CCNA Network Troubleshooting Questions

29 of 104 questions · Page 2/2 · Network Troubleshooting topic · Answers revealed

76
MCQmedium

A technician is troubleshooting an issue where a wireless client can associate with an access point but cannot obtain an IP address via DHCP. The technician checks the DHCP server and sees no lease requests from the client's MAC address. Which of the following is the most likely cause?

A.The client's wireless adapter is faulty
B.The AP is not configured with a DHCP relay
C.The client's SSID is incorrect
D.The AP's radio is operating on the wrong channel
AnswerB

Correct. When the DHCP server is on a different subnet than the wireless clients, the AP or a Layer 3 device must relay DHCP broadcasts. Without a relay, the client's DHCP discover messages never reach the server.

Why this answer

The client can associate with the AP but cannot obtain an IP address, and the DHCP server shows no lease requests from the client's MAC. This indicates that DHCP discovery broadcasts are not reaching the DHCP server, which is common when the client and server are on different subnets and the AP (or a Layer 3 device) is not configured with a DHCP relay (ip helper-address). Without a relay, broadcast DHCP messages are dropped at the router, so the server never sees the request.

Exam trap

The trap here is that candidates often assume the AP automatically forwards DHCP broadcasts to the server, forgetting that broadcast traffic does not cross Layer 3 boundaries without an explicit relay configuration.

How to eliminate wrong answers

Option A is wrong because a faulty wireless adapter would typically prevent association or cause intermittent connectivity, but here the client successfully associates, ruling out hardware failure. Option C is wrong because an incorrect SSID would prevent association entirely, not allow association while blocking DHCP. Option D is wrong because the AP operating on the wrong channel would cause poor signal or inability to associate, but the client has already associated, so channel mismatch is not the issue.

77
MCQmedium

A technician is troubleshooting intermittent wireless connectivity in a conference room. A site survey shows strong signal strength but many nearby access points are using channels that overlap with the channel used by the conference room AP. Which of the following is the most likely cause of the issue?

A.Multipath interference from reflective surfaces.
B.Co-channel interference from access points on the same channel.
C.Adjacent channel interference from access points on overlapping channels.
D.Signal attenuation due to distance from the AP.
AnswerC

Overlapping channels cause adjacent channel interference, reducing throughput and causing intermittent connectivity.

Why this answer

The site survey shows strong signal strength but many nearby access points are using channels that overlap with the channel used by the conference room AP. This directly indicates adjacent-channel interference (ACI), where overlapping channels (e.g., channels 1, 2, 3, 4, and 5 all overlap with channel 1 in the 2.4 GHz band) cause contention and retransmissions, degrading performance even with strong signal. ACI is the most likely cause because the overlapping channels create co-existence issues without being on the exact same channel.

Exam trap

Cisco often tests the distinction between co-channel interference (same channel) and adjacent-channel interference (overlapping channels), and the trap here is that candidates confuse 'overlapping channels' with 'same channel,' incorrectly selecting co-channel interference instead of adjacent-channel interference.

How to eliminate wrong answers

Option A is wrong because multipath interference from reflective surfaces typically causes signal fading or nulls, not intermittent connectivity due to overlapping channels, and the site survey shows strong signal strength, not multipath issues. Option B is wrong because co-channel interference occurs when APs are on the same channel, but the scenario explicitly states 'overlapping channels,' not the same channel, so co-channel interference is not the primary cause here. Option D is wrong because signal attenuation due to distance from the AP would manifest as weak signal strength, but the site survey shows strong signal strength, ruling out distance as the issue.

78
MCQmedium

A network technician is troubleshooting a switch port that shows a link light but has a high number of CRC errors in the interface statistics. The port is connected to a workstation's network interface card (NIC). Both devices are set to autonegotiate. What is the MOST likely cause of the CRC errors?

A.A: Duplex mismatch between the switch port and the workstation NIC
B.B: VLAN mismatch between the switch and the workstation
C.C: Incorrect MTU setting on the switch port
D.D: Broadcast storm from a loop in the network
AnswerA

Duplex mismatch causes frame collisions and CRC errors on the half-duplex side.

Why this answer

CRC errors indicate that frames received by the switch have failed the Ethernet frame check sequence (FCS) validation, meaning the data was corrupted during transmission. When both devices are set to autonegotiate but one fails to correctly negotiate the duplex setting, a duplex mismatch occurs: one side operates at full duplex while the other operates at half duplex. This causes collisions on the half-duplex side, which corrupts frames and generates CRC errors, while the full-duplex side does not detect collisions and retransmits, leading to a high error count.

Exam trap

The trap here is that candidates assume CRC errors always indicate a bad cable or physical-layer issue, but Cisco often tests the fact that a duplex mismatch is a common logical-layer cause of CRC errors when autonegotiation is involved.

How to eliminate wrong answers

Option B is wrong because a VLAN mismatch would cause the switch to drop frames at the ingress or egress due to VLAN tagging mismatches, but it would not produce CRC errors; instead, you would see discards or no connectivity. Option C is wrong because an incorrect MTU setting would cause frames larger than the MTU to be fragmented or dropped, but CRC errors are caused by physical-layer corruption or duplex issues, not by MTU mismatches. Option D is wrong because a broadcast storm from a loop would cause high CPU utilization and excessive broadcast frames, but CRC errors are specific to frame corruption, not to broadcast flooding; loops typically cause interface utilization spikes and STP-related issues.

79
MCQmedium

A user reports slow network performance on their workstation. The technician checks the switch port and sees a high number of CRC errors. Which of the following is the MOST likely cause of this issue?

