CCNA Networking Questions

38 of 113 questions · Page 2/2 · Networking · Answers revealed

76
MCQhard

A system administrator is troubleshooting network connectivity from a server that can reach internal resources but cannot access the internet. The server's /etc/sysconfig/network-scripts/ifcfg-eth0 file contains: BOOTPROTO=static, IPADDR=10.0.0.10, NETMASK=255.255.255.0, GATEWAY=10.0.0.1. The administrator runs 'ip route show' and sees: default via 10.0.0.1 dev eth0. However, 'ping 8.8.8.8' fails. Which is the most likely cause?

A.The default gateway is missing from the routing table.
B.The gateway 10.0.0.1 is not configured to forward traffic to the internet (no NAT or upstream route).
C.DNS resolution is not configured.
D.A firewall is blocking outbound ICMP traffic.
AnswerB

The private IP gateway cannot route to the internet without NAT or a public IP.

Why this answer

The routing table shows a default gateway (10.0.0.1) is present, so the issue is not a missing route. Since the server can reach internal resources but not the internet, the most likely cause is that the gateway itself (10.0.0.1) is not configured to perform NAT or does not have an upstream route to forward traffic beyond the local subnet. Without this, packets destined for 8.8.8.8 are sent to the gateway but are then dropped because the gateway has no path to the internet.

Exam trap

The trap here is that candidates often assume a missing default gateway is the problem when ping fails, but the question explicitly shows the default route exists, so the real issue is the gateway's inability to forward traffic beyond the local network.

How to eliminate wrong answers

Option A is wrong because the 'ip route show' output explicitly shows 'default via 10.0.0.1 dev eth0', meaning the default gateway is present in the routing table. Option C is wrong because DNS resolution is not required for a ping to an IP address like 8.8.8.8; the failure occurs at the network layer, not at the application or name resolution layer. Option D is wrong because while a firewall could block ICMP, the question states the server can reach internal resources, and the most likely cause given the routing configuration is a gateway issue; a firewall blocking outbound ICMP would not explain why the gateway itself is unreachable for internet traffic, and the symptom is consistent with a lack of NAT or upstream route on the gateway.

77
Multi-Selecthard

Which TWO are valid methods to configure a network interface on a Linux system?

Select 2 answers
A.Using sysctl to set net.ipv4.conf.eth0.forwarding
B.Using systemctl enable network.service
C.Editing /etc/network/interfaces
D.Using nmcli connection add
E.Editing /etc/sysconfig/network
AnswersC, D

This file is used by ifupdown on Debian/Ubuntu systems.

Why this answer

Option C is correct because /etc/network/interfaces is the traditional configuration file used by the ifup/ifdown system on Debian-based distributions to define network interfaces, including IP addresses, netmasks, and gateways. This file is parsed by the ifup command to bring interfaces up with the specified settings, making it a valid method for persistent network configuration.

Exam trap

The trap here is that candidates confuse global network configuration files (like /etc/sysconfig/network) with per-interface configuration files, or mistake sysctl for a tool that can set interface IP addresses, when it only modifies kernel parameters unrelated to interface addressing.

78
Multi-Selecthard

Which THREE conditions can cause an 'RTNETLINK answers: File exists' error when adding a static route?

Select 3 answers
A.The route exists with a different metric but same destination and netmask.
B.The gateway is unreachable.
C.The interface is down.
D.The route exists with a different gateway but same destination and netmask.
E.The route already exists with the same destination and netmask (exact duplicate).
AnswersA, D, E

Metric is not part of the uniqueness; still duplicates.

Why this answer

Option A is correct because the Linux kernel's routing table uses the destination and netmask as a unique key for route entries. When adding a route with 'ip route add', if a route already exists with the same destination and netmask but a different metric, the kernel returns 'RTNETLINK answers: File exists' because the metric is not part of the uniqueness check — only the destination prefix and netmask are considered. The metric is a per-route property that does not disambiguate routes in the FIB (Forwarding Information Base).

Exam trap

The trap here is that candidates often assume the metric or gateway differentiates routes, but the Linux kernel treats the destination/netmask pair as the sole unique identifier for a route entry, so any duplicate prefix — even with different metrics or gateways — triggers the 'File exists' error.

79
MCQeasy

Which tool is the recommended method for persistently configuring network interfaces in RHEL 8?

A.Using the 'ip' command with persistent flags
B.Using nmcli commands
C.Editing /etc/sysconfig/network-scripts/ifcfg-* files directly
D.Using systemd-networkd configuration files
AnswerB

NetworkManager with nmcli is the standard tool for persistent network configuration.

Why this answer

In RHEL 8, NetworkManager is the default networking daemon, and 'nmcli' is the recommended command-line tool for persistently configuring network interfaces. Unlike temporary 'ip' commands, nmcli writes configuration to NetworkManager connection profiles, ensuring changes survive reboots. Red Hat officially deprecates direct editing of ifcfg files in RHEL 8 and uses NetworkManager as the primary interface.

Exam trap

The trap here is that candidates familiar with older RHEL versions (6/7) may default to editing ifcfg files directly, not realizing that RHEL 8 deprecates this method and officially recommends nmcli for persistent configuration.

How to eliminate wrong answers

Option A is wrong because the 'ip' command only makes runtime changes that are lost on reboot; it has no persistent flags to save configuration. Option C is wrong because while ifcfg files are still read by NetworkManager for backward compatibility, Red Hat deprecates direct editing in RHEL 8 and recommends nmcli or nmtui instead. Option D is wrong because systemd-networkd is not the default or recommended network stack in RHEL 8; RHEL 8 uses NetworkManager, not systemd-networkd.

80
Multi-Selectmedium

Which TWO commands can be used to display the routing table on a Linux system? (Choose two.)

Select 2 answers
A.route -n
B.ip route
C.ss -r
D.traceroute
E.ping -R
AnswersA, B

Route command with -n shows numeric routes.

Why this answer

The `route -n` command displays the kernel IP routing table with numeric addresses, showing destination, gateway, netmask, and interface. The `ip route` command from the iproute2 suite shows the same routing table with more detail and is the modern replacement for `route`. Both are standard tools for viewing routing information on Linux.

Exam trap

The trap here is that candidates confuse `ss` with `route` or `ip` because `ss` is a socket statistics tool, and the `-r` option might be misread as 'route', but `ss -r` only resolves hostnames in its output and does not display routing information.

81
MCQhard

Refer to the exhibit. A server has two interfaces: eth0 (public) and eth1 (internal). The firewall zone 'internal' is assigned to eth1. An administrator wants to allow TCP traffic on port 8080 from eth1 to the server. Which command will achieve this without affecting existing rules?

