CCNA Troubleshooting Questions

21 of 96 questions · Page 2/2 · Troubleshooting · Answers revealed

76
MCQeasy

A user reports that they cannot reach a remote server by hostname but can reach it by IP address. Which file should be checked first for possible misconfiguration?

A./etc/nsswitch.conf
B./etc/hosts
C./etc/resolv.conf
D./etc/sysconfig/network
AnswerC

This file contains DNS server and search domain settings.

Why this answer

Option C is correct because the /etc/resolv.conf file configures the system's DNS resolver, specifying the nameservers to query for hostname-to-IP resolution. Since the user can reach the remote server by IP but not by hostname, the issue is likely with DNS resolution, and /etc/resolv.conf is the first file to check for misconfigured or missing nameserver entries.

Exam trap

The trap here is that candidates often confuse /etc/hosts with DNS resolution, thinking a missing static entry is the cause, when the real issue is the absence or misconfiguration of DNS servers in /etc/resolv.conf.

How to eliminate wrong answers

Option A is wrong because /etc/nsswitch.conf controls the order of name service lookups (e.g., files, dns, mdns), but it does not contain DNS server addresses; a misconfiguration here would affect the lookup order, not the ability to resolve hostnames entirely if DNS servers are correct. Option B is wrong because /etc/hosts provides static hostname-to-IP mappings; if the remote server's hostname were listed there with a wrong IP, the user might reach the wrong server, but since they cannot reach it by hostname at all, the issue is not a static mapping. Option D is wrong because /etc/sysconfig/network is a Red Hat-based configuration file for network-wide settings like hostname and default gateway, not for DNS resolver configuration; it does not contain nameserver entries.

77
MCQmedium

During boot, a Linux system displays a kernel panic with 'VFS: Unable to mount root fs on unknown-block(0,0)'. Which of the following is the most likely cause?

A.Incorrect time configuration in the BIOS
B.Corrupt initramfs missing a necessary kernel module for the root device
C.The /etc/fstab file has an invalid filesystem type for the root partition
D.A defective network cable
AnswerB

The kernel cannot mount root because the required driver is missing from initramfs.

Why this answer

This error indicates that the root filesystem cannot be found, often due to a missing driver for the storage device in the initramfs.

78
Multi-Selectmedium

A system is experiencing boot failures. The administrator wants to view kernel messages from the current boot to diagnose the issue. Which two commands can be used to see these messages? (Choose two.)

Select 2 answers
A.journalctl -k
B.cat /proc/kmsg
C.tail -f /var/log/boot.log
D.dmesg
E.vmstat -f
AnswersA, D

journalctl -k shows kernel messages from the journal.

Why this answer

`journalctl -k` displays kernel messages from the current boot by querying the systemd journal, which logs kernel ring buffer messages persistently. `dmesg` reads the kernel ring buffer directly and shows messages from the current boot cycle. Both commands provide the kernel diagnostic output needed to troubleshoot boot failures.

Exam trap

The trap here is that candidates confuse `dmesg` with `cat /proc/kmsg` or think `boot.log` contains kernel messages, when in fact `dmesg` and `journalctl -k` are the standard tools for viewing kernel ring buffer output from the current boot.

79
MCQeasy

A Linux administrator needs to view all listening TCP ports and the associated processes on a server. Which command should be used?

A.netstat -tulpn
B.ss -tlnp
C.lsof -i
D.nmap localhost
AnswerB

Correct: ss -tlnp shows listening TCP ports with process info.

Why this answer

The ss command with -tlnp options shows listening TCP ports with process information, replacing netstat.

80
MCQhard

During boot, the system drops into an emergency target. Which command can be used to repair the root filesystem from this environment?

A.mount -o remount,rw / && fsck /
B.xfs_repair /dev/sda1
C.fsck /dev/sda1
D.journalctl -xb
AnswerC

Correct; fsck can be run if the partition is unmounted or mounted read-only.

Why this answer

In emergency mode, the root filesystem is often mounted read-only. fsck can check and repair filesystems, but requires the filesystem to be unmounted.

81
MCQmedium

A user reports that they cannot reach a website by name, but they can reach it by IP address. Which file should be checked first for possible misconfiguration?

A./etc/nsswitch.conf
B./etc/hosts
C./etc/resolv.conf
D./etc/sysconfig/network
AnswerC

Correct. DNS resolver configuration.

Why this answer

The /etc/resolv.conf file contains DNS resolver settings. If it is incorrect, name resolution will fail.

82
MCQmedium

A technician wants to check the disk I/O statistics, focusing on the average I/O wait time and utilization percentage. Which command provides this information?

A.sar -b
B.vmstat -d
C.free -h
D.iostat -x
AnswerD

Correct: iostat -x shows extended stats including %util and await.

