CCNA Network Troubleshooting Questions

75 of 104 questions · Page 1/2 · Network Troubleshooting topic · Answers revealed

1
MCQmedium

Users in a conference room frequently experience slow and dropping wireless connections. A site survey shows three other access points in the vicinity all using channel 6. Signal strength is adequate. What is the most likely cause?

A.Incorrect encryption settings
B.Co-channel interference
C.Incorrect SSID configured
D.Low antenna gain on the access points
AnswerB

Multiple APs on the same channel overlap, causing contention and retransmissions, which reduces throughput.

Why this answer

The correct answer is B because all three nearby access points are operating on channel 6, which causes co-channel interference. Even with adequate signal strength, overlapping basic service sets (BSSs) on the same channel lead to contention, increased collisions, and reduced throughput due to the CSMA/CA mechanism in 802.11 networks. This results in slow and dropping connections for users in the conference room.

Exam trap

The trap here is that candidates often assume signal strength is the only factor for wireless performance, but Cisco tests the understanding that co-channel interference can cause poor performance even with strong signals, especially when multiple APs share the same channel in a dense environment.

How to eliminate wrong answers

Option A is wrong because incorrect encryption settings (e.g., mismatched WPA2 keys) would prevent association or authentication entirely, not cause intermittent slow or dropping connections with adequate signal. Option C is wrong because an incorrect SSID configured would prevent clients from discovering or connecting to the network, not cause performance degradation after connection. Option D is wrong because low antenna gain on the access points would manifest as weak signal strength, but the site survey explicitly states signal strength is adequate, ruling out antenna gain issues.

2
MCQmedium

A network technician is troubleshooting an issue where users on VLAN 20 can access internal servers and the default gateway but cannot reach any external websites. The router's ACL is configured to permit all outbound traffic. What is the most likely cause of this issue?

A.The DNS server is unreachable from the VLAN
B.The DHCP server is not providing a default gateway
C.NAT is not configured or is misconfigured on the router
D.The switch port for the router is in the wrong VLAN
AnswerC

NAT is required to translate private VLAN IPs to a public IP for internet access. Even if ACLs permit traffic, without proper NAT, packets will not be forwarded to the internet. This matches the symptom of being able to reach internal resources but not external ones.

Why this answer

Since users can access internal servers and the default gateway, Layer 3 connectivity within the VLAN is working, and the router's ACL permits all outbound traffic. The inability to reach external websites while internal resources are reachable strongly indicates that Network Address Translation (NAT) is either not configured or misconfigured on the router. Without NAT, private IP addresses from VLAN 20 cannot be translated to a public IP, so return traffic from external web servers has no route back to the internal hosts.

Exam trap

CompTIA often tests the misconception that an ACL permitting all outbound traffic is sufficient for internet access, but without NAT, private IP addresses are not routable on the public internet, so the ACL alone cannot fix the issue.

How to eliminate wrong answers

Option A is wrong because if the DNS server were unreachable, users would typically get a 'DNS resolution failed' error, but they cannot reach any external websites at all, even by IP address; the scenario describes a complete inability to reach external destinations, not just name resolution failure. Option B is wrong because the DHCP server not providing a default gateway would prevent users from reaching the default gateway itself, but the question states they can access the default gateway and internal servers, so the gateway is correctly assigned. Option D is wrong because if the switch port for the router were in the wrong VLAN, users on VLAN 20 would not be able to reach the default gateway or internal servers on other VLANs, as inter-VLAN routing would be broken.

3
MCQmedium

A user reports that they cannot access the internet. The technician verifies the workstation has IP address 192.168.1.10 with subnet mask 255.255.255.0 and default gateway 192.168.1.1. The user can ping the default gateway successfully. Other users on the same subnet can access the internet. Which command should the technician run on the workstation to further isolate the issue?

A.ipconfig /all
B.netstat -r
C.tracert 8.8.8.8
D.nslookup google.com
AnswerB

Displays the routing table, allowing the technician to verify if a default route via 192.168.1.1 is present. Missing or incorrect routes can cause this issue.

Why this answer

The user can ping the default gateway (192.168.1.1), indicating Layer 2 and basic Layer 3 connectivity to the local router. However, other users on the same subnet can access the internet, so the issue is likely with the workstation's routing table. The 'netstat -r' command displays the IP routing table, allowing the technician to check for a missing or incorrect default route (e.g., destination 0.0.0.0 with gateway 192.168.1.1).

This isolates whether the workstation knows how to forward traffic beyond the local subnet.

Exam trap

Cisco often tests the misconception that 'ipconfig /all' is the first step for any connectivity issue, but here the technician already has the IP configuration, so the trap is to overlook that the routing table must be examined when local connectivity works but internet access fails.

How to eliminate wrong answers

Option A (ipconfig /all) is wrong because it displays detailed IP configuration (DHCP server, DNS, MAC address) but does not show the routing table; the technician already has the IP, subnet mask, and gateway from the initial verification. Option C (tracert 8.8.8.8) is wrong because it attempts to trace the route to an external host; if the routing table is broken, tracert will fail at the first hop or hang, but it does not directly reveal the routing table contents. Option D (nslookup google.com) is wrong because it tests DNS resolution; the user cannot access the internet, but the ping to the gateway succeeded, so the issue is not DNS but rather the lack of a proper route to forward packets beyond the local network.

4
MCQeasy

A user's workstation shows an IP address of 169.254.15.7 with a subnet mask of 255.255.0.0. The user cannot access any network resources. Which of the following is the most likely cause?

A.The DNS server is not responding
B.The DHCP server is unreachable
C.The subnet mask is incorrect
D.The default gateway is down
AnswerB

When a DHCP client cannot contact a DHCP server, it auto-configures with an APIPA address in the 169.254.0.0/16 range.

Why this answer

The IP address 169.254.15.7 with a /16 subnet mask is an Automatic Private IP Addressing (APIPA) address, assigned by Windows when a DHCP client fails to obtain a lease. This indicates the workstation cannot reach a DHCP server, so the most likely cause is that the DHCP server is unreachable.

Exam trap

The trap here is that candidates often confuse APIPA with a DNS or gateway issue, but APIPA specifically indicates DHCP failure, not a problem with higher-layer services or routing.

How to eliminate wrong answers

Option A is wrong because a non-responding DNS server would not cause the workstation to self-assign an APIPA address; DNS failures result in name resolution errors, not a complete loss of IP connectivity. Option C is wrong because the subnet mask 255.255.0.0 is correct for an APIPA address (169.254.0.0/16 per RFC 3927), so the mask itself is not the issue. Option D is wrong because a down default gateway would prevent access to remote networks but would not trigger APIPA assignment; the workstation would retain its DHCP-assigned IP and simply fail to route beyond the local subnet.

5
MCQeasy

A user reports that they cannot access the internet. The technician is able to ping the default gateway successfully but unable to ping a public IP address (e.g., 8.8.8.8). Which of the following is the most likely cause?

A.Incorrect DNS server configuration
B.The router's default route is missing or misconfigured
C.Duplicate IP address on the network
D.Faulty network interface card
AnswerB

A missing default route on the router prevents traffic destined for external networks from being forwarded beyond the local subnet.

Why this answer

Successful ping to the default gateway confirms Layer 2 and Layer 3 connectivity within the local subnet, but failure to ping a public IP like 8.8.8.8 indicates that traffic cannot leave the local network. This is most commonly caused by a missing or misconfigured default route on the router, which prevents the router from forwarding packets destined for external networks to the next-hop ISP gateway.

Exam trap

The trap here is that candidates often confuse DNS resolution with IP connectivity and incorrectly choose 'Incorrect DNS server configuration' when the question explicitly states a public IP address is being pinged, not a hostname.

How to eliminate wrong answers

Option A is wrong because DNS is used for name resolution, not for routing IP packets; the technician is pinging a public IP address directly, so DNS configuration is irrelevant to the failure. Option C is wrong because a duplicate IP address would cause intermittent connectivity or address conflict errors, but the technician can still successfully ping the default gateway, which would be unlikely if a duplicate IP existed on the same subnet. Option D is wrong because a faulty NIC would prevent all IP communication, including the successful ping to the default gateway, so it cannot be the cause when local connectivity is intact.

6
MCQmedium

A user reports that they cannot connect to a file server on the same subnet. The technician checks the workstation's IP configuration: IP 192.168.1.10, subnet mask 255.255.255.0, default gateway 192.168.1.1. The workstation can ping the gateway but cannot ping the file server at 192.168.1.50. Which of the following is the most likely cause?

A.A
B.B
C.C
D.D
AnswerC

The server being powered off or having its network cable disconnected would cause all traffic to fail, matching the symptoms.

Why this answer

The workstation can ping the gateway (192.168.1.1) but not the file server (192.168.1.50) on the same subnet. Since both are on the same subnet (192.168.1.0/24), the default gateway is irrelevant for local traffic; ARP is used to resolve the server's IP to its MAC address. The most likely cause is that the file server's firewall is blocking ICMP (ping) traffic, preventing the echo request from reaching the server or the reply from being sent.

Exam trap

The trap here is that candidates assume a failed ping means a network connectivity issue, but CompTIA often tests that a host firewall can block ICMP while allowing other traffic, so a ping failure does not necessarily indicate a broken path.

How to eliminate wrong answers

Option A is wrong because a misconfigured subnet mask (e.g., 255.255.255.0 is correct) would affect all local communication, but the workstation can ping the gateway, indicating the mask is valid. Option B is wrong because an incorrect default gateway does not prevent communication within the same subnet; local traffic uses ARP, not the gateway. Option D is wrong because a DNS resolution issue would affect name-based connectivity, but the user is connecting via IP address (192.168.1.50), so DNS is not involved.

7
MCQhard

A user at a branch office reports that they cannot connect to a file server at the main office. The branch office connects to the main office via a site-to-site VPN, and the VPN tunnel shows as active. The user can ping the main office's default gateway but not the file server. Which of the following should the technician check NEXT?

A.A) Check the routing tables on the branch router
B.B) Check the DNS resolution for the file server
C.C) Check the VPN encryption settings
D.D) Check the file server's antivirus software
AnswerA

Correct. The branch router may not have a route to the file server's subnet, or the main office router may not have a route back to the branch subnet. Verifying routing tables on both ends is essential.

Why this answer

The VPN tunnel is active and the user can ping the main office's default gateway, which confirms that Layer 3 connectivity exists across the tunnel. However, the file server is unreachable, indicating that the traffic destined for the file server's subnet is not being forwarded correctly. The next logical step is to check the routing tables on the branch router to ensure there is a specific route (or a default route) pointing to the VPN tunnel interface for the file server's network.

Without this route, the branch router may be dropping the packets or sending them out the wrong interface.

Exam trap

Cisco often tests the misconception that a 'tunnel up' status guarantees end-to-end connectivity, but the trap here is that routing misconfiguration can allow the tunnel to be established while specific subnets remain unreachable.

How to eliminate wrong answers

Option B is wrong because DNS resolution is not the issue; the user can ping the main office's default gateway, which shows IP connectivity is working, and a DNS failure would prevent name resolution but not a direct IP ping to the file server. Option C is wrong because the VPN tunnel is active and the user can reach the main office gateway, which proves that encryption settings are correctly negotiated; mismatched encryption would cause the tunnel to fail entirely or drop all traffic, not selectively block the file server.

8
MCQmedium

A user can ping the default gateway (192.168.1.1) but cannot ping the external IP address 8.8.8.8. Other users on the same subnet can ping 8.8.8.8 without issue. The user's IP configuration is correct: IP 192.168.1.10/24, default gateway 192.168.1.1, DNS 8.8.8.8. What is the most likely cause?

A.The computer's firewall is blocking outbound ICMP
B.The router is missing a default route to the internet
C.The DNS server is not resolving the hostname
D.The network cable is loose or faulty
AnswerA

Firewalls often block ICMP by default or may have been configured to do so. Since other users work, the problem is local to this machine.

Why this answer

The user can ping the default gateway (192.168.1.1) but not the external IP 8.8.8.8, while other users on the same subnet can ping 8.8.8.8 without issue. This isolates the problem to the user's specific host, not the network infrastructure. A local firewall on the user's computer blocking outbound ICMP (Internet Control Message Protocol) traffic would prevent ping to external IPs while still allowing local subnet communication, as ICMP is often restricted by default in some security policies.

Exam trap

The trap here is that candidates often assume a routing or DNS issue when the problem is host-specific, but the key clue is that other users on the same subnet succeed, pointing to a local host configuration or firewall problem rather than a network-wide fault.

How to eliminate wrong answers

Option B is wrong because if the router were missing a default route to the internet, no user on the subnet would be able to ping 8.8.8.8, but the question states other users can do so without issue. Option C is wrong because DNS resolution is not required for pinging an IP address directly (8.8.8.8); DNS is only needed when pinging a hostname, and the user is pinging an IP address.

9
MCQhard

Users at a remote branch office cannot access internet resources. The branch's edge router shows that the WAN interface is up. The default route is configured to point to next-hop 192.0.2.2, but the admin can successfully ping 192.0.2.1 from the router. What is the most likely cause?

A.The router's WAN interface is configured with the wrong subnet mask
B.The default route is missing or has an incorrect next-hop IP
C.NAT is not configured on the router
D.A firewall on the router is blocking outbound traffic
AnswerB

The router can reach the ISP's gateway IP (192.0.2.1), but the default route points to 192.0.2.2, which is not the correct next-hop. This prevents internet traffic from being forwarded properly.

Why this answer

The correct answer is B because the admin can ping 192.0.2.1 (the WAN interface IP) but not reach 192.0.2.2 (the next-hop), indicating that the default route is either missing or misconfigured. Since the WAN interface is up and the local IP is reachable, the issue is with the routing table entry pointing to the next-hop, not with the interface or subnet mask. Without a valid default route, the router cannot forward traffic destined for the internet.

Exam trap

The trap here is that candidates assume a successful ping to the WAN interface IP (192.0.2.1) means the WAN link is fully functional, but they overlook that the default route's next-hop (192.0.2.2) is a different address that must also be reachable for internet traffic to be forwarded.

How to eliminate wrong answers

Option A is wrong because if the WAN interface had the wrong subnet mask, the admin would likely be unable to ping 192.0.2.1 (the interface's own IP) or the interface would show as down; the fact that the interface is up and the local IP is reachable rules out a subnet mask mismatch. Option C is wrong because NAT is not required for basic internet reachability from the router itself; the router can route packets without NAT, and the issue is that the router has no valid path to forward traffic, not that it cannot translate addresses.

10
MCQhard

A user on VLAN 10 reports that they cannot access a file server on VLAN 20. The user can ping the default gateway (interface on the router) and other devices within VLAN 10. The router has an 'ip helper-address' for DHCP but no static routes or dynamic routing configured for inter-VLAN routing. The file server is correctly configured with an IP address in VLAN 20. What is the most likely cause of the communication failure?