A.A faulty cable
B.Duplex mismatch
C.VLAN mismatch
D.Incorrect MTU setting
AnswerB

A duplex mismatch occurs when one device is set to full duplex and the other to half duplex. This causes late collisions and CRC errors, leading to poor performance.

Why this answer

CRC errors indicate data corruption at the data link layer, typically caused by collisions or electrical interference. A duplex mismatch occurs when one device operates at full duplex and the other at half duplex, leading to collisions on a full-duplex link that corrupt frames and generate CRC errors. This is the most common cause of CRC errors on a switch port.

Exam trap

Cisco often tests the misconception that CRC errors are always caused by bad cabling, but the most common cause in exam scenarios is a duplex mismatch, especially when one device is set to auto-negotiate and the other is hard-coded.

How to eliminate wrong answers

Option A is wrong because a faulty cable typically causes physical layer issues like link flaps, excessive collisions, or alignment errors, not specifically CRC errors; CRC errors are more directly tied to duplex mismatches. Option C is wrong because a VLAN mismatch prevents communication entirely or causes connectivity issues at Layer 2, but does not generate CRC errors on the switch port. Option D is wrong because an incorrect MTU setting causes fragmentation or packet drops, not CRC errors, which are frame-level corruption detected by the FCS.

80
Matchingmedium

Match each wireless standard to its maximum theoretical speed.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

11 Mbps

54 Mbps

600 Mbps

1.3 Gbps (or up to 6.9 Gbps with multi-user MIMO)

Why these pairings

These are common Wi-Fi standards and their speeds.

81
MCQmedium

A user's computer is unable to obtain a DHCP lease after connecting to a new switch port. The user's computer displays an IP address in the 169.254.x.x range. Other users on the same VLAN can obtain IP addresses successfully. The switch port is configured for 802.1X authentication. What is the most likely cause?

A.The DHCP server has exhausted its address pool.
B.The switch port is in a blocked state due to a spanning tree loop.
C.The user's computer has not authenticated via 802.1X and is placed in a restricted VLAN.
D.The network cable is faulty.
AnswerC

With 802.1X, unauthenticated devices are often placed in a restricted VLAN that may not include the DHCP server or have limited access. This explains why the computer gets an APIPA address while other devices on the same physical port (if authenticated) work normally.

Why this answer

When 802.1X authentication is enabled on a switch port, the port initially operates in an unauthorized state, restricting traffic to only EAPoL (802.1X) frames. If the user's computer fails to authenticate (e.g., due to missing supplicant, incorrect credentials, or certificate issues), the switch can place the port into a restricted or guest VLAN that lacks a DHCP server or is isolated from the production network. The 169.254.x.x address (APIPA) indicates the client could not reach a DHCP server, which aligns with being placed in a VLAN without DHCP services.

Exam trap

Cisco often tests the misconception that a 169.254.x.x address always indicates a DHCP server problem, but the trap here is that the issue is actually an 802.1X authentication failure placing the port into a restricted VLAN without DHCP, not a global DHCP exhaustion or spanning-tree issue.

How to eliminate wrong answers

Option A is wrong because the DHCP server has not exhausted its address pool; other users on the same VLAN can obtain IP addresses successfully, proving the DHCP server is operational. Option B is wrong because a spanning tree blocked state would affect all users on that VLAN, not just one port, and the user's computer would not receive any IP address (or would show a 0.0.0.0 address) rather than a 169.254.x.x APIPA address. Option D is wrong because a faulty cable would typically prevent link establishment entirely (no link light, no carrier) or cause intermittent connectivity, but the user's computer did obtain a link and an APIPA address, indicating Layer 1 is functional.

82
MCQmedium

Users in a branch office report that file transfers to the data center are slow. A technician runs a traceroute and sees consistently high latency on hop 5. The technician then pings hop 5 and gets replies with varying response times. There are no errors reported on the interface. What is the most likely cause?

A.Routing loop causing packets to be dropped.
B.Interface congestion causing queuing delays.
C.DNS server misconfiguration causing lookup delays.
D.Firewall inspecting traffic and adding latency.
AnswerB

Congestion leads to packet queuing, resulting in high and variable latency. This is a common cause of performance degradation.

Why this answer

High latency on hop 5 with varying response times and no interface errors indicates that the router at hop 5 is experiencing congestion, causing packets to be queued before transmission. This queuing delay results in increased and variable round-trip times (RTT), which is a classic symptom of interface congestion. The absence of errors rules out physical-layer issues, and the consistent latency on that specific hop points to a bottleneck at that router's egress interface.

Exam trap

Cisco often tests the distinction between latency caused by congestion (queuing delay) versus packet loss or routing loops, and the trap here is that candidates may assume high latency always indicates a routing loop or firewall inspection, but the varying response times with no errors point specifically to interface congestion.

How to eliminate wrong answers

Option A is wrong because a routing loop would cause packets to be dropped or TTL to expire, resulting in timeouts or unreachable messages, not consistently high latency with varying responses. Option C is wrong because DNS misconfiguration would cause delays in name resolution, not in file transfers that are already using IP addresses or established connections, and traceroute does not rely on DNS for hop latency measurements. Option D is wrong because firewall inspection typically adds a fixed processing delay per packet, not varying queuing delays, and would not cause the latency to be isolated to a single hop with no errors reported on the interface.

83
Drag & Dropmedium

Drag and drop the steps to set up a wireless network with WPA2-PSK encryption on a SOHO router into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

Wireless setup includes hardware connection, web access, SSID, security, and save.

84
MCQmedium

A network technician is troubleshooting a workstation that is experiencing intermittent connectivity and slow file transfers. The technician has confirmed that the patch cable passes a cable tester, the switch port is not error-disabled, and the workstation's NIC is configured for autonegotiation. The switch port is also set to autonegotiate. Which of the following should the technician check next?

