D412 AVN2 – NETWORK ANALYTICS AND TROUBLESHOOTING 2026-27 PRACTICE EXAM (100 QUESTIONS, AN, Exams of Network Analysis

D412 AVN2 – NETWORK ANALYTICS AND TROUBLESHOOTING 2026-27 PRACTICE EXAM (100 QUESTIONS, ANSWERS & RATIONALES)

Typology: Exams

2025/2026

Available from 05/05/2026

Exam_excel_AXIOMSCHOLAR
Exam_excel_AXIOMSCHOLAR 🇺🇸

3.8K documents

1 / 36

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
1
D412AVN2NETWORK ANALYTICS AND
TROUBLESHOOTING 2026-27 PRACTICE EXAM
(100 QUESTIONS, ANSWERS & RATIONALES)
1–10: Networking Foundations & Protocols
1. What is the main purpose of DNS in a network?
A. Assign IP addresses
B. Translate domain names to IP addresses
C. Route packets
D. Encrypt traffic
Answer: B
Rationale: DNS resolves human-friendly domain names to
IP addresses for communication.
2. Which protocol is responsible for dynamic IP address
assignment?
A. DNS
B. DHCP
C. HTTP
D. SSH
Answer: B
Rationale: DHCP dynamically assigns IPv4/IPv6 addresses
to hosts.
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24

Partial preview of the text

Download D412 AVN2 – NETWORK ANALYTICS AND TROUBLESHOOTING 2026-27 PRACTICE EXAM (100 QUESTIONS, AN and more Exams Network Analysis in PDF only on Docsity!

D412 AVN2 – NETWORK ANALYTICS AND

TROUBLESHOOTING 2026 - 27 PRACTICE EXAM

(100 QUESTIONS, ANSWERS & RATIONALES)

1 – 10: Networking Foundations & Protocols

  1. What is the main purpose of DNS in a network? A. Assign IP addresses B. Translate domain names to IP addresses C. Route packets D. Encrypt traffic Answer: B Rationale: DNS resolves human-friendly domain names to IP addresses for communication.
  2. Which protocol is responsible for dynamic IP address assignment? A. DNS B. DHCP C. HTTP D. SSH Answer: B Rationale: DHCP dynamically assigns IPv4/IPv6 addresses to hosts.
  1. A subnet mask of 255.255.255.0 indicates a network with how many host addresses? A. 254 B. 256 C. 128 D. 512 Answer: A Rationale: /24 provides 256 addresses, 254 usable for hosts.
  2. What does TTL mean in a DNS record? A. Time To Locate B. Time To Live C. Temporary TTL D. Transport Time Limit Answer: B Rationale: TTL specifies how long DNS information should be cached.
  3. Which address class uses default subnet mask 255.0.0.0? A. Class A B. Class B C. Class C D. Class D Answer: A Rationale: Class A address space uses /8.
  1. What is the main utility of Wireshark in troubleshooting? A. Edit configs B. Analyze captured traffic C. Assign IP addresses D. Restart services Answer: B Rationale: Wireshark helps analyze packets to find anomalies.
  2. If a DNS server returns incorrect IPs directing users to malicious sites, the issue is most likely: A. DHCP error B. Wrong A record C. Link failure D. Firewall misconfiguration Answer: B Rationale: Incorrect A records cause wrong DNS resolution. 11 – 20: Troubleshooting Tools & Commands
  3. Which command displays the local host’s IP configuration? A. netstat B. ipconfig /all C. nslookup

D. route print Answer: B Rationale: ipconfig /all shows all interface details.

  1. Which tool is used to scan ports on a host? A. ping B. nslookup C. nmap D. ipconfig Answer: C Rationale: Nmap scans for open ports and services.
  2. Command “tracert 8.8.8.8” is run. What does the result show? A. DNS cache B. Path to 8.8.8. C. Local router listings D. ARP entries Answer: B Rationale: tracert/traceroute reveals router hops to a destination.
  3. What does “ipconfig /flushdns” do? A. Shows DNS cache B. Clears the DNS resolver cache C. Changes DNS server D. Resets IP address

Answer: A Rationale: nslookup checks DNS lookup results.

  1. A suspicious traffic capture shows many SSH attempts. What might this indicate? A. Normal use B. Brute-force scanning C. DHCP failure D. DNS propagation Answer: B Rationale: Repeated SSH attempts often suggest scanning or attack.
  2. A network analytic tool shows abnormal latency. Which metric is this describing? A. Jitter B. Delay C. Throughput D. Bandwidth Answer: B Rationale: Latency refers to delay between sending and receiving packets.
  3. What would you check first when a host cannot get a DHCP address? A. Default gateway B. DHCP scope availability

C. DNS entries D. Firewall rules Answer: B Rationale: If no addresses are available, DHCP allocation fails. 21 – 30: DNS & Name Resolution Issues

