CCNA Lxp Troubleshooting Questions

75 of 96 questions · Page 1/2 · Lxp Troubleshooting topic · Answers revealed

1
MCQmedium

An administrator wants to monitor disk I/O performance in real-time, focusing on metrics like wait time and I/O queue size. Which tool is best suited for this?

A.vmstat
B.sar -b
C.free -h
D.iostat -x 1
AnswerD

iostat -x extended statistics every 1 second.

Why this answer

iostat provides detailed disk I/O statistics including await, svctime, %util, and queue size.

2
MCQmedium

A technician needs to check the kernel ring buffer for hardware errors detected during system boot. Which command should be used?

A.journalctl -k
B.lspci
C.dmesg
D.cat /var/log/boot.log
AnswerC

Correct.

Why this answer

dmesg displays kernel ring buffer messages, which include hardware detection and errors.

3
MCQeasy

A Linux administrator needs to check which services are listening on TCP port 22. Which command should be used?

A.ss -tlnp | grep :22
B.ping -p 22 localhost
C.ip addr show port 22
D.traceroute -p 22 localhost
AnswerA

ss -tlnp shows listening TCP ports with process info; grep filters for port 22.

Why this answer

The 'ss -tlnp' command shows listening TCP sockets with process information, making it suitable for checking services on port 22.

4
MCQmedium

A system administrator wants to review kernel-related log messages from the current boot session. Which journalctl command should be used to filter the kernel messages?

A.journalctl -p err
B.journalctl -b -u systemd-journald
C.journalctl -k
D.journalctl --since today
AnswerC

-k displays kernel messages.

Why this answer

journalctl -k shows kernel messages from the current boot.

5
MCQmedium

A Linux system is running slowly. The administrator runs `vmstat 1 5` and sees a high 'wa' value (waiting for I/O). Which of the following commands would help identify which processes are causing the I/O?

A.iostat -x 1
B.strace -p <pid>
C.dmesg | tail
D.free -h
AnswerB

strace traces system calls of a process, including I/O calls like read/write.

Why this answer

The 'wa' column indicates I/O wait. The `iotop` command shows per-process I/O usage, but it is not in the options; among the given, `lsof` can show open files, but `strace` can trace system calls including I/O operations.

6
MCQhard

During boot, a Linux system displays a kernel panic with the message 'VFS: Unable to mount root fs on unknown-block(0,0)'. Which of the following is the most likely cause?

A.Incorrect GRUB timeout setting
B.A faulty RAM module causing memory errors
C.Corrupted initramfs missing necessary storage drivers
D.Filesystem corruption on the boot partition
AnswerC

A missing driver in initramfs prevents mounting the root filesystem.

Why this answer

The error 'VFS: Unable to mount root fs on unknown-block(0,0)' indicates the kernel cannot locate or access the root filesystem. This is most commonly caused by a corrupted or missing initramfs that lacks the necessary storage drivers (e.g., for SATA, NVMe, or LVM) to communicate with the root device. Without these drivers, the kernel cannot read the root filesystem, resulting in a panic.

Exam trap

The trap here is that candidates often confuse this error with filesystem corruption on the boot partition (Option D), but the 'unknown-block(0,0)' message specifically points to the kernel's inability to find the root device, which is a driver/module issue in the initramfs, not a filesystem problem.

How to eliminate wrong answers

Option A is wrong because an incorrect GRUB timeout setting only affects the boot menu delay, not the kernel's ability to mount the root filesystem. Option B is wrong because a faulty RAM module typically causes random crashes, segmentation faults, or memory errors, not a specific VFS mount failure with an unknown block device. Option D is wrong because filesystem corruption on the boot partition would prevent GRUB from loading the kernel or initramfs, but the error here occurs after the kernel is loaded and fails to mount the root filesystem, indicating the initramfs is the issue.

7
Multi-Selectmedium

A Linux technician is troubleshooting a system that is experiencing high disk I/O wait times. Which TWO commands can be used to identify disk I/O performance issues? (Choose two.)

Select 2 answers
A.lsof
B.vmstat
C.iostat
D.free -h
E.dmesg
AnswersB, C

vmstat displays system processes, memory, paging, block I/O, traps, and CPU activity, including I/O wait.

Why this answer

iostat provides detailed disk I/O statistics including %util and await. dmesg may show disk errors but not performance stats. vmstat shows I/O wait (wa) column. free shows memory, lsof lists open files.

8
Multi-Selecthard

A system fails to boot with a kernel panic. The administrator wants to recover by accessing a root shell. Which THREE methods can be used to achieve this?

Select 3 answers
A.Run 'fsck /dev/sda1' from the GRUB command line
B.Append 'single' to the kernel command line in GRUB
C.Press 'e' in GRUB and remove 'quiet'
D.Append 'rd.break' to the kernel command line in GRUB
E.Boot from a live CD and chroot into the installed system
AnswersB, D, E

Boots into single-user mode.

Why this answer

Option B is correct because appending 'single' to the kernel command line in GRUB instructs the kernel to boot into single-user mode, which provides a root shell without requiring a password. This is a standard method for recovering from a kernel panic by allowing the administrator to repair filesystems or troubleshoot boot issues.

Exam trap

The trap here is that candidates may confuse the GRUB command line with a Linux shell, mistakenly thinking filesystem repair commands like fsck can be run directly from GRUB, or they may think removing 'quiet' alone grants root access when it only affects verbosity.

9
MCQhard

A server fails to boot with a kernel panic after a system update. The administrator suspects a corrupt initramfs. Which GRUB boot parameter should be added temporarily to boot into an emergency shell where the filesystem can be repaired?

A.rd.break
B.emergency
C.single
D.nomodeset
AnswerA

Correct. rd.break drops to a shell before the root filesystem is mounted, allowing initramfs repair.

Why this answer

The `rd.break` parameter causes systemd to break before the initramfs transitions to the real root, providing an emergency shell for repair. 'single' boots to single-user mode but requires a working initramfs.

10
MCQmedium

A technician needs to check the current memory usage on a Linux system, including buffers and cache. Which command provides the most user-friendly output?

A.free -h
B.cat /proc/meminfo
C.iostat -m
D.vmstat -s
AnswerA

free -h shows memory usage with buffers/cache in human-readable form.

Why this answer

The `free -h` command displays memory usage in a human-readable format (e.g., KiB, MiB, GiB) and explicitly breaks down total, used, free, shared, buffers/cache, and available memory. This makes it the most user-friendly option for quickly assessing current memory usage including buffers and cache.

