traffic distribution settings for the backend pool.
D.Identify the process consuming the most CPU using the OS performance monitoring tools.
E.Immediately increase the number of vCPUs assigned to the VM.
AnswersC, D

Improper load balancer configuration can direct excessive traffic to this VM, causing high CPU.

Why this answer

Option C is correct because reviewing the load balancer health check and traffic distribution settings helps determine if the high CPU utilization is caused by uneven traffic distribution or unhealthy backend instances. If the load balancer is sending excessive traffic to a single VM due to misconfigured health checks or sticky sessions, the VM's CPU will spike. This is a first-step diagnostic action to rule out load balancing issues before investigating the VM itself.

Exam trap

The trap here is that candidates often jump to scaling actions (like adding vCPUs or instances) as a first step, but the exam emphasizes systematic troubleshooting—starting with load balancer and OS-level diagnostics before making changes.

77
MCQhard

A cloud technician is troubleshooting connectivity from a VM with IP 10.0.0.1 to another VM at 10.0.1.10 in a different subnet. The ping output shows 'Destination Host Unreachable'. Which of the following is the most likely cause?

A.ARP resolution for the destination IP is failing
B.The network interface on the source VM is disabled
C.A firewall is blocking ICMP on the destination
D.The source's default gateway does not have a route to the destination network
AnswerD

The gateway (10.0.0.1) sends 'Destination Host Unreachable' when it has no route to the destination.

Why this answer

The 'Destination Host Unreachable' error indicates that the source VM (10.0.0.1) cannot find a path to the destination subnet (10.0.1.0/24). Since the VMs are in different subnets, the source must send traffic to its default gateway. If that gateway lacks a route to 10.0.1.0/24, it will drop the packet and send an ICMP Destination Unreachable message back, causing the observed error.

This is the most likely cause because the issue is at Layer 3 routing, not Layer 2 ARP or local interface problems.

Exam trap

CompTIA often tests the distinction between 'Destination Host Unreachable' (Layer 3 routing failure) and 'Request Timed Out' (Layer 4 or firewall blocking), tricking candidates into blaming ARP or firewalls when the real issue is a missing route on the gateway.

How to eliminate wrong answers

Option A is wrong because ARP resolution for the destination IP would only be attempted if the destination were on the same subnet; since 10.0.0.1 and 10.0.1.10 are in different subnets, the source VM will ARP for its default gateway, not the destination. Option B is wrong because if the network interface on the source VM were disabled, the ping would typically fail with a 'Network is unreachable' or 'No route to host' error, not 'Destination Host Unreachable', and the interface state would be visible in the VM's configuration. Option C is wrong because a firewall blocking ICMP on the destination would cause a timeout (no response) or 'Request timed out', not an immediate 'Destination Host Unreachable' message, which is generated by an intermediate router.

78
MCQeasy

A cloud administrator is troubleshooting a performance issue where users report slow access to a web application hosted in a public cloud. The application uses an auto-scaling group of web servers behind a load balancer. The administrator notices that the CPU utilization on the web servers is low, but the load balancer metrics show a high number of pending requests. What is the most likely cause?

A.The web servers are throttled by the cloud provider's API rate limiting.
B.The DNS records point to an incorrect IP address.
C.The security group is blocking inbound traffic on port 80.
D.The load balancer health checks are misconfigured, causing healthy instances to be removed.
AnswerD

Misconfigured health checks can cause the load balancer to stop sending traffic to healthy instances, leading to pending requests.

Why this answer

Option A is correct because misconfigured health checks can cause the load balancer to stop sending traffic to healthy instances, leading to pending requests. Option B is wrong because API rate limiting affects API calls, not web traffic. Option C is wrong because DNS would cause total inaccessibility, not just slowness.

Option D is wrong because blocking port 80 would cause connection failures, not pending requests.

79
MCQhard

A company is deploying a critical application in the cloud and needs to ensure that it can automatically recover from an intent—a failure of an entire cloud provider region. Which of the following architectures should be implemented?

A.Active-passive deployment across two regions with DNS-based failover
B.Active-passive deployment across multiple availability zones in the same region
C.Single-region deployment with auto-scaling groups
D.Active-active deployment across multiple availability zones in the same region
AnswerA

Cross-region failover provides disaster recovery if a region fails.