  1. If users report redirection to a malicious site, the first DNS element to check is the: A. PTR record B. A record C. CNAME only D. MX record Answer: B Rationale: A records map host names to IPs — wrong entries cause redirection.
  2. A DNS cache poisoning attack would most affect: A. Routing tables B. Local DNS resolver cache C. ARP tables D. MAC addresses Answer: B Rationale: Poisoned DNS cache returns incorrect IPs.
  1. A domain not resolving could be due to: A. Missing DNS server IP on client B. Wrong netmask C. Firewall block only D. No SSH access Answer: A Rationale: Without correct DNS server, clients can’t resolve names.
  2. DNS fallbacks refer to: A. Switching servers if one fails B. Disabling DNS entirely C. Flooding packets D. Boot Loop Answer: A Rationale: Secondary DNS can be used if primary fails.
  3. A split-DNS deployment means: A. DNS services disabled B. Internal/external records differ C. Server down D. DHCP is primary Answer: B Rationale: Split DNS serves different records internally vs externally.
  1. DNS TTL is important for: A. IP assignment B. How long clients cache results C. MAC resolution D. Throughput Answer: B Rationale: TTL determines cache lifetime.
  2. DNS recursion typically happens on: A. Client stub resolvers B. Root servers C. Firewalls D. ARP tables Answer: A Rationale: Stub resolvers request DNS recursors. 31 – 40: Connectivity & Routing
  3. When a host cannot reach the internet but can reach local subnet devices, the likely issue is: A. Default gateway missing/incorrect B. DNS only C. ARP failure D. SSH issue Answer: A

Rationale: Static routes are manual entries suited for predictable environments.

  1. A router with incorrect OSPF configuration may cause: A. Broken route advertisement B. Good connectivity C. Faster routing D. Better DNS Answer: A Rationale: Misconfigured OSPF disrupts dynamic routing.
  2. Loopback interfaces are used for: A. Testing and stable routing IDs B. DHCP assignment C. DNS resolution D. ARP caching Answer: A Rationale: Loopbacks provide stable interface for routing.
  3. You verify a route with which command? A. traceroute B. route print / ip route show C. nslookup D. netstat Answer: B Rationale: Shows routing table.
  1. A missing route means: A. Cannot reach destination subnet B. DNS broken C. ARP incomplete D. Firewall blocked traffic Answer: A Rationale: Routes define reachability.
  2. A BGP connection is typically used for: A. Internet exchange between autonomous systems B. Local subnet only C. DHCP tasks D. DNS caching Answer: A Rationale: BGP peers exchange routing across networks.
  3. A host that can ping its gateway but not beyond likely has: A. External routing issue or firewall block B. Wrong DNS only C. No ARP D. Wrong netmask Answer: A Rationale: Local connectivity exists, but external reach might be blocked. 41 – 50: Advanced Troubleshooting & Analysis

Answer: C Rationale: Direct IP ping fails due to filtering/firewall rules, not DNS.

  1. A traceroute shows timeout at hop 5 but subsequent hops respond. This is likely: A. Link down B. ICMP blocked at hop 5 C. Wrong subnet D. Full packet drop Answer: B Rationale: Some routers drop ICMP but still forward traffic; traceroute shows a timeout, not total failure.
  2. Wireshark shows SYN packets sent repeatedly without ACKs. What is the probable issue? A. DHCP misassignment B. Firewall blocking TCP handshake C. Routing correct D. DNS misconfigured Answer: B Rationale: Repeated SYN without ACK indicates a TCP handshake failure, often blocked by firewall.
  3. Network latency measured at 250ms for local devices is: A. Normal

B. High C. Low D. Minimal Answer: B Rationale: LAN latency is typically <1ms; 250ms is excessive.

  1. High jitter in VoIP traffic can cause: A. Call drops or poor audio B. Faster downloads C. Improved throughput D. DNS errors Answer: A Rationale: Jitter variability in packet arrival degrades voice quality.
  2. A packet capture shows duplicate ACKs. This usually indicates: A. TCP congestion or lost packet B. Normal operation C. DNS cache error D. ARP storm Answer: A Rationale: Duplicate ACKs are TCP’s signal of packet loss, triggering retransmission.

C. Gateway misconfigured D. ARP failure Answer: A Rationale: APIPA auto-assigns addresses when DHCP fails.

  1. DHCP lease renewal fails. Which step should be checked first? A. Verify DHCP scope availability B. Ping gateway C. Check firewall only D. Reboot switch Answer: A Rationale: If no IPs remain in DHCP pool, leases cannot renew.
  2. DHCP Option 66 is used for: A. Boot server information B. Subnet mask C. DNS D. Default gateway Answer: A Rationale: Option 66 provides TFTP/boot server info.
  3. Multiple devices on the same network are getting duplicate IPs. Most likely cause: A. Two DHCP servers with overlapping scopes B. DNS misconfiguration

C. Static IP conflict D. VLAN mismatch Answer: A Rationale: Overlapping DHCP scopes can assign same IP to different devices.

  1. A host cannot reach DHCP server on another subnet. The likely solution is: A. Configure DHCP relay (IP helper) B. Change DNS C. Adjust MTU D. Enable VLAN Answer: A Rationale: DHCP relays forward broadcast requests across subnets.
  2. Which command displays the current DHCP lease on a Windows host? A. ipconfig /all B. nslookup C. ping D. traceroute Answer: A Rationale: ipconfig /all shows lease expiration and assigned IP.