Exam trap

The trap here is that candidates may choose `cat /proc/meminfo` because it contains all the raw data, but the question specifically asks for the 'most user-friendly' output, which `free -h` provides with its human-readable scaling and clear summary columns.

How to eliminate wrong answers

Option B is wrong because `cat /proc/meminfo` provides raw, detailed memory statistics in a machine-readable format without any human-friendly scaling or summary, making it less user-friendly for a quick check. Option C is wrong because `iostat -m` reports CPU and I/O statistics (in megabytes), not memory usage, buffers, or cache. Option D is wrong because `vmstat -s` displays a summary of virtual memory statistics (including paging, swapping, and CPU events) but does not present buffers/cache in a clear, human-readable layout like `free -h`.

11
MCQhard

An administrator is troubleshooting a service that fails to start. They want to trace the system calls made by the service binary. Which command should they use?

A.ltrace
B.dmesg
C.strace
D.lsof
AnswerC

Correct tool for system call tracing.

Why this answer

strace traces system calls and signals. It is used to debug what a program is doing at the kernel level.

12
MCQhard

A system administrator needs to capture network traffic on interface eth0, filtering for packets to or from host 10.0.0.1, and save the output to a file for later analysis. Which command accomplishes this?

A.tcpdump -i eth0 host 10.0.0.1 -w capture.pcap
B.tcpdump -n port 10.0.0.1 -w capture.pcap
C.tcpdump -i eth0 -host 10.0.0.1 > capture.pcap
D.tcpdump -i eth0 -w capture.pcap host 10.0.0.1
AnswerA

Correct syntax for interface, host filter, and output file.

Why this answer

tcpdump -i eth0 host 10.0.0.1 -w capture.pcap captures packets with host filter and writes to file.

13
MCQhard

During boot, a Linux system displays a kernel panic. The administrator suspects a corrupt initramfs. Which GRUB boot parameter can be added to boot into an emergency shell before the initramfs is loaded, allowing repair?

A.single
B.init=/bin/bash
C.rd.break
D.emergency
AnswerC

Correct: rd.break breaks before initramfs pivot.

Why this answer

The rd.break parameter stops the boot process before the initramfs is fully loaded, dropping to a shell for troubleshooting.

14
MCQeasy

A system administrator wants to collect network performance statistics over time, including packet loss and latency, to diagnose intermittent connectivity issues. Which tool combines the functionality of ping and traceroute into a single continuous monitoring command?

A.mtr
B.tcpdump
C.ss
D.netstat
AnswerA

Correct. mtr is the tool that combines ping and traceroute with continuous monitoring.

Why this answer

mtr (My TraceRoute) continuously sends packets and displays real-time statistics including loss and latency for each hop, combining ping and traceroute.

15
MCQeasy

A technician needs to check the DNS A record for example.com using a specific DNS server at 8.8.8.8. Which command accomplishes this?

A.host -a example.com 8.8.8.8
B.dig -x 8.8.8.8 example.com
C.dig example.com @8.8.8.8 A
D.nslookup example.com 8.8.8.8
AnswerC

Correct syntax: dig @server name type.

Why this answer

dig @8.8.8.8 example.com A queries the specified DNS server for the A record.

16
MCQmedium

An administrator wants to capture network traffic on interface eth0, writing the output to a file for later analysis, without resolving hostnames. Which command accomplishes this?

A.tcpdump -i eth0 -r capture.pcap
B.tcpdump -i eth0 -w capture.pcap -n
C.tcpdump -i any -w capture.pcap
D.tcpdump -n -w eth0 capture.pcap
AnswerB

This captures on eth0, writes to a file, and disables name resolution.

Why this answer

tcpdump -i eth0 -w file.pcap -n captures packets without name resolution and writes to a file.

17
Multi-Selecthard

An administrator needs to capture network traffic on interface eth0 for packets destined to port 443 from host 10.0.0.1, while also writing the capture to a file for later analysis. Which three tcpdump options should be used together? (Choose three.)

Select 3 answers
A.-i eth0
B.port 443
C.-c 100
D.host 10.0.0.1
E.-n
AnswersA, B, D

Specifies the interface.

Why this answer

tcpdump -i eth0 host 10.0.0.1 and port 443 -w capture.pcap captures the specified traffic and writes to a file.

18
MCQeasy

A user reports that they cannot reach a website. The administrator wants to check the path that packets take to the destination server. Which command should be used?

A.ip addr
B.ss
C.traceroute
D.ping
AnswerC

traceroute shows the hop-by-hop path to the destination.

Why this answer

The `traceroute` command is used to trace the path packets take from the source to a destination host, showing each hop (router) along the way. It uses ICMP echo requests (or UDP packets on Linux) with incrementing TTL values to elicit ICMP Time Exceeded messages from intermediate routers, which reveals the network path. This directly addresses the administrator's need to check the path to the destination server.

Exam trap

Cisco often tests the distinction between `ping` (reachability and latency) and `traceroute` (path discovery), and the trap here is that candidates may choose `ping` because it can indicate connectivity issues, but it does not reveal the specific path or intermediate hops.

How to eliminate wrong answers

Option A is wrong because `ip addr` displays IP addresses and network interface configuration on the local host, not the path packets take to a remote destination. Option B is wrong because `ss` (socket statistics) shows information about local sockets and connections, not the network path or routing hops. Option D is wrong because `ping` tests reachability and measures round-trip time using ICMP echo requests, but it does not show the intermediate hops or the path packets traverse.

19
MCQhard

A Linux administrator wants to check the history of CPU usage for the past two days using the system activity reporter. Which sar option retrieves data from the daily history file for a specific date?

A.sar -r -b
B.sar -f /var/log/sa/sa$(date +%d --date='2 days ago')
C.sar -n DEV
D.sar -u -s 00:00:00 -e 23:59:59
AnswerB

Correct: -f specifies the history file for a specific date.

Why this answer

sar -f /var/log/sa/saDD reads from the history file for a specific day (DD is the day of month).

20
MCQhard

An administrator is troubleshooting a service that fails to start with a 'Permission denied' error. The administrator runs `strace -f -o /tmp/strace.log systemctl start myservice`. Which of the following best describes what this command achieves?

A.It records the kernel messages related to the service start.
B.It traces system calls for systemctl and its children, recording them to a file.
C.It monitors network connections opened by the service.
D.It traces library calls made by the service startup.
AnswerB

Correct: strace traces syscalls, -f follows forks, -o outputs to file.

Why this answer

strace traces system calls; -f follows child processes; -o writes output to file.