Why this answer

iostat displays disk I/O statistics including %util (utilization) and await (average I/O wait time).

83
MCQhard

After modifying the network configuration on a RHEL 8 system, the administrator wants to bring up the interface without rebooting. Which command sequence should be used?

A.ip link set eth0 up
B.systemctl restart network && nmcli dev connect eth0
C.nmcli con up eth0
D.ifconfig eth0 up
AnswerC

nmcli con up brings up the connection associated with the interface.

Why this answer

nmcli con up ifcfg-eth0 activates the connection. If using legacy scripts, ifup eth0 would work, but nmcli is the modern method for NetworkManager.

84
MCQhard

An administrator needs to capture network traffic on interface eth0, filtering only packets from host 192.168.1.1, and write the output to a file for later analysis. Which command accomplishes this?

A.tcpdump -i eth0 src 192.168.1.1 -w capture.pcap
B.tcpdump -i eth0 dst 192.168.1.1 > capture.pcap
C.tcpdump -i eth0 host 192.168.1.1 -w capture.pcap
D.tcpdump -n -i eth0 host 192.168.1.1 > capture.pcap
AnswerC

Correct: host captures both directions.

Why this answer

tcpdump -i eth0 host 192.168.1.1 -w capture.pcap captures packets from the specified host on eth0 and writes to a file.

85
MCQmedium

A system is experiencing high memory usage. The administrator wants to see a brief summary of memory usage in human-readable format, including buffers and cache. Which command is most appropriate?

A.free -h
B.iostat -m
C.cat /proc/meminfo
D.vmstat -s
AnswerA

Correct: free -h shows memory usage with buffers and cache.

Why this answer

free -h displays memory usage in human-readable format, including buffers and cache.

86
MCQeasy

Which command is used to trace the network path to a destination host, showing each hop along the way, and is similar to traceroute but does not require root privileges by default?

A.ip route
B.mtr
C.ping
D.tracepath
AnswerD

Correct: tracepath traces the path without requiring root.

Why this answer

tracepath is similar to traceroute but uses UDP probes and does not require root, making it more accessible.

87
MCQhard

A server running RHEL 8 fails to boot with a 'Dependency failed for /data' error. The /data filesystem is an ext4 partition on /dev/sdb1. Which sequence of steps should be taken to repair the filesystem?

A.Use 'xfs_repair /dev/sdb1' since it's ext4
B.Run 'fsck.ext4 -f /dev/sdb1' from the running system
C.Remount the filesystem as read-only and run fsck
D.Boot into rescue mode, run 'umount /dev/sdb1', then 'fsck.ext4 -f /dev/sdb1'
AnswerD

Rescue mode ensures filesystem unmounted; fsck repairs it.

Why this answer

To repair a filesystem, it must be unmounted; using a rescue environment (e.g., systemd emergency target) ensures the partition is not in use.

88
MCQmedium

An administrator is troubleshooting a DNS issue and needs to query the authoritative name servers for example.com. Which dig command should be used?

A.dig example.com MX
B.dig example.com NS
C.dig example.com A
D.dig example.com ANY
AnswerB

NS record returns authoritative name servers.

Why this answer

dig example.com NS queries the name servers (NS records). A asks for IPv4, MX for mail, and ANY is often blocked.

89
Multi-Selectmedium

A system administrator needs to collect performance data over time to analyze CPU and memory usage trends. Which THREE of the following commands can be used to gather historical performance data? (Choose THREE.)

Select 2 answers
A.iostat
B.uptime
C.free
D.sar
E.vmstat
AnswersA, D

iostat can show historical I/O stats if sysstat logs are used.

Why this answer

sar can collect and report historical data; vmstat gives point-in-time; free shows current memory; iostat shows I/O; uptime shows load averages but not historical.

90
MCQeasy

A user wants to look up the mail exchange (MX) records for a domain. Which command should be used?

A.dig domain.com MX
B.ping domain.com
C.host -t mx domain.com
D.nslookup -type=mx domain.com
AnswerA

dig domain.com MX queries the MX records.

Why this answer

The `dig` command is a flexible DNS lookup utility that can query any record type by specifying it after the domain name. `dig domain.com MX` directly queries the DNS for mail exchange records, which specify the mail servers responsible for receiving email for the domain. This is the most straightforward and commonly used command for this purpose in Linux.

Exam trap

The trap here is that candidates may think `nslookup` or `host` are incorrect because they are older tools, but they can technically query MX records; however, the exam tests the understanding that `dig` is the preferred and most comprehensive DNS query tool for Linux troubleshooting.