Why this answer

Option C is correct because an active-passive cross-region deployment with DNS failover provides disaster recovery. Option A is wrong because active-active in one region does not cover region failure. Option B is wrong because multi-AZ within one region does not cover region failure.

Option D is wrong because a single region with auto-scaling does not survive region failure.

80
MCQhard

After deploying a new application version, users get 503 errors. The application runs on Kubernetes in a private cloud. What is the most likely cause?

A.Application health check failing
B.Incorrect ingress configuration
C.Insufficient pod resources
D.Node port exhaustion
AnswerA

Health check failures cause pods to be removed from service, resulting in 503.

Why this answer

Option C is correct because 503 errors often indicate the application is not responding to health checks, causing the load balancer to remove pods from service. Option A is wrong because insufficient resources would cause OOM or CPU throttling, not necessarily 503. Option B is wrong because incorrect ingress would cause 404 or connection timeouts.

Option D is wrong because node port exhaustion is rare and would cause connection refused.

81
MCQhard

A hybrid cloud setup uses a site-to-site VPN between on-premises and a public cloud. Users report intermittent connectivity failures. Traceroutes show packets dropping after a specific hop. What is the most likely cause?

A.The routing tables on the cloud side are missing routes for the on-premises network.
B.The VPN tunnel is misconfigured with incorrect pre-shared keys.
C.The VPN gateway is overloaded due to too many tunnels.
D.The MTU setting on the VPN endpoint is too low, causing packet fragmentation.
AnswerD

Low MTU can cause packets to be dropped if DF flag is set.

Why this answer

Option C is correct because MTU mismatch can cause fragmentation issues leading to drops. Option A is incorrect because the VPN tunnel itself is up. Option B is incorrect as routing appears correct.

Option D is incorrect because authentication failures would drop the tunnel, not cause intermittent drops.

82
MCQeasy

A cloud administrator is responsible for a multi-tier application hosted in a public cloud. The application consists of a web tier, application tier, and database tier. Recently, users have reported that the application is responding slowly during peak hours. The administrator checks the cloud monitoring dashboard and notices that the web tier instances are running at 90% CPU utilization, but the auto-scaling group has not triggered any scaling events. The scaling policy is set to scale out when average CPU exceeds 80% for 5 minutes. What should the administrator do to resolve this issue?

A.Manually increase the number of web tier instances
B.Increase the CPU threshold to 95% to avoid unnecessary scaling
C.Review the cooldown period settings of the auto-scaling group
D.Check the health check configuration of the load balancer
AnswerC

A long cooldown period can delay scaling even when the threshold is breached.

Why this answer

Option B is correct because a cooldown period that is too long can prevent new instances from being added even if the threshold is exceeded. Option A is wrong because manual scaling is a temporary fix, not addressing the root cause. Option C is wrong because health checks don't affect scaling triggers.

Option D is wrong because raising the threshold would worsen the issue.

83
MCQmedium

A cloud administrator is troubleshooting connectivity to a virtual machine with IP address 10.10.10.10 from another VM on the same subnet. The output of ping and traceroute commands is shown. What is the most likely cause of the connectivity issue?

A.The destination VM's network interface is disabled.
B.The destination VM is powered off.
C.The source VM's routing table does not have a default gateway.
D.The destination VM's security group is blocking ICMP.
AnswerA

If the network interface is disabled, the VM will not respond to ARP requests, causing the gateway to return 'Destination Host Unreachable'.

Why this answer

The correct answer is A because a disabled network interface on the destination VM would cause the VM to be unreachable from the same subnet, even though the VM itself is powered on. Ping and traceroute would fail with no response, as the NIC is not operational at Layer 2, preventing ARP resolution and frame delivery. This matches the symptom of no connectivity despite being on the same subnet, where routing and security groups are not factors.

Exam trap

The trap here is that candidates often assume a powered-off VM is the cause, but the question specifies the VM is on the same subnet and the output shows no response at all, which points to a Layer 2 issue (disabled NIC) rather than a Layer 3 or higher issue like security groups or routing.

How to eliminate wrong answers

Option B is wrong because if the destination VM were powered off, the hypervisor would not respond to ARP requests, but the question states the VM is on the same subnet and the issue is connectivity from another VM; a powered-off VM would also show no response, but the specific symptom of a disabled NIC is more precise and matches the output of ping/traceroute failing without any ICMP unreachable messages. Option C is wrong because a default gateway is only needed for traffic destined outside the local subnet; since both VMs are on the same subnet, the source VM can communicate directly via ARP and does not require a default gateway. Option D is wrong because a security group blocking ICMP would typically result in no ping reply but the traceroute might show intermediate hops or the destination host responding with ICMP unreachable; however, on the same subnet, a security group would not prevent ARP resolution or Layer 2 communication, and the question's output shows no response at all, which is inconsistent with a security group blocking ICMP (which would still allow ARP and possibly TCP/UDP).