21
MCQhard

A technician needs to trace the system calls made by a running process to debug a performance issue. Which tool should be used?

A.gdb -p PID
B.lsof -p PID
C.ltrace -p PID
D.strace -p PID
AnswerD

strace traces system calls.

Why this answer

Option D is correct because `strace -p PID` intercepts and records system calls (kernel-level operations like file I/O, network, and process control) made by a running process, which is exactly what is needed to trace system calls for debugging performance issues. The `-p` flag attaches strace to an existing process by its PID, allowing real-time monitoring of kernel interactions.

Exam trap

The trap here is that candidates confuse `ltrace` (library calls) with `strace` (system calls), as both trace function calls but at different layers of the operating system stack.

How to eliminate wrong answers

Option A is wrong because `gdb -p PID` is a debugger for inspecting and modifying program state at the source-code or assembly level, not for tracing system calls; it focuses on user-space debugging, not kernel call tracing. Option B is wrong because `lsof -p PID` lists open file descriptors (files, sockets, pipes) for a process, but it does not trace system calls or their timing; it provides a static snapshot of open handles, not dynamic call tracing. Option C is wrong because `ltrace -p PID` traces library calls (user-space function calls to shared libraries like glibc), not system calls; it intercepts calls to dynamically linked library functions, whereas the question specifically asks for system calls.

22
MCQmedium

A system administrator is troubleshooting a network issue where a server cannot reach the internet. The server's IP address is 192.168.1.10/24, and the default gateway is 192.168.1.1. Which command should be used to verify the default gateway configuration?

A.ip neigh show
B.ip addr show
C.ip route show
D.ip link show
AnswerC

Shows the routing table, including default route.

Why this answer

The `ip route show` command displays the kernel's IPv4 routing table, which includes the default gateway entry (destination 0.0.0.0/0 via 192.168.1.1). This directly verifies whether the default gateway is configured correctly for the server to reach external networks.

Exam trap

The trap here is that candidates often confuse `ip addr show` (which shows IP addresses) with `ip route show` (which shows routing table), leading them to select the wrong command when asked to verify the default gateway.

How to eliminate wrong answers

Option A is wrong because `ip neigh show` displays the ARP cache (neighbor table), showing MAC-to-IP mappings for directly connected hosts, not the default gateway configuration. Option B is wrong because `ip addr show` displays IP addresses and interface properties, not routing information such as the default gateway. Option D is wrong because `ip link show` shows link-layer (Layer 2) interface status and MTU, not Layer 3 routing entries.

23
MCQmedium

A Linux administrator needs to verify which network interfaces are up and their IP addresses on a server. Which command provides this information?

A.ss -tlnp
B.nmcli dev show
C.ifconfig -a
D.ip addr
AnswerD

Correct. ip addr shows detailed interface information including IP addresses and status.

Why this answer

The `ip addr` command displays all network interfaces along with their IP addresses, MAC addresses, and status (UP/DOWN).

24
MCQeasy

A Linux administrator needs to check the listening TCP ports on a server. Which command should be used to view only listening TCP ports and the associated processes?

A.lsof -iTCP -sTCP:LISTEN
B.nmap -sT localhost
C.netstat -tlnp
D.ss -tlnp
AnswerD

Correctly shows listening TCP ports with process info.

Why this answer

Option D is correct because the `ss -tlnp` command displays only TCP sockets (`-t`), listening sockets (`-l`), numeric addresses/ports (`-n`), and the associated process information (`-p`). This is the modern replacement for `netstat` and is the most direct way to view listening TCP ports and their processes on a Linux system.

Exam trap

The trap here is that candidates often choose `netstat -tlnp` (option C) because it is a familiar legacy command, but the exam expects knowledge of the modern `ss` utility, which is the recommended tool on current Linux distributions and is more likely to be available by default.

How to eliminate wrong answers

Option A is wrong because `lsof -iTCP -sTCP:LISTEN` does show listening TCP ports and processes, but it is not the most standard or efficient command for this task; it is a file-descriptor-based tool that can be slower and less commonly used for this specific purpose in Linux administration. Option B is wrong because `nmap -sT localhost` performs a TCP connect scan against the local host, which is a network scanning tool that can disrupt services and is not designed to simply list listening ports with their associated processes; it also requires root privileges for certain scans and does not show process IDs. Option C is wrong because `netstat -tlnp` does show listening TCP ports and processes, but `netstat` is deprecated on many modern Linux distributions (e.g., RHEL 7+, Ubuntu 16.04+) in favor of `ss`, and may not be installed by default.

25
MCQmedium

A user reports that a web server is unreachable. The administrator runs 'curl -I https://example.com' and gets no response. Which command should be used next to check if the server is reachable at the network level?

A.ping -c 4 example.com
B.dig -x example.com
C.lsof -i :443
D.ss -tlnp | grep 443
AnswerA

Ping tests ICMP echo to verify network reachability.

Why this answer

The `curl -I` command failed to get a response, which could be due to a network-level issue rather than an application-layer problem. The `ping` command uses ICMP echo requests to test basic IP-level connectivity to the host, bypassing higher-layer protocols like HTTP/TLS. If the server is unreachable at the network layer, `ping` will show packet loss or timeouts, confirming a routing or firewall issue.

Exam trap

The trap here is that candidates may choose `ss` or `lsof` because they are familiar with checking local services, but these commands cannot test remote reachability, which is the core of the question.

How to eliminate wrong answers

Option B is wrong because `dig -x example.com` performs a reverse DNS lookup, which checks if an IP address resolves to a hostname, not whether the server is reachable at the network level. Option C is wrong because `lsof -i :443` lists local processes listening on TCP port 443, which only checks if a service is running locally, not if the remote server is reachable. Option D is wrong because `ss -tlnp | grep 443` shows local TCP listening sockets on port 443, which is a local diagnostic tool and cannot verify network-level reachability to a remote host.

26
MCQmedium

A Linux server fails to boot and drops into a GRUB prompt. The administrator needs to boot into single-user mode to repair the system. Which GRUB command should be added to the kernel line temporarily?

A.single
B.rd.break
C.systemd.unit=rescue.target
D.debug
AnswerA

Adding 'single' boots into single-user mode.

Why this answer

Adding 'single' to the kernel boot parameters boots into single-user mode.

27
MCQmedium

A technician needs to perform a DNS query to retrieve the mail exchange (MX) record for example.com using a specific DNS server at 8.8.8.8. Which command accomplishes this?