A.The route table on the default gateway
B.The duplex and speed settings on both ends
C.The DNS server configuration
D.The MAC address filtering on the switch
AnswerB

Autonegotiation can fail, resulting in a duplex mismatch where one side runs at half-duplex and the other at full-duplex. This causes collisions and retransmissions, leading to intermittent connectivity and slow transfers.

Why this answer

Option B is correct because intermittent connectivity and slow file transfers, despite a passing cable test and autonegotiation on both ends, strongly indicate a duplex mismatch. When both sides are set to autonegotiate but one side fails to negotiate correctly (e.g., due to a faulty NIC or switch port), they may fall back to half-duplex while the other remains full-duplex, causing collisions, CRC errors, and retransmissions. The technician should verify the actual negotiated duplex and speed on both the workstation NIC and the switch port using commands like 'show interfaces' or NIC driver properties.

Exam trap

Cisco often tests the misconception that if a cable tester passes and autonegotiation is enabled on both ends, the link must be fully functional, but the trap is that autonegotiation can fail silently, resulting in a duplex mismatch that causes the exact symptoms described.

How to eliminate wrong answers

Option A is wrong because the route table on the default gateway affects Layer 3 path selection, not the physical or data-link layer issues causing intermittent connectivity and slow transfers on a local link. Option C is wrong because DNS server configuration impacts name resolution, not throughput or link stability; slow file transfers and intermittent connectivity are symptoms of Layer 1 or Layer 2 problems. Option D is wrong because MAC address filtering on the switch would either block or allow traffic entirely, not cause intermittent connectivity or slow transfers; it does not affect negotiated speed or duplex.

85
MCQeasy

A user reports that they cannot access the internet. The network technician checks the workstation's IP configuration and finds the IP address 169.254.15.77. What does this address indicate?

A.The workstation has a static IP address configured.
B.The DHCP server is unreachable.
C.The DNS server is down.
D.The default gateway is misconfigured.
AnswerB

APIPA is used when a DHCP server is not available. The workstation cannot obtain a proper IP address, so it self-assigns an APIPA address. This prevents internet access because APIPA addresses are not routable.

Why this answer

The IP address 169.254.15.77 falls within the Automatic Private IP Addressing (APIPA) range (169.254.0.0/16, per RFC 3927). This address is automatically assigned by the operating system when a DHCP client fails to receive a lease from a DHCP server, indicating that the DHCP server is unreachable or not responding.

Exam trap

The trap here is that candidates often confuse APIPA with a DNS failure or gateway issue, but APIPA specifically indicates a DHCP lease failure, not a problem with higher-layer services like DNS or routing.

How to eliminate wrong answers

Option A is wrong because a static IP address would be manually configured, not an APIPA address; APIPA is only used when no static or DHCP-assigned address is available. Option C is wrong because a DNS server being down would not cause the workstation to obtain an APIPA address; DNS failure would result in name resolution errors, but the workstation would still have a valid IP from DHCP or static configuration. Option D is wrong because a misconfigured default gateway would not trigger APIPA; the workstation would still have a valid DHCP-assigned or static IP, but traffic would fail to route beyond the local subnet.

86
MCQeasy

A network technician sees that the link light on a switch port is not lit, even though the cable is connected to an active device. The port has been tested with a known good cable. Which of the following should the technician do next?

A.Replace the switch
B.Check if the port is administratively disabled
C.Check the VLAN configuration
D.Check the speed/duplex settings
AnswerB

A port that is administratively down will not light up. Use the command 'show interface' or 'show interface status' to verify and then use 'no shutdown' to enable it.

Why this answer

When a link light is off despite a known good cable and an active device, the most likely cause is that the switch port is administratively disabled (shutdown). This is a common Layer 1/2 issue where the interface is configured with the 'shutdown' command, preventing the port from negotiating a link. Checking the interface status with 'show interfaces status' or 'show interfaces [interface]' will confirm if the port is in an 'administratively down' state.

Exam trap

The trap here is that candidates often jump to VLAN or hardware failure (replace the switch) because they forget that an administratively down port is a common Layer 1 misconfiguration that completely prevents link establishment, even with a good cable and active device.

How to eliminate wrong answers

Option A is wrong because replacing the switch is an extreme and premature action; the issue is isolated to a single port, not the entire switch, and a known good cable and active device rule out a global switch failure. Option C is wrong because VLAN configuration affects traffic forwarding (Layer 2), not the physical link state; a misconfigured VLAN would not prevent the link light from lighting up, as link negotiation occurs at Layer 1 independently of VLAN settings.

87
MCQmedium

A user reports that they cannot access a web server by its URL but can access it by IP address. A technician checks the DNS server and finds it is reachable. What is the most likely cause?

A.Incorrect default gateway
B.DNS resolution failure for that specific record
C.Firewall blocking port 80
D.IP conflict on the user's workstation
AnswerB

The user can reach the server by IP, indicating connectivity is fine. The URL failure points to a DNS problem for that particular record.

Why this answer

The user can access the web server by IP address but not by URL, which indicates that the name-to-IP resolution is failing. Since the DNS server is reachable, the issue is not with network connectivity to the DNS server but rather with the specific DNS record for that web server. This is a classic DNS resolution failure for that specific record, often due to a missing or incorrect A or AAAA record.

Exam trap

The trap here is that candidates often assume a reachable DNS server means DNS is fully functional, but the question specifically tests the distinction between server reachability and record availability.