A.The router is configured with an ACL that blocks traffic from VLAN 10 to VLAN 20
B.The router does not have a route to the VLAN 20 subnet
C.The switch port connecting the user to the network is configured with port security limiting MAC addresses
D.The file server has a firewall blocking ICMP ping requests
AnswerB

If the router has no directly connected interface for VLAN 20 (e.g., no subinterface or SVI), it does not have a route to that subnet. Without a route, packets from VLAN 10 to VLAN 20 are dropped.

Why this answer

The router has no route to the VLAN 20 subnet. Even though the router is directly connected to VLAN 20 via its subinterface, inter-VLAN routing requires the router to have a connected route in its routing table for that subnet. Without a route (either connected or static), the router cannot forward packets from VLAN 10 to VLAN 20.

The 'ip helper-address' only forwards DHCP broadcasts, not general traffic.

Exam trap

Cisco often tests the misconception that a router with an 'ip helper-address' can route between VLANs, when in fact it only forwards specific broadcast traffic and does not provide inter-VLAN routing without proper routing entries.

How to eliminate wrong answers

Option A is wrong because there is no mention of an ACL being configured; the question states no static routes or dynamic routing is configured, but does not mention ACLs, and an ACL would need to be explicitly applied to block traffic. Option C is wrong because port security limiting MAC addresses would prevent the user from communicating with any device, including the default gateway and other VLAN 10 devices, which the user can successfully ping.

11
MCQmedium

A user reports that their laptop is connected to the corporate Wi-Fi network but cannot access the internet. Other users in the same area are able to access the internet without issues. The laptop shows a valid IP address of 192.168.1.25/24 and the default gateway is 192.168.1.1. Which of the following should the technician check NEXT?

A.DNS server configuration on the laptop
B.DHCP server lease exhaustion
C.Access point channel utilization
D.Switch port status on the distribution switch
AnswerA

If DNS is misconfigured, the laptop will not be able to resolve domain names even though it has connectivity. This is a common isolated issue.

Why this answer

Since the laptop has a valid IP address (192.168.1.25/24) and default gateway (192.168.1.1), and other users can access the internet, the issue is isolated to this laptop. A common cause is incorrect or missing DNS server configuration, which prevents domain name resolution even though IP-level connectivity exists. The technician should verify the DNS server addresses in the laptop's IPv4 settings or run 'nslookup' to confirm resolution.

Exam trap

The trap here is that candidates assume a valid IP address and gateway mean full internet connectivity, overlooking that DNS misconfiguration is a classic isolated symptom where other users work fine.

How to eliminate wrong answers

Option B is wrong because DHCP server lease exhaustion would affect multiple users in the area, not just one laptop, and the laptop already has a valid IP address from the 192.168.1.0/24 subnet, indicating a lease was successfully assigned. Option C is wrong because access point channel utilization would cause performance degradation or connectivity issues for all users on that AP, not just a single laptop, and the laptop is already associated with the network.

12
MCQmedium

A user reports they can access internal servers and the default gateway but cannot reach external websites. The technician checks the router's ACL and finds a rule that permits all outbound traffic. What is the most likely cause?

A.DNS resolution failure
B.Incorrect default gateway
C.NAT configuration issue
D.Proxy server misconfiguration
AnswerC

NAT is required to translate private addresses to a public address for internet access. If NAT is not configured or malfunctioning, outbound traffic will not reach the internet even if the ACL permits it.

Why this answer

The user can access internal servers and the default gateway, indicating Layer 3 connectivity within the local network. However, external websites are unreachable. Since the ACL permits all outbound traffic, the issue is not a blocked outbound rule.

The most likely cause is a NAT configuration issue, such as missing or incorrect IP masquerading (PAT) on the router's outside interface, which prevents internal private IP addresses from being translated to a public IP address for internet access.

Exam trap

CompTIA often tests the misconception that an ACL permitting all outbound traffic guarantees internet access, when in fact NAT must be properly configured to translate private IP addresses to a routable public IP address for external reachability.

How to eliminate wrong answers

Option A is wrong because a DNS resolution failure would typically prevent domain names from resolving to IP addresses, but the user could still reach external websites by IP address; the symptom here is complete inability to reach external sites, and DNS is not required for IP-based access. Option B is wrong because an incorrect default gateway would prevent the user from reaching any external networks, but the user can already access internal servers and the default gateway itself, indicating the gateway is correctly configured for local routing. Option D is wrong because a proxy server misconfiguration could cause issues with web traffic, but the problem is at the router level (ACL checked), and the symptom affects all external websites, not just HTTP/HTTPS; NAT is a more fundamental requirement for internet access from private addresses.

13
MCQmedium

A user reports that they cannot access a web server at 10.0.1.200. The user can ping the server's IP address but cannot open the web page. The web server is known to be running and accessible from other users on the same subnet. What is the most likely cause?

A.Default gateway is misconfigured
B.ACL blocking port 80 or 443
C.DNS resolution failure
D.Duplicate IP address
AnswerB

ICMP is allowed but TCP traffic to the web server is blocked, which is typical of an ACL filtering specific ports.

Why this answer

The user can ping the server (ICMP works) but cannot access the web page, which indicates Layer 3 connectivity is fine but the specific TCP ports (80 for HTTP or 443 for HTTPS) are being blocked. An ACL applied on the server, a switch, or a router between the user and the server is the most likely cause, as it would permit ICMP echo requests while denying HTTP/HTTPS traffic. Other users on the same subnet can access the server, ruling out server-side or subnet-wide issues.

Exam trap

The trap here is that candidates assume a successful ping means full network connectivity, but ICMP and TCP are separate protocols that can be filtered independently by ACLs, so ping working does not guarantee web access.

How to eliminate wrong answers

Option A is wrong because a misconfigured default gateway would prevent the user from reaching any off-subnet destination, but the user can ping the server (which is on the same subnet) and the issue is specific to HTTP/HTTPS, not general connectivity. Option C is wrong because DNS resolution failure would prevent the user from resolving a hostname to an IP address, but the user is accessing the server by its IP address (10.0.1.200) and can ping it, so DNS is not involved. Option D is wrong because a duplicate IP address would cause intermittent connectivity or complete failure for both ping and HTTP, but the user can consistently ping the server and other users can access the web page, making a duplicate IP unlikely.

14
MCQeasy

A user reports that they can access a website by its IP address but not by its domain name. Which of the following is most likely the issue?

A.A) DNS resolution failure
B.B) Incorrect default gateway
C.C) Duplicate IP address
D.D) Corrupted TCP/IP stack
AnswerA

Correct. DNS is responsible for translating domain names to IP addresses; a failure in DNS will cause name resolution to fail while IP-based access works.

Why this answer

Accessing a website by IP address but not by domain name indicates that the client can reach the web server over the network, but the name-to-IP translation process is failing. This is a classic symptom of a DNS resolution failure, where the client cannot query or receive a valid A or AAAA record for the domain from its configured DNS server.

Exam trap

The trap here is that candidates often confuse DNS failure with a gateway or routing issue, but the ability to reach the server by IP proves Layer 3 connectivity is working, isolating the problem to the application layer name resolution process.

How to eliminate wrong answers

Option B is wrong because an incorrect default gateway would prevent traffic from leaving the local subnet entirely, making both IP and domain access fail. Option C is wrong because a duplicate IP address would cause intermittent connectivity or address conflict errors, but it would not selectively break domain name resolution while allowing IP-based access. Option D is wrong because a corrupted TCP/IP stack would cause general network communication failures, not a specific failure of DNS resolution while other IP-based traffic succeeds.

15
MCQmedium

A user reports that they cannot access an internal web server at http://intranet.company.local but can access other internet websites. The technician runs ping intranet.company.local and receives replies successfully. Which tool should the technician use next to isolate the issue?

A.nslookup
B.tracert
C.netstat
D.ipconfig
AnswerA

nslookup queries DNS servers to verify hostname-to-IP resolution, which is the most likely cause when ping succeeds but web access fails.

Why this answer

The technician can reach the server by IP (ping succeeds) but not by hostname (http://intranet.company.local), which points to a name resolution failure. nslookup is the correct next step because it queries DNS to verify whether the hostname resolves to the correct IP address, isolating the issue to DNS rather than connectivity or server availability.

Exam trap

The trap here is that candidates see successful ping replies and assume the server is fully reachable, overlooking that ping uses ICMP and bypasses hostname resolution if the IP is already cached or manually entered, while HTTP access depends on DNS resolving the hostname to the correct IP.

How to eliminate wrong answers

Option B (tracert) is wrong because it traces the network path to a destination, but since ping already succeeded, the path is functional and tracert would not reveal why the hostname fails to resolve. Option C (netstat) is wrong because it shows active connections, listening ports, and routing tables on the local machine, but it does not test name resolution or query DNS servers. Option D (ipconfig) is wrong because it displays local TCP/IP configuration (IP address, subnet mask, default gateway) but does not perform DNS lookups or test resolution of a specific hostname.

16
MCQhard

A network engineer is troubleshooting intermittent call drops on a VoIP deployment. The network uses separate VLANs for voice (VLAN 20) and data (VLAN 10). Switch ports connecting the IP phones are configured with the correct voice VLAN. Which of the following is the MOST likely cause to check NEXT?

A.Verify that QoS markings and queuing are configured on the switches and routers
B.Check the DNS server for the phone's name resolution
C.Replace the patch cables from the phones to the switches
D.Increase the DHCP lease time for the phones
AnswerA

QoS ensures voice traffic is prioritized over data. Without proper QoS on all network devices, voice packets can be dropped when the network is congested.

Why this answer

Intermittent call drops on a VoIP deployment with separate voice and data VLANs most likely stem from insufficient or misconfigured QoS markings and queuing. Voice traffic is sensitive to latency, jitter, and packet loss, which occur when data traffic competes for bandwidth without proper prioritization. Verifying that switches and routers have consistent QoS policies (e.g., marking with DSCP EF for RTP and queuing with strict priority) is the logical next step after ensuring the voice VLAN is correctly assigned.

Exam trap

CompTIA often tests the misconception that physical layer issues (like bad cables) are the primary cause of intermittent VoIP problems, when in fact intermittent drops are more commonly due to QoS misconfiguration in a converged network.

How to eliminate wrong answers

Option B is wrong because DNS name resolution is not directly involved in call continuity; phones typically use IP addresses or SIP URIs, and intermittent call drops are not caused by DNS failures. Option C is wrong because replacing patch cables addresses physical layer issues, which would cause complete connectivity loss or persistent errors, not intermittent call drops that are characteristic of congestion or QoS problems. Option D is wrong because increasing DHCP lease time prevents IP address expiration but does not affect real-time voice quality; intermittent call drops are not related to DHCP renewal intervals.

17
MCQmedium

A user reports intermittent connectivity on a laptop that moves between floors. The signal strength fluctuates. Which tool would best help identify signal interference and dead zones?

A.Cable tester
B.Multimeter
C.Spectrum analyzer
D.Protocol analyzer
AnswerC

A spectrum analyzer visualizes RF signals, helping to locate interference and weak signal areas.

Why this answer

A spectrum analyzer is the correct tool because it visualizes radio frequency (RF) energy across the 2.4 GHz and 5 GHz bands, allowing you to identify sources of interference (e.g., cordless phones, microwave ovens) and locate dead zones where signal strength drops below usable thresholds. Unlike other tools, it directly measures the RF environment rather than relying on logical-layer data.

Exam trap

The trap here is that candidates confuse a protocol analyzer (which sees logical traffic) with a spectrum analyzer (which sees physical RF energy), leading them to choose D because they think packet captures reveal interference, when in fact interference is invisible at the protocol level.

How to eliminate wrong answers

Option A is wrong because a cable tester is used to verify physical connectivity and wiring faults in copper or fiber cabling, not to analyze wireless RF interference or signal strength fluctuations. Option B is wrong because a multimeter measures electrical properties like voltage, current, and resistance in wired circuits, and cannot detect wireless signal interference or dead zones. Option D is wrong because a protocol analyzer (e.g., Wireshark) captures and decodes packets at Layer 2-7, but it cannot measure RF signal strength or identify non-802.11 interference sources.

18
MCQeasy

A user reports that they cannot access any company resources. The technician runs 'ipconfig' and sees that the workstation has an IP address of 169.254.100.25 with a subnet mask of 255.255.0.0. The technician also notices that the 'Default Gateway' is blank. What is the most likely cause?

A.The DNS server is not responding.
B.The DHCP server is unavailable or unreachable.
C.The workstation has a static IP address configured.
D.The network cable is unplugged.
AnswerB

APIPA is assigned when a DHCP client cannot contact a DHCP server; this is the most likely cause.

Why this answer

The IP address 169.254.100.25 with a subnet mask of 255.255.0.0 is an Automatic Private IP Addressing (APIPA) address, which Windows assigns when a DHCP client fails to obtain a lease. The blank Default Gateway confirms that no DHCP server responded, so the workstation cannot reach any company resources beyond its local subnet.

Exam trap

The trap here is that candidates often confuse APIPA with a link-local address caused by a physical cable issue, but APIPA requires the interface to be in a connected state; a disconnected cable would show no IP address or a 'Media disconnected' status in ipconfig.

How to eliminate wrong answers

Option A is wrong because a non-responsive DNS server would not cause the workstation to self-assign an APIPA address; DNS failures occur after IP configuration is complete, and the workstation would still have a valid DHCP lease. Option C is wrong because a static IP address would not produce a 169.254.x.x address; static configurations use user-defined addresses, not APIPA ranges. Option D is wrong because an unplugged network cable would typically result in a disconnected media state or a 'Media disconnected' message in ipconfig, not an APIPA address; APIPA is assigned only when the interface is physically up but cannot reach a DHCP server.

19
MCQmedium

A user reports that they can access the internet but cannot access the internal web server at 10.10.10.100. The technician can ping the server's IP from the router that serves as the user's default gateway. Which of the following is the MOST likely cause?

A.The server's default gateway is misconfigured
B.The user's workstation has a firewall blocking port 80
C.The router has a missing route to the server's network
D.The server's subnet mask is incorrect
AnswerA

If the server's default gateway is not the router that forwarded the request, the server can receive packets but cannot reply properly, causing a one-way communication failure.

Why this answer

The user can reach the internet but not the internal web server at 10.10.10.100, while the technician can ping that server from the router (the default gateway). This indicates that the router has a valid route to the server's network and the server is reachable from the router's perspective. The most likely cause is that the server's default gateway is misconfigured: the server does not know how to send return traffic back to the user's subnet, so the TCP handshake fails (the SYN-ACK never reaches the user).

Exam trap

The trap here is that candidates assume a successful ping from the router to the server means end-to-end connectivity is fine, but they overlook the fact that the server's return path to the user's subnet requires a correctly configured default gateway on the server itself.