A.dig @8.8.8.8 example.com -t MX
B.nslookup -type=MX example.com 8.8.8.8
C.host -t MX example.com 8.8.8.8
D.dig example.com MX @8.8.8.8
AnswerD

Correct syntax: dig queries the specified server for MX record.

Why this answer

The `dig` command with `@server` specifies the DNS server, and the type can be specified as MX.

28
MCQhard

During boot, a Linux system displays a kernel panic indicating 'not syncing: VFS: Unable to mount root fs on unknown-block(0,0)'. Which of the following is the most likely cause?

A.Network configuration error
B.A failed filesystem check due to dirty file system
C.Incorrect GRUB timeout value
D.Missing or corrupt initramfs
AnswerD

The initramfs contains drivers needed to mount the root filesystem; if missing or corrupt, mount fails.

Why this answer

The error 'VFS: Unable to mount root fs on unknown-block(0,0)' indicates that the kernel cannot locate or access the root filesystem. This is most commonly caused by a missing or corrupt initramfs (initial RAM filesystem), which contains the necessary drivers and modules to mount the root filesystem. Without a valid initramfs, the kernel has no way to load storage drivers (e.g., for SATA, NVMe, or LVM) and thus fails to mount the root device.

Exam trap

Cisco often tests the distinction between a missing initramfs and a filesystem corruption error; the trap here is that candidates may confuse a 'dirty filesystem' (which causes a different error) with the 'unknown-block(0,0)' message, which is specifically about the kernel's inability to find the root device due to missing drivers in the initramfs.

How to eliminate wrong answers

Option A is wrong because a network configuration error would not prevent the kernel from mounting the root filesystem; network issues typically cause problems later in the boot process (e.g., during network service startup). Option B is wrong because a failed filesystem check due to a dirty filesystem would produce a different error (e.g., 'fsck failed' or 'mount: wrong fs type') and would not result in an 'unknown-block(0,0)' message, which indicates the block device itself is unrecognized. Option C is wrong because an incorrect GRUB timeout value only affects the boot menu countdown; it does not affect the kernel's ability to locate or mount the root filesystem.

29
Multi-Selectmedium

An administrator is investigating a network issue where a server cannot connect to an external website. They run `ping 8.8.8.8` successfully, but `ping google.com` fails. Which TWO of the following are the most likely causes? (Choose TWO.)

Select 2 answers
A.The network interface is down.
B.The default gateway is misconfigured.
C.The DNS server is unreachable or misconfigured.
D.The firewall is blocking ICMP traffic.
E.The /etc/hosts file has an incorrect entry for google.com.
AnswersC, E

DNS resolution fails, so hostname cannot be resolved.

Why this answer

Successful ping to IP but failure to hostname indicates DNS resolution problem or incorrect DNS server configuration.

30
MCQhard

An administrator needs to capture network traffic on interface eth0, filter for packets to/from host 10.0.0.1, and save the output to a file for later analysis. Which command should be used?

A.tcpdump -i eth0 src 10.0.0.1 -w capture.pcap
B.tcpdump -i eth0 dst 10.0.0.1 -w capture.pcap
C.tcpdump -i eth0 host 10.0.0.1 -w capture.pcap
D.tcpdump -i eth0 -n host 10.0.0.1 -w capture.pcap
AnswerC

Correct syntax: interface, host filter, and -w for output.

Why this answer

Option C is correct because the `tcpdump` command with the `host` filter captures all traffic (both source and destination) to or from the specified IP address, which matches the requirement to filter for packets to/from host 10.0.0.1. The `-i eth0` specifies the interface, and `-w capture.pcap` writes the output to a file for later analysis.

Exam trap

The trap here is that candidates often confuse `src` and `dst` filters as sufficient for capturing all traffic to/from a host, forgetting that `host` is the correct primitive for bidirectional capture.

How to eliminate wrong answers

Option A is wrong because `src 10.0.0.1` only captures packets where the source IP is 10.0.0.1, missing packets destined to that host. Option B is wrong because `dst 10.0.0.1` only captures packets where the destination IP is 10.0.0.1, missing packets sourced from that host. Option D is wrong because the `-n` flag disables name resolution (which is not required by the question) but does not affect the filter; however, the primary issue is that it includes an unnecessary flag, and the question asks for the correct command, not an equivalent one with extra options.

31
MCQeasy

A Linux administrator needs to check which services are listening on TCP ports on a server. Which command should be used to replace the deprecated netstat command?

A.ss -tlnp
B.nmap localhost
C.ip link show
D.dig -t any localhost
AnswerA

ss -tlnp shows listening TCP ports with process info, replacing netstat.

Why this answer

The ss command is the modern replacement for netstat, and ss -tlnp shows listening TCP ports with process information.

32
MCQhard

An administrator needs to trace system calls made by a process that is misbehaving. Which command should be used to attach to the running process and display its system calls?

A.tcpdump -i any
B.ltrace -p <PID>
C.strace -p <PID>
D.lsof -p <PID>
AnswerC

strace -p attaches to a process and shows system calls.

Why this answer

strace can attach to a running process with -p PID and display all system calls made by the process.

33
MCQeasy

An administrator wants to check the amount of free memory and swap usage on a system in a human-readable format. Which command should be used?

A.free -h
B.vmstat -h
C.cat /proc/meminfo
D.iostat -h
AnswerA

free -h shows memory in human-readable format.

Why this answer

free -h displays memory and swap usage in human-readable units (e.g., GiB).

34
Multi-Selectmedium

An administrator needs to identify which processes are consuming the most CPU and memory resources. Which two commands can provide this information? (Choose two.)

Select 2 answers
A.top
B.free -h
C.iostat -x
D.vmstat 1 5
E.ps aux --sort=-%mem
AnswersA, E

top provides real-time per-process CPU and memory usage.

Why this answer

The `top` command provides a real-time, dynamic view of running processes, displaying CPU and memory usage by default and allowing sorting by resource consumption. The `ps aux --sort=-%mem` command lists all processes with detailed memory and CPU statistics, sorted by memory usage in descending order, making it easy to identify the most resource-intensive processes.

Exam trap

Cisco often tests the distinction between system-wide monitoring commands (like `free`, `vmstat`, `iostat`) and per-process commands (like `top`, `ps`), so candidates mistakenly choose `free -h` or `vmstat` thinking they show per-process CPU/memory details.

35
MCQeasy

An administrator wants to view the kernel ring buffer messages to check for hardware errors. Which command should be used?

A.journalctl -k
B.dmesg
C.iostat
D.vmstat
AnswerB

dmesg prints kernel ring buffer messages.