A.firewall-cmd --permanent --zone=internal --add-port=8080/tcp
B.firewall-cmd --zone=internal --add-service=http --add-port=8080/tcp
C.firewall-cmd --zone=internal --add-port=8080/tcp
D.firewall-cmd --zone=public --add-port=8080/tcp
AnswerC

This adds the port to the internal zone temporarily but immediately, without reload.

Why this answer

Option C is correct because it uses the `--zone=internal` flag to target the correct zone assigned to eth1, and `--add-port=8080/tcp` to open only TCP port 8080 without modifying any existing rules. The command is not `--permanent`, so it applies immediately to the runtime configuration, which is the default behavior when `--permanent` is omitted.

Exam trap

The trap here is that candidates may confuse `--permanent` with immediate effect, or incorrectly assume that `--add-service=http` is required for HTTP-based traffic on port 8080, when in fact `--add-port` directly specifies the port regardless of the service name.

How to eliminate wrong answers

Option A is wrong because it uses `--permanent`, which would make the rule persistent across reboots but does not apply it to the current runtime configuration unless followed by `firewall-cmd --reload`; the question asks to allow traffic without affecting existing rules, and `--permanent` alone does not activate the rule immediately. Option B is wrong because it adds both `--add-service=http` (which opens port 80/tcp) and `--add-port=8080/tcp`, unnecessarily opening an extra port (80) that was not requested, violating the requirement to allow only port 8080. Option D is wrong because it targets the `public` zone, but the internal interface eth1 is assigned to the `internal` zone, so this command would open port 8080 on the wrong interface and not affect eth1.

82
MCQmedium

You manage a Linux server that provides DHCP services to a small office network using the dhcpd daemon. The server has two network interfaces: eth0 (192.168.1.1/24) serving the internal network, and eth1 (192.168.0.1/24) connected to a DMZ. The DHCP server is configured to serve addresses only on eth0. Users on the internal network report that they are not receiving IP addresses. You check the DHCP server and find that the dhcpd service is running and listening on UDP port 67. From a client, you run tcpdump and see DHCPDISCOVER packets being sent, but no DHCPOFFER from the server. You also verify that no firewall rules are blocking DHCP traffic on either side. What is the most likely reason for the failure?

A.The DHCP server's IP address is not in the same subnet as the clients.
B.The dhcpd configuration file does not have a subnet declaration for the 192.168.1.0/24 network.
C.The dhcpd service is not running.
D.The network switch is blocking broadcast packets.
AnswerB

Without a subnet declaration, the DHCP server does not know which pool to offer addresses from and will ignore broadcasts on that subnet.

Why this answer

Option B is correct because the dhcpd daemon will only respond to DHCPDISCOVER packets on interfaces for which it has a matching subnet declaration in its configuration file (typically /etc/dhcp/dhcpd.conf). Without a subnet declaration for 192.168.1.0/24, dhcpd ignores all DHCP traffic on eth0, even though the service is running and listening on UDP port 67. The absence of DHCPOFFER packets despite seeing DHCPDISCOVERs confirms that the server is not processing the requests for that subnet.

Exam trap

The trap here is that candidates assume a running service with an open port (UDP 67) is sufficient to serve DHCP, but the dhcpd daemon requires explicit subnet declarations to process requests on each interface.

How to eliminate wrong answers

Option A is wrong because the DHCP server's IP address (192.168.1.1) is in the same subnet as the clients (192.168.1.0/24), so subnet mismatch is not the issue. Option C is wrong because the problem states the dhcpd service is running and listening on UDP port 67, so the service is operational. Option D is wrong because the switch blocking broadcast packets would prevent DHCPDISCOVERs from reaching the server, but the tcpdump shows DHCPDISCOVER packets are being sent, and no firewall rules are blocking traffic, so the switch is not the cause.

83
Multi-Selecteasy

An administrator is configuring a Linux server to act as a web server. The server has two network interfaces: eth0 (public IP 203.0.113.10) and eth1 (private IP 10.0.0.10). The default policy on the INPUT chain is DROP. The administrator wants to allow incoming HTTP (port 80) traffic from any source but only to the public interface. Which TWO iptables rules should be added?

Select 2 answers
A.iptables -A FORWARD -i eth0 -p tcp --dport 80 -j ACCEPT
B.iptables -A INPUT -d 203.0.113.10 -p tcp --dport 80 -j ACCEPT
C.iptables -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT
D.iptables -A INPUT -s 203.0.113.10 -p tcp --dport 80 -j ACCEPT
E.iptables -A INPUT -i eth1 -p tcp --dport 80 -j ACCEPT
AnswersB, C

Matches traffic destined to the public IP.

Why this answer

Option B is correct because it specifies the destination IP address (203.0.113.10) of the public interface, ensuring that HTTP traffic is only accepted when destined for that IP. Option C is also correct because it uses the `-i eth0` flag to match incoming traffic on the public interface only, which restricts HTTP access to the public-facing interface. Both rules are needed to satisfy the requirement of allowing HTTP from any source but only to the public interface, given the default DROP policy on the INPUT chain.

Exam trap

The trap here is that candidates often confuse the INPUT and FORWARD chains, or incorrectly assume that specifying the source IP (`-s`) is equivalent to specifying the destination IP (`-d`), leading them to pick Option D or A instead of the correct combination of B and C.

84
MCQhard

A system administrator is troubleshooting network connectivity from a Linux server to a remote host at 10.0.0.1. The server has a default gateway of 192.168.1.1. Running `ping 10.0.0.1` fails, but `ping 192.168.1.1` succeeds. The output of `ip route show` shows a default route via 192.168.1.1. Which additional step should the administrator take to further investigate?

A.Check the ARP table for 10.0.0.1.
B.Verify that the firewall on the remote host allows ICMP.
C.Run traceroute to 10.0.0.1 to see where packets are dropped.
D.Check if the remote host is in the same subnet as the server.
AnswerC

Traceroute reveals the path and where packets stop, aiding in pinpointing the issue.

Why this answer

Option C is correct because the ping to the default gateway succeeds, confirming local network and ARP resolution are functional, while the ping to the remote host fails. Running traceroute to 10.0.0.1 will reveal the exact hop where packets are dropped, isolating whether the issue lies in routing beyond the gateway, a firewall along the path, or a missing route on an intermediate router.

Exam trap

The trap here is that candidates assume a failed ping to a remote host must be due to a local ARP issue or firewall on the destination, but the successful ping to the gateway proves local connectivity works, making traceroute the logical next step to trace the path.