84
Multi-Selectmedium

Which TWO steps should an administrator take to troubleshoot a cloud VM that fails to boot?

Select 2 answers
A.Check the VM's console logs for error messages.
B.Verify the root disk is attached.
C.Check the boot order configuration.
D.Reboot the hypervisor host.
E.Delete and recreate the VM instantly.
AnswersA, C

Console logs show kernel panics or boot issues.

Why this answer

Options A and E are correct. Console logs provide boot errors, and checking boot order ensures correct device. B is incorrect because rebooting the hypervisor affects multiple VMs.

C is incorrect if disk is attached but boot fails. D is too aggressive and data loss risk.

85
MCQhard

A cloud engineer is troubleshooting a storage performance issue. The storage is backed by a SAN with a mix of SSD and HDD drives. Which of the following metrics would BEST indicate that the storage subsystem is the bottleneck?

A.Low memory usage on the hypervisor
B.High network utilization on storage network links
C.High disk queue depth and latency
D.High CPU utilization on all application servers
AnswerC

Queue depth over 2-3 per disk with high latency indicates storage bottleneck.

Why this answer

Option A is correct because high queue depth indicates many I/O requests waiting, which is a sign of storage bottleneck. Option B is wrong because high CPU on hosts does not directly implicate storage. Option C is wrong because high network utilization could be from storage traffic, but queue depth is more direct.

Option D is wrong because memory usage is not directly related to storage performance.

86
MCQhard

A cloud orchestration template fails to deploy resources with the error 'Resource limit exceeded'. The administrator has enough quota for all services. What is the most likely cause?

A.The template has a syntax error in the JSON.
B.A specific resource type has reached its service limit.
C.The custom image used is corrupted.
D.The IAM role used does not have permission to create resources.
AnswerB

Service limits are per-resource and can be lower than account quota.

Why this answer

Option A is correct because some resources have their own limits separate from account quota. Option B is incorrect as permissions would cause a different error. Option C is incorrect because template syntax errors occur early.

Option D is incorrect because image corruption would show a different error.

87
MCQmedium

A cloud administrator manages a web application that uses an auto scaling group (ASG) with a minimum of 2 and maximum of 10 instances. The CPU utilization for the ASG averages 40%. However, during peak hours, users experience intermittent timeouts. The administrator reviews the scaling policy, which is set to scale out when CPU exceeds 70% for 5 minutes. What is the most likely cause of the timeouts?

A.The maximum number of instances is too low.
B.The health checks are marking healthy instances as unhealthy.
C.The CPU threshold is too low, causing premature scaling.
D.The scale-out cooldown period is too long, delaying the addition of new instances.
AnswerD

A long cooldown delays scaling during rapid spikes, leading to timeouts.

Why this answer

Option A is correct because during spikes, if the cooldown is long, the ASG may not add instances quickly enough, causing timeouts even though average CPU is 40%. Option B is wrong because threshold is 70%, not low. Option C is wrong because max is 10 and only 2 instances might be running if not scaled.

Option D is wrong because that would cause instance replacement but not necessarily timeouts.

88
MCQmedium

Refer to the exhibit. An administrator is unable to SSH into a cloud server with IP 10.0.1.10 from a remote location (outside the 10.0.0.0/16 network). What is the most likely cause?

A.The firewall rule order is incorrect
B.The firewall is dropping all packets on port 22
C.The SSH host key has changed
D.The SSH service is not running
AnswerA

The drop rule appears before the allow rule, so external traffic is dropped before reaching the allow rule.

Why this answer

Option D is correct because firewall rules are evaluated in order; the first rule drops all SSH traffic from any source, then the second only permits internal traffic. Option A is wrong because the error is not about the SSH service. Option B is wrong because the second rule shows some packets accepted.

Option C is wrong because host key issues would cause a different error.

89
MCQhard

An organization's hybrid cloud environment uses a VPN connection between on-premises and the cloud. Intermittent connectivity drops are reported during peak hours. The VPN logs show rekeying failures. Which configuration is most likely the cause?