How to eliminate wrong answers

Option A is wrong because an incorrect default gateway would prevent all traffic from leaving the local subnet, including both IP-based and URL-based access, but the user can access the server by IP, so the gateway is functioning. Option C is wrong because a firewall blocking port 80 would affect both IP-based and URL-based HTTP access, yet the user can reach the server by IP, so the firewall is not the issue. Option D is wrong because an IP conflict on the user's workstation would cause intermittent connectivity or complete loss of network access, not a selective failure where only URL-based access fails.

88
MCQmedium

A user reports that they can access the company's internal web server by IP address (10.10.10.100) but cannot access it by its hostname (intranet.company.com). The user's workstation is configured with the correct internal DNS server address. Which of the following should the technician do FIRST?

A.Check the DNS server's A record for intranet.company.com
B.Review the firewall rules on the server
C.Run ipconfig /flushdns on the workstation
D.Verify the default gateway configuration
AnswerA

Since the server is reachable by IP but not by name, the most direct cause is missing or incorrect DNS record for that hostname on the internal DNS server.

Why this answer

The user can reach the server by IP but not by hostname, which indicates a DNS resolution problem. Since the workstation is configured with the correct internal DNS server, the most likely cause is a missing or incorrect A record for intranet.company.com on that DNS server. Checking the A record is the logical first step before other troubleshooting.

Exam trap

Cisco often tests the distinction between connectivity issues (firewall, routing) and name resolution issues; the trap here is that candidates might jump to flushing the DNS cache (Option C) without verifying the authoritative DNS record first.

How to eliminate wrong answers

Option B is wrong because firewall rules affect traffic based on IP addresses and ports, not hostnames; since the user can already access the server by IP, firewall rules are not blocking connectivity. Option C is wrong because flushing the DNS cache (ipconfig /flushdns) only clears locally cached entries, but if the DNS server itself lacks the correct A record, flushing the cache will not resolve the issue.

89
MCQmedium

A network administrator is troubleshooting communication between two switches connected via a trunk port. The trunk link is up/up, but devices in VLAN 20 cannot communicate across the trunk. The administrator has verified that both switches have VLAN 20 created and that the access ports are configured correctly. Which command should the administrator run on each switch to verify the trunk's allowed VLAN list?

A.show vlan brief
B.show interfaces trunk
C.show running-config interface
D.show mac address-table
AnswerB

Correct. This command displays detailed trunk status, including the allowed VLAN list, native VLAN, and trunking mode, helping to verify if VLAN 20 is allowed.

Why this answer

The 'show interfaces trunk' command displays the trunking status, including the allowed VLAN list on the trunk port. Since the trunk link is up/up but VLAN 20 traffic fails, the most likely cause is that VLAN 20 is not included in the allowed VLAN list on one or both switches. This command directly shows which VLANs are permitted, pruned, or active on the trunk.

Exam trap

Cisco often tests the distinction between 'show vlan brief' (which shows VLAN existence and access port assignments) and 'show interfaces trunk' (which shows trunk-specific VLAN permissions), leading candidates to mistakenly check VLAN existence instead of trunk VLAN filtering.

How to eliminate wrong answers

Option A is wrong because 'show vlan brief' displays all VLANs and their assigned access ports, but it does not show which VLANs are allowed on a trunk port. Option C is wrong because 'show running-config interface' shows the static configuration of the interface, but it may not reflect dynamic changes like VLAN pruning or the actual allowed VLAN list after DTP negotiations; it also does not show the operational trunking status or the list of active VLANs on the trunk.

90
MCQmedium

Users in VLAN 10 cannot obtain IP addresses from a DHCP server located in VLAN 20. The router has an ip helper-address configured on VLAN 10 interface pointing to the DHCP server. Users can ping the DHCP server IP from the router. However, users are receiving APIPA addresses. What is the most likely cause?

A.The DHCP server is not reachable from the router
B.The DHCP server scope does not include the VLAN 10 subnet
C.The router's ip helper-address is configured incorrectly
D.The switch ports are not configured for VLAN 10
AnswerB

Even if the DHCP server receives the request, it will not offer an IP address if it has no scope configured for the subnet of the requesting client (VLAN 10).

Why this answer

The correct answer is B because the DHCP server must have a scope configured for the subnet of the requesting clients (VLAN 10) to assign IP addresses from that range. Since users receive APIPA addresses (169.254.x.x), the DHCP discovery process is failing, which typically occurs when the server receives the request via the ip helper-address but has no matching scope for VLAN 10. The router's ability to ping the server confirms Layer 3 reachability, isolating the issue to the server's scope configuration.

Exam trap

Cisco often tests the misconception that a successful ping from the router to the DHCP server guarantees DHCP functionality, but the trap here is that the ip helper-address only relays the request; the server must still have a scope for the client's subnet to assign an address.

How to eliminate wrong answers

Option A is wrong because the router can ping the DHCP server IP, proving the server is reachable at Layer 3, so the DHCP server is not unreachable. Option C is wrong because the ip helper-address is correctly configured on the VLAN 10 interface and points to the DHCP server, as evidenced by the router forwarding DHCP broadcasts; if it were misconfigured, DHCP requests would not reach the server at all. Option D is wrong because switch ports not being configured for VLAN 10 would prevent users from communicating with the router or any network device, but users are obtaining APIPA addresses, indicating they are connected to the network and attempting DHCP, so the ports are correctly assigned.

91
MCQeasy

A user reports that they cannot access any network resources. The technician runs 'ipconfig' on the workstation and sees that the IP address is 169.254.23.45 with a subnet mask of 255.255.0.0. What is the most likely cause of this issue?

A.The workstation's network cable is unplugged.
B.The DNS server is not responding.
C.The DHCP server is unreachable or not functioning.
D.The workstation has been assigned a static IP address in the wrong subnet.
AnswerC

APIPA addresses are assigned when a DHCP client cannot communicate with a DHCP server. This is the most likely cause.