Why this answer

dmesg displays kernel ring buffer messages, often used for hardware diagnostics.

36
MCQeasy

A user reports that they cannot access a website by domain name but can access it by IP address. Which of the following is the most likely cause?

A.DNS resolution problem
B.Web server is down
C.Firewall blocking port 80
D.Incorrect default gateway
AnswerA

Domain name cannot be resolved to IP.

Why this answer

The user can access the website by IP address but not by domain name, which directly indicates that the system is unable to resolve the domain name to its corresponding IP address. This is a classic symptom of a DNS resolution problem, where the DNS client cannot query a DNS server or the DNS server fails to return the correct A or AAAA record. The fact that the web server is reachable by IP confirms that network connectivity and the web service itself are functioning correctly.

Exam trap

Cisco often tests the distinction between connectivity issues and name resolution issues, and the trap here is that candidates may confuse a DNS failure with a web server or firewall problem, even though the ability to reach the server by IP clearly rules out those causes.

How to eliminate wrong answers

Option B is wrong because if the web server were down, the website would be inaccessible by both domain name and IP address, not just by domain name. Option C is wrong because a firewall blocking port 80 would prevent HTTP traffic regardless of whether the destination is specified by domain name or IP address, so both methods would fail. Option D is wrong because an incorrect default gateway would prevent all traffic destined for external networks, including both domain name resolution and direct IP access, so the user would not be able to access the site by IP address either.

37
MCQmedium

An administrator needs to check the current routing table on a Linux system. Which command should be used?

A.dig -t A
B.ss -r
C.ip neigh
D.ip route
AnswerD

ip route shows the routing table.

Why this answer

The `ip route` command displays the kernel routing table, showing the paths that packets take to reach network destinations. This is the standard tool on modern Linux systems for viewing and manipulating routing entries, replacing the older `route -n` command.

Exam trap

The trap here is that candidates confuse `ip neigh` (which shows ARP entries) with `ip route` (which shows the routing table), as both involve network path information but serve entirely different layers of the network stack.

How to eliminate wrong answers

Option A is wrong because `dig -t A` is a DNS lookup tool that queries for A records, not a routing table viewer. Option B is wrong because `ss -r` is not a valid flag combination; `ss` is used for socket statistics, and the `-r` flag does not exist (the correct flag for resolving hostnames is `-r` in `route`, not `ss`). Option C is wrong because `ip neigh` displays the neighbor table (ARP cache), which maps IP addresses to MAC addresses on the local link, not the routing table.

38
MCQeasy

A technician is troubleshooting a network connectivity issue. They need to trace the path packets take to a remote server and see the round-trip time for each hop. Which command should they use?

A.ping
B.nslookup
C.traceroute
D.nmap
AnswerC

Traceroute shows each hop and its RTT.

Why this answer

traceroute (or tracepath) shows the path and RTT per hop.

39
MCQmedium

A user cannot access a website, but other websites work. The administrator wants to see the HTTP response headers from the web server. Which command is most appropriate?

A.wget --spider https://example.com
B.curl -I https://example.com
C.curl -v https://example.com
D.telnet example.com 80
AnswerB

Correct: -I fetches only headers.

Why this answer

curl -I fetches the HTTP headers only, which is useful for debugging web server responses.

40
Multi-Selectmedium

A Linux administrator is troubleshooting a slow system. They decide to use vmstat to get an overall picture. Which two of the following fields in vmstat output are most directly related to CPU performance issues? (Choose two.)

Select 2 answers
A.id (idle time)
B.wa (I/O wait time)
C.sy (system CPU time)
D.r (run queue)
E.us (user CPU time)
AnswersC, E

High sy indicates CPU is busy with kernel tasks.

Why this answer

The 'us' field shows user time, 'sy' shows system time, 'id' shows idle, and 'wa' shows I/O wait. High 'us' or 'sy' can indicate CPU-bound issues.

41
Multi-Selectmedium

An administrator needs to verify DNS resolution for a web server. Which TWO commands can be used to query DNS A records for a given hostname? (Choose two.)

Select 2 answers
A.traceroute
B.nslookup
C.ping
D.dig
E.curl -I
AnswersB, D

nslookup queries DNS and can return A records.

Why this answer

dig and nslookup are standard DNS query tools. host is another option but not listed. curl uses HTTP, not direct DNS. ping uses DNS but does not show the record.

42
Multi-Selectmedium

A technician wants to capture network traffic to analyze a web server issue. Using tcpdump, which THREE options are useful for writing the capture to a file and avoiding name resolution? (Choose three.)

Select 3 answers
A.-n
B.-w capture.pcap
C.-i eth0
D.-c 100
E.-v
AnswersA, B, C

-n disables name resolution.

Why this answer

-w writes to file, -n avoids name resolution, and -i specifies interface.

43
MCQmedium

A system administrator notices that a web server is running but users cannot connect to port 443. Which ss command will show if the server is listening on that port?

A.ss -s
B.ss -tlnp
C.ss -tuln
D.ss -tan
AnswerB

Shows TCP listening sockets with process info.

Why this answer

ss -tlnp shows listening TCP sockets with numeric ports and process info. -t for TCP, -l listening, -n numeric, -p process.

44
Multi-Selecthard

A system administrator is troubleshooting a network issue and wants to use a tool that combines ping and traceroute functionality to identify packet loss and latency along the path. Which TWO tools can provide this combined functionality? (Choose two.)

Select 1 answer
A.ping
B.tcpdump
C.tracepath
D.traceroute
E.mtr
AnswersE

mtr combines ping and traceroute.

Why this answer

mtr combines ping and traceroute. traceroute/tracepath show path but not continuous pings; only mtr does both.

45
MCQmedium

A system administrator notices that the server is performing poorly. Running 'vmstat 1 5' shows high 'wa' values. Which subsystem is most likely experiencing a bottleneck?

A.Memory
B.Disk I/O
C.Network
D.CPU
AnswerB

Correct. High wa means the CPU is waiting for disk I/O.

Why this answer

wa stands for I/O wait time, indicating the CPU is waiting for disk I/O. High wa suggests a disk bottleneck.

46
Multi-Selecthard

A system administrator is investigating a slow website. The web server is responding but pages load slowly. Which THREE commands can help identify network latency or packet loss?

Select 3 answers
A.dig example.com
B.mtr example.com
C.ping -c 10 example.com
D.ss -tlnp
E.traceroute example.com
AnswersB, C, E

mtr shows per-hop loss and latency.