A.The VPN tunnel is using a pre-shared key that has expired
B.The IPSec dead peer detection interval is set too high
C.The VPN gateway throughput is exceeded
D.The on-premises firewall is blocking IKE packets
AnswerB

A high DPD interval delays detection of unresponsive peers, causing rekeying failures during high traffic.

Why this answer

Option B is correct because a dead peer detection (DPD) interval set too high delays detection of lost peers, causing rekeying failures under load. Option A is wrong because pre-shared keys don't expire. Option C is wrong because throughput exceeded would show packet loss or high latency, not rekeying failures.

Option D is wrong because blocking IKE packets would prevent the VPN from establishing at all.

90
MCQhard

A company uses a cloud provider's IAM service to manage access. An administrator creates a new IAM role for an application running on an EC2 instance to access an S3 bucket. The application is unable to read objects from the bucket, even though the role has an attached policy that allows s3:GetObject on the bucket. The administrator verifies that the instance is correctly associated with the role. What is the most likely cause?

A.The S3 bucket policy denies access to the role.
B.The role's trust policy does not allow the EC2 service to assume the role.
C.The role's permissions policy has a condition key that restricts access to a specific IP range.
D.The instance's security group is blocking outbound traffic to S3.
AnswerC

A condition like ipAddress could limit access to allowed IPs, and the instance's IP may not be included.

Why this answer

Option D is correct because a condition (e.g., ipAddress) could restrict access if the instance's IP is not in the allowed range. Option A is wrong but plausible; bucket policy could deny, but the stem doesn't indicate that. Option B is wrong because if the trust policy were wrong, the instance wouldn't get the role credentials.

Option C is wrong because S3 uses HTTPS, and security groups outbound all is default.

91
Multi-Selectmedium

A company's application is unable to connect to a managed cloud database. The database is deployed in a VPC with public accessibility disabled. The application runs on an EC2 instance in the same VPC. Which three troubleshooting steps should the administrator take? (Choose three.)

Select 3 answers
A.Ensure the VPC has an internet gateway attached.
B.Check the network ACL associated with the database subnet for appropriate rules.
C.Verify that the database endpoint is correctly configured in the application.
D.Verify that the EC2 instance has a public IP address.
E.Check the security group for the database to ensure it allows inbound traffic from the EC2 instance's security group.
AnswersB, C, E

Network ACLs are stateless and can block traffic if rules are not correctly configured.

Why this answer

Options B, C, and E are correct. Option A is wrong because a public IP is not needed for same VPC communication. Option D is wrong because an internet gateway is not needed for internal traffic.

B checks security group inbound, C verifies the endpoint configuration, and E checks network ACLs.

92
MCQmedium

A company recently migrated an application to the cloud. The application uses a load balancer in front of multiple EC2 instances. After the migration, users report that they occasionally receive 'Connection refused' errors. The administrator checks the load balancer health check logs and finds that some instances are marked unhealthy intermittently. The application's health check endpoint returns HTTP 200 when tested manually from the admin's workstation. What is the most likely cause?

A.The health check interval is too short
B.Security group rules blocking the load balancer health checks
C.The instances are running out of memory
D.The application is not binding to the correct IP address
AnswerB

If the security group blocks health check traffic, the load balancer may intermittently mark instances unhealthy.

Why this answer

Option A is correct because if the security group does not allow traffic from the load balancer's health check source, the health checks will fail intermittently. Option B is wrong because a short interval would not cause intermittent failures; it would cause constant failures. Option C is wrong because the application binding to an incorrect IP would cause constant failures, not intermittent.

Option D is wrong because memory exhaustion would cause overall application failure, not just health checks.

93
Multi-Selecthard

A cloud administrator is troubleshooting a performance issue where a web application is responding slowly. The application runs on virtual machines in a private cloud. The administrator has verified that CPU and memory utilization are within normal limits. Which TWO additional metrics should the administrator check to diagnose the issue?

Select 2 answers
A.Number of running processes
B.Network latency between the application and database servers
C.Disk I/O wait time on the hypervisor
D.Virtual machine snapshot size
E.Hypervisor version
AnswersB, C

High network latency can cause slow response times even if CPU and memory are fine, as the application waits for database queries.

