Download D412 AVN2 – Network Analytics and Troubleshooting, Task 1 SUBMISSION 2026-2027 UPDATE West and more Exams Advanced Education in PDF only on Docsity!
D412 AVN2 – Network Analytics and Troubleshooting, Task 1
SUBMISSION 2026 - 2027 UPDATE Western Governors
University
D412 TASK 1 SUBMISSION
******** Erase all text in red before submitting ********
Helpdesk Ticket 1:
Scenario: There are multiple reports of employees located in the USER_Net subnet who cannot get to www.wgu.edu, and they are being redirected to a suspicious site. A help desk technician states that the server team recently installed updates to DMZ_Server_3 which acts as the DNS Server for the organization. Objective (Identify and Resolve): Troubleshoot to identify the problem and take necessary steps to fix the problem. A. Using the information in the scenario for helpdesk ticket 1, do the following:
1. Provide screenshot(s) of the identified problem and the resolution. Screenshot(s) must be clear, with a full view of the screen, and include the date and time.
o o
o
2. Create a root cause analysis write-up by doing the following: a. List the tool(s) used to identify the problem.
- The tools used to identify the problem were Command Prompt, DNS Manager, Mozilla Firefox, and TightVNC Viewer b. Explain why the tool(s) was (were) chosen to troubleshoot the problem.
- The tools above were chosen to troubleshoot the problem because: Command Prompt was used for CLI tools, DNS Manager was used to edit an A record, Mozilla Firefox was used to test website functionality, and TightVNC Viewer was used to access the DMZ_Server_3, Firewall, and Windows_Desktop_1. c. Explain the steps of the troubleshooting process that were used to identify the problem and a resolution to solve the problem.
- Went to the client computer Windows_Desktop_1 in the Usernet subnet to identify the website issue in Mozilla Firefox. Confirmed issue.
- Accessed the Firewall and pinged www.wgu.edu to find the correct website IP address.
- Accessed DMZ_Server_3, opened DNS Manager, then edited the A record pointing to the incorrect IP 10.10.20.2 to point to the correct IP 146.75.95.52.
- Opened Command Prompt on DMZ_Server_3, then used the command ipconfig /flushdns to apply the DNS change. Repeated step in Windows_Desktop_1.
- Tested website in Firefox on Windows_Desktop_1 – successful connection.
Helpdesk Ticket 2:
o o
2. Create a root cause analysis write-up by doing the following:
a. List the tool(s) used to identify the problem.
- The tools used to identify the problem were Wireshark, Ubuntu server terminal, and TightVNC Viewer. b. Explain why you chose the tool(s) to troubleshoot the problem.
- Wireshark was used to investigate network traffic and determine source/destination IP addresses of the illegal traffic, the Ubuntu server terminal was used to confirm the device's network location of the illegal IP address, and TightVNC Viewer was used to access the server in question. c. Explain the steps of the troubleshooting process that were used to identify the illegal FTP site and a recommendation to solve the problem. Include the IP address of the illegal FTP site.
- The PCAP file was opened in Wireshark to be investigated.
- Given that the illegal traffic is FTP traffic, the file was sorted by protocol.
- Based on the data, the illegal FTP site IP address was determined to be 10.10.20.2.
- Logged into all DMZ Servers via TightVNC Viewer and used terminal command ifconfig to determine which server had a matching IP address – determined to be DMZ_Server_2.
- Solution recommendation: DMZ_Server_2 should be immediately contained via isolation, and the FTP service should be terminated and uninstalled. Firewall rules can be updated to block traffic over ports 20 and 21, disabling inbound / outbound FTP traffic. Additionally, any user accounts involved in the illegal traffic should be suspended, and the service should be investigated to determine if any system compromises occurred or were intentionally configured. Implementing SFTP / FTPS can provide a secure alternative to FTP traffic. Regular network scans searching for similar unauthorized activity, as well as end-user security training, can all be utilized to prevent the recurrence of this incident in the future.
Helpdesk Ticket 3:
Scenario: The host "Ubuntu_Server" can’t get to any of the assigned networks or the internet, which is preventing the server from pulling the required security patches. Objective (Identify and Recommend Specific Resolution): Identify the issue and report back the possible problem that the server/infrastructure team needs to address to allow network traffic to get to and from this device. C. Using the information in the scenario for helpdesk ticket 3, do the following:
1. Provide a screenshot or screenshots of the identified problem. The screenshot must be clear, with a full view of the screen, and include the date and time.
o
2. Create a root cause analysis write-up by doing the following: a. List the tool(s) used to identify the problem.
- The tools used to identify the problem were Linux terminal, PuTTY, VyOS CLI, and TightVNC Viewer. b. Explain why you chose the tool(s) to troubleshoot the problem.