How to eliminate wrong answers

Option A is wrong because the ARP table is only relevant for hosts on the same subnet; 10.0.0.1 is not on the local subnet (the server's IP is presumably in 192.168.1.0/24), so ARP will never contain an entry for it. Option B is wrong because the question asks for the next step in investigating the connectivity issue from the server's perspective; while the remote host's firewall could block ICMP, the administrator should first verify the path with traceroute before assuming a firewall issue. Option D is wrong because the remote host is clearly not in the same subnet (10.0.0.1 vs. 192.168.1.0/24), and the successful ping to the gateway confirms the server is correctly forwarding traffic to the default route.

85
MCQmedium

A company deploys a new web server with two network interfaces: one for public access (eth0) and one for database access (eth1). The database server is at 10.0.0.10. The web server's default gateway is via eth0, but traffic to 10.0.0.10 is being routed through eth0 instead of eth1. What is the simplest fix?

A.Remove the default gateway on eth0.
B.Configure policy routing to use both tables.
C.Add a static route for 10.0.0.10/32 via eth1's gateway.
D.Change the default gateway metric to prefer eth1.
AnswerC

Directs only database traffic through eth1.

Why this answer

Option C is correct because adding a static route for 10.0.0.10/32 via eth1's gateway forces traffic destined for the database server to use the eth1 interface, overriding the default route that sends all traffic through eth0. This is the simplest and most direct fix, as it does not alter the default gateway or require complex policy routing.

Exam trap

The trap here is that candidates often think they need to change the default gateway or use complex policy routing, when a simple static route is the most efficient and correct solution for directing traffic to a specific host through a different interface.

How to eliminate wrong answers

Option A is wrong because removing the default gateway on eth0 would break all other outbound traffic that must go through eth0 (e.g., internet access), leaving the server without a default route. Option B is wrong because policy routing is an overcomplicated solution for this simple scenario; it involves creating additional routing tables and rules, which is unnecessary when a single static route can solve the problem. Option D is wrong because changing the default gateway metric to prefer eth1 would route all default traffic through eth1, which is likely not desired (eth1 is for database access only), and it would not fix the specific routing for 10.0.0.10 without affecting other traffic.

86
MCQhard

A company is designing a multi-homed server with two network interfaces: one for internal traffic (eth0) and one for external traffic (eth1). The server must prioritize traffic to the 10.1.0.0/16 network through eth0. What is the best practice to ensure traffic to 10.1.0.0/16 uses eth0?

A.Add a static route for 10.1.0.0/16 via the gateway on eth0.
B.Configure policy routing using ip rule and two routing tables.
C.Set a lower metric on the default route for eth0.
D.Use bonding to combine both interfaces.
AnswerA

A static route directs traffic for that subnet to the correct interface.

Why this answer

Adding a static route for 10.1.0.0/16 via the gateway on eth0 directly tells the kernel to send traffic destined for that network through eth0. This is the simplest and most direct method, ensuring that the route is always preferred over the default route for that specific destination, without affecting other traffic.

Exam trap

The trap here is that candidates often confuse policy routing (Option B) as the only way to control interface selection, but a simple static route is the standard and best practice for directing traffic to a specific subnet.

How to eliminate wrong answers

Option B is wrong because policy routing (ip rule and multiple routing tables) is overkill for a simple destination-based routing requirement; it is typically used for complex scenarios like load balancing or source-based routing, not for a single static route. Option C is wrong because setting a lower metric on the default route for eth0 would only affect the default route preference, not direct traffic specifically to 10.1.0.0/16; it would not create a route for that network. Option D is wrong because bonding combines interfaces for redundancy or increased throughput, not for routing traffic to a specific network; it does not control which interface is used for a particular destination.

87
MCQmedium

A server running Ubuntu 20.04 uses netplan for network configuration. The admin wants to set a static IP address 10.0.0.100/24 on interface enp0s3 with gateway 10.0.0.1 and DNS servers 8.8.8.8 and 8.8.4.4. Which YAML configuration is correct?

A.network: version: 2 ethernets: enp0s3: addresses: - 10.0.0.100/24 gateway: 10.0.0.1 nameservers: addresses: [8.8.8.8, 8.8.4.4]
B.network: version: 2 ethernets: enp0s3: address: 10.0.0.100/24 gateway4: 10.0.0.1 dns-nameservers: 8.8.8.8 8.8.4.4
C.network: ethernets: enp0s3: addresses: 10.0.0.100/24 gateway4: 10.0.0.1 nameservers: addresses: [8.8.8.8, 8.8.4.4]
D.network: version: 2 ethernets: enp0s3: addresses: - 10.0.0.100/24 gateway4: 10.0.0.1 nameservers: addresses: [8.8.8.8, 8.8.4.4]
AnswerD

Correct syntax: 'gateway4', 'addresses' as list, 'nameservers.addresses' as list.

Why this answer

Option D is correct because it uses the proper Netplan YAML syntax: `addresses` as a list, `gateway4` for the IPv4 default gateway, and `nameservers` with an `addresses` list. This matches the required static IP 10.0.0.100/24, gateway 10.0.0.1, and DNS servers 8.8.8.8 and 8.8.4.4.

Exam trap

The trap here is that candidates confuse the legacy ifupdown syntax (e.g., `address`, `dns-nameservers`) with the required Netplan YAML structure, or forget the mandatory `version: 2` field.

How to eliminate wrong answers

Option A is wrong because it uses `gateway` instead of `gateway4`; Netplan requires `gateway4` for IPv4 gateways. Option B is wrong because it uses `address` (singular) instead of `addresses` (plural list), and `dns-nameservers` is a legacy ifupdown syntax not valid in Netplan. Option C is wrong because it omits the required `version: 2` field, which Netplan mandates for the configuration to be recognized.

88
MCQeasy

A user reports that they can access websites by IP address but not by domain name. Which command should the administrator use to diagnose the issue?

A.dig google.com
B.netstat -r
C.traceroute 8.8.8.8
D.ping google.com
AnswerA

Dig performs DNS lookup and shows resolution details.

Why this answer

The user can access websites by IP address but not by domain name, indicating a DNS resolution failure. The `dig` command is the correct diagnostic tool because it directly queries DNS servers to test domain name resolution, bypassing the system's resolver cache and configuration. This allows the administrator to isolate whether the issue lies with DNS resolution or other network layers.

Exam trap

The trap here is that candidates often choose `ping google.com` (Option D) because it's a common connectivity test, but they fail to recognize that the symptom (access by IP but not name) specifically points to DNS, making `dig` the targeted diagnostic tool.

How to eliminate wrong answers

Option B is wrong because `netstat -r` displays the routing table, which is unrelated to DNS resolution; it would not help diagnose why domain names fail to resolve. Option C is wrong because `traceroute 8.8.8.8` tests network path connectivity to an IP address, which is already working per the user's report, and does not involve DNS. Option D is wrong because `ping google.com` would fail due to the same DNS resolution issue, making it useless for diagnosis; it would not reveal whether the problem is with DNS or something else.