Why this answer

Network latency between the application and database servers is a critical metric because slow database queries or network congestion can cause the web application to respond slowly even when CPU and memory on the VMs are normal. High latency increases round-trip time for SQL queries, directly impacting page load times. Disk I/O wait time on the hypervisor is also essential because excessive I/O wait indicates storage contention, which can throttle read/write operations for the VMs, leading to application sluggishness.

Exam trap

CompTIA often tests the distinction between VM-level metrics (CPU/memory) and infrastructure-level metrics (network/storage), trapping candidates who overlook that application performance can degrade due to external dependencies even when the VM itself appears healthy.

94
MCQhard

The exhibit shows VPC flow log entries for an EC2 instance (eni-12345678). The administrator is troubleshooting a connectivity problem where an application on 10.0.1.5 occasionally cannot connect to a web server at 10.0.2.10 on port 80. What action should the administrator take?

A.Increase the MTU on the instance to 9001.
B.Add a security group rule allowing inbound TCP/80 from 10.0.1.5.
C.Add a network ACL rule allowing inbound TCP/80 from 10.0.1.5 to the subnet of 10.0.2.10.
D.Add a route to the VPC route table for 10.0.1.5.
AnswerC

NACLs are stateless and require explicit inbound rules; the REJECT indicates a NACL block.

Why this answer

Option B is correct because the REJECT entry indicates that traffic is being blocked by a stateless firewall (NACL) because security groups are stateful and would not generate REJECT at network level. The REJECT is from a NACL. Adding an inbound allow rule in NACL for the target subnet would fix it.

Option A is wrong because security groups are stateful and allow return traffic; the initial connection may be allowed but not specified; but flow logs show REJECT which is typical from NACL. Option C is wrong because routes are for routing, not filtering. Option D is wrong because MTU doesn't cause reject.

95
MCQhard

A company uses a hybrid cloud model with an AWS Direct Connect connection to its on-premises network. Users report intermittent connectivity to cloud resources. A network engineer finds packet loss on the Direct Connect virtual interface. Which of the following should be checked FIRST to resolve the issue?

A.The physical port status of the Direct Connect router
B.The MTU setting on the on-premises firewall
C.The BGP session status between the on-premises router and the AWS Direct Connect endpoint
D.The VPN tunnel status for the Direct Connect link
AnswerC

BGP flapping can cause intermittent packet loss and connectivity issues.

Why this answer

Intermittent packet loss on a Direct Connect virtual interface is most commonly caused by BGP session flapping or misconfiguration, as BGP is the routing protocol that establishes and maintains connectivity between the on-premises router and the AWS Direct Connect endpoint. Checking the BGP session status first allows the engineer to quickly identify if the issue is due to route advertisement problems, hold timer mismatches, or session resets, which are frequent root causes of intermittent packet loss.

Exam trap

The trap here is that candidates often confuse Direct Connect with VPN-based connections and assume a VPN tunnel is involved, leading them to check VPN status (Option D) instead of the BGP session that actually governs the virtual interface routing.

How to eliminate wrong answers

Option A is wrong because the physical port status of the Direct Connect router would show a hard failure (e.g., link down) rather than intermittent packet loss; intermittent issues are rarely caused by physical port problems unless there is a duplex mismatch or cable fault, but these are less likely to be the first check. Option B is wrong because MTU settings on the on-premises firewall typically cause fragmentation or black-hole issues for large packets, not intermittent packet loss across all traffic; MTU mismatches usually result in consistent packet drops for packets exceeding the MTU, not sporadic loss. Option D is wrong because Direct Connect does not use a VPN tunnel; it is a dedicated physical connection, and VPN tunnels are used for AWS Site-to-Site VPN, not Direct Connect virtual interfaces.

96
MCQmedium

An organization has a site-to-site VPN connection between its on-premises network and a cloud VPC. Users report intermittent connectivity to applications hosted in the cloud. The administrator checks the VPN tunnel status and sees it is up. However, ping tests from on-premises to a cloud instance fail at random times. Which factor should the administrator investigate first?

A.The on-premises firewall is blocking outbound ICMP.
B.The security group on the cloud instance is blocking ICMP.
C.The routing tables on the cloud VPC are missing routes for the on-premises network.
D.The VPN tunnel is experiencing packet loss due to a mismatch in the IPSec parameters.
AnswerD

Mismatched IPSec parameters can cause intermittent connectivity despite the tunnel appearing up.