Why this answer

B is correct because `mtr` (My TraceRoute) combines the functionality of `ping` and `traceroute` into a single diagnostic tool. It continuously sends ICMP packets to each hop along the path to the target, displaying per-hop latency and packet loss statistics in real time. This makes it ideal for identifying where network latency or packet loss is occurring between the server and the client, which directly addresses the symptom of a slow website.

Exam trap

Cisco often tests the distinction between `traceroute` (which shows a single snapshot of path latency) and `mtr` (which provides ongoing, aggregated statistics including packet loss per hop), leading candidates to overlook `mtr` as a superior tool for diagnosing intermittent or persistent network issues.

47
MCQmedium

An administrator needs to check the kernel ring buffer for hardware error messages after a system crash. Which command should be used?

A.dmesg
B.journalctl -k
C.tail -f /var/log/messages
D.strace -e trace=open
AnswerA

dmesg displays kernel ring buffer messages.

Why this answer

dmesg shows kernel ring buffer messages including hardware errors. journalctl -k shows kernel messages from systemd journal, but dmesg is the direct command for the ring buffer.

48
Multi-Selectmedium

A Linux server is experiencing high CPU usage. Which TWO commands can be used to identify which processes are consuming the most CPU? (Choose two.)

Select 2 answers
A.ps aux --sort=-%cpu
B.top
C.iostat
D.vmstat
E.free
AnswersA, B

ps with sorting shows processes by CPU usage.

Why this answer

top and ps are standard process monitoring tools that show CPU usage.

49
MCQeasy

Which command displays the current routing table on a Linux system?

A.ip neigh
B.ip addr
C.ip link
D.ip route
AnswerD

Correct.

Why this answer

ip route shows the routing table. The older route command is deprecated.

50
MCQhard

A web server is not responding on port 443. Using tcpdump to capture traffic on the server, which filter would capture only HTTPS packets?

A.tcpdump -i any port https
B.tcpdump -i any tcp port 443
C.tcpdump -i any host 443
D.tcpdump -i any udp port 443
AnswerB

Correct filter: tcp port 443 captures TCP traffic on port 443.

Why this answer

Port 443 is HTTPS. The filter 'port 443' captures traffic on that port.

51
Multi-Selectmedium

A Linux administrator is troubleshooting a service that fails to start. Which TWO commands can be used to view the last 20 lines of the systemd journal for the sshd unit?

Select 2 answers
A.journalctl -u sshd -n 20
B.journalctl -u sshd | tail -20
C.journalctl -k -n 20
D.journalctl -u sshd -p err
E.journalctl -b -u sshd
AnswersA, B

Correct: -u for unit, -n for number of lines.

Why this answer

journalctl -u sshd -n 20 shows last 20 lines for the unit. journalctl -u sshd | tail -20 also works. The others use wrong options or units.

52
MCQmedium

A Linux system fails to boot, displaying a 'kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(0,0)' error. Which of the following is the most likely cause?

A.Corrupted initramfs
B.Incorrect /etc/fstab entry
C.Full disk on /boot
D.Misconfigured GRUB timeout
AnswerA

A missing or corrupted initramfs can prevent the root filesystem from being mounted.

Why this answer

This error indicates the kernel cannot find the root filesystem, often due to a missing driver or incorrect root= parameter in the boot configuration.

53
MCQeasy

A Linux administrator wants to view all listening TCP ports and the associated processes on a system. Which command should be used?

A.lsof -i TCP
B.netstat -tulpn
C.ss -tlnp
D.nmap -sT localhost
AnswerC

Correct command.

Why this answer

The `ss -tlnp` command is correct because it displays all TCP listening sockets (`-t` for TCP, `-l` for listening) with numeric addresses (`-n`) and shows the associated process information (`-p`). This is the modern replacement for `netstat` and is the recommended tool on current Linux distributions for socket statistics.

Exam trap

The trap here is that candidates may choose `netstat -tulpn` (Option B) because it is historically familiar, but the XK0-005 exam emphasizes modern tools like `ss` over deprecated commands.

How to eliminate wrong answers

Option A is wrong because `lsof -i TCP` lists all open files associated with TCP connections, including non-listening sockets, and does not filter to only listening ports without additional flags. Option B is wrong because `netstat -tulpn` is a legacy command that may not be installed by default on modern systems and is deprecated in favor of `ss`; while it would show listening TCP ports, it is not the best or recommended command. Option D is wrong because `nmap -sT localhost` performs a TCP connect scan against the local host, which is a network scanning tool used for security auditing, not a standard system administration command to view listening ports and processes.

54
MCQhard

A server is experiencing intermittent network connectivity issues. The administrator wants to run a continuous test that combines ping and traceroute to monitor the path and packet loss to a target host. Which command should be used?

A.mtr target
B.tcpdump -i any host target
C.ping -f target
D.traceroute -n target
AnswerA

mtr continuously displays the route and packet loss per hop.

Why this answer

mtr combines ping and traceroute functionality, continuously showing each hop and packet loss statistics.

55
Multi-Selectmedium

A Linux administrator is troubleshooting a DNS resolution issue. The system uses /etc/resolv.conf. Which two of the following directives are commonly found in this file? (Choose two.)

Select 2 answers
A.domain localdomain
B.options timeout:2
C.hosts: files dns
D.nameserver 8.8.8.8
E.search example.com
AnswersD, E

nameserver specifies a DNS server.

Why this answer

/etc/resolv.conf typically contains nameserver entries and optionally search and domain directives.

56
MCQeasy

A Linux administrator needs to view all current IPv4 addresses assigned to network interfaces on a system. Which command should be used?

A.ip link show
B.ifconfig -a
C.hostname -I
D.ip addr
AnswerD

ip addr shows all IP addresses on interfaces.

Why this answer

The 'ip addr' command displays all IP addresses assigned to network interfaces. 'ifconfig' is deprecated, 'ip link' shows link-layer info, and 'hostname -I' only shows primary IPs.

57
Multi-Selectmedium

A Linux administrator is troubleshooting a slow web server. They suspect high disk I/O. Which TWO commands can be used to monitor disk I/O statistics?

Select 2 answers
A.free -h
B.iostat -x 1
C.vmstat 1
D.lsof
E.sar -b 1
AnswersB, E

iostat provides disk I/O utilization and performance metrics.

Why this answer

iostat directly reports disk I/O stats; sar can collect and report I/O statistics historically.

58
MCQmedium

A system administrator is investigating high disk I/O on a server. Which command can provide disk utilization statistics, including average wait time (await) and percentage of CPU time during which I/O requests were issued (%util)?