Why this answer

The IP address 169.254.23.45 with a subnet mask of 255.255.0.0 is an Automatic Private IP Addressing (APIPA) address, which is assigned by the operating system when a DHCP discovery attempt fails. This indicates that the workstation was unable to contact a DHCP server to obtain a valid IP configuration, making an unreachable or non-functioning DHCP server the most likely cause.

Exam trap

The trap here is that candidates often confuse APIPA with a physical connectivity issue, but APIPA specifically indicates that the DHCP process failed, not necessarily that the cable is unplugged.

How to eliminate wrong answers

Option A is wrong because a disconnected network cable would typically result in a 'Media disconnected' message or a '169.254.x.x' address only if the interface is still up, but the primary symptom of a physical disconnect is often a 'Network cable unplugged' notification, not a consistent APIPA address; however, the APIPA address itself is a direct result of DHCP failure, not a cable issue. Option B is wrong because a non-responding DNS server would cause name resolution failures, not the assignment of an APIPA address; the workstation would still obtain a valid IP from DHCP and be able to communicate via IP addresses. Option D is wrong because a static IP in the wrong subnet would show a user-configured address, not the 169.254.x.x range, which is reserved exclusively for APIPA and is not manually assigned.

92
MCQmedium

Users in a small office can access external websites normally, but they cannot reach the internal company wiki server at 192.168.10.25. A technician can successfully ping the server's IP address from a user's workstation. The DNS resolution for the wiki's hostname (wiki.company.local) returns the correct IP. The company's firewall permits HTTP traffic to the server. What is the most likely cause of the issue?

A.The web server service is not running or is listening on a different port
B.The default gateway on the server is misconfigured
C.The user's workstation has a duplicate IP address
D.The DNS cache on the workstation is poisoned
AnswerA

Correct. If the service is not available, the browser cannot establish a TCP connection to the web server, even though network connectivity exists.

Why this answer

Since the technician can successfully ping the server's IP address from the user's workstation, Layer 3 connectivity is confirmed, ruling out routing or gateway issues. DNS resolution returns the correct IP, so name resolution is not the problem. The firewall permits HTTP traffic, so access control is not blocking the connection.

The most likely cause is that the web server service (e.g., Apache, IIS) is not running or is listening on a non-standard port (e.g., 8080 instead of 80), preventing the HTTP request from reaching the service even though the host is reachable.

Exam trap

The trap here is that candidates assume a successful ping implies full application-layer connectivity, but ping uses ICMP (Layer 3) while HTTP uses TCP (Layer 4), so a working ping does not guarantee that the web service is running or reachable on the correct port.

How to eliminate wrong answers

Option B is wrong because a misconfigured default gateway on the server would prevent the server from responding to requests from other subnets, but the technician can successfully ping the server's IP from the user's workstation, indicating that the server's gateway is correctly routing return traffic. Option C is wrong because a duplicate IP address on the user's workstation would cause intermittent connectivity or address conflict errors, but the user can access external websites normally and the ping to the server succeeds, which would not be consistently possible with a duplicate IP. Option D is wrong because DNS cache poisoning would cause the hostname to resolve to an incorrect IP address, but the question states that DNS resolution returns the correct IP (192.168.10.25), so the workstation is resolving the name properly.

93
MCQmedium

A technician is troubleshooting a loss of network connectivity for a single workstation. The workstation has a valid IP address but cannot ping its default gateway. The link lights on both the workstation and the switch are solid. Which of the following should the technician check NEXT?

A.The cable integrity with a tester
B.The switch port configuration, such as VLAN assignment
C.The DNS server settings
D.The workstation's ARP cache
AnswerB

The port might be in the wrong VLAN, preventing communication with the gateway. Solid link lights indicate layer 1 is up but layer 2 may be misconfigured.

Why this answer

The workstation has a valid IP address and solid link lights, indicating Layer 1 (physical) and Layer 3 (IP configuration) are functional. The inability to ping the default gateway points to a Layer 2 issue, such as the switch port being in the wrong VLAN or having a misconfigured access/trunk setting. Checking the switch port configuration is the logical next step because VLAN mismatches prevent frames from reaching the gateway's subnet.

Exam trap

Cisco often tests the misconception that solid link lights guarantee full Layer 2 connectivity, when in fact they only indicate carrier detect and electrical synchronization, not correct VLAN membership or spanning-tree port state.

How to eliminate wrong answers

Option A is wrong because solid link lights on both ends already confirm the cable is electrically continuous; a cable tester would be redundant at this stage and would not diagnose a VLAN mismatch. Option C is wrong because DNS server settings are irrelevant to pinging an IP address (the default gateway); DNS is used for name resolution, not Layer 3 reachability.

94
MCQeasy

A user reports that they cannot access the internet. The technician tests connectivity: pinging the default gateway succeeds, but pinging a public IP address like 8.8.8.8 fails. Firewall logs show outbound ICMP to 8.8.8.8 is permitted. What is the most likely cause?

A.Incorrect DNS configuration on the workstation
B.Missing default route on the router
C.Duplicate IP address on the local network
D.Proxy server configuration is required
AnswerB

A missing default route means the router does not know where to send packets destined for external networks, causing failure to reach public IPs.

Why this answer

The user can ping the default gateway (local connectivity) but cannot ping a public IP like 8.8.8.8. This indicates that the workstation has a valid route to its local subnet, but the router lacks a default route (0.0.0.0/0) to forward traffic to the internet. Firewall logs confirm outbound ICMP is permitted, so the issue is at Layer 3 routing, not filtering.

Exam trap

CompTIA often tests the distinction between local connectivity (gateway reachable) and internet connectivity (default route missing), trapping candidates who assume DNS or firewall issues when the symptom is a successful ping to the gateway but failure to external IPs.