Why this answer

Option C is correct because intermittent connectivity despite tunnel being up suggests packet loss or misconfiguration in IPSec (e.g., mismatched phase 2 parameters). Option A is wrong because routes would cause complete failure. Option B is wrong but could cause failure; however, it's intermittent.

Option D is wrong because it would cause consistent failure.

97
MCQeasy

A company hosts a critical application on a single virtual machine in a public cloud. The virtual machine has been running without issues for months. Recently, the application became unresponsive, and users report a '500 Internal Server Error'. The cloud administrator checks the virtual machine's status and finds it is 'Running'. The administrator can successfully ping the virtual machine's public IP address. The administrator then attempts to SSH into the virtual machine but receives 'Connection timed out'. The virtual machine's security group allows SSH (port 22) from the administrator's IP address. The operating system firewall is enabled and configured to allow SSH. What should the administrator do next to troubleshoot the issue?

A.Use a serial console or out-of-band management to access the virtual machine's console.
B.Reset the virtual machine from the cloud provider's management console.
C.Create a new virtual machine and migrate the application.
D.Check the application logs from the cloud provider's monitoring service.
AnswerA

Serial console access bypasses the network stack and allows the administrator to log in and check the SSH service status or firewall rules.

Why this answer

The administrator can ping the VM (ICMP works) but SSH (TCP/22) times out, indicating the application is running but the SSH service or network stack is not responding to new connections. Since the cloud security group and OS firewall are correctly configured, the issue is likely at the OS level (e.g., SSH daemon crashed, kernel panic, or network service hung). Using a serial console or out-of-band management (e.g., AWS EC2 Serial Console, Azure Serial Console) provides direct, network-independent access to the VM's console, bypassing the broken network stack to diagnose and fix the OS-level problem.

Exam trap

CompTIA often tests the distinction between ICMP reachability (ping) and TCP service availability (SSH), and the trap here is that candidates assume a 'Running' status and successful ping mean the OS is fully functional, overlooking that the network stack or SSH daemon can be broken while the VM appears healthy from the hypervisor's perspective.

How to eliminate wrong answers

Option B is wrong because resetting the VM (power cycle) might temporarily fix the symptom but does not diagnose the root cause, and could cause data loss or downtime without understanding why SSH failed. Option C is wrong because creating a new VM and migrating the application is a drastic, time-consuming recovery action that should only be taken after exhausting troubleshooting steps; it does not help identify the current issue. Option D is wrong because the cloud provider's monitoring service (e.g., CloudWatch, Azure Monitor) typically collects metrics and logs from the guest OS via an agent, but if the OS is unresponsive or the network stack is broken, those logs may not be accessible or up-to-date; the immediate need is to access the console, not check stale logs.

98
MCQeasy

A cloud administrator cannot deploy a new VM from a custom image. The deployment fails with an error stating 'Incompatible hypervisor version'. What is the most likely cause?

A.The image was created on a newer hypervisor than the current host.
B.The VM's virtual hardware version is too old.
C.The image file is corrupt.
D.The storage backend does not support the image format.
AnswerA

Hypervisor backward compatibility may not extend to previous versions.

Why this answer

Option D is correct because the image was created on a different hypervisor version. Option A is incorrect because the image file exists. Option B is incorrect as compatibility is about hypervisor, not driver.

Option C is incorrect because storage is separate.

99
Multi-Selecthard

An organization is migrating workloads to the cloud and after migration, users complain about slow application response times. The administrator reviews the cloud provider's dashboard and sees no resource bottlenecks. Which three factors could still cause poor performance? (Choose three.)

Select 3 answers
A.The application is not optimized for the cloud infrastructure
B.DNS resolution delays due to on-premises DNS server
C.High latency between the cloud region and the users' location
D.Insufficient number of CPU cores in the VM
E.TCP window scaling mismatch
AnswersB, C, E

Slow DNS resolution increases latency without taxing cloud resources.

Why this answer

Correct options are A, B, and D. Option A is correct because DNS delays can increase response times without showing as resource usage. Option B is correct because TCP window scaling mismatch can degrade network throughput transparently.

Option D is correct because geographic latency is not a resource bottleneck. Option C is wrong because insufficient CPU cores would appear as a CPU bottleneck on the dashboard. Option E is wrong because application optimization issues would typically manifest as high resource usage.

← PreviousPage 2 of 2 · 99 questions total

Ready to test yourself?

Try a timed practice session using only Troubleshooting questions.