- Linux terminal was used to run the commands ping and traceroute to test the network connection between network segments and trace packets' routes internally and externally. PuTTY was used to access Routers 4 and 5 through SSH to implement the fix for the issue. VyOS CLI was used to modify routing and OSPF configurations in Routers 4 and 5 to fix the issue. TightVNC Viewer was used to access Ubuntu_Server. c. Explain the steps of the troubleshooting process that were used to identify the problem and a specific recommendation to resolve the problem for the organization.
- Accessed Ubuntu_Server via TightVNC Viewer
- Ran ping command to external IP 8.8.8.8 and internal IP 10.10.90.1, confirming device is unable to connect to assigned internal networks or internet.
- Accessed Router_4 (R4) via PuTTY
- Ran show configuration commands | match static and show configuration commands | match ospf to view routing settings. Noted R4 had incorrect next-hop address and did not have OSPF configured.
- Accessed Router_5 (R5) via PuTTY
- Repeated step 4. Noted R5 did not have OSPF configured.
- Ran the following commands on R4 to correct the default static route and configure OSPF: a. Delete protocols static route 0.0.0.0/ b. Set protocols static route 0.0.0.0/0 next-hop 10.10.70.
c. Set protocols ospf area 0.0.0.0 network 10.10.70/ d. Set protocols ospf area 0.0.0.0 network 10.10.80.0/ e. Set protocols ospf redistribute static f. Commit g. Save
- Ran the following commands on R5 to configure OSPF: a. Set protocols ospf area 0.0.0.0 network 10.10.80.0/ b. Set protocols ospf area 0.0.0.0 network 10.10.90.0/ c. Commit d. Save
- Verified connectivity from Ubuntu_Server by running ping commands to the following addresses: all successes a. 10.10.90. b. 10.10.80. c. 8.8.8. d. google.com
- Recommendation: The organization should implement a consistent dynamic routing protocol, like OSPF, across all routers to ensure routes are automatically propagated and to reduce manual configuration errors. Any static configurations should be used only when necessary and have detailed documentation. Any network changes should formally undergo review and approval processes before being deployed. Additionally, periodic network audits will help ensure consistent routing and prevent misconfigurations.
Helpdesk Ticket 4:
Scenario: A user complains that he cannot access the internet or network resources on his company laptop (Windows_Laptop_1) when it is connected via an ethernet cable to the office network. Objective (Identify and Resolve): Examine the laptop and network diagram to determine the root cause and fix the issue so the laptop can use and access network resources. D. Using the information in the scenario for helpdesk ticket 4, do the following:
1. Provide screenshots of the identified problem and the resolution. Screenshots must be clear, with a full view of the screen, and include the date and time.
o
o o
2. Provide a root cause analysis write-up by doing the following:
o
o
o
o
o o o
2. Provide a root cause analysis write-up by doing the following:
a. List the tool(s) used to identify the problem.
- The tools used to identify the problem were TightVNC Viewer and Nmap. b. Explain why you chose the tool(s) to troubleshoot the problem.
- TightVNC Viewer was used to access DMZ_Server_2 and its terminal. Nmap was then used to scan the local system for open ports and identify the services running. c. Explain the steps of the troubleshooting process that were used to identify the problem and a recommendation to solve the problem. Include a complete list of unauthorized open ports.
- Accessed DMZ_Server_2 via TightVNC Viewer
- Ran sudo apt install nmap to install nmap tool
- Ran nmap - v localhost to scan all open TCP ports on local machine a. List of open ports, unauthorized ports highlighted: iii. 22/tcp ssh vi. 135/tcp msrpc vii. 139/tcp netbios-ssn viii. 666/tcp doom ix. 3389/tcp ms-wbt-server x. 8080/tcp http-proxy xi. 9000/tcp cslistener xii. 9001/tcp tor-orport xiii. 9999/tcp abyss
- Recommendation: Disable all unauthorized services from DMZ_Server_2, as they are not permitted per the organization's policy and can pose a security risk. To prevent a repeat incident, the organization should perform regularly scheduled network scans to detect new open ports that can be compared to baseline ports. Sources: Acknowledge sources, using in-text citations and references, for content that is quoted, paraphrased, or summarized. InfoSec Learning. (n.d.). Network Analytics & Troubleshooting labs. Lyon, G. F. (n.d.). A Quick Port Scanning Tutorial****. Nmap. Retrieved October 26, 2025, from https://nmap.org/book/port-scanning-tutorial.html White, R., & Banks, E. (2017). Computer networking problems and solutions: An innovative approach to building resilient, modern networks. Addison-Wesley Professional. ISBN: 9781587145049 i. 21/tcp ii. 80/tcp ftp http iv. 23/tcp v. 80/tcp telnet http