How to eliminate wrong answers

Option A is wrong because DNS is not involved in ICMP echo requests to an IP address; DNS resolves names to IPs, but the test uses a raw IP (8.8.8.8). Option C is wrong because a duplicate IP address would cause intermittent connectivity or ARP conflicts, not a consistent failure to reach external IPs while the gateway is reachable. Option D is wrong because a proxy server is an application-layer intermediary for HTTP/HTTPS traffic, not required for ICMP or general IP routing; the failure to ping a public IP points to a missing default route, not proxy settings.

95
MCQhard

A network administrator configures a router-on-a-stick to route traffic between VLAN 10 and VLAN 20. Users in each VLAN can communicate within their own VLAN but cannot reach devices in the other VLAN. The router has subinterfaces configured, and the switch port connected to the router is configured as an access port in VLAN 1. What is the most likely cause of the inter-VLAN connectivity failure?

A.The router's subinterfaces are not configured with IP addresses.
B.The switch port connected to the router is not configured as a trunk.
C.The VLANs are not created on the switch.
D.The router's default route is missing.
AnswerB

This is the most likely cause. A trunk port is required to carry frames from multiple VLANs to the router for inter-VLAN routing. An access port only carries a single VLAN, preventing the router from receiving traffic from other VLANs.

Why this answer

The router-on-a-stick design requires the switch port connecting to the router to be configured as a trunk port. This allows the switch to forward frames from multiple VLANs (VLAN 10 and VLAN 20) to the router's subinterfaces, each tagged with the appropriate 802.1Q VLAN ID. When the port is set as an access port in VLAN 1, it only accepts untagged frames from VLAN 1, so the router's subinterfaces for VLAN 10 and VLAN 20 never receive traffic, breaking inter-VLAN routing.

Exam trap

CompTIA often tests the misconception that a router-on-a-stick only needs subinterfaces with IP addresses, leading candidates to overlook the critical requirement that the switch port must be a trunk to carry multiple VLAN tags.

How to eliminate wrong answers

Option A is wrong because subinterfaces must have IP addresses to route, but the question states the router has subinterfaces configured, implying IPs are set; the failure is due to the switch port not trunking, not missing IPs. Option C is wrong because users can communicate within their own VLANs, which proves the VLANs exist on the switch; if VLANs were not created, intra-VLAN communication would also fail. Option D is wrong because a default route is only needed for traffic destined outside the local network; inter-VLAN routing between directly connected subinterfaces uses connected routes, not a default route.

96
MCQmedium

A user reports that they cannot access any network resources. The technician checks the IP configuration and sees that the workstation has an IP address of 169.254.1.5. What is the most likely cause?

A.The DNS server is down
B.The DHCP server is unavailable
C.The default gateway is incorrect
D.The subnet mask is mismatched
AnswerB

An APIPA address indicates DHCP failure, so the DHCP server is likely unreachable.

Why this answer

The IP address 169.254.1.5 is an Automatic Private IP Addressing (APIPA) address (169.254.0.0/16 range), which Windows assigns when a DHCP client fails to receive a lease from a DHCP server. Since the workstation cannot obtain a valid IP configuration, it cannot communicate with any network resources, confirming that the DHCP server is unavailable.

Exam trap

The trap here is that candidates may confuse APIPA with a static IP misconfiguration or assume a DNS issue, but the 169.254.x.x address is a definitive indicator of DHCP failure, not a gateway or subnet problem.

How to eliminate wrong answers

Option A is wrong because a DNS server failure would not prevent the workstation from obtaining an IP address; it would only cause name resolution failures after a valid IP is assigned. Option C is wrong because an incorrect default gateway would still allow the workstation to have a valid IP from DHCP, but traffic to remote subnets would fail; the APIPA address indicates no DHCP lease was obtained. Option D is wrong because a mismatched subnet mask would still require a valid IP from DHCP; the presence of an APIPA address points to DHCP unavailability, not a mask mismatch.

97
MCQmedium

Users in a branch office report intermittent connectivity to the corporate data center. A technician runs a continuous ping from a workstation to the data center server and observes packet loss after the third hop. Which command should the technician run next to identify the specific router causing the issue?

A.ping -n 1000 server_ip
B.tracert server_ip
C.nslookup server_ip
D.ipconfig /all
AnswerB

Tracert lists each hop along the path and displays packet loss per hop, allowing the technician to isolate the faulty router.

Why this answer

The technician has already identified packet loss after the third hop using a continuous ping. The next logical step is to use `tracert` (or `traceroute` on Linux) to map the path and pinpoint which router (hop) is dropping packets. This command sends ICMP echo requests with incrementing TTL values, forcing each router along the path to reply with a Time Exceeded message, thereby revealing the specific hop where loss occurs.

Exam trap

The trap here is that candidates often jump to running a longer ping (option A) to confirm loss, but the question already states loss is observed; the correct next step is to isolate the failing hop using `tracert`, not to gather more loss statistics.

How to eliminate wrong answers

Option A is wrong because `ping -n 1000 server_ip` only sends more ICMP echo requests to the destination, which does not reveal the specific router causing the loss; it only confirms that loss exists. Option C is wrong because `nslookup server_ip` is a DNS resolution tool that queries name servers for IP-to-hostname mappings and has no role in identifying router-level packet loss. Option D is wrong because `ipconfig /all` displays local TCP/IP configuration details (IP address, subnet mask, default gateway, DNS servers) and cannot trace the path or identify intermediate routers.

98
MCQhard

A network engineer is troubleshooting intermittent packet loss on a 10 km single-mode fiber link between two buildings. The link lights are on, but the interface shows a high number of CRC errors. The engineer has cleaned the fiber connectors and replaced the patch cables. What should the engineer check NEXT?