How to eliminate wrong answers

Option B is wrong because a workstation firewall blocking port 80 would prevent the user from initiating outbound HTTP traffic, but the user can access the internet (which typically uses port 80/443), so a local firewall is not the issue. Option C is wrong because the technician can ping the server's IP from the router, which proves the router has a route to the 10.10.10.0/24 network; a missing route would cause the ping to fail.

20
MCQhard

A user's computer obtains an IP address from DHCP, can ping the default gateway, but cannot access any external websites. The technician runs 'tracert 8.8.8.8' from the user's computer. The first hop shows the default gateway with low latency, but the second hop shows a timeout. What is the most likely cause?

A.The user's computer firewall is blocking outbound web traffic.
B.The DNS server is not resolving domain names.
C.The router's default route pointing to the ISP is missing or incorrectly configured.
D.The ISP's DNS server is unreachable.
AnswerC

This is the most likely cause. The router can forward packets to the default gateway, but without a valid default route to the next hop ISP router, traffic cannot leave the local network.

Why this answer

The traceroute shows that the user's computer can reach the default gateway (first hop) but times out at the second hop, which is the ISP's router. This indicates that the local router does not have a valid default route pointing to the ISP, so it cannot forward traffic beyond the local subnet. Without a correct default route, packets destined for external networks (like 8.8.8.8) are dropped, even though the user's computer can ping the gateway and obtain an IP via DHCP.

Exam trap

The trap here is that candidates often confuse a DNS resolution failure with a routing failure, but the traceroute to an IP address bypasses DNS entirely, so the timeout at the second hop isolates the issue to the router's default route rather than DNS or the local firewall.

How to eliminate wrong answers

Option A is wrong because a local firewall blocking outbound web traffic would not cause a timeout at the second hop in a traceroute; the first hop would still succeed, but the firewall would drop the packets before they reach the gateway, or the traceroute would show a timeout at the first hop. Option B is wrong because DNS resolution is not tested by a traceroute to an IP address (8.8.8.8); the issue is with routing, not name resolution. Option D is wrong because the ISP's DNS server being unreachable would affect name resolution, but the traceroute to 8.8.8.8 uses an IP address, so DNS is not involved; the timeout at the second hop points to a routing problem, not a DNS issue.

21
MCQmedium

A user reports that they can access the company's intranet website by IP address but not by its hostname (intranet.company.local). A technician checks the DNS server and finds that the A record exists and returns the correct IP. However, the user's browser still cannot resolve the hostname. Which of the following is the most likely cause?

A.The DNS cache on the user's workstation is corrupt.
B.The web server's certificate is expired.
C.The default gateway is misconfigured.
D.The file server is overloaded.
AnswerA

A corrupt DNS cache can cause incorrect or failed name resolution locally, even if the server record is correct.

Why this answer

The user can access the intranet by IP but not by hostname, which indicates that name resolution is failing. Since the DNS server has the correct A record, the issue is likely on the client side. A corrupt DNS cache on the workstation can cause the browser to use stale or invalid cached data, preventing successful resolution even though the authoritative DNS server returns the correct IP.

Flushing the DNS cache with `ipconfig /flushdns` would resolve this.

Exam trap

CompTIA often tests the distinction between server-side DNS configuration and client-side caching; the trap here is that candidates see 'A record exists and returns correct IP' and assume the DNS is fully functional, overlooking the client's local cache as the source of the problem.

How to eliminate wrong answers

Option B is wrong because an expired web server certificate would cause a browser security warning (e.g., 'NET::ERR_CERT_DATE_INVALID') but would not prevent hostname resolution; the user would still be able to reach the server by IP or hostname and see the warning. Option C is wrong because a misconfigured default gateway would prevent all external and internal IP-based communication, not just hostname resolution; the user can already reach the intranet by IP, so the gateway is functioning. Option D is wrong because an overloaded file server would cause slow performance or timeouts when accessing files, but it would not interfere with DNS resolution or the browser's ability to resolve a hostname.

22
MCQmedium

A network technician is troubleshooting inter-VLAN routing. Hosts in VLAN 10 can communicate with hosts in VLAN 20, but cannot communicate with hosts in VLAN 30. All VLANs are configured on the same Layer 3 switch with SVIs. Which of the following should the technician verify FIRST?

A.VLAN 30 is not allowed on the trunk port to the switch.
B.The SVI for VLAN 30 is missing an IP address.
C.The default gateway on hosts in VLAN 10 is incorrect.
D.The routing table does not have a route to VLAN 30.
AnswerB

An SVI without an IP address cannot route traffic, which would prevent inter-VLAN communication for that VLAN.

Why this answer

Since all VLANs are configured on the same Layer 3 switch with SVIs, inter-VLAN routing occurs internally. Hosts in VLAN 10 can reach VLAN 20, proving the Layer 3 switch is routing correctly for those VLANs. The failure to reach VLAN 30 most likely indicates that the SVI for VLAN 30 is missing an IP address, which prevents the switch from having a local interface to route traffic to that subnet.

Exam trap

Cisco often tests the misconception that a missing VLAN on a trunk is the cause of inter-VLAN routing failure, but when all VLANs reside on the same Layer 3 switch, the SVI configuration is the first thing to verify.

How to eliminate wrong answers

Option A is wrong because if VLAN 30 were not allowed on the trunk port to the switch, hosts in VLAN 10 would not be able to communicate with VLAN 30 at all, but the question states all VLANs are on the same Layer 3 switch, so no trunk is involved for internal routing. Option C is wrong because if the default gateway on hosts in VLAN 10 were incorrect, they would not be able to communicate with any other VLAN, including VLAN 20, which they can reach successfully.

23
MCQmedium

A user reports that they can access a web server by its IP address (e.g., 10.10.10.50) but cannot access it by its domain name (e.g., server.example.com). The technician verifies that the DNS server is reachable and that the name resolves correctly from other workstations on the same subnet. Which of the following should the technician check NEXT?

A.Check the DNS cache on the user's workstation
B.Verify the default gateway configuration
C.Renew the DHCP lease
D.Disable the Windows Firewall
AnswerA

A corrupted or stale DNS cache can prevent a client from resolving a name even though the DNS server is functional. Flushing the cache often resolves the issue.

Why this answer

The user's workstation can reach the web server by IP but not by domain name, while other workstations resolve the name correctly. This strongly suggests a local DNS resolution issue specific to that workstation, such as a corrupted or stale DNS cache. Flushing the DNS cache with `ipconfig /flushdns` is the logical next step before investigating broader network or firewall issues.

Exam trap

CompTIA often tests the distinction between connectivity issues (routing, firewall) and name resolution issues; the trap here is that candidates jump to checking the default gateway or firewall because they think 'can't reach the website,' but the symptom of IP working while domain fails points directly to the local DNS cache or resolver configuration.

How to eliminate wrong answers

Option B is wrong because the default gateway is only involved in routing traffic to other subnets; since the user can reach the server by IP (and the server is likely on the same subnet given the 10.10.10.x address), the gateway is not relevant. Option C is wrong because renewing the DHCP lease would obtain new IP configuration (including DNS server addresses), but the technician already verified the DNS server is reachable and resolves correctly for other workstations, so the issue is not with DHCP-assigned DNS settings. Option D is wrong because disabling the Windows Firewall is a broad and insecure step; the user can already communicate with the server by IP, so a firewall rule blocking DNS or HTTP is unlikely, and the problem is specifically name resolution, not connectivity.

24
MCQmedium

A user reports that they can access internal resources such as file shares and printers by name, but they cannot access any external websites. The technician checks the IP configuration and finds the workstation has a valid IP address, subnet mask, default gateway, and DNS server addresses. The technician can successfully ping the default gateway and an external IP address like 8.8.8.8. Which of the following should the technician check NEXT?

A.Perform a traceroute to the external website to identify the point of failure.
B.Verify that the DNS server can resolve external domain names.
C.Check the Windows Firewall on the workstation to ensure it is not blocking outbound HTTP traffic.
D.Renew the DHCP lease on the workstation.
AnswerB

The user can access internal resources by name and can reach external IPs, so the DNS server must be able to resolve external names. If the DNS server is not configured to forward queries or is using a root hint that fails, this would explain the symptom.

Why this answer

The user can access internal resources by name and can ping an external IP address (8.8.8.8), which confirms that IP routing, the default gateway, and basic network connectivity are working. The inability to access external websites by name, despite having DNS server addresses configured, points directly to a DNS resolution failure for external domains. Therefore, the next logical step is to verify that the configured DNS server can resolve external domain names, such as by using `nslookup` or `dig` to query a public domain like google.com.

Exam trap

The trap here is that candidates assume a successful ping to an external IP means all network layers are fine, but they overlook that DNS resolution is a separate service that can fail independently, leading them to waste time on traceroute or firewall checks.

How to eliminate wrong answers

Option A is wrong because performing a traceroute to an external website requires the hostname to be resolved first; since DNS resolution is failing, traceroute will fail immediately and not identify the point of failure. Option C is wrong because the Windows Firewall would block all outbound HTTP traffic, not just to external websites; the user can already access internal resources by name, and pinging an external IP works, so a firewall rule blocking outbound HTTP is inconsistent with the symptom of only failing on external name resolution.

25
MCQeasy

A user reports that they can browse to a website by typing its IP address (e.g., 93.184.216.34) but cannot access it by typing the domain name (e.g., www.example.com). The user's workstation receives IP configuration via DHCP. Which of the following is the most likely cause?

A.The default gateway is misconfigured.
B.The DNS server address is incorrect or unreachable.
C.The web server's SSL certificate is expired.
D.The workstation's hosts file has an incorrect entry.
AnswerB

The user can access resources by IP but not by name, which is a classic symptom of DNS failure. The technician should verify that the DNS server settings are correct and that the DNS server is reachable from the workstation.

Why this answer

The user can reach the website by IP address but not by domain name, which isolates the issue to name resolution. DNS translates domain names to IP addresses; if the DNS server address provided by DHCP is incorrect or unreachable, the workstation cannot resolve www.example.com to 93.184.216.34. This is the most likely cause because all other connectivity (default gateway, web server) is confirmed working by the successful IP-based access.

Exam trap

The trap here is that candidates confuse a DNS failure with a gateway or web server issue, but the key clue is that IP-based access works, which eliminates routing and server problems and points squarely to name resolution.

How to eliminate wrong answers

Option A is wrong because a misconfigured default gateway would prevent all off-subnet traffic, including the successful IP-based access to 93.184.216.34, so the user would not be able to browse at all. Option C is wrong because an expired SSL certificate would cause a browser security warning or HTTPS failure, but it would not prevent the initial TCP connection or HTTP access; the user can still reach the site by IP, indicating the web server is reachable and the certificate issue is unrelated to name resolution.

26
MCQmedium

A network technician is troubleshooting communication between two switches. The trunk link between them is up, and both switches have the same list of allowed VLANs. However, devices in VLAN 10 on one switch cannot communicate with devices in VLAN 10 on the other switch. What is the MOST likely cause of this issue?

A.Native VLAN mismatch
B.Speed or duplex mismatch
C.Spanning Tree Protocol blocking the port
D.VLAN 10 is not created on one of the switches
AnswerA

If the native VLAN configured on the trunk interfaces differs between the switches, traffic for that VLAN may not pass correctly.

Why this answer

A native VLAN mismatch is the most likely cause because when two switches have different native VLANs configured on a trunk, they will incorrectly tag or fail to tag frames for that VLAN. In this scenario, devices in VLAN 10 cannot communicate because the native VLAN frames (which are sent untagged) are being dropped or misinterpreted by the receiving switch, even though both switches list VLAN 10 as allowed. The trunk is up and the allowed VLAN list matches, so the issue points directly to a mismatch in the native VLAN configuration.

Exam trap

CompTIA often tests the native VLAN mismatch scenario by presenting a trunk that is up and has matching allowed VLANs, leading candidates to overlook the native VLAN configuration and incorrectly choose options like STP blocking or VLAN not created.

How to eliminate wrong answers

Option B is wrong because a speed or duplex mismatch would cause physical-layer errors, CRC errors, or interface resets, but the trunk link is reported as up and the issue is isolated to VLAN 10 communication, not all traffic. Option C is wrong because if Spanning Tree Protocol were blocking the port, the trunk link would not be in an up/up state; STP blocking would prevent all traffic on the port, not just VLAN 10. Option D is wrong because the question states both switches have the same list of allowed VLANs, which implies VLAN 10 is created on both switches; if it were missing, the allowed list would not match.

27
MCQeasy

A technician is troubleshooting a user's inability to reach a specific website. The user can reach other websites without issue. The technician runs nslookup on the user's workstation and receives the correct IP address for the website. However, a ping to that IP address fails. Which of the following is the most likely cause?

A.The default gateway is misconfigured.
B.The website server is blocking ICMP requests.
C.The DNS server is not resolving the domain name.
D.The subnet mask is incorrect.
AnswerB

Many servers disable ICMP echo replies for security, but HTTP traffic can still function. Since DNS resolves correctly but ping fails, ICMP is likely blocked.

Why this answer

Since nslookup returns the correct IP address, DNS resolution is working. The ping fails despite a valid IP, which indicates that the destination server is reachable at the network layer but is not responding to ICMP echo requests. Many web servers are configured to block ICMP to reduce attack surface or prevent reconnaissance, which is a common security practice.

Exam trap

The trap here is that candidates assume a failed ping means the host is unreachable, ignoring that ICMP can be blocked independently of the application traffic the user is trying to access.

How to eliminate wrong answers

Option A is wrong because a misconfigured default gateway would prevent all external traffic, not just a single website, and the user can reach other websites. Option C is wrong because nslookup successfully resolves the domain to the correct IP, proving DNS is functioning properly. Option D is wrong because an incorrect subnet mask would cause local connectivity issues or inability to reach any remote hosts, not a failure specific to one website.

28
MCQmedium

A user reports that they can access the internet but cannot connect to an internal file server at IP address 192.168.1.50. The technician successfully pings the file server's IP address from the user's workstation. The file server is on the same subnet as the user. What is the most likely cause of this issue?

A.The file server has an incorrect default gateway configured.
B.The user's workstation has an incorrect DNS server configured.
C.The file server's firewall is blocking the file-sharing protocol while allowing ICMP.
D.The user's workstation has a duplicate IP address assigned.
AnswerC

This is the most likely cause. The file server's firewall may permit ping (ICMP) but block the specific application port (e.g., TCP 445), which stops the file share connection while allowing ping to succeed.

Why this answer

The technician can ping the file server (ICMP success) but the user cannot connect to it using the file-sharing protocol (e.g., SMB on TCP/445). This indicates network-layer reachability is fine, but the application-layer service is blocked. The most likely cause is the file server's host-based firewall (e.g., Windows Defender Firewall) allowing ICMP Echo Requests while blocking inbound SMB traffic, which is a common misconfiguration.

