Download D412 AVN2 – NETWORK ANALYTICS AND TROUBLESHOOTING 2026-27 PRACTICE EXAM (100 QUESTIONS, AN and more Exams Network Analysis in PDF only on Docsity!
D412 AVN2 – NETWORK ANALYTICS AND
TROUBLESHOOTING 2026 - 27 PRACTICE EXAM
(100 QUESTIONS, ANSWERS & RATIONALES)
1 – 10: Networking Foundations & Protocols
- What is the main purpose of DNS in a network? A. Assign IP addresses B. Translate domain names to IP addresses C. Route packets D. Encrypt traffic Answer: B Rationale: DNS resolves human-friendly domain names to IP addresses for communication.
- Which protocol is responsible for dynamic IP address assignment? A. DNS B. DHCP C. HTTP D. SSH Answer: B Rationale: DHCP dynamically assigns IPv4/IPv6 addresses to hosts.
- A subnet mask of 255.255.255.0 indicates a network with how many host addresses? A. 254 B. 256 C. 128 D. 512 Answer: A Rationale: /24 provides 256 addresses, 254 usable for hosts.
- What does TTL mean in a DNS record? A. Time To Locate B. Time To Live C. Temporary TTL D. Transport Time Limit Answer: B Rationale: TTL specifies how long DNS information should be cached.
- Which address class uses default subnet mask 255.0.0.0? A. Class A B. Class B C. Class C D. Class D Answer: A Rationale: Class A address space uses /8.
- What is the main utility of Wireshark in troubleshooting? A. Edit configs B. Analyze captured traffic C. Assign IP addresses D. Restart services Answer: B Rationale: Wireshark helps analyze packets to find anomalies.
- If a DNS server returns incorrect IPs directing users to malicious sites, the issue is most likely: A. DHCP error B. Wrong A record C. Link failure D. Firewall misconfiguration Answer: B Rationale: Incorrect A records cause wrong DNS resolution. 11 – 20: Troubleshooting Tools & Commands
- Which command displays the local host’s IP configuration? A. netstat B. ipconfig /all C. nslookup
D. route print Answer: B Rationale: ipconfig /all shows all interface details.
- Which tool is used to scan ports on a host? A. ping B. nslookup C. nmap D. ipconfig Answer: C Rationale: Nmap scans for open ports and services.
- Command “tracert 8.8.8.8” is run. What does the result show? A. DNS cache B. Path to 8.8.8. C. Local router listings D. ARP entries Answer: B Rationale: tracert/traceroute reveals router hops to a destination.
- What does “ipconfig /flushdns” do? A. Shows DNS cache B. Clears the DNS resolver cache C. Changes DNS server D. Resets IP address
Answer: A Rationale: nslookup checks DNS lookup results.
- A suspicious traffic capture shows many SSH attempts. What might this indicate? A. Normal use B. Brute-force scanning C. DHCP failure D. DNS propagation Answer: B Rationale: Repeated SSH attempts often suggest scanning or attack.
- A network analytic tool shows abnormal latency. Which metric is this describing? A. Jitter B. Delay C. Throughput D. Bandwidth Answer: B Rationale: Latency refers to delay between sending and receiving packets.
- What would you check first when a host cannot get a DHCP address? A. Default gateway B. DHCP scope availability
C. DNS entries D. Firewall rules Answer: B Rationale: If no addresses are available, DHCP allocation fails. 21 – 30: DNS & Name Resolution Issues
- If users report redirection to a malicious site, the first DNS element to check is the: A. PTR record B. A record C. CNAME only D. MX record Answer: B Rationale: A records map host names to IPs — wrong entries cause redirection.
- A DNS cache poisoning attack would most affect: A. Routing tables B. Local DNS resolver cache C. ARP tables D. MAC addresses Answer: B Rationale: Poisoned DNS cache returns incorrect IPs.
- A domain not resolving could be due to: A. Missing DNS server IP on client B. Wrong netmask C. Firewall block only D. No SSH access Answer: A Rationale: Without correct DNS server, clients can’t resolve names.
- DNS fallbacks refer to: A. Switching servers if one fails B. Disabling DNS entirely C. Flooding packets D. Boot Loop Answer: A Rationale: Secondary DNS can be used if primary fails.
- A split-DNS deployment means: A. DNS services disabled B. Internal/external records differ C. Server down D. DHCP is primary Answer: B Rationale: Split DNS serves different records internally vs externally.