How to eliminate wrong answers

Option B is wrong because `ping` uses ICMP to test network reachability and does not perform DNS record lookups, so it cannot retrieve MX records. Option C is wrong because `host -t mx domain.com` is a valid command, but the question asks for the command that should be used; while `host` can query MX records, `dig` is more detailed and is the standard tool for DNS troubleshooting. Option D is wrong because `nslookup -type=mx domain.com` is a valid command, but `nslookup` is deprecated in many modern Linux distributions and is less flexible than `dig`; the question expects the most appropriate command, which is `dig`.

91
MCQmedium

An administrator needs to capture network traffic on interface eth0 to a file for later analysis. Which tcpdump command is correct?

A.tcpdump -w capture.pcap -i eth0
B.tcpdump -i eth0 -f capture.pcap
C.tcpdump -i eth0 -w capture.pcap
D.tcpdump -w eth0 capture.pcap
AnswerC

Correct syntax: -i interface, -w output file.

Why this answer

tcpdump -i eth0 -w capture.pcap captures packets from eth0 and writes to file. -n disables name resolution, not needed for capture.

92
MCQmedium

A system is experiencing high disk I/O wait. Which command can provide disk I/O statistics such as requests per second and average wait time?

A.sar -u 1 5
B.iostat -x 1
C.free -h
D.vmstat 1 5
AnswerB

iostat -x gives extended stats like r/s, w/s, await, %util.

Why this answer

iostat reports disk I/O statistics including r/s, w/s, await, %util. vmstat shows memory and CPU stats, free shows memory, sar can show I/O but iostat is I/O-specific.

93
Multi-Selecthard

A system fails to boot with a kernel panic. The administrator suspects a corrupt initramfs or missing kernel module. Which three methods could be used to recover the system? (Choose three.)

Select 3 answers
A.Boot from a live CD/DVD, mount the root filesystem, and chroot
B.At GRUB, edit the kernel line and add 'rd.break' to enter an emergency shell
C.Run 'fsck /dev/sda1' from the GRUB command line
D.Use 'systemctl rescue' from the boot prompt
E.At GRUB, edit the kernel line and add 'single' to boot into single-user mode
AnswersA, B, E

From a live environment, you can repair the initramfs or kernel modules.

Why this answer

At the GRUB menu, editing boot parameters to add 'rd.break' drops into an emergency shell; adding 'single' boots into single-user mode; booting from a live CD allows chroot and repair.

94
MCQmedium

A system administrator needs to check the kernel ring buffer for hardware error messages. Which command should be used?

A.dmesg
B.journalctl -k
C.vmstat
D.lsof
AnswerA

dmesg reads the kernel ring buffer for hardware and driver messages.

Why this answer

The `dmesg` command is the standard tool for printing the kernel ring buffer, which contains messages from the kernel, including hardware error messages, device driver initialization, and system boot logs. It directly reads from `/dev/kmsg` or the syslog system call, making it the correct choice for diagnosing hardware issues at the kernel level.

Exam trap

CompTIA often tests the distinction between `dmesg` and `journalctl -k`, where candidates mistakenly choose `journalctl -k` because it also shows kernel messages, but the question specifically asks for the kernel ring buffer, which `dmesg` accesses directly without requiring systemd journal services.

How to eliminate wrong answers

Option B is wrong because `journalctl -k` displays kernel messages from the systemd journal, but it relies on the journal daemon being active and may not capture early boot or pre-journal kernel ring buffer messages; it is an indirect method compared to `dmesg`. Option C is wrong because `vmstat` reports virtual memory statistics, process activity, and CPU usage, not kernel ring buffer or hardware error messages. Option D is wrong because `lsof` lists open files and the processes using them, which is unrelated to kernel ring buffer content.

95
Multi-Selectmedium

An administrator is investigating a security incident and needs to list all open network connections on a server, including listening and established connections, with process information. Which TWO commands can provide this information?

Select 3 answers
A.tcpdump -i any
B.lsof -i -P -n
C.netstat -tulpn
D.ss -tulpn
E.nmap -sT localhost
AnswersB, C, D

lsof with -i shows network connections; -P -n avoid resolution.

Why this answer

lsof -i -P -n lists all open network connections with process information. netstat -tulpn displays listening and established connections with process IDs. ss -tulpn shows socket statistics including listening and established connections with process information. All three commands can provide the required information.

96
MCQmedium

A Linux engineer is investigating high disk I/O on a server. Which command provides disk I/O statistics including %util, await, r/s, and w/s?

A.iostat -x 1
B.sar -b
C.vmstat 1 5
D.free -h
AnswerA

iostat -x provides extended disk I/O stats including %util, await, r/s, w/s.

Why this answer

iostat reports CPU and disk I/O statistics, with columns like %util, await, r/s, and w/s.

← PreviousPage 2 of 2 · 96 questions total

Ready to test yourself?

Try a timed practice session using only Troubleshooting questions.