89
MCQhard

A server has two network interfaces: eth0 (10.0.1.10/24, gateway 10.0.1.1) and eth1 (192.168.1.10/24, no gateway). Both are up. The default gateway is set to 10.0.1.1. A ping to 8.8.8.8 fails, but ping to 10.0.1.1 succeeds. What is the most likely cause?

A.eth1 has no gateway configured
B.The default route is missing or pointing to an incorrect gateway
C.DNS resolution is failing
D.eth0 is down
AnswerB

Even though the gateway is reachable, the default route may be missing or misconfigured.

Why this answer

The default gateway is correctly set to 10.0.1.1, and ping to that gateway succeeds, so eth0 and its route are functional. However, ping to 8.8.8.8 fails, which indicates that the default route (0.0.0.0/0 via 10.0.1.1) is either missing or misconfigured, preventing traffic destined for external networks from being forwarded. The fact that eth1 has no gateway is irrelevant because the default route is already defined via eth0.

Exam trap

The trap here is that candidates may incorrectly blame eth1's missing gateway (option A) instead of recognizing that the default route via eth0 is the sole path to external networks, and its absence is the real issue.

How to eliminate wrong answers

Option A is wrong because eth1 having no gateway is not the cause of the failure to reach 8.8.8.8; the default route is already set via eth0, and eth1 is only used for local subnet traffic. Option C is wrong because DNS resolution is not involved in a direct ping to an IP address (8.8.8.8), so a DNS failure would not prevent the ping. Option D is wrong because eth0 is up (ping to 10.0.1.1 succeeds), so the interface is operational.

90
MCQeasy

A developer needs to temporarily allow incoming TCP connections on port 8080 for testing. Which iptables command adds a rule to the INPUT chain to accept this traffic?

A.iptables -A OUTPUT -p tcp --sport 8080 -j ACCEPT
B.iptables -A INPUT -p tcp --dport 8080 -j ACCEPT
C.iptables -A FORWARD -p tcp --dport 8080 -j ACCEPT
D.iptables -I INPUT 1 -p tcp --dport 8080 -j DROP
AnswerB

Appends a rule to INPUT chain to accept TCP on port 8080.

Why this answer

Option B is correct because the INPUT chain processes traffic destined for the local system, and the `--dport 8080` flag matches incoming TCP packets with destination port 8080. The `-j ACCEPT` target allows these packets through, which is exactly what is needed to temporarily permit incoming TCP connections on port 8080 for testing.

Exam trap

The trap here is that candidates often confuse the INPUT chain with the FORWARD chain, or mistakenly think that `--sport` (source port) is appropriate for incoming traffic, when `--dport` (destination port) is required for packets arriving at the local system.

How to eliminate wrong answers

Option A is wrong because it adds a rule to the OUTPUT chain (which handles outgoing traffic) and uses `--sport 8080` (source port), which would match outgoing packets originating from port 8080, not incoming connections. Option C is wrong because the FORWARD chain handles traffic routed through the system, not traffic destined for the local host; adding a rule there would not affect incoming connections to the local system. Option D is wrong because it uses `-j DROP` to reject traffic, and while `-I INPUT 1` inserts the rule at the top, the action is to drop, not accept, the incoming TCP connections on port 8080.

91
MCQeasy

A Linux server hosts a critical web application and is connected to the corporate network via a bonded interface bond0, combining eth0 and eth1 in active-backup mode. The server has a static IP 192.168.1.100/24 and default gateway 192.168.1.1. Recently, users report intermittent connectivity. The administrator runs 'ip link show' and sees that eth0 and eth1 are both state UP, but bond0 shows 'state UP' and 'NO-CARRIER'. The bond primary slave is eth0. Also, 'ping 192.168.1.1' fails. What should the administrator do next?

A.Add a secondary IP address to eth0.
B.Restart the NetworkManager service.
C.Check the physical cable connection of eth0.
D.Change the bond mode to balance-rr to load balance traffic.
AnswerC

NO-CARRIER on the bond with the primary slave UP suggests a physical problem on eth0; checking the cable is the correct first step.

Why this answer

The bond interface showing NO-CARRIER indicates a physical link problem on the active slave. Since eth0 is the primary slave and bond0 has no carrier, the most likely cause is a disconnected or faulty cable on eth0. Checking the physical connection is the appropriate first step.

Changing the bond mode or restarting services would not resolve a physical issue, and adding a secondary IP is irrelevant.

92
MCQeasy

Refer to the exhibit. An administrator wants to bring up the eth1 interface using the existing connection. Which command should be used?

A.nmcli connection up eth1
B.nmcli device connect eth1
C.ifup eth1
D.ip link set eth1 up
AnswerA

This explicitly activates the named connection 'eth1'.

Why this answer

Option A is correct because `nmcli connection up eth1` activates the existing NetworkManager connection profile associated with the eth1 interface. This command ensures that the interface is brought up using the stored configuration (e.g., IP addressing, DNS, routes) rather than just setting the link state. NetworkManager manages connections as profiles, and `nmcli connection up` is the proper way to apply a profile to an interface.

Exam trap

The trap here is that candidates often confuse `nmcli device` with `nmcli connection` — the `device` subcommand manages physical interfaces, while `connection` manages logical profiles, and only `connection up` applies the full configuration from an existing profile.

How to eliminate wrong answers

Option B is wrong because `nmcli device connect eth1` attempts to create a new connection profile for the device, which is not appropriate when an existing connection should be used; it may overwrite or duplicate settings. Option C is wrong because `ifup eth1` is a legacy SysVinit command that relies on `/etc/network/interfaces` and is not integrated with NetworkManager, which is the default network service on modern Linux distributions (e.g., RHEL/CentOS 7+). Option D is wrong because `ip link set eth1 up` only brings the interface administratively up at Layer 2, but it does not apply any Layer 3 configuration (IP address, routes) or use the existing connection profile, leaving the interface without network connectivity.

93
MCQeasy

Based on the tcpdump output in the exhibit, what can be concluded about the TCP handshake?

A.The connection attempt failed because only three packets are shown.
B.The connection was reset by the remote host.
C.The handshake is incomplete because there is no ACK from the server.
D.The TCP three-way handshake completed successfully.
AnswerD

SYN, SYN-ACK, ACK sequence indicates success.

Why this answer

The TCP three-way handshake completes successfully when three packets are exchanged: SYN, SYN-ACK, and ACK. The tcpdump output shows exactly these three packets, confirming a successful handshake. The presence of the final ACK from the client to the server's SYN-ACK indicates that the connection is established.