A.Check the transmit/receive optical power levels
B.Check the duplex settings on both ends
C.Verify the cable length is within specifications
D.Adjust the Spanning Tree Protocol priority
AnswerA

Insufficient optical power (signal too weak) can cause CRC errors. Checking power levels verifies the link budget is adequate.

Why this answer

CRC errors on a single-mode fiber link typically indicate physical-layer issues such as excessive attenuation or dispersion. Since cleaning connectors and replacing patch cables did not resolve the problem, the next logical step is to measure the optical power levels at both the transmitter and receiver using an optical power meter. This will confirm whether the received signal is within the acceptable range (e.g., -3 dBm to -20 dBm for 10GBASE-LR) and identify if a damaged transceiver or a splice loss is causing the errors.

Exam trap

The trap here is that candidates often jump to duplex mismatch or cable length issues because those are common in copper troubleshooting, but on long-haul single-mode fiber, optical power levels are the primary suspect when CRC errors persist after cleaning and patching.

How to eliminate wrong answers

Option B is wrong because duplex mismatch is a common cause of CRC errors on copper Ethernet links, but single-mode fiber links (especially at 10 km) almost always use fixed full-duplex settings; auto-negotiation is not used on long-haul fiber, so duplex mismatch is extremely unlikely. Option C is wrong because the cable length is explicitly stated as 10 km, which is well within the typical maximum distance of 10GBASE-LR (10 km) or 1000BASE-LX (5 km, but often extended with better optics); verifying length would not explain CRC errors if the link is already up and within spec.

99
MCQmedium

A technician is troubleshooting an intermittent connectivity issue between two switches connected by a fiber optic cable. The link status shows up/down flapping. The technician checks the optical power levels and finds they are within acceptable range. Which of the following is the most likely cause?

A.Dirty fiber connectors
B.Duplex mismatch
C.Speed mismatch
D.VLAN mismatch
AnswerA

Contamination on fiber end faces can cause intermittent signal degradation and link flaps, even if average power readings appear acceptable.

Why this answer

Intermittent link flapping with acceptable optical power levels strongly indicates a physical-layer issue that is not related to signal strength. Dirty fiber connectors cause intermittent signal degradation due to scattering and absorption of light, leading to CRC errors and link flaps even when average power appears normal. Cleaning the connectors is the standard first step in such scenarios.

Exam trap

The trap here is that candidates see 'acceptable optical power levels' and assume the physical layer is fine, overlooking that intermittent physical contamination can cause flapping without dropping the average power below threshold.

How to eliminate wrong answers

Option B (Duplex mismatch) is wrong because duplex mismatch typically causes high error rates and poor performance, but the link usually stays up; it does not cause the link state to flap up/down. Option C (Speed mismatch) is wrong because modern switches auto-negotiate speed, and a speed mismatch would prevent the link from coming up at all, not cause intermittent flapping.

100
MCQhard

Users in a remote office are experiencing slow file transfers to the data center. The network technician runs a traceroute and discovers high latency on a specific hop. The technician pings that hop and gets replies with varying latency. The technician also checks the interface error counters on the router at that hop and finds no errors. What is the most likely cause?

A.Duplex mismatch
B.Incorrect MTU
C.Route flapping
D.CPU overload on the router
AnswerD

High CPU utilization can cause packet queuing delays, leading to variable latency without interface errors.

Why this answer

High latency with varying values (jitter) combined with clean interface error counters points to a router that is overwhelmed by processing demands. When a router's CPU is overloaded, it queues packets for processing, introducing variable delays even though the physical layer shows no errors. This matches the symptom of a specific hop showing latency spikes without CRC or framing errors.

Exam trap

The trap here is that candidates see 'no errors' on the interface and assume the problem must be at a higher layer, but CompTIA often tests that CPU overload can cause latency without any interface errors, misleading those who think clean counters always mean a healthy router.

How to eliminate wrong answers

Option A is wrong because a duplex mismatch would cause a high number of CRC errors, runts, or late collisions on the interface counters, which the technician confirmed as clean. Option B is wrong because an incorrect MTU would cause fragmentation or packet drops, typically visible as input errors or discards on the interface, not variable latency without errors. Option C is wrong because route flapping would cause intermittent reachability or path changes, not consistent high latency with jitter on a single hop; it would also be visible in routing table updates or syslog messages.

101
MCQmedium

A technician is troubleshooting a wireless network that experiences intermittent disconnections. A spectrum analysis shows channel utilization consistently above 80% on the 2.4 GHz band. Which of the following is the most likely cause?

A.Too many access points are configured on the same or overlapping channels
B.Access point output power is too high
C.Microwave ovens are interfering with the wireless signal
D.Client devices have weak signal strength
AnswerA

Excessive APs on the same channel cause co-channel interference, leading to high utilization and intermittent connectivity.

Why this answer

A is correct because consistently high channel utilization above 80% on the 2.4 GHz band indicates co-channel or adjacent-channel interference, typically caused by too many access points (APs) operating on the same or overlapping channels (e.g., channels 1, 6, and 11 are non-overlapping in 802.11b/g/n). This leads to excessive contention, increased retransmissions, and intermittent disconnections as stations wait for clear channel access via CSMA/CA.

Exam trap

The trap here is that candidates often attribute high channel utilization solely to non-Wi-Fi interference (like microwaves) or power settings, but the exam expects you to recognize that persistent >80% utilization in the 2.4 GHz band is almost always due to overlapping APs on the same or adjacent channels, not transient interference sources.