A.free -h
B.sar -b 1 5
C.iostat -x 1
D.vmstat 1 5
AnswerC

iostat -x provides extended disk stats including await and %util.

Why this answer

The `iostat` command reports disk I/O statistics including await and %util.

59
Multi-Selectmedium

An administrator needs to check the status of NetworkManager connections and devices. Which TWO commands provide this information?

Select 2 answers
A.nmcli device show
B.nmcli dev status
C.nmcli con show
D.ifconfig -a
E.ip link show
AnswersB, C

Shows device status (connected, disconnected, etc.).

Why this answer

The `nmcli dev status` command (option B) displays a summary of all NetworkManager-managed devices and their connection states, such as 'connected' or 'disconnected'. The `nmcli con show` command (option C) lists all configured connections (profiles) and their current status, including whether they are active. Together, these two commands provide the administrator with both device-level and connection-level status information required by the question.

Exam trap

The trap here is that candidates often confuse `nmcli device show` (detailed device info) with `nmcli dev status` (summary status), or assume that legacy commands like `ifconfig` or `ip link show` can report NetworkManager-specific connection states, which they cannot.

60
Multi-Selecthard

A system is running slowly and the administrator suspects a memory leak. Which THREE commands or tools can be used to analyze memory usage and identify processes consuming excessive memory? (Choose three.)

Select 3 answers
A.strace -p PID
B.ps aux --sort=-%mem
C.iostat -x
D.vmstat 1
E.free -h
AnswersB, D, E

ps lists processes sorted by memory usage.

Why this answer

free shows overall memory. ps can sort by RSS. vmstat shows memory stats. iostat is disk I/O. strace traces system calls, not memory usage directly.

61
MCQeasy

An administrator wants to test SMTP connectivity to a mail server without actually delivering an email. Which curl command is most appropriate?

A.curl --resolve mail.example.com:25:10.0.0.1 smtp://mail.example.com
B.curl -v smtp://mail.example.com:25
C.curl -o /dev/null smtp://mail.example.com
D.curl -I smtp://mail.example.com
AnswerB

curl can handle smtp:// and shows verbose output.

Why this answer

curl -v smtp://mail.example.com:25 connects to SMTP and shows handshake. -I sends HEAD, not SMTP. --resolve is for DNS override.

62
MCQhard

A technician suspects a process is leaking file descriptors. Which command can be used to list open files associated with a specific PID?

A.top -p PID
B.strace -p PID
C.ltrace -p PID
D.lsof -p PID
AnswerD

lsof -p lists open files for the process.

Why this answer

lsof -p PID lists open files for that process. strace traces system calls, ltrace library calls, and top shows resource usage.

63
MCQeasy

A technician wants to check the current IP address and subnet mask of the eth0 interface. Which command should they use?

A.nmcli dev show eth0
B.ip route show
C.ifconfig eth0
D.ip addr show dev eth0
AnswerD

Correct: ip addr shows IPv4/IPv6 addresses and masks.

Why this answer

The `ip addr show dev eth0` (or `ip addr`) displays IP addresses and subnet masks.

64
MCQmedium

A system is experiencing high load average. The administrator runs 'vmstat 1 5' and sees a high 'wa' value. What does this indicate?

A.High disk I/O wait
B.High memory swapping activity
C.High CPU usage by user processes
D.High network I/O
AnswerA

wa stands for I/O wait time.

Why this answer

The 'wa' column in vmstat output indicates the percentage of time the CPU is waiting for I/O operations to complete. A high 'wa' value means the CPU is idle because it is blocked waiting for disk I/O, which directly points to high disk I/O wait. This is a classic indicator of a storage bottleneck.

Exam trap

The trap here is that candidates confuse 'wa' with memory swapping or CPU usage, but vmstat columns are distinct: 'wa' is specifically I/O wait, while swapping is shown in 'si' and 'so', and CPU usage in 'us' and 'sy'.

How to eliminate wrong answers

Option B is wrong because high memory swapping activity is indicated by high 'si' (swap in) and 'so' (swap out) columns in vmstat, not the 'wa' column. Option C is wrong because high CPU usage by user processes is shown in the 'us' column, not 'wa'. Option D is wrong because high network I/O is not directly measured by vmstat; it would be diagnosed using tools like netstat or iftop, and 'wa' specifically reflects disk I/O wait, not network.

65
MCQeasy

Which command shows the IP address, link status, and other configuration details for all network interfaces on a Linux system?

A.nmcli dev status
B.cat /etc/network/interfaces
C.ip addr
D.ifconfig -a
AnswerC

Correct: ip addr displays interface configuration.

Why this answer

ip addr shows IP addresses and link information for all interfaces.

66
MCQmedium

A technician suspects that a DNS resolution issue is causing connectivity problems. Which command can be used to query the DNS server for an A record for 'example.com'?

A.traceroute example.com
B.dig example.com A
C.ping example.com
D.nslookup example.com A
AnswerB

dig queries DNS for A record.

Why this answer

The `dig` command is a flexible DNS lookup utility that can query specific record types. Using `dig example.com A` directly queries the DNS server for the IPv4 address (A record) of 'example.com', making it the correct choice for diagnosing DNS resolution issues.

Exam trap

Cisco often tests the distinction between commands that perform name resolution (like `ping` or `traceroute`) versus those that directly query DNS servers for specific record types, leading candidates to choose `ping` or `traceroute` when a DNS-specific query is needed.

How to eliminate wrong answers

Option A is wrong because `traceroute` traces the network path to a host but does not perform DNS queries for specific record types; it relies on the system's resolver for name resolution. Option C is wrong because `ping` tests network connectivity using ICMP echo requests and uses the system resolver to resolve names, but it cannot query for a specific DNS record type like an A record. Option D is wrong because `nslookup` can query DNS records, but the syntax `nslookup example.com A` is incorrect; the proper syntax is `nslookup -type=A example.com` or `nslookup` in interactive mode, and the given form will likely fail or return unexpected results.

67
MCQmedium

A server running RHEL 8 has intermittent network connectivity. The administrator wants to view the current DNS resolver configuration. Which file should be examined?

A./etc/sysconfig/network-scripts/ifcfg-eth0
B./etc/nsswitch.conf
C./etc/resolv.conf
D./etc/hosts
AnswerC

Contains nameserver IP addresses.

Why this answer

/etc/resolv.conf contains nameserver entries. /etc/nsswitch.conf defines order, /etc/hosts for static mapping, and /etc/sysconfig/network-scripts/ifcfg-* for interface config.