Exam trap

The trap here is that candidates assume a successful ping guarantees full connectivity, but ICMP and application traffic use different protocols and ports, so a firewall can block one while allowing the other.

How to eliminate wrong answers

Option A is wrong because the file server is on the same subnet as the user, so a default gateway is not required for local communication; ARP resolves the IP to MAC directly without routing. Option B is wrong because DNS is used for name resolution, but the user is connecting to the file server by IP address (192.168.1.50), so an incorrect DNS server would not affect the connection.

29
MCQmedium

A user reports that they can access internal websites but cannot access any external websites. Other users in the same subnet can access external sites. The user's IP configuration shows a correct IP, subnet mask, and default gateway. What is the most likely cause?

A.The DNS server is not reachable.
B.The proxy server settings are incorrect.
C.The default gateway is misconfigured.
D.The web browser has a corrupted cache.
AnswerB

Incorrect proxy settings (e.g., pointing to a non-existent or wrong proxy) would prevent external access while allowing internal access if the proxy is bypassed for internal addresses. This is a common client-specific issue.

Why this answer

The user can access internal websites but not external ones, while other users in the same subnet have no issues. This points to a client-specific configuration problem rather than a network-wide issue. Incorrect proxy server settings on the user's machine can prevent external HTTP/HTTPS traffic from being routed correctly, even though internal traffic (which may bypass the proxy) works fine.

Exam trap

CompTIA often tests the distinction between network-layer issues (like default gateway or DNS) and application-layer issues (like proxy configuration), leading candidates to incorrectly choose DNS or gateway problems when the symptom is isolated to a single user with correct IP settings.

How to eliminate wrong answers

Option A is wrong because if the DNS server were unreachable, the user would likely be unable to resolve both internal and external domain names, but they can access internal websites, indicating DNS resolution is working for internal resources. Option C is wrong because the default gateway is confirmed correct in the user's IP configuration, and other users in the same subnet with the same gateway can access external sites, ruling out a gateway misconfiguration. Option D is wrong because a corrupted browser cache typically causes display or loading issues for specific pages, not a complete inability to access all external websites while internal access remains unaffected.

30
MCQmedium

A technician is troubleshooting a user's inability to connect to a server. The technician runs 'tracert' from the user's workstation and sees that traffic stops at a particular router. The last hop shows a timeout. Which of the following is the most likely cause?

A.The destination server is powered off.
B.The router is blocking ICMP echo requests.
C.There is a routing loop.
D.The next hop router is unreachable from that router.
AnswerD

If the router cannot reach the next hop, it cannot forward packets further, causing tracert to hang at that router.

Why this answer

The 'tracert' command relies on ICMP Time Exceeded messages from intermediate routers to map the path. When traffic stops at a particular router and the next hop shows a timeout, it indicates that the router cannot forward the packet to the next hop, meaning the next hop router is unreachable. This is the most direct cause because the traceroute fails to receive a response from the next hop, not because the destination is off or ICMP is blocked.

Exam trap

The trap here is that candidates often confuse a timeout caused by ICMP filtering (Option B) with a true connectivity failure, but ICMP filtering would cause timeouts at the filtering router itself, not at the next hop, and traceroute uses different ICMP types that are often permitted even when echo requests are blocked.

How to eliminate wrong answers

Option A is wrong because if the destination server were powered off, the traceroute would still show successful hops up to the last router before the destination, and the final hop would timeout, not a middle hop. Option B is wrong because if the router were blocking ICMP echo requests, the traceroute would still receive ICMP Time Exceeded messages from that router (since those are different ICMP types), and the timeout would occur at the next hop, not at the blocking router. Option C is wrong because a routing loop would cause traceroute to show repeated hops with increasing TTL values, not a single timeout at a specific router; the TTL would expire at the same router repeatedly.

31
MCQmedium

A user reports that they can connect to the internet by IP address but cannot access any websites by domain name. Which command-line tool should a technician use first to isolate the issue?

A.ping
B.nslookup
C.tracert
D.netstat
AnswerB

Nslookup is designed to query DNS servers and can verify that domain names are being resolved correctly.

Why this answer

The user can reach the internet by IP address but not by domain name, which indicates a DNS resolution failure. The `nslookup` command queries DNS servers directly to test name resolution, making it the correct first step to isolate whether the issue is with the DNS server, the client's DNS configuration, or a network path to the DNS server.

Exam trap

The trap here is that candidates often choose `ping` first because it is the most familiar troubleshooting tool, but the symptom of working IP connectivity with failed domain resolution specifically points to DNS, making `nslookup` the targeted diagnostic command.

How to eliminate wrong answers

Option A (ping) is wrong because ping tests basic IP connectivity using ICMP echo requests; since the user can already connect by IP address, ping would succeed and not reveal the DNS problem. Option C (tracert) is wrong because tracert traces the Layer 3 path to a destination using ICMP TTL-exceeded messages; it would show a working route to the IP but cannot diagnose DNS resolution failures. Option D (netstat) is wrong because netstat displays active network connections, routing tables, and interface statistics; it does not perform DNS queries or test name resolution.

32
MCQmedium

A network technician notices that a switch port connected to a user's computer is showing a high number of CRC errors and late collisions. The link is operating at 100 Mbps, full duplex according to the switch. Which of the following is the most likely cause of these errors?

A.Cable length exceeds 100 meters
B.Duplex mismatch
C.Faulty switch port
D.Electromagnetic interference
AnswerB

If the computer is running at half duplex while the switch is at full duplex, collisions occur when both try to send simultaneously, leading to late collisions and CRC errors.

Why this answer

CRC errors and late collisions in a full-duplex link are classic symptoms of a duplex mismatch. When one side is set to full duplex and the other to half duplex, the half-duplex side does not sense the carrier before transmitting, leading to collisions that are detected late in the frame. The switch reports full duplex, so the user's NIC is likely stuck at half duplex, causing these errors.

Exam trap

Cisco often tests the misconception that CRC errors alone indicate a cabling issue, but the presence of late collisions alongside CRC errors is the key indicator of a duplex mismatch, not a cable length problem.

How to eliminate wrong answers

Option A is wrong because excessive cable length (beyond 100 meters for 100BASE-TX) primarily causes attenuation and signal degradation, leading to CRC errors but not late collisions; late collisions specifically indicate a timing issue with collision detection, which is absent in full-duplex links. Option C is wrong because a faulty switch port would typically show a broader range of errors (e.g., runts, giants, or interface resets) and often cause complete link drops or flapping, not the specific combination of CRC errors and late collisions that points to a duplex mismatch.

33
MCQhard

Users in VLAN 10 cannot obtain IP addresses from the DHCP server located in VLAN 20. The router interface for VLAN 10 has an ip helper-address 192.168.20.5 command configured, and users can ping the DHCP server IP (192.168.20.5) from the router. However, users receive APIPA addresses. What is the most likely cause?

A.The DHCP server does not have a scope configured for the 192.168.1.0/24 subnet (VLAN 10)
B.The router's ip helper-address is configured on the wrong interface
C.The switch port connecting users is configured as a trunk instead of an access port
D.The router's ACL is blocking DHCP offers from the server
AnswerA

The DHCP server uses the gateway IP (giaddr) in the relayed packet to determine which scope to use. Without a matching scope, the server does not respond.

Why this answer

The ip helper-address command on the router correctly forwards DHCPDISCOVER broadcasts from VLAN 10 to the DHCP server at 192.168.20.5. Since users can ping the server from the router, Layer 3 connectivity exists. However, the DHCP server must have a scope (or address pool) for the subnet of the requesting clients (192.168.1.0/24) to offer an IP address; without it, the server ignores the request, and clients fall back to APIPA (169.254.x.x).

Exam trap

CompTIA often tests the misconception that ip helper-address alone guarantees DHCP success, but the trap is that the DHCP server must have a scope matching the client's subnet (identified by the giaddr) to issue an address.

How to eliminate wrong answers

Option B is wrong because the ip helper-address is correctly placed on the VLAN 10 interface (the ingress interface for DHCP broadcasts from clients), which is the standard configuration. Option C is wrong because a trunk port would not prevent DHCP; it would carry multiple VLANs but still allow client traffic in VLAN 10, and APIPA indicates no DHCP response, not a VLAN mismatch. Option D is wrong because if an ACL were blocking DHCP offers (UDP port 67/68), the router would still forward the client's DISCOVER, but the server's OFFER would be dropped; however, the question states users can ping the server from the router, implying no ACL is blocking return traffic, and the server's lack of a scope is the more direct cause.

34
MCQhard

Two routers are configured with OSPF in the same area, but they do not form an adjacency. Router A shows OSPF state EXSTART, and Router B shows state EXSTART. Which of the following is the most likely cause?

A.The OSPF Hello and Dead intervals are mismatched
B.The OSPF area IDs are different
C.The MTU is mismatched between the two routers
D.The network type is misconfigured (e.g., one side is broadcast, the other is point-to-point)
AnswerC

If the MTU size differs, the DBD packets exchanged in ExStart may be too large for one interface, causing the router to reject them and remain stuck in ExStart state.

Why this answer

When OSPF routers are stuck in the EXSTART state, it indicates that they have progressed past the 2-Way and ExStart phases but are unable to exchange Database Description (DBD) packets. The most common cause is an MTU mismatch, because OSPF will not proceed to the Exchange state if a DBD packet exceeds the interface MTU of the neighbor. This causes the routers to continuously renegotiate the master/slave relationship without completing the exchange.

Exam trap

CompTIA often tests the MTU mismatch trap by having candidates confuse it with Hello/Dead interval mismatches, but the key clue is that both routers are stuck in EXSTART, not in INIT or 2-Way.

How to eliminate wrong answers

Option A is wrong because mismatched Hello/Dead intervals prevent OSPF neighbors from reaching the 2-Way state, not EXSTART; the routers would remain stuck in the INIT or DOWN state. Option B is wrong because mismatched area IDs prevent the formation of any adjacency at all, as OSPF routers will not even send Hello packets to neighbors in a different area; they would not reach EXSTART. Option D is wrong because a network type mismatch (e.g., broadcast vs. point-to-point) typically causes the routers to get stuck in the EXSTART state, but this is less common than MTU mismatch and often manifests as a neighbor state of EXSTART/EXCHANGE with repeated retransmissions; however, the most likely cause in this scenario is MTU mismatch, as it is a frequent and direct cause of EXSTART stalling.

35
MCQeasy

A user can ping the default gateway (192.168.1.1) but cannot access the internet (e.g., ping 8.8.8.8 fails). The user's IP is correctly configured as 192.168.1.10/24. What should the technician check next?

A.Check the PC's DNS server settings
B.Verify the subnet mask on the PC
C.Check the router's default route configuration
D.Examine the switch port VLAN assignment
AnswerC

The router must have a default route to forward traffic to the internet. Without it, packets destined for external networks will be dropped.

Why this answer

Since the user can ping the default gateway (192.168.1.1), Layer 2 and Layer 3 connectivity within the local subnet is working, and the PC's IP configuration is correct. The failure to reach 8.8.8.8 indicates that the router does not have a valid path to external networks, which is typically provided by a default route (0.0.0.0/0). Checking the router's default route configuration is the logical next step because without it, the router cannot forward traffic destined for non-local networks.

Exam trap

Cisco often tests the distinction between local connectivity (pinging the gateway) and external connectivity (pinging a public IP), where candidates mistakenly jump to DNS or subnet mask issues instead of recognizing the router's lack of a default route as the root cause.

How to eliminate wrong answers

Option A is wrong because DNS server settings are irrelevant when testing connectivity via a direct IP address like 8.8.8.8; DNS is only needed for name resolution, not for IP-level reachability. Option B is wrong because the subnet mask is already correctly configured as /24 (255.255.255.0), and if it were misconfigured, the user would likely not be able to ping the default gateway either, as the PC would not consider the gateway to be on the same subnet.

36
MCQmedium

A technician connects a user's workstation to a switch port. The cable passes a physical test, and the switch port LED is green, but the workstation cannot establish a network connection. What is the most likely cause?

A.Incorrect VLAN assignment on the switch port
B.Duplex mismatch between the workstation and the switch
C.The workstation has a static IP address in the wrong subnet
D.A faulty cable
AnswerB

A duplex mismatch can cause severe frame errors and prevent successful communication even though the physical link is up.

Why this answer

A duplex mismatch occurs when one side of a link is set to full-duplex and the other to half-duplex, often due to a failed autonegotiation. Even though the cable passes a physical test and the switch port LED is green (indicating link at Layer 1), the mismatch causes excessive collisions and frame errors at Layer 2, preventing successful network communication. The workstation cannot establish a connection because the switch and NIC are not coordinating their transmission/reception timing correctly.

Exam trap

Cisco often tests duplex mismatch by pairing a green link LED (Layer 1 OK) with a complete lack of connectivity, tricking candidates into thinking the issue must be at Layer 3 (IP addressing) or Layer 2 (VLAN), when the real problem is a Layer 2 duplex negotiation failure that corrupts frames without breaking the physical link.

How to eliminate wrong answers

Option A is wrong because an incorrect VLAN assignment would still allow the switch port to show a green LED and the workstation to obtain a link, but the workstation would likely be unable to communicate with devices outside its VLAN; however, the question states the workstation cannot establish any network connection, and a VLAN mismatch typically results in connectivity to specific subnets rather than a complete failure. Option C is wrong because a static IP address in the wrong subnet would still allow Layer 2 connectivity (the switch port LED would be green and the cable test would pass), but the workstation would be able to send frames to the default gateway if ARP resolves; the complete inability to establish a connection points to a Layer 1/2 issue, not an IP addressing problem.

37
MCQmedium

A user reports that their workstation cannot connect to the network. The technician checks the IP configuration and sees that the workstation has an IP address of 169.254.25.110. The DHCP server is operational and has available addresses. The switch port connected to the workstation shows a solid green link light. What should the technician check NEXT?

A.Check the DNS server configuration.
B.Replace the network cable between the wall jack and the workstation.
C.Check the switch port configuration for security features such as DHCP snooping or port security.
D.Verify the default gateway setting on the workstation.
AnswerC

Security features on the switch port may be blocking DHCP discovery messages or responses, causing the workstation to receive no offer and fall back to APIPA. This is the most logical next step.

Why this answer

The workstation has an APIPA address (169.254.x.x), which indicates it failed to obtain a DHCP lease. Since the DHCP server is operational and has available addresses, the issue likely lies with the switch port configuration. Security features such as DHCP snooping or port security can block DHCP traffic or limit the number of MAC addresses, preventing the workstation from receiving a valid IP address.

Checking the switch port configuration is the logical next step.