Exam trap

The trap here is that candidates may mistakenly think a three-packet handshake is incomplete or failed, when in fact the TCP three-way handshake is defined as exactly three packets, and the final ACK from the client completes it.

How to eliminate wrong answers

Option A is wrong because a successful TCP three-way handshake consists of exactly three packets (SYN, SYN-ACK, ACK), so seeing three packets does not indicate failure. Option B is wrong because a reset (RST) packet would appear in the output if the connection were reset by the remote host, but no RST flag is shown. Option C is wrong because the handshake is complete; the server sends a SYN-ACK (the second packet), and the client responds with an ACK (the third packet), which is the expected final step.

94
MCQmedium

An administrator needs to permanently set a static IPv4 address 192.168.1.100/24 on interface eth0 using NetworkManager. Which command achieves this?

A.nmcli connection modify eth0 ipv4.addresses 192.168.1.100/24
B.nmcli connection modify eth0 ipv4.addresses 192.168.1.100/24 ipv4.method manual
C.nmcli device modify eth0 ipv4.addresses 192.168.1.100/24
D.nmcli connection modify 'System eth0' ipv4.addresses 192.168.1.100/24 ipv4.method manual
AnswerB

Correct: sets both address and method, making it persistent.

Why this answer

Option B is correct because `nmcli connection modify` is the proper command to permanently change a NetworkManager connection profile, and setting both `ipv4.addresses` and `ipv4.method manual` ensures the static IP is applied and the interface does not fall back to DHCP. Without setting the method to `manual`, NetworkManager may ignore the static address or override it with DHCP.

Exam trap

The trap here is that candidates often forget to set `ipv4.method manual` when configuring a static IP, assuming that providing an address alone is sufficient, or they mistakenly use `nmcli device modify` for a permanent change instead of `nmcli connection modify`.

How to eliminate wrong answers

Option A is wrong because it sets the IP address but does not change the IPv4 method from its default (often 'auto' or DHCP), so the static address may not be used or may be overridden. Option C is wrong because `nmcli device modify` only makes temporary runtime changes that do not survive a reboot or NetworkManager restart, as it modifies the device directly rather than the connection profile. Option D is wrong because it uses a connection name 'System eth0' which is a legacy naming convention from older NetworkManager versions; on modern systems the default connection name for eth0 is typically 'eth0' or 'Wired connection 1', so this command would likely fail or create a new profile.

95
MCQeasy

A system administrator needs to configure a static IP address on a CentOS 7 server. Which file should be edited to set the IP address permanently?

A./etc/netplan/01-netcfg.yaml
B./etc/network/interfaces
C./etc/hostname
D./etc/sysconfig/network-scripts/ifcfg-eth0
AnswerD

Correct file for CentOS 7 static IP configuration.

Why this answer

On CentOS 7, network interfaces are configured via scripts located in /etc/sysconfig/network-scripts/, with each interface having a file named ifcfg-<interface>. The ifcfg-eth0 file stores static IP settings such as IPADDR, NETMASK, and GATEWAY, which are read by the network service (network.service) to apply persistent configuration.

Exam trap

The trap here is that candidates familiar with Ubuntu or Debian systems may incorrectly choose /etc/network/interfaces (Option B) or /etc/netplan/01-netcfg.yaml (Option A), forgetting that CentOS 7 uses the Red Hat-style ifcfg scripts in /etc/sysconfig/network-scripts/.

How to eliminate wrong answers

Option A is wrong because /etc/netplan/01-netcfg.yaml is used by Netplan, a network configuration utility for Ubuntu (starting from 17.10) and not by CentOS 7, which uses the legacy ifcfg system. Option B is wrong because /etc/network/interfaces is the configuration file for Debian/Ubuntu systems using ifupdown, not for CentOS 7. Option C is wrong because /etc/hostname only sets the system's hostname, not IP address configuration; it contains a single line with the hostname and has no effect on network interface addressing.

96
MCQeasy

A user reports that they cannot reach a remote server by hostname but can reach it by IP address. Which configuration file is most likely misconfigured?

A./etc/resolv.conf
B./etc/sysconfig/network
C./etc/hosts
D./etc/nsswitch.conf
AnswerA

/etc/resolv.conf specifies DNS servers; if misconfigured, DNS queries fail, causing hostname resolution to fail.

Why this answer

The /etc/resolv.conf file configures the system's DNS resolver, specifying the nameservers to query for hostname-to-IP resolution. If a user can reach a server by IP but not by hostname, it indicates that DNS resolution is failing, which is most commonly due to a missing or incorrect nameserver entry in /etc/resolv.conf.

Exam trap

The trap here is that candidates often confuse /etc/resolv.conf with /etc/hosts or /etc/nsswitch.conf, thinking that a hostname resolution failure must be due to a missing static entry or a misconfigured lookup order, rather than the fundamental DNS resolver configuration.

How to eliminate wrong answers

Option B is wrong because /etc/sysconfig/network is a Red Hat/CentOS-specific file for setting global network parameters (e.g., hostname, gateway), not for DNS resolver configuration. Option C is wrong because /etc/hosts provides static hostname-to-IP mappings; if it were misconfigured, the user might not reach the server by hostname, but the fact that they can reach it by IP suggests DNS is the issue, not a missing or incorrect static entry. Option D is wrong because /etc/nsswitch.conf controls the order of name service lookups (e.g., 'hosts: files dns'), but a misconfiguration here would affect the lookup order, not the actual DNS resolver configuration; the core problem is the resolver itself, not the order.

97
MCQmedium

A network interface eth0 is not receiving an IP address via DHCP. Which command can be used to troubleshoot the DHCP client process?

A.dhclient -v eth0
B.systemctl status dhcpd
C.nmcli dev show eth0
D.dhcpd -t
AnswerA

Runs the DHCP client with verbose output, useful for troubleshooting.

Why this answer

The `dhclient -v eth0` command runs the DHCP client in verbose mode on interface eth0, which is the correct tool to troubleshoot the DHCP client process. It shows detailed messages about the DHCPDISCOVER, DHCPOFFER, DHCPREQUEST, and DHCPACK exchange, helping identify where the process fails. This directly addresses the issue of the interface not receiving an IP address via DHCP.

Exam trap

The trap here is confusing the DHCP client process (dhclient) with the DHCP server process (dhcpd), leading candidates to choose options that manage or test the server instead of the client.

How to eliminate wrong answers

Option B is wrong because `systemctl status dhcpd` checks the status of the DHCP server daemon (dhcpd), not the DHCP client process; the client process is managed by dhclient or NetworkManager, not dhcpd. Option C is wrong because `nmcli dev show eth0` displays the current configuration and state of the interface as managed by NetworkManager, but it does not initiate or debug the DHCP client transaction itself. Option D is wrong because `dhcpd -t` tests the syntax of the DHCP server configuration file (typically /etc/dhcp/dhcpd.conf), which is irrelevant to troubleshooting the client-side DHCP process.