68
MCQhard

After a kernel panic, the system fails to boot. The administrator suspects a missing kernel module. Which command line should be added to the GRUB boot parameters to access a rescue shell and investigate?

A.systemd.unit=emergency.target
B.rd.break
C.single
D.nomodeset
AnswerB

rd.break stops before pivot_root, giving a shell to inspect initramfs.

Why this answer

Adding 'rd.break' breaks before pivot_root and drops to a shell for troubleshooting. 'single' boots to single-user mode but may not help if module is missing. 'emergency' is for systemd targets.

69
MCQmedium

A system administrator is troubleshooting a service that fails to start. They want to see the recent logs for that specific service unit. Which journalctl command should be used?

A.journalctl -k
B.journalctl -u service_name
C.tail -f /var/log/syslog
D.journalctl -p err
AnswerB

Correct: -u filters by unit.

Why this answer

The `-u` option in `journalctl` filters logs by the systemd unit name, allowing you to view recent logs specifically for a service. This is the correct approach when troubleshooting a service that fails to start, as it isolates the relevant log entries without noise from other system messages.

Exam trap

The trap here is that candidates may confuse `journalctl -u` with other common options like `-k` (kernel) or `-p` (priority), or fall back to legacy syslog commands like `tail -f /var/log/syslog`, which do not directly filter by systemd unit and may miss critical journal-only logs.

How to eliminate wrong answers

Option A is wrong because `journalctl -k` shows kernel messages only, not service-specific logs. Option C is wrong because `tail -f /var/log/syslog` is a traditional syslog command that does not filter by systemd unit and may not capture all journald entries, especially on systems using only journald. Option D is wrong because `journalctl -p err` filters by priority level (error and above), which may omit informational or debug messages that are crucial for diagnosing a startup failure.

70
MCQeasy

A user reports that they cannot access a web server at 192.168.1.100. The administrator wants to check if the server is reachable and measure round-trip time. Which command is most appropriate?

A.nmap -sn 192.168.1.100
B.traceroute 192.168.1.100
C.ping 192.168.1.100
D.ss -tlnp | grep 192.168.1.100
AnswerC

ping tests connectivity and shows RTT.

Why this answer

The `ping` command sends ICMP Echo Request packets to the target host and waits for ICMP Echo Reply packets, which directly tests reachability and measures round-trip time (RTT). This is the most appropriate tool for the administrator's stated goal of checking if the server is reachable and measuring RTT.

Exam trap

The trap here is that candidates confuse `nmap -sn` (host discovery) with connectivity testing and RTT measurement, or they think `traceroute` measures end-to-end RTT when it actually measures per-hop latency.

How to eliminate wrong answers

Option A is wrong because `nmap -sn` performs a ping sweep (ICMP, TCP SYN to port 443/80, or ARP) to discover live hosts, but it does not provide round-trip time measurements; it only reports whether the host is up. Option B is wrong because `traceroute` shows the path (hops) packets take to reach the destination and measures per-hop latency, not the end-to-end round-trip time to the server itself. Option D is wrong because `ss -tlnp` lists listening TCP sockets on the local system and cannot be used to test reachability to a remote host; it would not even accept an IP address as a filter in that syntax.

71
MCQmedium

A Linux administrator is troubleshooting a DNS resolution issue. They need to query the MX record for example.com using a specific DNS server at 8.8.8.8. Which command should they use?

A.dig MX example.com @8.8.8.8
B.host -t MX example.com 8.8.8.8
C.nslookup -type=MX example.com 8.8.8.8
D.ping -c 1 example.com
AnswerA

Correct: dig MX example.com @8.8.8.8 queries the MX record from the specified server.

Why this answer

dig @server type name queries a specific DNS server for the specified record type.

72
MCQmedium

A Linux administrator needs to find which process is using a specific file. Which command provides this information?

A.lsof /path/to/file
B.fuser /path/to/file
C.strace /path/to/file
D.ltrace /path/to/file
AnswerA

lsof shows processes that have the file open.

Why this answer

The `lsof` command (List Open Files) is the correct tool to identify which process is using a specific file. When invoked with a file path as an argument, `lsof` displays the PID, process name, and other details of any process that has the file open. This directly answers the administrator's need to find the process using that file.

Exam trap

The trap here is that candidates may confuse `fuser` with `lsof` because both can identify processes using a file, but `fuser` is less detailed and not the primary tool for this task in the exam context.

How to eliminate wrong answers

Option B is wrong because `fuser` identifies processes using a file or socket, but it outputs only PIDs by default, not process names or detailed information like `lsof` does; while it can work, `lsof` is the more comprehensive and standard command for this task. Option C is wrong because `strace` is a debugging tool that intercepts and records system calls made by a process, not a command to find which process is using a file. Option D is wrong because `ltrace` intercepts library calls, not system calls, and is used for debugging dynamic library interactions, not for identifying processes that have a file open.

73
MCQmedium

After modifying the network configuration on a RHEL 8 system using NetworkManager, what command should be used to apply the changes without restarting the network service?

A.nmcli connection reload
B.nmcli con up 'System eth0'
C.ifup eth0
D.systemctl restart NetworkManager
AnswerB

Brings up the connection with updated settings.

Why this answer

nmcli con up <connection> activates the connection with new settings. nmcli connection reload reloads from disk but does not apply to active connections.

74
Multi-Selecthard

A Linux system experiences intermittent network connectivity. The administrator suspects a faulty network cable or switch port. Which TWO of the following commands can provide information about link status, errors, and packet drops on the interface? (Choose TWO.)

Select 2 answers
A.ss -i
B.ip addr show eth0
C.ip link show eth0
D.ethtool eth0
E.tcpdump -i eth0
AnswersC, D

Shows state (UP/DOWN) and error counters.

Why this answer

ip link show displays link status and error counters; ethtool can show detailed link and error statistics.

75
MCQmedium

An administrator needs to check the kernel ring buffer for hardware error messages from the current boot. Which command displays this information?

A.vmstat -f
B.journalctl -k -b 0
C.cat /var/log/boot.log
D.dmesg
AnswerD

Correct: dmesg shows kernel ring buffer messages.

Why this answer

dmesg displays the kernel ring buffer, which includes hardware-related messages from the current boot.

Page 1 of 2 · 96 questions totalNext →

Ready to test yourself?

Try a timed practice session using only Lxp Troubleshooting questions.

CCNA Lxp Troubleshooting Questions — Page 1 of 2 | Courseiva