- DNS TTL is important for: A. IP assignment B. How long clients cache results C. MAC resolution D. Throughput Answer: B Rationale: TTL determines cache lifetime.
- DNS recursion typically happens on: A. Client stub resolvers B. Root servers C. Firewalls D. ARP tables Answer: A Rationale: Stub resolvers request DNS recursors. 31 – 40: Connectivity & Routing
- When a host cannot reach the internet but can reach local subnet devices, the likely issue is: A. Default gateway missing/incorrect B. DNS only C. ARP failure D. SSH issue Answer: A
Rationale: Static routes are manual entries suited for predictable environments.
- A router with incorrect OSPF configuration may cause: A. Broken route advertisement B. Good connectivity C. Faster routing D. Better DNS Answer: A Rationale: Misconfigured OSPF disrupts dynamic routing.
- Loopback interfaces are used for: A. Testing and stable routing IDs B. DHCP assignment C. DNS resolution D. ARP caching Answer: A Rationale: Loopbacks provide stable interface for routing.
- You verify a route with which command? A. traceroute B. route print / ip route show C. nslookup D. netstat Answer: B Rationale: Shows routing table.
- A missing route means: A. Cannot reach destination subnet B. DNS broken C. ARP incomplete D. Firewall blocked traffic Answer: A Rationale: Routes define reachability.
- A BGP connection is typically used for: A. Internet exchange between autonomous systems B. Local subnet only C. DHCP tasks D. DNS caching Answer: A Rationale: BGP peers exchange routing across networks.
- A host that can ping its gateway but not beyond likely has: A. External routing issue or firewall block B. Wrong DNS only C. No ARP D. Wrong netmask Answer: A Rationale: Local connectivity exists, but external reach might be blocked. 41 – 50: Advanced Troubleshooting & Analysis
Answer: C Rationale: Direct IP ping fails due to filtering/firewall rules, not DNS.
- A traceroute shows timeout at hop 5 but subsequent hops respond. This is likely: A. Link down B. ICMP blocked at hop 5 C. Wrong subnet D. Full packet drop Answer: B Rationale: Some routers drop ICMP but still forward traffic; traceroute shows a timeout, not total failure.
- Wireshark shows SYN packets sent repeatedly without ACKs. What is the probable issue? A. DHCP misassignment B. Firewall blocking TCP handshake C. Routing correct D. DNS misconfigured Answer: B Rationale: Repeated SYN without ACK indicates a TCP handshake failure, often blocked by firewall.
- Network latency measured at 250ms for local devices is: A. Normal
B. High C. Low D. Minimal Answer: B Rationale: LAN latency is typically <1ms; 250ms is excessive.
- High jitter in VoIP traffic can cause: A. Call drops or poor audio B. Faster downloads C. Improved throughput D. DNS errors Answer: A Rationale: Jitter variability in packet arrival degrades voice quality.
- A packet capture shows duplicate ACKs. This usually indicates: A. TCP congestion or lost packet B. Normal operation C. DNS cache error D. ARP storm Answer: A Rationale: Duplicate ACKs are TCP’s signal of packet loss, triggering retransmission.
C. Gateway misconfigured D. ARP failure Answer: A Rationale: APIPA auto-assigns addresses when DHCP fails.
- DHCP lease renewal fails. Which step should be checked first? A. Verify DHCP scope availability B. Ping gateway C. Check firewall only D. Reboot switch Answer: A Rationale: If no IPs remain in DHCP pool, leases cannot renew.
- DHCP Option 66 is used for: A. Boot server information B. Subnet mask C. DNS D. Default gateway Answer: A Rationale: Option 66 provides TFTP/boot server info.
- Multiple devices on the same network are getting duplicate IPs. Most likely cause: A. Two DHCP servers with overlapping scopes B. DNS misconfiguration
C. Static IP conflict D. VLAN mismatch Answer: A Rationale: Overlapping DHCP scopes can assign same IP to different devices.
- A host cannot reach DHCP server on another subnet. The likely solution is: A. Configure DHCP relay (IP helper) B. Change DNS C. Adjust MTU D. Enable VLAN Answer: A Rationale: DHCP relays forward broadcast requests across subnets.
- Which command displays the current DHCP lease on a Windows host? A. ipconfig /all B. nslookup C. ping D. traceroute Answer: A Rationale: ipconfig /all shows lease expiration and assigned IP.