98
MCQmedium

Based on the exhibit, a system administrator runs ping to 8.8.8.8 and gets 'Destination Host Unreachable'. What is the most likely cause?

A.The IP address 192.168.10.15 is not configured on eth0.
B.A firewall is blocking ICMP traffic.
C.The gateway 192.168.10.1 is not reachable from this host.
D.The default route is missing.
AnswerC

The ping error indicates the gateway cannot be reached, likely because it's down or not on the same network.

Why this answer

The 'Destination Host Unreachable' message indicates that the host has no route to the destination network or the next-hop gateway is not reachable. Since the ping target is 8.8.8.8 (a public IP), the host must forward traffic to its default gateway. If the gateway 192.168.10.1 is not reachable (e.g., due to a down interface, ARP failure, or missing neighbor entry), the kernel will immediately return this ICMP error without attempting to send the packet.

Exam trap

The trap here is that candidates confuse 'Destination Host Unreachable' (which indicates a local routing or next-hop reachability issue) with 'Request Timed Out' (which typically indicates a remote firewall or network congestion), leading them to incorrectly select a firewall blocking ICMP.

How to eliminate wrong answers

Option A is wrong because the IP address 192.168.10.15 is the source address used for outbound traffic; even if it were not configured on eth0, the ping would fail with a different error (e.g., 'connect: Network is unreachable' or no source IP), not 'Destination Host Unreachable'. Option B is wrong because a firewall blocking ICMP would typically cause a timeout (no response) or 'Request timed out', not an immediate 'Destination Host Unreachable' which is generated by the local host's IP stack, not by a remote firewall. Option D is wrong because if the default route were missing entirely, the host would return 'Network is unreachable' (or 'connect: No route to host') for any off-subnet destination, not 'Destination Host Unreachable' which implies a route exists but the next-hop is unreachable.

99
MCQeasy

You are a Linux administrator for a small company. A developer has deployed a web application on a server with IP 192.168.1.50. The application needs to connect to a database server at 10.0.0.100 on TCP port 3306. Both servers are on the same physical network but different subnets (192.168.1.0/24 and 10.0.0.0/24) connected by a router. The default gateway for the app server is 192.168.1.1, and for the DB server is 10.0.0.1. You have verified that the app server can ping the DB server by IP address successfully. However, the application fails to connect to the database. You have used telnet from the app server to test connectivity on port 3306 and it fails (connection refused). On the DB server, you check that the MySQL service is listening on 0.0.0.0:3306 and that the local firewall (firewalld) allows incoming connections on port 3306. What is the most likely cause of the connection failure?

A.The network cable is faulty.
B.The app server's firewall is blocking outgoing connections to port 3306.
C.The router does not have a route to 192.168.1.0/24 from the DB server's subnet, so return packets are dropped.
D.The database service is only listening on the loopback interface (127.0.0.1).
AnswerC

Even though ping works due to ICMP being handled differently, TCP connections require consistent routing. A missing return route would cause TCP SYNs to be sent but ACKs never received, resulting in connection timeout or refused.

Why this answer

The app server can ping the DB server, confirming Layer 3 connectivity, but telnet fails on port 3306, indicating a Layer 4 issue. Since the DB server's MySQL is listening on 0.0.0.0:3306 and firewalld allows the port, the most likely cause is that the router lacks a return route from the 10.0.0.0/24 subnet to the 192.168.1.0/24 subnet, causing return packets from the DB server to be dropped. This asymmetric routing prevents the TCP handshake from completing, even though ICMP (ping) may work if the router forwards it differently.

Exam trap

The trap here is that candidates assume a successful ping implies full IP connectivity, but ICMP and TCP may be routed differently; the exam tests whether you understand that TCP requires symmetric routing for the handshake to complete, and a missing return route can cause a 'connection refused' even when the service is up and firewalls are open.

How to eliminate wrong answers

Option A is wrong because a faulty network cable would cause ping to fail, but ping succeeds, so physical connectivity is intact. Option B is wrong because the app server's firewall blocking outgoing connections would not cause a 'connection refused' from telnet; it would instead result in a timeout or no route to host, and the question states the local firewall on the DB server is already configured to allow port 3306. Option D is wrong because the MySQL service is explicitly listening on 0.0.0.0:3306 (all interfaces), not just 127.0.0.1, so it is reachable from external IPs.

100
MCQmedium

You administer a Linux server that acts as a network gateway. It has two network interfaces: eth0 (external, with IP 203.0.113.10/24, gateway 203.0.113.1) and eth1 (internal, with IP 192.168.1.1/24). The server is running firewalld and has IP forwarding enabled. Internal hosts (192.168.1.0/24) can access the internet through NAT, which is configured using firewalld's masquerade on the external zone. However, you need to allow a specific internal server (192.168.1.100) to be reachable from the internet on TCP port 443 (HTTPS). You add a port forwarding rule using firewall-cmd: 'firewall-cmd --zone=external --add-forward-port=port=443:proto=tcp:toport=443:toaddr=192.168.1.100'. After reloading the firewall, external users still cannot connect to 203.0.113.10:443. You verify that the internal server is running HTTPS and that its local firewall allows port 443. What is the most likely reason the port forwarding is not working?

A.The port forwarding rule should be added to the internal zone instead of the external zone.
B.The internal server has a different default gateway.
C.The rule needs to include masquerade for the destination address; use a rich rule with 'masquerade'.
D.IP forwarding is not enabled on the system.
AnswerC

In firewalld, simple port forwarding often does not work without masquerade on the external zone. A rich rule with 'masquerade' is required, e.g., 'firewall-cmd --add-rich-rule="rule family=ipv4 destination address=203.0.113.10 forward-port port=443 protocol=tcp to-port=443 to-addr=192.168.1.100"' which implicitly uses masquerade? Actually standard practice is to use a rich rule. Option C is the best answer.

Why this answer

Option C is correct because a simple port forward rule in firewalld does not automatically rewrite the source IP address for return traffic. Without masquerade on the forwarded traffic, the internal server sees the original external source IP and sends its response directly to that IP, bypassing the gateway. Adding a rich rule with 'masquerade' for the destination address ensures that the gateway performs SNAT on the forwarded packets, so the internal server sees the gateway as the source and returns traffic through it.

Exam trap

The trap here is that candidates assume a port forward rule alone is sufficient for bidirectional communication, overlooking the need for source NAT (masquerade) on the forwarded traffic to ensure proper return path routing.