Exam trap

The trap here is that candidates often assume a link light guarantees full connectivity and jump to DNS or gateway issues, but Cisco tests the understanding that APIPA addresses specifically indicate DHCP failure, and the next step is to investigate Layer 2 security features that could block DHCP traffic.

How to eliminate wrong answers

Option A is wrong because DNS server configuration is irrelevant when the workstation has not obtained a valid IP address; DNS resolution requires a valid IP and default gateway. Option B is wrong because the solid green link light indicates the physical layer (cable and link) is functioning correctly, so replacing the cable is unlikely to resolve the DHCP issue. Option D is wrong because verifying the default gateway is premature; the workstation first needs a valid IP address from DHCP, and the APIPA address indicates the DHCP process failed.

38
MCQmedium

A network technician is troubleshooting an intermittent link between two switches connected via single-mode fiber. The interface logs show frequent 'link up / link down' events, sometimes several times per hour. The technician has verified that the SFPs are compatible and the fiber cable is within distance specifications. Which of the following is the most likely cause of the issue?

A.Electromagnetic interference (EMI) from nearby power cables
B.Dirty or contaminated fiber connectors
C.Mismatched VLAN configurations on the switches
D.Duplex mismatch between the two switch ports
AnswerB

Contamination on fiber end-faces can attenuate the optical signal, causing intermittent connections. Cleaning the connectors often resolves such issues.

Why this answer

Intermittent link flaps on single-mode fiber, despite compatible SFPs and correct distance, are most often caused by dirty or contaminated fiber connectors. Even microscopic dust or oil on the end face can scatter light, causing signal loss that triggers the switch's optical receiver to lose sync and flap the link. This matches the symptom of frequent 'link up / link down' events without any configuration mismatch.

Exam trap

The trap here is that candidates assume fiber is immune to physical-layer issues and jump to configuration problems like duplex mismatch or EMI, but CompTIA often tests the fact that fiber connectors are the most common source of intermittent link flaps due to contamination.

How to eliminate wrong answers

Option A is wrong because single-mode fiber is immune to electromagnetic interference (EMI) — fiber uses light, not electrical signals, so nearby power cables cannot induce noise. Option C is wrong because mismatched VLAN configurations would cause traffic to be dropped or misrouted, but they would not cause the physical link to go up and down; the interface would remain up. Option D is wrong because duplex mismatch is impossible on fiber optic links — both 1000BASE-LX and 10GBASE-LR operate at full duplex only, and auto-negotiation is not used for speed/duplex on fiber; the link would either fail to come up or run with errors, not flap repeatedly.

39
MCQeasy

A user reports that they cannot connect to a file server on the same subnet. The technician checks the IP configuration and sees an IP address of 169.254.5.10. What is the most likely cause?

A.The DHCP server is unreachable
B.The default gateway is misconfigured
C.The DNS server is down
D.The file server is offline
AnswerA

APIPA addresses are assigned when DHCP fails, so the DHCP server is unreachable.

Why this answer

The IP address 169.254.5.10 is an Automatic Private IP Addressing (APIPA) address from the 169.254.0.0/16 range, which Windows assigns when a DHCP client fails to obtain a lease from a DHCP server. Since the user is on the same subnet as the file server, a missing default gateway or DNS server would not prevent local connectivity, but the inability to reach the DHCP server indicates a broader network issue that also prevents the client from obtaining a valid IP address.

Exam trap

The trap here is that candidates often confuse APIPA with a DNS or gateway issue, but APIPA specifically indicates a DHCP failure, and local subnet connectivity does not require a gateway or DNS to function.

How to eliminate wrong answers

Option B is wrong because a misconfigured default gateway only affects traffic destined for other subnets, not local subnet communication; the user can still connect to a file server on the same subnet with a valid IP address. Option C is wrong because DNS resolution is not required for IP-based connections to a file server on the same subnet; the user could connect using the server's IP address directly even if DNS is down.

40
MCQmedium

A technician is troubleshooting a connectivity issue. A client can successfully ping its default gateway but cannot ping a server located on a different subnet. The router's routing table shows a valid route to the server's network. What should the technician check NEXT?

A.The ACL applied to the router interface
B.The DNS resolution for the server
C.The ARP cache on the client
D.The duplex settings on the client NIC
AnswerA

An ACL might be blocking the traffic even though a valid route exists. ACLs are evaluated after the routing decision.

Why this answer

Since the client can ping its default gateway but not a server on a different subnet, Layer 3 routing is working (the router has a valid route). The most likely cause is an ACL on the router interface that is blocking traffic to the server's network. ACLs filter traffic based on source/destination IP, protocol, or port, and can permit or deny packets even when a valid route exists.

Exam trap

CompTIA often tests the misconception that a valid route in the routing table guarantees end-to-end connectivity, but ACLs can override routing decisions by filtering traffic at the interface level.

How to eliminate wrong answers

Option B is wrong because DNS resolution is not required for ICMP ping; pings use IP addresses, not hostnames, so DNS is irrelevant to the connectivity failure. Option C is wrong because the ARP cache on the client is only used to resolve the next-hop MAC address for the default gateway; since the client can already ping the gateway, ARP is functioning correctly. Option D is wrong because duplex mismatch would cause packet loss or collisions on the local link, but the client can successfully communicate with the default gateway, indicating the Layer 1/2 link is fine.

41
MCQeasy

A user calls the help desk stating that they cannot access any network resources. The technician asks the user to run ipconfig and the output shows an IP address of 169.254.15.20 with a subnet mask of 255.255.0.0. Which of the following is the most likely cause?

A.The DNS server is not responding
B.The DHCP server is unreachable
C.The default gateway is misconfigured
D.There is a duplicate IP address on the network
AnswerB

When DHCP fails, Windows automatically assigns an APIPA address, indicating the device could not contact a DHCP server.

Why this answer

The IP address 169.254.15.20 with a subnet mask of 255.255.0.0 is an Automatic Private IP Addressing (APIPA) address, which Windows assigns when a DHCP client fails to receive a lease from a DHCP server. Since the user cannot access any network resources, the most likely cause is that the DHCP server is unreachable, preventing the client from obtaining a valid IP address, default gateway, and DNS server settings.

Exam trap

The trap here is that candidates often confuse APIPA with a DNS failure or gateway issue, but APIPA specifically indicates the DHCP process failed, not that other network services are misconfigured.

How to eliminate wrong answers

Option A is wrong because a non-responsive DNS server would not cause the client to obtain an APIPA address; the client would still have a valid DHCP-assigned IP address but would fail to resolve hostnames. Option C is wrong because a misconfigured default gateway would not result in an APIPA address; the client would have a valid IP from DHCP but would be unable to route traffic off the local subnet. Option D is wrong because a duplicate IP address would cause a conflict warning and possible connectivity issues, but the client would still have a valid DHCP-assigned IP address, not an APIPA address.

42
MCQmedium

A network administrator is troubleshooting an intermittent link between two switches connected by single-mode fiber. The interface log shows "Link up / Link down" events multiple times per hour. Which of the following is the most likely cause?

A.Incorrect VLAN configuration on the switch ports
B.Crossed fiber pairs
C.Dirty fiber connectors
D.Duplex mismatch between the switches
AnswerC

Dirty connectors can cause intermittent signal loss as the light is partially blocked. This is a common cause of flapping fiber links. Cleaning the connectors often resolves the issue.

Why this answer

Dirty fiber connectors cause intermittent signal loss by scattering or absorbing light, which leads to CRC errors and repeated link flaps as the optical transceiver struggles to maintain synchronization. This matches the 'Link up / Link down' pattern seen in the logs, especially on single-mode fiber where precise alignment is critical.

Exam trap

The trap here is that candidates often jump to duplex mismatch or VLAN misconfiguration as common causes of link issues, but the intermittent 'Link up / Link down' pattern specifically points to a physical-layer problem like dirty connectors, not a Layer 2 configuration error.

How to eliminate wrong answers

Option A is wrong because incorrect VLAN configuration would cause traffic isolation or connectivity issues, not physical link state changes; VLAN mismatches do not trigger link flaps. Option B is wrong because crossed fiber pairs (e.g., TX/RX swapped) typically result in a complete failure to establish link, not intermittent up/down events, as the transceiver cannot detect a valid signal. Option D is wrong because duplex mismatch on fiber links is rare (fiber is usually full-duplex by default) and would cause late collisions or high error rates, not repeated link flaps; auto-negotiation issues on fiber are uncommon and would not produce the described log pattern.

43
MCQmedium

A user reports that they cannot access the internal web server by its fully qualified domain name (intranet.company.com). The workstation's IP configuration shows a DNS server of 8.8.8.8, but the internal DNS server is 10.0.0.10. The user can successfully ping the server's IP address (10.0.0.50). What is the MOST likely cause of the issue?

A.A: The workstation is using the wrong DNS server address
B.B: The subnet mask on the workstation is incorrect
C.C: The network cable is faulty
D.D: The default gateway is misconfigured
AnswerA

The DNS server should be set to the internal DNS server to resolve internal hostnames.

Why this answer

The workstation's DNS server is set to 8.8.8.8 (a public Google DNS server), which cannot resolve the internal domain name 'intranet.company.com' because that zone is only hosted on the internal DNS server at 10.0.0.10. Since the user can ping the server's IP address (10.0.0.50), network connectivity is fine, confirming the issue is name resolution. The most likely cause is that the workstation is using the wrong DNS server address.

Exam trap

The trap here is that candidates often confuse a DNS resolution failure with a network connectivity issue, but the ability to ping the IP address proves the problem is strictly name resolution, not layer 2 or layer 3 problems.

How to eliminate wrong answers

Option B is wrong because an incorrect subnet mask would prevent communication with any host on a different subnet, but the user can successfully ping the server's IP address, indicating layer 3 connectivity is intact. Option C is wrong because a faulty network cable would cause a complete loss of connectivity, not just a failure to resolve a name while pinging by IP succeeds. Option D is wrong because a misconfigured default gateway would block traffic to remote networks, but the internal web server is on the same subnet (10.0.0.0/24 implied), so local ARP-based communication would still work; the user can ping the server, proving the gateway is not the issue.

44
MCQhard

A switch is connected to a network printer. The switch port is manually configured for 100 Mbps and full duplex. The printer is configured for auto-negotiation. The link is up, but there are many FCS errors on the switch port. What is the most likely cause?

A.Duplex mismatch
B.Bad Ethernet cable
C.Speed mismatch
D.Printer driver issues
AnswerA

The manually-configured full duplex setting forces the link to operate at full duplex, but the printer's auto-negotiation may negotiate half duplex, leading to a duplex mismatch and errors.

Why this answer

The most likely cause is a duplex mismatch. The switch port is manually set to full duplex, while the printer is using auto-negotiation. When one side is manually configured and the other is set to auto-negotiation, the auto-negotiating side fails to detect the manual setting and defaults to half duplex.

This mismatch causes collisions and frame check sequence (FCS) errors on the full-duplex side, as the half-duplex side does not properly handle simultaneous transmission.

Exam trap

CompTIA often tests the misconception that a speed mismatch causes FCS errors, but the trap here is that a speed mismatch prevents the link from coming up, while a duplex mismatch allows the link to be up but with errors.

How to eliminate wrong answers

Option B is wrong because a bad Ethernet cable typically causes intermittent connectivity, link flaps, or CRC errors, but not the specific pattern of FCS errors associated with a duplex mismatch; a bad cable would also likely cause the link to drop or show excessive alignment errors. Option C is wrong because a speed mismatch would prevent the link from coming up entirely, as both sides must agree on speed for the physical layer to establish a link; since the link is up, speed is matched. Option D is wrong because printer driver issues affect the data being sent from the host to the printer, not the physical-layer framing or collision behavior on the switch port; FCS errors are a Layer 1/2 issue, not a driver problem.

45
MCQhard

A network technician is troubleshooting an issue where Server A can ping Server B by IP address, but Server B cannot ping Server A. Both servers are in the same VLAN and subnet, connected to the same switch. The switch ports are configured identically, and there are no ACLs or firewalls between them. Which of the following is the MOST likely cause?

A.Server A's firewall is blocking incoming ICMP
B.Server B's firewall is blocking outgoing ICMP
C.The cable connecting Server A is faulty
D.There is a duplex mismatch on Server B's switch port
AnswerA

A firewall on Server A can permit outgoing replies while blocking incoming requests, causing the one-way ping failure.

Why this answer

Server A can ping Server B by IP address, meaning ICMP echo requests from Server A reach Server B and echo replies return successfully. However, Server B cannot ping Server A, which indicates that ICMP echo requests from Server B are not reaching Server A or their replies are blocked. Since both servers are in the same VLAN/subnet with no ACLs or firewalls between them, the most likely cause is that Server A's host-based firewall is blocking incoming ICMP (echo requests), preventing Server B's pings from being processed.

This is a classic symptom of a one-way firewall rule that permits outbound ICMP but denies inbound ICMP.

Exam trap

CompTIA often tests the misconception that a firewall blocking outgoing ICMP on Server B would cause the symptom, but the correct reasoning is that the blocking must be on the target server (Server A) for incoming ICMP, creating a one-way ping scenario.

How to eliminate wrong answers

Option B is wrong because if Server B's firewall were blocking outgoing ICMP, Server B would be unable to send any ICMP echo requests at all, but the problem is specifically that Server B cannot ping Server A while Server A can ping Server B—this asymmetry points to a receive-side block on Server A, not a send-side block on Server B. Option C is wrong because a faulty cable on Server A would cause bidirectional communication failure (both pings would fail), not a unidirectional issue; the fact that Server A can ping Server B proves the cable and Layer 1 connectivity are functional. Option D is wrong because a duplex mismatch on Server B's switch port would typically cause CRC errors, late collisions, and poor performance in both directions, but it would not selectively block ICMP echo requests from Server B while allowing Server A's pings to succeed—duplex issues affect all traffic symmetrically.

46
MCQmedium

A network technician is troubleshooting a user's inability to access a specific internal web application hosted on a server at 10.10.10.15:8080. The user can ping the server's IP address successfully, but the web browser displays 'connection refused'. The technician verifies that the web application service is running on the server. What is the most likely cause of the issue?

A.The server's firewall is blocking inbound connections to port 8080.
B.The web application is listening on a different port than 8080.
C.The user's web browser is configured to use an incorrect proxy server.
D.The DNS resolution is failing for the server's hostname.
AnswerA

Connection refused often indicates that a firewall is blocking the specific port. Since the server is reachable via ping, the issue is at the port level. Checking the server firewall rules for port 8080 is the next step.

Why this answer

Since the user can ping the server (ICMP success) but receives 'connection refused' on port 8080, and the service is confirmed running, the most likely cause is that the server's firewall is blocking inbound TCP connections to port 8080. A firewall rule can permit ICMP echo requests while denying TCP SYN packets to specific ports, resulting in a successful ping but a TCP RST or no response at the application layer, which manifests as 'connection refused' in the browser.