How to eliminate wrong answers

Option B is wrong because excessively high AP output power can cause signal overlap and increase co-channel interference, but the primary symptom of high channel utilization is not directly caused by power alone—it is the number of APs on overlapping channels that saturates the medium. Option C is wrong because while microwave ovens can cause intermittent interference on the 2.4 GHz band (typically around channel 7), they produce bursty, non-constant interference and would not consistently maintain channel utilization above 80%; the steady high utilization points to persistent overlapping APs, not a household appliance.

102
MCQmedium

A user can access a website by its IP address (e.g., 203.0.113.5) but cannot access it by its domain name (example.com). Other users on the same subnet can access the website by domain name. Which of the following should the technician check FIRST?

A.A
B.B
C.C
D.D
AnswerA

A misconfigured hosts file on the local workstation can prevent successful DNS resolution for that machine.

Why this answer

The issue is isolated to a single user who can reach the website by IP but not by domain name, while other users on the same subnet have no problem. This points to a client-side DNS resolution failure, most likely a misconfigured or missing DNS server address in the user's network settings. The technician should first check the user's DNS configuration (e.g., `ipconfig /all` on Windows or `cat /etc/resolv.conf` on Linux) to ensure it points to a valid DNS server.

Exam trap

The trap here is that candidates often jump to checking the DNS server or website records globally, forgetting that the problem is isolated to one client, which clearly indicates a client-side configuration issue rather than a server or infrastructure problem.

How to eliminate wrong answers

Option B (check the website's DNS records) is wrong because other users on the same subnet can resolve the domain name, proving the DNS records for example.com are correctly configured and reachable from that subnet. Option C (check the default gateway) is wrong because the user can access the website by IP address, which confirms IP routing and the default gateway are functioning correctly; the problem is name resolution, not layer-3 connectivity.

103
MCQhard

Users in a remote branch office report that they cannot access the company's cloud-based applications. The network administrator notices that the edge router's WAN interface is up but the branch's default route points to a next-hop IP that is unreachable. The administrator can ping the ISP's gateway IP from the router. What is the most likely cause?

A.The routing protocol is not redistributing the default route
B.The static default route has an incorrect next-hop IP
C.The WAN interface is administratively down
D.The firewall is blocking traffic to the cloud
AnswerB

If the next-hop IP in the static route is incorrect or the interface is down, traffic cannot be forwarded even though the WAN interface is up and the ISP gateway is reachable via another path.

Why this answer

The correct answer is B because the scenario describes a static default route configured with a next-hop IP that is unreachable. The WAN interface is up and the ISP gateway is reachable (as confirmed by the ping), but the router cannot forward traffic to the cloud because the static route points to an incorrect next-hop address. This is a classic static route misconfiguration where the next-hop IP does not match the ISP gateway or is not in the directly connected subnet.

Exam trap

CompTIA often tests the distinction between a WAN interface being up and the default route's next-hop being reachable; candidates mistakenly assume that if the interface is up and the ISP gateway is pingable, the default route must be correct, but the next-hop IP configured in the static route could be a different, unreachable address.

How to eliminate wrong answers

Option A is wrong because the issue is not about routing protocol redistribution; the branch uses a static default route, not a dynamic routing protocol, so redistribution is irrelevant. Option C is wrong because the WAN interface is explicitly stated as up, and an administratively down interface would show as 'down' or 'administratively down' in the show interfaces output. Option D is wrong because the firewall blocking traffic would not cause the router to have an unreachable next-hop; the ping to the ISP gateway succeeds, indicating Layer 3 connectivity is intact, and the problem is at the routing table level.

104
MCQmedium

A user reports that they can access the internet but cannot access the company's internal web application at https://intranet.company.local. The technician can ping the server's IP address (192.168.10.50) successfully from the user's workstation. However, when the technician runs 'nslookup intranet.company.local', it returns 'Non-existent domain'. What is the most likely cause?

A.The web server is not running on port 443.
B.The client's DNS server does not have a record for the internal domain.
C.A firewall is blocking traffic to the internal web server.
D.The hostname is misspelled in the browser.
AnswerB

A 'Non-existent domain' response from nslookup means the DNS server cannot find the A or CNAME record for that hostname, which is the most likely cause.

Why this answer

The user can access the internet and ping the server's IP address, which confirms Layer 3 connectivity and that the web server is reachable. However, 'nslookup intranet.company.local' returns 'Non-existent domain', indicating that the DNS server used by the client does not have an A or CNAME record for that internal hostname. Since the browser relies on DNS resolution to translate the FQDN to an IP address, the failure to resolve the name prevents the web application from loading, even though the server itself is online and reachable.

Exam trap

CompTIA often tests the distinction between connectivity (ping) and name resolution (nslookup), trapping candidates who assume that successful ping to an IP means the web application should work, ignoring that DNS failure prevents the browser from even initiating the HTTP request.

How to eliminate wrong answers

Option A is wrong because the technician can ping the server's IP successfully, proving the server is online and reachable at Layer 3; if the web server were not running on port 443, the browser would still attempt a TCP handshake and likely receive a connection refused or timeout, but the DNS failure would still block the request from even reaching that stage. Option C is wrong because a firewall blocking traffic to the internal web server would prevent the ping from succeeding (ICMP is often blocked or permitted separately), and the successful ping indicates that IP-level communication is not being filtered; moreover, the DNS resolution failure is the immediate symptom. Option D is wrong because the technician used 'nslookup' with the exact hostname 'intranet.company.local', which returned 'Non-existent domain'; a misspelling in the browser would not affect the nslookup result, and the nslookup failure confirms the DNS record is missing regardless of browser input.

← PreviousPage 2 of 2 · 104 questions total

Ready to test yourself?

Try a timed practice session using only Network Troubleshooting questions.