How to eliminate wrong answers

Option A is wrong because port forwarding for externally initiated connections must be placed in the zone associated with the incoming interface (external), not the internal zone; the internal zone handles traffic from the internal network. Option B is wrong because the internal server's default gateway is irrelevant for inbound connections that are forwarded by the gateway; the server only needs to respond to the gateway's IP (192.168.1.1) for the return path to work. Option D is wrong because the question states that IP forwarding is enabled and internal hosts already access the internet through NAT, confirming that forwarding is active.

101
MCQmedium

A server needs to forward packets between two networks: 10.0.1.0/24 on eth0 and 10.0.2.0/24 on eth1. Which sysctl parameter must be enabled?

A.net.ipv4.conf.all.rp_filter = 1
B.net.ipv4.ip_forward = 1
C.net.ipv4.conf.all.accept_source_route = 1
D.net.ipv4.conf.all.send_redirects = 0
AnswerB

This enables IP forwarding between interfaces.

Why this answer

Option B is correct because enabling `net.ipv4.ip_forward = 1` allows the Linux kernel to forward IP packets between network interfaces, which is required for a server to route traffic between the 10.0.1.0/24 and 10.0.2.0/24 subnets. Without this parameter, the kernel drops any packet not destined for the local system, preventing inter-network communication.

Exam trap

The trap here is that candidates often confuse security-related sysctl parameters (like rp_filter or send_redirects) with the actual forwarding control, or mistakenly think that enabling source route acceptance is needed for routing between subnets.

How to eliminate wrong answers

Option A is wrong because `net.ipv4.conf.all.rp_filter = 1` enables reverse path filtering, which helps prevent IP spoofing by dropping packets that arrive on an interface that is not the best route back to the source; it does not enable packet forwarding. Option C is wrong because `net.ipv4.conf.all.accept_source_route = 1` allows the system to process IPv4 source-routed packets, a security risk that is unrelated to forwarding between networks. Option D is wrong because `net.ipv4.conf.all.send_redirects = 0` disables the sending of ICMP redirect messages, which is a security hardening measure but does not enable or disable packet forwarding.

102
Drag & Dropmedium

Order the steps to configure a static IP address on a CentOS/RHEL 7 system using ifcfg files.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

Static IP configuration requires editing the ifcfg file, restarting network, and verification.

103
Multi-Selecteasy

A system administrator needs to check the firewall rules on a Linux server using firewalld. Which two commands can be used to list the current rules? (Choose two.)

Select 2 answers
A.systemctl status firewalld
B.iptables -S
C.iptables -L
D.firewall-cmd --list-all-zones
E.firewall-cmd --list-all
AnswersD, E

Lists rules for all zones.

Why this answer

Option D is correct because `firewall-cmd --list-all-zones` displays the firewall rules for all zones configured in firewalld, showing services, ports, and rules per zone. Option E is correct because `firewall-cmd --list-all` lists the rules for the default zone, providing a concise view of active firewall configuration. Both commands are native to firewalld and directly query its runtime and permanent rules via D-Bus.

Exam trap

The trap here is that candidates confuse legacy iptables commands with firewalld's native tools, assuming `iptables -L` or `-S` are equivalent to listing firewalld rules, when in fact they bypass firewalld's zone abstraction and may not reflect the current dynamic configuration.

104
Multi-Selecthard

Which THREE files or directories are commonly used to configure network interfaces on a RHEL/CentOS system?

Select 3 answers
A./etc/rc.d/rc.local
B./etc/resolv.conf
C./etc/sysconfig/network
D./etc/sysconfig/network-scripts/
E./etc/nsswitch.conf
AnswersB, C, D

This file configures DNS resolver settings.

Why this answer

Option B is correct because /etc/resolv.conf is the primary configuration file for DNS resolver settings on RHEL/CentOS systems. It specifies the nameserver IP addresses, search domains, and resolver options used by the system's glibc resolver library to perform DNS lookups. Without this file, domain name resolution will fail, making it essential for network interface configuration.

Exam trap

The trap here is that candidates often confuse /etc/resolv.conf as a static configuration file, but on modern systems it is frequently auto-generated by NetworkManager or dhclient, leading to the misconception that it is not a 'commonly used' configuration file for network interfaces.

105
MCQhard

Given the network interface configuration in the exhibit, which command should be run to apply the configuration without rebooting?

A.systemctl restart network
B.ifup eth0
C.ifconfig eth0 down && ifconfig eth0 up
D.ip link set eth0 up
AnswerB

Brings up the interface with the configuration in ifcfg-eth0.

Why this answer

Option B is correct because the `ifup eth0` command reads the configuration file for the eth0 interface (typically `/etc/sysconfig/network-scripts/ifcfg-eth0` on RHEL/CentOS) and applies the settings (IP address, netmask, gateway, etc.) without requiring a system reboot. This is the standard way to activate a network interface with its configured parameters on Linux systems using the legacy network scripts.

Exam trap

The trap here is that candidates confuse bringing an interface up with applying its configuration, assuming that `ip link set eth0 up` or toggling `ifconfig` will also restore IP settings, when in fact those commands only affect the link state and do not read the persistent configuration file.

How to eliminate wrong answers

Option A is wrong because `systemctl restart network` restarts the entire network service, which can disrupt all active connections and is unnecessary for applying a single interface's configuration; it also may not be available on systems using NetworkManager. Option C is wrong because `ifconfig eth0 down && ifconfig eth0 up` only toggles the interface link state without reading the configuration file, so it will not apply any new settings (e.g., a changed IP address) and may leave the interface with stale parameters. Option D is wrong because `ip link set eth0 up` only brings the interface administratively up at Layer 2, but does not assign any IP address or apply Layer 3 configuration from the interface's config file.

106
Multi-Selecthard

An administrator is troubleshooting DNS resolution and wants to query the SOA record for a domain. Which three commands can be used? (Choose three.)

Select 3 answers
A.nslookup -type=soa example.com
B.host -t SOA example.com
C.dig example.com SOA
D.nmcli dev show
E.getent hosts example.com
AnswersA, B, C

nslookup can query SOA records.

Why this answer

The `nslookup -type=soa` command queries the DNS for the Start of Authority (SOA) record of a domain. The `-type=soa` flag explicitly sets the query type to SOA, which returns authoritative information about the zone, including the primary name server and administrator email.

Exam trap

The trap here is that candidates may confuse `getent hosts` with DNS lookup tools, not realizing it bypasses DNS resolution and only checks local name resolution sources.

107
MCQmedium

A server has two NICs bonded in mode 1 (active-backup). If the active NIC fails, what occurs?