Exam trap

CompTIA often tests the distinction between ICMP reachability (ping) and TCP port accessibility, trapping candidates into thinking a successful ping means all network connectivity is fine, when in fact firewalls can selectively block specific ports while allowing ICMP.

How to eliminate wrong answers

Option B is wrong because the technician verified that the web application service is running on the server; if it were listening on a different port, the service would still be reachable on that port, but the user is specifically trying port 8080 and the service is confirmed running, so a port mismatch would not cause a 'connection refused' from the server itself. Option C is wrong because an incorrect proxy server would typically cause a different error, such as 'proxy server not responding' or a timeout, not a direct 'connection refused' from the target server; the browser would attempt to connect through the proxy, not directly to 10.10.10.15:8080. Option D is wrong because the user successfully pings the server's IP address (10.10.10.15), which bypasses DNS entirely; DNS resolution is irrelevant when using a direct IP address.

47
MCQhard

Users in a warehouse report that their wireless tablets lose connectivity when moving near large metal racks. The signal strength remains high but throughput drops significantly. What is the most likely cause?

A.Signal attenuation
B.Multipath interference
C.Co-channel interference
D.Insufficient DHCP scope
AnswerB

Metal racks cause signal reflections, creating multiple signal paths that interfere with each other, resulting in high signal strength but poor throughput.

Why this answer

When wireless signals reflect off large metal surfaces, multiple copies of the signal arrive at the receiver at slightly different times, causing multipath interference. This phase cancellation effect corrupts the signal, forcing the 802.11 MAC layer to retransmit frames, which drastically reduces throughput even though the received signal strength indicator (RSSI) remains high. The metal racks in the warehouse act as reflective surfaces, creating a classic multipath environment.

Exam trap

The trap here is that candidates confuse high signal strength with good signal quality, not realizing that multipath can cause high RSSI but poor throughput due to phase cancellation and retransmissions.

How to eliminate wrong answers

Option A is wrong because signal attenuation refers to a reduction in signal power over distance or through obstacles, but the scenario states signal strength remains high, ruling out attenuation. Option C is wrong because co-channel interference occurs when multiple access points or devices transmit on the same channel, causing collisions and reduced throughput, but the problem is localized to movement near metal racks, not a channel utilization issue. Option D is wrong because an insufficient DHCP scope would prevent devices from obtaining IP addresses, causing complete connectivity loss, not a drop in throughput while maintaining a connection.

48
MCQmedium

A user reports intermittent connectivity issues. The technician runs ping tests and notices that pings to the default gateway sometimes fail and sometimes succeed. While pinging, the technician observes that some replies have high latency. Which tool should the technician use to analyze the path and identify where packets are being delayed?

A.traceroute / tracert
B.nslookup
C.ipconfig
D.arp
AnswerA

Traceroute sends packets with increasing TTL values to map the path and measure latency at each hop, useful for identifying where delays or failures occur.

Why this answer

Traceroute (tracert on Windows) is the correct tool because it sends packets with incrementing Time-to-Live (TTL) values to map the entire Layer 3 path from source to destination. By measuring the round-trip time (RTT) for each hop, it can pinpoint exactly which router or link is introducing high latency or packet loss, addressing the intermittent connectivity and delayed replies observed in the ping tests.

Exam trap

CompTIA often tests that candidates confuse ping (which only tests end-to-end reachability and latency) with traceroute (which isolates the problematic hop), leading them to overlook traceroute when the question explicitly asks for path analysis.

How to eliminate wrong answers

Option B (nslookup) is wrong because it is a DNS query tool used to resolve domain names to IP addresses or vice versa; it does not analyze network path latency or packet loss. Option C (ipconfig) is wrong because it displays local TCP/IP configuration details (IP address, subnet mask, default gateway) but cannot trace routes or measure hop-by-hop delays. Option D (arp) is wrong because it manipulates or displays the local ARP cache, which maps IP addresses to MAC addresses on a local network; it provides no path analysis beyond the first hop.

49
MCQmedium

A network technician is troubleshooting a workstation that intermittently loses network connectivity. The link LED on the switch port is blinking slowly. The technician checks the cable and it appears fine. Which of the following is the most likely cause?

A.Duplex mismatch
B.Incorrect VLAN assignment
C.Bad cable
D.Spanning Tree blocking
AnswerA

A duplex mismatch often causes a slow blinking link light, intermittent connectivity, and errors on the interface.

Why this answer

A slow-blinking link LED on a switch port typically indicates a duplex mismatch, where one device is set to full duplex and the other to half duplex. This causes frame collisions and CRC errors, leading to intermittent connectivity even though the cable appears fine. The symptom of intermittent loss with a physically good cable is classic for duplex mismatch, as the port is still electrically connected but suffers from excessive retransmissions.

Exam trap

The trap here is that candidates often associate a blinking link LED with a physical layer issue like a bad cable, but Cisco tests the specific pattern of a slow blink to indicate a duplex mismatch, not a cable fault.

How to eliminate wrong answers

Option B is wrong because incorrect VLAN assignment would cause the workstation to be unable to communicate with devices in other VLANs, but the link LED would remain solid (or blink normally) and connectivity would be consistently absent, not intermittent. Option C is wrong because a bad cable would typically cause the link LED to be off or flicker erratically, not blink slowly, and the technician already checked the cable and found it fine. Option D is wrong because Spanning Tree blocking would result in a complete loss of connectivity (no traffic at all) on that port, not intermittent drops, and the port LED would usually be amber or off, not blinking slowly.

50
MCQmedium

A network technician runs the command "traceroute 8.8.8.8" from a workstation. The output shows the first hop as the default gateway, the second hop as an internal router, and then a series of asterisks (* * *) before reaching the destination. What does the series of asterisks indicate?

A.The destination is unreachable
B.The intermediate routers are not responding to ICMP time-exceeded messages
C.The TTL expired at the last hop
D.The connection is encrypted
AnswerB

Asterisks indicate that those routers did not send back the ICMP time-exceeded message, often due to firewall filtering.

Why this answer

The series of asterisks indicates that intermediate routers beyond the second hop are not responding with ICMP Time-Exceeded messages when the TTL expires. Traceroute relies on these ICMP responses to identify each hop; if a router is configured to drop ICMP or not send the message, the output shows asterisks for that hop. The destination is still reachable, as the final hop succeeds, so the asterisks do not indicate unreachability.

Exam trap

Cisco often tests the misconception that asterisks mean the destination is unreachable, but the key is that traceroute still reaches the final hop, so the asterisks only indicate missing ICMP responses from intermediate routers, not a failure to reach the target.

How to eliminate wrong answers

Option A is wrong because the destination (8.8.8.8) is reached, as shown by the final hop completing; asterisks only indicate missing responses from intermediate routers, not that the destination is unreachable. Option C is wrong because the TTL expiring at the last hop would produce a response from the destination itself (ICMP Echo Reply) or an ICMP Time-Exceeded from the previous hop, not a series of asterisks; asterisks occur when TTL expires but no ICMP message is sent back. Option D is wrong because encryption (e.g., IPsec or TLS) does not affect traceroute's ability to receive ICMP Time-Exceeded messages; asterisks are caused by routers silently dropping ICMP or not generating the required message, not by encryption.

51
MCQhard

A user reports intermittent inability to access websites. When the issue occurs, the user can ping external IP addresses (e.g., 8.8.8.8) but cannot ping domain names like google.com. The user's IP configuration shows a DNS server address of 8.8.8.8. What is the most likely cause?

A.The DNS server is reachable but not responding due to high load.
B.The default gateway is down.
C.The corporate firewall is blocking UDP port 53.
D.The user's machine has a corrupted DNS cache.
AnswerA

Correct. If the DNS server is overloaded, it may drop queries intermittently. The user can still ping the server (ICMP is different from DNS), but DNS queries time out.

Why this answer

The user can ping external IP addresses (e.g., 8.8.8.8) but cannot resolve domain names like google.com, which indicates that IP connectivity is working but DNS resolution is failing. Since the DNS server address is 8.8.8.8 and the user can ping it, the server is reachable; however, intermittent failures suggest the server is overwhelmed and dropping or not responding to queries. This matches the symptom of a reachable but unresponsive DNS server due to high load, where ICMP (ping) succeeds but UDP/53 DNS queries time out.

Exam trap

The trap here is that candidates often assume a reachable server (via ping) means all services are working, but Cisco tests the distinction between ICMP reachability and UDP/TCP service availability, especially for DNS where high load can cause intermittent failures.

How to eliminate wrong answers

Option B is wrong because if the default gateway were down, the user would not be able to ping external IP addresses like 8.8.8.8, as traffic would have no route out of the local subnet. Option C is wrong because if the corporate firewall were blocking UDP port 53, DNS resolution would fail consistently, not intermittently, and the user would also be unable to ping domain names at any time. Option D is wrong because a corrupted DNS cache would cause resolution failures for specific domains or return stale records, but the user can still ping external IPs and the issue is intermittent; flushing the cache would typically resolve a cache corruption issue, but the described pattern points to a server-side problem.

52
MCQmedium

A technician is troubleshooting a user's computer that cannot access any network resources. The technician runs ipconfig and sees an IP address of 169.254.18.33 with a subnet mask of 255.255.0.0. The computer is connected to a switch port configured for VLAN 10. The DHCP server is located in a different subnet (VLAN 200) and is reachable via a router. The technician confirms that the switch port is in the correct VLAN and that the cabling is good. Which of the following is the MOST likely cause of the issue?

A.The DHCP server is not authorized in Active Directory
B.The router does not have a DHCP relay (ip helper-address) configured
C.The computer's NIC is faulty
D.The switch port is in the wrong VLAN
AnswerB

Without a DHCP relay, DHCP broadcast requests from the client in VLAN 10 cannot reach the DHCP server in VLAN 200, leading to APIPA assignment.

Why this answer

The 169.254.x.x address is an Automatic Private IP Addressing (APIPA) address, assigned when a DHCP client fails to receive a lease. Since the DHCP server is on VLAN 200 and the client is on VLAN 10, a DHCP relay (ip helper-address) must be configured on the router interface facing VLAN 10 to forward DHCP broadcast requests as unicast to the DHCP server. Without this relay, the DHCP server never receives the client's discover message, causing the client to self-assign an APIPA address.

Exam trap

The trap here is that candidates see a 169.254.x.x address and immediately blame a faulty NIC or DHCP server issue, overlooking the need for a DHCP relay when the server is on a different subnet.

How to eliminate wrong answers

Option A is wrong because DHCP server authorization in Active Directory is a Windows Server security feature that prevents rogue DHCP servers, but it does not affect the router's ability to forward DHCP broadcasts between VLANs. Option C is wrong because a faulty NIC would typically show no link light or connectivity at all, but the computer received a valid APIPA address, indicating the NIC is functioning at Layer 2. Option D is wrong because the technician already confirmed the switch port is in the correct VLAN (VLAN 10), so this is not the cause.

53
MCQmedium

After replacing a faulty network cable, a user reports that they can access local resources but not the internet. The technician verifies that the user's IP address is 192.168.1.100 with a subnet mask of 255.255.255.0 and a default gateway of 192.168.1.1. The technician can ping the default gateway successfully. Which of the following should the technician check NEXT?

A.A) DNS configuration
B.B) DHCP server
C.C) Router's firewall ACLs
D.D) Switch port VLAN assignment
AnswerA

Correct. DNS resolves domain names to IP addresses; if DNS is misconfigured, the user can reach IP addresses but not domain names. Since the gateway is reachable, DNS is the most likely next check.

Why this answer

The user can access local resources and successfully ping the default gateway, which confirms that Layer 2 and Layer 3 connectivity to the local network is working. The inability to access the internet while local access works points to a name resolution failure, as the browser relies on DNS to translate domain names to IP addresses. Checking DNS configuration is the logical next step because a misconfigured or missing DNS server would prevent internet access even when IP connectivity is intact.

Exam trap

The trap here is that candidates assume internet access failure must be a gateway or routing issue, but the successful ping to the default gateway proves Layer 3 connectivity is fine, forcing the focus to DNS as the most common cause of 'can't browse but can ping local.'

How to eliminate wrong answers

Option B is wrong because the user already has a valid IP address (192.168.1.100) and can ping the default gateway, indicating that the DHCP server is functioning and has assigned an address; checking the DHCP server again would be redundant. Option C is wrong because the router's firewall ACLs would block all traffic (including pings) to the internet, but the technician can ping the default gateway successfully, and local resources are accessible, so ACLs are not the immediate issue. Option D is wrong because the switch port VLAN assignment would affect local network segmentation; if the VLAN were incorrect, the user would likely not be able to access local resources or ping the default gateway, which they can.

54
MCQmedium

A user reports that they cannot access the internet. The user's workstation has an IP address of 192.168.1.100/24, with a default gateway of 192.168.1.1. The user can ping the default gateway but cannot ping 8.8.8.8. Other users on the same subnet can ping 8.8.8.8. The technician checks the switch and sees the user's port is up. What should the technician check next?

A.Check the router's routing table for a route to the internet
B.Check the workstation's IP configuration for a misconfigured default gateway or DNS
C.Check the DNS server configuration on the workstation
D.Check the switch port for VLAN misconfiguration
AnswerB

The user can ping the gateway, so the gateway IP (192.168.1.1) is reachable. But if the gateway is not the correct router for internet access, or if the workstation has a local firewall blocking outbound traffic, internet access may fail.

Why this answer

Since the user can ping the default gateway (192.168.1.1) but not 8.8.8.8, while other users on the same subnet can reach 8.8.8.8, the issue is isolated to this workstation. The most likely cause is a misconfigured default gateway (e.g., wrong IP or subnet mask) or DNS settings, as the gateway is reachable but traffic is not being forwarded correctly. Option B directly addresses checking the workstation's IP configuration for these misconfigurations, which is the logical next step after verifying local connectivity.

Exam trap

The trap here is that candidates often jump to checking the router's routing table (Option A) or DNS (Option C) when the symptom is a ping failure to an IP address, but the key clue is that other users on the same subnet are unaffected, isolating the problem to the workstation's configuration.

How to eliminate wrong answers

Option A is wrong because the router's routing table is likely correct since other users on the same subnet can reach the internet; checking it would be premature and not isolate the workstation-specific issue. Option C is wrong because DNS is not required to ping 8.8.8.8 (an IP address), so DNS misconfiguration cannot explain the failure to ping that IP. Option D is wrong because the switch port is up and other users on the same subnet are working, indicating no VLAN misconfiguration; a VLAN mismatch would affect all users on that port or subnet.

55
MCQmedium

Users in a department report that the network is extremely slow. A technician checks the access switch and notices that a single port shows a high number of CRC errors and runts. The link LED is solid green. Which of the following is the most likely cause of the issue?