A.Both NICs continue to pass traffic simultaneously
B.Traffic automatically switches to the backup NIC with minimal interruption
C.The bond interface goes down until an administrator intervenes
D.The system disables the bond and uses a single NIC
AnswerB

Active-backup provides automatic failover.

Why this answer

In bonding mode 1 (active-backup), only one NIC is active at a time while the other remains in standby. When the active NIC fails, the bonding driver automatically fails over to the backup NIC by reassigning the MAC address and IP to the backup interface, typically within a few milliseconds. This ensures minimal interruption to network traffic without requiring manual intervention.

Exam trap

The trap here is that candidates often confuse active-backup (mode 1) with balance-rr (mode 0) or assume that both NICs must be active for redundancy, leading them to incorrectly select Option A.

How to eliminate wrong answers

Option A is wrong because in active-backup mode, only one NIC passes traffic at any given time; both NICs never pass traffic simultaneously. Option C is wrong because the bond interface does not go down; the failover is automatic and does not require administrator intervention. Option D is wrong because the bond interface remains operational and continues to use the backup NIC; the system does not disable the bond or revert to a single un-bonded NIC.

108
Multi-Selecteasy

Which TWO configuration files are commonly used to set DNS resolver settings on a Linux system?

Select 2 answers
A./etc/nsswitch.conf
B./etc/hostname
C./etc/sysconfig/network
D./etc/hosts
E./etc/resolv.conf
AnswersA, E

Controls order of name resolution (e.g., files, dns).

Why this answer

Option A is correct because /etc/nsswitch.conf controls the order of name resolution sources (e.g., files, dns, mdns) via the 'hosts' database line. Option E is correct because /etc/resolv.conf directly specifies the DNS resolver settings, including nameserver IP addresses, search domains, and options, as defined by RFC 1035.

Exam trap

The trap here is that candidates often confuse /etc/hosts with a DNS resolver configuration file, but it is only a static local lookup table, not a resolver setting file.

109
Matchingmedium

Match each systemd unit type to its purpose.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Manages a daemon or service

Interprocess communication socket

Schedules and activates other units

Controls mount points

Groups units for synchronization

Why these pairings

These unit types are fundamental to systemd.

110
Multi-Selecteasy

Which TWO commands can be used to resolve a hostname to an IP address?

Select 2 answers
A.host
B.traceroute
C.ping
D.nslookup
E.ifconfig
AnswersA, D

This is a DNS lookup utility.

Why this answer

The `host` command is a simple DNS lookup utility that queries DNS servers to resolve a hostname to an IP address. It directly performs forward DNS resolution using the system's configured resolvers and returns the A or AAAA record for the given name.

Exam trap

The trap here is that candidates often think `ping` is a valid name resolution tool because it can accept a hostname and display the resolved IP in its output, but `ping` relies on the system resolver and does not perform its own DNS query—it only displays the IP after the system has already resolved it, making it a connectivity test, not a resolution command.

111
Multi-Selecteasy

Which TWO commands can be used to display listening TCP ports on a Linux system?

Select 2 answers
A.ss -tln
B.netstat -tln
C.nmap -sT localhost
D.iptables -L
E.lsof -i TCP
AnswersA, B

ss -tln lists listening TCP ports (t for TCP, l for listening, n for numeric).

Why this answer

The `ss -tln` command displays listening TCP sockets by using the `-t` flag for TCP, `-l` for listening sockets, and `-n` to show numeric addresses and ports without resolving service names. It reads socket information directly from the kernel's netlink interface, making it the modern replacement for netstat on Linux systems.

Exam trap

The trap here is that candidates often assume `lsof -i TCP` shows only listening ports, but without the `-sTCP:LISTEN` filter it displays all TCP sockets, including established connections, making it incorrect for the specific requirement of listing only listening TCP ports.

112
MCQmedium

After editing /etc/sysconfig/network-scripts/ifcfg-eth0, the network service fails to start. Which is the best command to investigate?

A.nmcli device status
B.systemctl status NetworkManager
C.journalctl -u NetworkManager
D.ip link show eth0
AnswerB

This shows the current status and recent errors of the NetworkManager service.

Why this answer

The best command to investigate why the network service fails to start after editing an interface configuration file is `systemctl status NetworkManager`, because it shows the current state, recent log entries, and any error messages from the NetworkManager service. Since NetworkManager is the default network service on modern RHEL/CentOS systems, checking its status directly reveals whether it failed to reload or start, and often includes the specific configuration error.

Exam trap

The trap here is that candidates often pick `journalctl -u NetworkManager` because it shows logs, but the LFCS exam expects you to know that `systemctl status` is the first-line diagnostic tool for service failures, as it provides a quick summary of the service state and recent errors without needing to filter through all logs.

How to eliminate wrong answers

Option A is wrong because `nmcli device status` only displays the current state of network devices (e.g., connected, disconnected) and does not show service-level errors or why the service failed to start. Option C is wrong because `journalctl -u NetworkManager` shows the full log history of the NetworkManager service, which is useful for deeper debugging but is not the best first command; the question asks for the 'best command to investigate' immediately after failure, and `systemctl status` provides a concise summary including the last few log lines and the service state. Option D is wrong because `ip link show eth0` only shows the link-level state of the interface (e.g., UP/DOWN) and does not reveal why the network service failed to start, such as syntax errors in the configuration file.

113
MCQeasy

An administrator wants to ensure that a service is listening on TCP port 8080 and accessible from remote hosts. Which command will confirm that the service is listening on the correct interface?

A.iptables -L
B.netstat -i
C.ss -tlnp
D.ip addr
AnswerC

Shows listening TCP sockets with process and address.

Why this answer

Option C is correct because the `ss -tlnp` command displays listening (`-l`) TCP (`-t`) sockets with numeric addresses (`-n`) and the associated process (`-p`), which directly confirms that a service is bound to TCP port 8080 on a specific interface (e.g., 0.0.0.0:8080 or 192.168.1.10:8080). This ensures the service is listening on the correct interface and is reachable from remote hosts.

Exam trap

The trap here is that candidates confuse commands that show network configuration or firewall rules with those that show actual listening sockets, leading them to pick `iptables -L` or `ip addr` instead of `ss -tlnp`.

How to eliminate wrong answers

Option A is wrong because `iptables -L` lists firewall rules, not listening sockets; it cannot confirm whether a service is listening on a specific port or interface. Option B is wrong because `netstat -i` displays interface statistics (packets, errors, etc.), not listening sockets or port bindings. Option D is wrong because `ip addr` shows IP addresses assigned to network interfaces, not the listening state of services or TCP ports.

← PreviousPage 2 of 2 · 113 questions total

Ready to test yourself?

Try a timed practice session using only Networking questions.