A.Duplex mismatch between the switch port and the connected device
B.Faulty network cable
C.Broadcast storm
D.VLAN misconfiguration
AnswerA

Duplex mismatch causes collisions and errors because one device transmits while the other cannot receive properly, leading to CRC and runt frames.

Why this answer

A duplex mismatch occurs when one device operates at full duplex and the other at half duplex. The full-duplex side does not perform Carrier Sense Multiple Access with Collision Detection (CSMA/CD), so it transmits without checking for collisions. The half-duplex side detects collisions, causing late collisions that manifest as CRC errors and runts on the switch port.

The solid green link LED indicates Layer 1 connectivity is intact, ruling out a physical cable fault.

Exam trap

CompTIA often tests duplex mismatch by showing a solid green link LED alongside CRC errors and runts, tricking candidates into thinking the cable is faulty because they assume a solid LED means perfect physical connectivity.

How to eliminate wrong answers

Option B is wrong because a faulty network cable typically causes link flaps, intermittent connectivity, or a blinking/off link LED, not a solid green LED with high CRC errors and runts. Option C is wrong because a broadcast storm floods the network with broadcast frames, overwhelming all ports and causing high CPU utilization and throughput issues, not isolated CRC errors and runts on a single port. Option D is wrong because a VLAN misconfiguration would cause connectivity issues such as inability to reach resources in other VLANs or incorrect VLAN tagging, not physical-layer errors like CRC and runts.

56
MCQmedium

A user reports intermittent connectivity issues. The technician notices that the link lights on both the PC and the switch are solid, but the user experiences periodic drops. The technician runs a cable test and finds that one pair of wires is open. Which standard is the cable likely violating?

A.TIA/EIA-568
B.IEEE 802.3
C.ISO 9001
D.RFC 1918
AnswerA

TIA/EIA-568 is the standard for commercial building telecommunications cabling; an open pair violates its requirements.

Why this answer

The TIA/EIA-568 standard specifies the wiring pinouts and performance requirements for twisted-pair cabling, including that all four pairs must be properly terminated and continuous. An open pair violates this standard because it breaks the required electrical continuity, leading to signal degradation and intermittent connectivity. The solid link lights indicate basic electrical connectivity on some pairs, but the open pair causes periodic drops when the network attempts to use that pair for data transmission.

Exam trap

The trap here is that candidates see 'link lights solid' and assume the cable is fully functional, but solid link lights only indicate that at least one pair (or the necessary pairs for the negotiated speed) is electrically connected, not that all pairs meet the TIA/EIA-568 standard for the expected speed.

How to eliminate wrong answers

Option B is wrong because IEEE 802.3 defines Ethernet physical layer and MAC protocols (e.g., 10BASE-T, 100BASE-TX), not cabling termination standards; an open pair would still be a cabling issue, not a violation of the Ethernet standard itself. Option C is wrong because ISO 9001 is a quality management system standard for processes and procedures, not a technical cabling specification; it does not address wire continuity or pinout requirements.

57
MCQmedium

A user reports that they can connect to the corporate Wi-Fi network but cannot access any network resources including the intranet and internet. The IP configuration shows an IP address of 169.254.25.100 with a subnet mask of 255.255.0.0. What is the most likely cause?

A.The DNS server is not responding
B.The DHCP server is unavailable or the request is not reaching it
C.The subnet mask is incorrect
D.The switch port has port security enabled that has blocked the device
AnswerB

APIPA occurs when DHCP fails. Possible causes include DHCP server down, a misconfigured DHCP relay, or a VLAN mismatch preventing DHCP broadcast from reaching the server.

Why this answer

The IP address 169.254.25.100 with a subnet mask of 255.255.0.0 is an Automatic Private IP Addressing (APIPA) address, which is assigned by the operating system when a DHCP server is unavailable or the DHCP request fails. Since the user can connect to Wi-Fi but cannot access any network resources, the most likely cause is that the DHCP server is not responding or the DHCP discover/offer/request/ack sequence is failing, leaving the device with a link-local address that cannot route to the corporate network or internet.

Exam trap

The trap here is that candidates often confuse APIPA with a DNS failure, but the 169.254.x.x address is a definitive indicator of DHCP failure, not a name resolution problem.

How to eliminate wrong answers

Option A is wrong because a non-responsive DNS server would still allow the device to obtain a valid DHCP lease and IP address; the symptom of an APIPA address indicates a DHCP failure, not a DNS issue. Option C is wrong because the subnet mask of 255.255.0.0 is correct for an APIPA address (169.254.0.0/16 per RFC 3927), and an incorrect subnet mask would not cause the device to fall back to a 169.254.x.x address. Option D is wrong because port security on a switch port would block the device entirely at Layer 2, preventing any connectivity including Wi-Fi association; the user can connect to Wi-Fi, so the issue is at Layer 3 (IP addressing), not Layer 2 access control.

58
MCQmedium

A user reports that they can access the company's intranet but not the internet. The technician checks the IP configuration and finds that the default gateway is set to 192.168.1.1, and the user can ping that IP. Which of the following is the most likely cause?

A.The DNS server address is incorrect.
B.The router's NAT configuration is faulty.
C.The DHCP server is not providing a default gateway.
D.The user's workstation has a static IP address.
AnswerB

NAT translates private IPs to public IPs. If it is misconfigured, internal hosts can reach the gateway but not the internet.

Why this answer

Since the user can ping the default gateway (192.168.1.1) and access the intranet, Layer 3 connectivity to the local router is functional. The inability to reach the internet, despite having a valid gateway, points to a failure in the router's NAT (Network Address Translation) configuration. NAT is required to translate private RFC 1918 addresses (like 192.168.1.x) to a public IP for internet access; without it, packets are routed to the gateway but cannot be forwarded beyond the local network.

Exam trap

The trap here is that candidates often assume internet access failure is always a DNS or gateway issue, but the ability to ping the gateway and access local resources isolates the problem to the router's NAT translation, not the workstation's IP configuration.

How to eliminate wrong answers

Option A is wrong because an incorrect DNS server address would prevent name resolution (e.g., browsing by domain name), but the user cannot access the internet at all, even by IP address; the problem is routing/NAT, not DNS. Option C is wrong because the user already has a default gateway of 192.168.1.1 and can ping it, proving the DHCP server (or static assignment) successfully provided a gateway. Option D is wrong because having a static IP address does not inherently prevent internet access; the issue is that the router is not performing NAT, regardless of whether the IP is static or DHCP-assigned.

59
MCQmedium

After replacing a faulty switch, several users in the same VLAN report that they cannot communicate with the server that is on a different subnet. The switch is connected to the router via a trunk port. Which command should the administrator run on the router to verify that the VLAN is allowed on the trunk?

A.show vlan
B.show interfaces trunk
C.show mac address-table
D.show ip route
AnswerB

'show interfaces trunk' lists trunk interfaces, their mode, encapsulation, and the allowed VLAN list. If the required VLAN is not in the allowed list, traffic for that VLAN will not pass over the trunk.

Why this answer

The `show interfaces trunk` command displays which VLANs are allowed on each trunk port. Since the switch is connected to the router via a trunk, this command verifies whether the VLAN of the affected users is permitted on that trunk. If the VLAN is missing from the allowed list, traffic to the server on a different subnet will be dropped at the router interface.

Exam trap

The trap here is that candidates confuse `show vlan` (which shows local switch VLANs) with `show interfaces trunk` (which shows VLAN filtering on the trunk), leading them to pick A when the real issue is trunk permission, not VLAN existence.

How to eliminate wrong answers

Option A is wrong because `show vlan` displays VLAN membership and port assignments on the switch, not trunk VLAN filtering on the router; it cannot show which VLANs are allowed on a trunk link. Option C is wrong because `show mac address-table` shows MAC-to-port mappings on the switch, which is irrelevant to verifying VLAN permission on a trunk between the switch and router.

60
MCQhard

A network technician is troubleshooting an intermittent connectivity issue between two switches connected via fiber optic cable. The link status shows up/down flapping. The technician checks the optical power levels and finds they are within acceptable range. Which of the following is the most likely cause?

A.Dirty fiber connectors
B.Electromagnetic interference
C.Incorrect VLAN configuration
D.Duplex mismatch
AnswerA

Contamination on fiber end faces can cause intermittent signal degradation and link flapping.

Why this answer

Dirty fiber connectors cause intermittent connectivity by scattering or absorbing light, leading to bit errors and link flaps even when average optical power levels appear within acceptable range. The flapping occurs because transient contaminants (e.g., dust or oil) momentarily disrupt the optical signal, triggering link down events that recover when the connector is jostled or the contaminant shifts. Since the power meter measures average power, it may not detect brief attenuation spikes caused by dirt.

Exam trap

The trap here is that candidates assume acceptable average optical power levels rule out physical-layer issues, but Cisco often tests that intermittent faults like dirty connectors cause flapping despite passing a static power measurement.

How to eliminate wrong answers

Option B is wrong because electromagnetic interference (EMI) does not affect fiber optic cables, which use light and are immune to EMI; EMI would only impact copper cabling. Option C is wrong because an incorrect VLAN configuration would cause consistent connectivity failure or traffic isolation issues, not link-state flapping at the physical layer; VLAN mismatches are detected at Layer 2 and do not cause the port to go up/down.

61
MCQhard

A network technician is troubleshooting a router that is not forwarding packets to a remote destination network. The routing table shows a valid route learned via OSPF. The technician can successfully ping the next-hop IP address from the router. However, packets to the destination network are not being forwarded. Which of the following is the MOST likely cause?

A.CEF (Cisco Express Forwarding) is disabled or has a corruption
B.The OSPF neighbor relationship is in the EXSTART state
C.The outbound interface has been administratively shut down
D.There is an ACL blocking the return traffic
AnswerA

CEF creates a forwarding table based on the routing table. If CEF is disabled or the FIB is corrupt, the router will not forward packets even though the route appears in the routing table.

Why this answer

When a router has a valid OSPF-learned route and can ping the next-hop IP but still fails to forward packets, the issue is often with the forwarding plane rather than the control plane. CEF (Cisco Express Forwarding) is the default hardware-based switching mechanism that handles packet forwarding; if it is disabled or its Forwarding Information Base (FIB) becomes corrupted, the router will not forward packets even though the routing table (RIB) is correct. Disabling CEF forces the router to use process switching, which can also cause forwarding failures if the process is not properly handling the traffic.

Exam trap

The trap here is that candidates assume a valid route in the routing table and successful ping to the next-hop guarantee packet forwarding, but Cisco tests the distinction between the control plane (routing table) and the data plane (CEF forwarding).

How to eliminate wrong answers

Option B is wrong because the EXSTART state is a normal OSPF neighbor state during the Database Description (DD) packet exchange, and it does not prevent forwarding of packets to a remote destination; OSPF routes are only installed in the routing table after the FULL state is reached, so a route learned via OSPF implies the neighbor relationship is already in FULL state. Option C is wrong because if the outbound interface were administratively shut down, the technician would not be able to successfully ping the next-hop IP address from the router, as the interface would be in a down/down state and no traffic could egress.

62
MCQhard

Users on a VLAN report intermittent network disconnections lasting a few seconds. The network technician checks the switch and notices a high number of CRC errors on the port connecting to the core switch. The cable test passes. What is the most likely cause?

A.Duplex mismatch between the two switches
B.STP reconvergence due to topology change
C.Broadcast storm caused by a loop
D.Faulty SFP transceiver on the core switch
AnswerA

Correct. A duplex mismatch causes collisions and CRC errors, leading to intermittent connectivity.

Why this answer

A duplex mismatch causes one side to send frames while the other is still transmitting, leading to collisions that are interpreted as CRC errors on the receiving interface. Since the cable test passes, the physical layer is fine, and the intermittent nature (lasting seconds) matches the symptom of a duplex mismatch where the half-duplex side backs off after collisions, causing brief outages.

Exam trap

Cisco often tests the misconception that CRC errors always indicate a bad cable or physical layer issue, but the trap here is that a passing cable test points to a duplex mismatch as the root cause, especially when combined with intermittent disconnections.

How to eliminate wrong answers

Option B is wrong because STP reconvergence typically causes a complete loss of connectivity for 30–50 seconds (in classic STP) or a few seconds with RSTP, but it does not produce CRC errors; CRC errors indicate layer 1/2 frame corruption, not topology changes. Option C is wrong because a broadcast storm would cause continuous high utilization and frame drops, not intermittent disconnections with CRC errors, and a loop would typically be detected by STP or cause a complete outage rather than brief, recurring disconnections.

63
MCQmedium

A user's laptop frequently disconnects from the Wi-Fi network when they move to the conference room. Other devices in the conference room maintain stable connections. The laptop shows a strong signal in the conference room. What is the most likely cause?

A.Laptop's wireless adapter driver is outdated or faulty
B.AP channel is congested
C.Laptop is using the 5 GHz band while the AP uses 2.4 GHz
D.Interference from microwave ovens
AnswerA

A driver issue can cause erratic behavior like frequent disconnects even with good signal strength, especially when roaming or switching channels.

Why this answer

The laptop disconnects only when moving to the conference room, while other devices remain stable, ruling out environmental issues. A strong signal but frequent disconnects points to a client-side problem, most commonly an outdated or faulty wireless adapter driver that fails to handle roaming or power-save transitions properly.

Exam trap

CompTIA often tests the trap that a strong signal guarantees a stable connection, but in reality, client-side driver issues or misconfigured power-save settings can cause disconnects despite excellent RSSI.

How to eliminate wrong answers

Option B is wrong because AP channel congestion would affect all devices in the conference room, not just this one laptop. Option C is wrong because if the laptop were using 5 GHz while the AP uses 2.4 GHz, the laptop would not associate at all (no signal), rather than showing a strong signal and then disconnecting. Option D is wrong because interference from microwave ovens would impact all Wi-Fi devices in the area, especially on the 2.4 GHz band, and the laptop shows a strong signal, which is inconsistent with intermittent interference.

64
MCQhard

A technician is troubleshooting intermittent connectivity issues on a fiber link between two switches. The link light on both switches is green. Which of the following tools should the technician use to further investigate the issue?

A.Multimeter
B.Tone generator
C.Optical power meter
D.Cable certifier
AnswerC

An optical power meter measures the light power in a fiber link, helping to identify signal loss that could cause intermittent issues.

Why this answer

The correct tool is an optical power meter because the link lights are green, indicating Layer 1 signal presence, but intermittent connectivity suggests the signal strength may be marginal or fluctuating. An optical power meter measures the exact light level in dBm to verify it falls within the receiver's sensitivity range, which a simple link LED cannot detect.

Exam trap

The trap here is that candidates assume a green link light guarantees a healthy connection, but Cisco often tests that Layer 1 indicators only confirm signal presence, not signal quality, so an optical power meter is required to diagnose marginal power levels causing intermittent errors.

How to eliminate wrong answers

Option A is wrong because a multimeter measures electrical properties like voltage, resistance, and continuity in copper cables, but it cannot measure optical light levels in a fiber link. Option B is wrong because a tone generator sends an electrical signal along a copper conductor for cable tracing and identification, and it is not compatible with fiber optic cables.

65
MCQeasy

A user reports that they cannot access the company's internal web application at https://apps.internal.company.com. The technician can ping the server's IP address (10.10.10.20) successfully and also successfully telnet to 10.10.10.20 on port 443. However, the web browser displays 'Unable to connect'. What is the most likely cause?

A.The web server service is stopped
B.DNS resolution is failing for the FQDN
C.The browser is configured to use an incorrect proxy server
D.A firewall is blocking TCP port 443
AnswerC

If the browser is set to use a proxy server that is unavailable or misconfigured, it will fail to connect to the web server even though network connectivity is fine. Telnet and ping bypass proxy settings, confirming the server is reachable.

Why this answer

The technician can ping the server IP and telnet to port 443, proving the server is reachable and the HTTPS service is listening. However, the browser fails to load the page, which points to a client-side issue. An incorrect proxy server configuration in the browser would cause the browser to send requests to a proxy that cannot reach the internal server, resulting in 'Unable to connect' despite successful network-level connectivity tests.

Exam trap

The trap here is that candidates assume successful telnet to port 443 implies the web application is fully functional, overlooking that the browser may use a proxy server that is not involved in the telnet test, leading them to incorrectly choose a firewall or DNS issue.

How to eliminate wrong answers

Option A is wrong because telnet to port 443 succeeded, which confirms the web server service is running and accepting TCP connections on that port. Option B is wrong because the technician successfully pinged the server by IP address and telnet to the IP on port 443, and the browser would use DNS resolution to get the IP; if DNS were failing, the browser would show a 'DNS resolution failed' error, not 'Unable to connect' after the IP is resolved. Option D is wrong because a firewall blocking TCP port 443 would prevent both the telnet test and the browser from connecting, but the telnet test succeeded, indicating no firewall filtering on that port.

66
MCQmedium

A network administrator is deploying a new PoE security camera. The camera is connected to a PoE-enabled switch port, but the camera does not power on. The administrator confirms the switch port has PoE enabled and the cable is tested and functional. What is the most likely cause?

A.The cable is a crossover cable.
B.The camera requires 802.3bt (PoE++), but the switch only supports 802.3af (PoE).
C.The port is configured as an access port.
D.The camera is using a passive PoE injector.
AnswerB

The power output of 802.3af may be insufficient for a camera that needs the higher power of 802.3bt.

Why this answer

The camera requires 802.3bt (PoE++) which can deliver up to 60W or 90W, but the switch only supports 802.3af (PoE) which provides a maximum of 15.4W per port. Since the camera's power demand exceeds the switch's capability, the camera will not power on even though PoE is enabled and the cable is functional.

Exam trap

The trap here is that candidates often assume any PoE switch will power any PoE device, overlooking the critical power budget differences between 802.3af, 802.3at, and 802.3bt standards.

How to eliminate wrong answers

Option A is wrong because a crossover cable is used for connecting similar devices (e.g., switch to switch) and does not affect PoE power delivery; PoE works over both straight-through and crossover cables as long as the pairs are intact. Option C is wrong because configuring a port as an access port does not disable PoE; PoE operates independently of VLAN membership and port mode, so an access port still delivers power if PoE is enabled.

67
MCQmedium

A technician is troubleshooting a connectivity issue. The technician can successfully ping the IP address of a web server (10.10.10.10) from a client, but the client cannot access the web page. Firewall rules allow HTTP traffic. At which OSI layer is the issue most likely occurring?

A.Application layer (Layer 7)
B.Session layer (Layer 5)
C.Transport layer (Layer 4)
D.Network layer (Layer 3)
AnswerA

Correct. The web service (HTTP) is an Application layer protocol. If the service is not running or misconfigured, the client cannot access the web page despite lower-layer connectivity.

Why this answer

Since the client can successfully ping the web server's IP address (10.10.10.10), Layer 3 (Network) and Layer 4 (Transport) connectivity is verified, as ICMP operates at Layer 3 and uses IP. The failure to access the web page despite firewall rules allowing HTTP traffic points to an issue at Layer 7 (Application), such as a misconfigured web server (e.g., HTTP 404, incorrect document root), a missing or incorrect Host header in the HTTP request, or an application-layer proxy or authentication problem that prevents the HTTP transaction from completing.

Exam trap

The trap here is that candidates assume that because ping works and firewall rules allow HTTP, the issue must be at the Transport layer (e.g., a blocked port), but the question specifically states the firewall allows HTTP, so the failure is at the Application layer where the web server fails to serve the page correctly.

How to eliminate wrong answers

Option B (Session layer, Layer 5) is wrong because the Session layer manages dialog control and synchronization between applications (e.g., establishing, maintaining, and terminating sessions), but HTTP typically relies on TCP for session management, and the ability to ping and have firewall rules allow HTTP indicates that session establishment is not the bottleneck; the issue is higher up in the application protocol itself. Option C (Transport layer, Layer 4) is wrong because successful ping confirms that IP (Layer 3) and ICMP (Layer 3/4) are working, and firewall rules explicitly allow HTTP (TCP port 80), so there is no transport-layer blockage; the problem lies in how the application processes the HTTP request, not in TCP connection setup or port filtering.

68
Matchingmedium

Match each IEEE 802.3 standard to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Power over Ethernet (PoE) providing up to 15.4W

PoE+ providing up to 30W

PoE++ providing up to 60W or 100W

1000BASE-T (Gigabit Ethernet over copper)

Why these pairings

These are key IEEE 802.3 Ethernet standards.

69
MCQeasy

A user reports that they cannot access the internet, but they can access local resources on the same subnet. The network administrator pings the default gateway and gets a response. Which tool should be used next to trace the path to an external website?

A.netstat
B.traceroute
C.nslookup
D.arp
AnswerB

Traceroute (tracert on Windows) sends packets with increasing TTL values to map the route to a destination. It can show where packets stop or time out, helping identify the point of failure.

Why this answer

B is correct because traceroute (tracert on Windows) is the appropriate tool to identify where packets are being dropped or delayed along the path from the local host to an external website. Since the user can access local resources and the default gateway responds to pings, the issue likely lies beyond the gateway, and traceroute will reveal the hop where connectivity fails.

Exam trap

Cisco often tests the misconception that a successful ping to the default gateway guarantees internet connectivity, but the trap here is that the problem may be at a subsequent hop, and traceroute is the correct tool to isolate that hop.

How to eliminate wrong answers

Option A is wrong because netstat displays active network connections, listening ports, and routing tables on the local host; it does not trace the path to an external destination. Option C is wrong because nslookup is used to query DNS servers to resolve domain names to IP addresses; it does not test the network path or routing between the host and an external website.

70
MCQmedium

A network technician is troubleshooting a user's inability to connect to the network. The switch port is configured with port security with the default maximum of one MAC address. The user connects a computer and a VoIP phone to the port using the phone's built-in switch. Which of the following will MOST likely occur?

A.The port will go into errdisable state
B.The phone will work but the computer will not
C.Both devices will work because the phone uses a different MAC
D.The switch will allow only the first learned MAC and block the second
AnswerA

The second MAC address triggers a port security violation, causing the port to be disabled.

Why this answer

With the default port security configuration, the switch port allows only one MAC address. When the VoIP phone connects, its own MAC address is learned first. The computer then connects through the phone's built-in switch, presenting a second MAC address, which violates the security policy.

This triggers a security violation, and by default the port is placed into the errdisable state.

Exam trap

The trap here is that candidates assume the VoIP phone's built-in switch somehow bypasses port security or that the phone and computer share a single MAC, when in fact each device has its own unique MAC address and the switch enforces the limit per port regardless of device type.

How to eliminate wrong answers

Option B is wrong because if the port goes into errdisable state due to the violation, neither the phone nor the computer will work; the entire port is disabled. Option C is wrong because while the phone does use a different MAC, the switch does not differentiate between device types—it enforces the MAC address limit strictly, so both devices cannot coexist on a single port with a limit of one MAC address.

71
Drag & Dropmedium

Drag and drop the steps to configure a firewall rule allowing inbound HTTPS traffic to a web server into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

Firewall rules require defining protocol, port, and direction.

72
MCQeasy

A user reports that they cannot access any network resources. The technician checks the IP configuration on the workstation and sees an IP address of 169.254.10.55 with a subnet mask of 255.255.0.0. Which of the following should the technician check NEXT?

A.Configure a static IP address on the workstation
B.Verify that the DHCP server is available and reachable
C.Check the DNS server configuration on the workstation
D.Replace the network cable
AnswerB

APIPA occurs when DHCP is unavailable. Checking the DHCP server is the correct next step, as it addresses the root cause of the failure to obtain an IP lease.

Why this answer

The IP address 169.254.10.55 with a subnet mask of 255.255.0.0 is an Automatic Private IP Addressing (APIPA) address, which Windows assigns when a DHCP server is unreachable. The next logical step is to verify that the DHCP server is available and reachable, as this directly addresses the root cause of the failed DHCP lease acquisition.

Exam trap

Cisco often tests the misconception that a 169.254.x.x address indicates a DNS or static IP issue, when in fact it specifically points to DHCP server unreachability as the primary cause.

How to eliminate wrong answers

Option A is wrong because configuring a static IP address is a workaround, not a troubleshooting step; the technician should first determine why DHCP failed before manually assigning an address. Option C is wrong because DNS configuration is irrelevant when the workstation has not obtained a valid IP address from DHCP; DNS queries cannot function without a routable IP address and default gateway.

73
MCQmedium

A network technician is troubleshooting intermittent internet access for a single user. The user’s workstation can ping the default gateway consistently, but web pages fail to load intermittently. Which of the following should the technician check NEXT?

A.A) DNS server configuration
B.B) DHCP lease time
C.C) Switch port speed and duplex settings
D.D) Firewall rules blocking ICMP
AnswerA

Correct. DNS is responsible for resolving domain names to IP addresses. If DNS is intermittent, web pages will fail to load while other IP-based connectivity (like pinging the gateway) works.

Why this answer

The user can ping the default gateway consistently, indicating Layer 3 connectivity to the local network is intact. However, intermittent web page failures suggest a name resolution issue, as DNS translates domain names to IP addresses. If the DNS server is misconfigured, unreachable, or returning stale records, the browser will fail to load pages even though basic IP connectivity works.

Checking DNS server configuration is the logical next step because it directly addresses the symptom of name resolution failures.

Exam trap

Cisco often tests the distinction between Layer 3 reachability (ping success) and application-layer failures (web browsing), leading candidates to incorrectly focus on DHCP or switch port settings instead of DNS.

How to eliminate wrong answers

Option B is wrong because DHCP lease time affects IP address assignment and renewal, but the user can consistently ping the gateway, proving they have a valid IP address and lease; intermittent web failures are not caused by lease timing. Option C is wrong because switch port speed and duplex mismatches typically cause packet loss, CRC errors, or complete connectivity loss, not intermittent name resolution failures; the user's consistent ping success rules out a duplex mismatch or speed negotiation issue.

74
MCQmedium

A technician is troubleshooting a user's inability to access the internet. The user can successfully ping the default gateway and internal servers, but cannot ping a public IP address such as 8.8.8.8. The technician checks the firewall logs and confirms that outbound ICMP traffic to 8.8.8.8 is permitted. Which of the following is the most likely cause of the issue?

A.Incorrect DNS server configuration on the workstation
B.Missing default route on the router
C.Incorrect subnet mask on the workstation
D.Malware on the workstation is blocking ICMP traffic
AnswerB

A missing default route on the router prevents packets destined for external networks from being forwarded beyond the router, even though the workstation can reach the router itself.

Why this answer

The user can ping the default gateway and internal servers, which confirms that Layer 2 and Layer 3 connectivity within the local network is working. However, the inability to ping a public IP (8.8.8.8) indicates that traffic is not being forwarded beyond the local subnet. A missing default route on the router means the router does not know where to send packets destined for external networks, so it drops them.

Since outbound ICMP is permitted on the firewall, the issue is routing, not filtering.

Exam trap

The trap here is that candidates often assume a firewall rule is blocking traffic when the symptom is a ping failure, but the question explicitly states ICMP is permitted, shifting the focus to routing; Cisco tests the distinction between policy-based blocking and routing-based unreachability.

How to eliminate wrong answers

Option A is wrong because DNS resolution is not required to ping a public IP address; the ping command uses the IP directly (8.8.8.8), so incorrect DNS would only affect name resolution, not IP connectivity. Option C is wrong because an incorrect subnet mask would prevent the workstation from communicating with the default gateway or internal servers, but the user can successfully ping both, ruling out a subnet mask misconfiguration.

75
MCQhard

A network technician is troubleshooting connectivity between two branch offices connected by a site-to-site VPN. The VPN tunnel shows as active and up. Users at Branch A can ping the VPN gateway IP at Branch B successfully, but they cannot access any servers behind the firewall at Branch B. The firewall at Branch B is stateful and its logs show that traffic from Branch A is being dropped. What is the most likely cause?

A.Mismatched encryption algorithms
B.Asymmetric routing causing the stateful firewall to drop return traffic
C.Incorrect DNS configuration
D.MTU mismatch causing fragmentation issues
AnswerB

The stateful firewall expects to see both directions of a connection. If traffic from Branch A enters one firewall interface but the return traffic leaves via a different path, the firewall sees the return packet as unsolicited and drops it.

Why this answer

The VPN tunnel is active and Branch A can ping the VPN gateway IP at Branch B, confirming that the tunnel itself and Layer 3 connectivity are functional. However, a stateful firewall tracks connection states based on source/destination IP and port; if traffic from Branch A enters the firewall on one interface but return traffic exits via a different path (asymmetric routing), the firewall sees the return packets as not belonging to any established session and drops them. This matches the log showing traffic being dropped despite the tunnel being up.

Exam trap

Cisco often tests the misconception that a 'green' tunnel status guarantees end-to-end application connectivity, but the trap here is that stateful firewalls require symmetric traffic flows, and candidates may incorrectly blame encryption mismatches or DNS when the tunnel itself is operational.

How to eliminate wrong answers

Option A is wrong because mismatched encryption algorithms would prevent the VPN tunnel from establishing or staying active, but the tunnel is up and ping succeeds, indicating Phase 1 and Phase 2 parameters match. Option C is wrong because incorrect DNS configuration would cause name resolution failures, not the dropping of traffic at the firewall; the issue is at Layer 4 (stateful inspection), not at Layer 7 (application).

Page 1 of 2 · 104 questions totalNext →

Ready to test yourself?

Try a timed practice session using only Network Troubleshooting questions.