Appendix C 736 When planning and establishing your local policies and procedures 14. you have to recognize that some state and/or federal regulations might apply to your organization. You are working at the local county hospital, which of the following regulations should your organization need to be aware of? A. Health Insurance Portability and Accountability Act (HIPAA) B. Sarbanes-Oxley Act of 2002 C. ISO/IEC 27002:2005 D. All of the above Correct answer and explanation: D. All of the above is correct. Since you are working at a hospital you must comply with HIPAA. As a private busi- ness you must comply with the financial regulations in the Sarbanes-Oxley Act of 2002. As an organization that has computer networks and recognizes information security as an important role in how to develop your networks, you must be aware of ISO/IEC 27002:2005. Regulations are important to how you plan and establish your local policies and procedures. Many orga- nizations are held to state and federal regulations which will affect their responsibilities as a public/private, for-profit or not-for-profit business. Understanding what regulations your organization must adhere to will help you manage how your network operates. Incorrect answers and explanations: A, B, C. Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley Act of 2002, and ISO/IEC 27002:2005 regulations are by themselves incorrect answers. You must recog- nize, be aware, and comply with all of these regulations, not just one of them. You have been delegated the responsibility of creating all of your 15. networks documentation. As you research this topic you find out that you must create configuration management documentation. What types of configuration management documentation must you create? A. Wiring schematics, physical/logical network diagrams, baselines, policies, procedures, configurations, and regulations B. Wiring schematics, physical/logical network diagrams, load bal- ancing, policies, procedures, configurations, and cache engines C. Wiring schematics, technical network diagrams, baselines, poli- cies, procedures, configurations, and regulations D. Building schematics, physical/logical network diagrams, base- lines, policies, procedures, configurations, and regulations Correct answer and explanation: A. Wiring schematics, physical/logi- cal network diagrams, baselines, policies, procedures, configurations, and Appendix C 737 regulations is the correct answer because they are all a part of configuration management documentation. Incorrect answers and explanations: B, C, and D. Load balancing, cache engines, technical network diagrams, and building schematics are not part of configuration management documentation. ChApTEr 11: NETworK TrouBlEShooTING ToolS Which of the following commands is a Linux-based command used 1. to troubleshoot DNS? A. DNSLookup B. Nslookup C. Dig D. Query Correct answers and explanations: C. Answer C is correct, because Dig is a Linux-based command used to troubleshoot and query DNS. Incorrect answers and explanations: A, B, and D. Answer A is incorrect, because DNSLookup is a fictional command. Answer B is incorrect, because Nslookup is a Windows-based command used to troubleshoot and query DNS. Answer D is incorrect, because Query is a fictional command. You would like to use Nslookup in order to verify that your e-mail 2. server, Email1, has correctly registered its A record in DNS. Which of the following commands shows the correct syntax to accomplish this? A. Nslookup type=A Email1 B. Nslookup A Email1 C. Nslookup Email1 A record D. Nslookup Email1 Correct answer and explanations: D. Answer D is correct, because nslookup <hostname> is the correct syntax used to perform a query with nslookup in command mode. Incorrect answers and explanations: A, B, and C. Answer A is incor- rect, because the type command is a valid nslookup command when using nslookup in interactive mode, not in command mode. Answer B is incorrect, because a record type is not specified when utilizing nslookup in command mode. This syntax is invalid. Answer C is incorrect, because a record type is not specified when utilizing nslookup in command mode. This syntax is invalid. Appendix C 738 You would like to view the network path that is taken by packets 3. across your internal routers before exiting your LAN and heading out into the Internet. Which of the following commands will show the route that packets take across the network? (Select all that apply.) A. Ping B. Tracert C. Dig D. Traceroute E. Nslookup Correct answers and explanations: B and D. Answer B is correct because tracert is a command that is used to troubleshoot routing from a Windows- based system. It will display each hop as it is taken through the network to the specified destination. Answer D is correct because traceroute is a command that is used to troubleshoot routing from Linux, Unix, and other systems. It will display each hop as it is taken through the network to the specified destination. Incorrect answers and explanations: A, C, and E. Answer A is incorrect, because ping will test connectivity between clients, but will not display the network path used to connect. Answer C is incorrect because dig is a com- mand used to perform DNS queries and is used to troubleshoot from Linux- based systems. Answer E is incorrect because nslookup is a command used to perform DNS queries and is used to troubleshoot from Windows-based systems. You are the network administrator for a network that employs a 4. Windows 2003 server and 30 Windows XP Professional workstations. The Windows 2003 server runs the DHCP service to provide TCP/ IP configuration information to the Windows XP clients. You receive a call from one of your users stating that he is unable to browse any internal network resources or Internet websites. To begin trouble- shooting you would like to be able to view the locally configured TCP/IP settings. Which command should you run in order to view the following output on the problem workstation? Windows IP Configuration Host Name: IBM-A38375FF22E Primary Dns Suffix: Node Type: Hybrid IP Routing Enabled: No WINS Proxy Enabled: No Ethernet adapter Wireless Network Connection: Appendix C 739 Connection-specific DNS Suffix.: Description: Intel(R) PRO/Wireless 2200BG Network Connection Physical Address: 00-1E-25-1A-D3-5A Dhcp Enabled: Yes Autoconfiguration Enabled: No IP Address: 192.168.1.12 Subnet Mask: 255.255.255.0 Default Gateway: 192.168.1.1 DHCP Server: 192.168.1.250 DNS Servers: 192.168.1.250 Lease Obtained: Tuesday, March 29, 2005 1:00:10 PM Lease Expires: Wednesday, March 30, 2005 1:00:10 PM A. Ipconfig B. Ipconfig/show C. Ipconfig/all D. Ipconfig/release Correct answers and explanation: C. Answer C is correct because ipconfig/ all will display the additional details of the local TCP/IP configuration that are shown above. Incorrect answers and explanations: A, C, and D. Answer A is incorrect because ipconfig will only show the IP address, subnet mask, and default gate- way values configured on the machine. For the additional information dis- played above, such as MAC address information and DHCP lease information the /all switch must be used. Answer B is incorrect because /show is an invalid switch. Answer D is incorrect because /release is used to force the release of a DHCP obtained IP address. It will not display configuration information. You are issuing the following command on a Windows Vista 5. machine: ping Server5. Which of the following commands will allow you to view the correct name cache where the resolution of Server5 is being stored? A. Nslookup server5 B. Dig server5 C. Nbtstat-c D. Ipconfig/displaydns Correct answers and explanations: C. Answer C is correct because the ping command has been used against a NetBIOS name. Since a NetBIOS name query will have been issued, the results will be stored in the NetBIOS name cache which can be viewed with nbtstat-c. Appendix C 740 Incorrect answers and explanations: A, B, and D. Answer A is incorrect because nslookup is a command utilized to perform lookup functions, and not one used to display the local name cache. Answer B is incorrect because dig is a command utilized to perform lookup functions, and not one used to display the local name cache. Answer D is incorrect because ipconfig/dis- playdns is used to display the hostname cache and not the NetBIOS name cache. If the ping command issued would have been a fully qualified query and included the domain name value, then the resulting response from DNS would have been stored in the DNS resolver cache and then an ipconfig/dis- playdns would be appropriate. You have a series of hostnames that you need to verify are correctly 6. registered in DNS. Which of the following tools is the most appro- priate for you to utilize? A. Nslookup in command mode B. Netstat in verification mode C. Nslookup in interactive mode D. Ipconfig in display mode Correct answers and explanations: C. Answer C is correct because by uti- lizing nslookup in interactive mode you will be able to issue multiple queries in succession without reissuing the nslookup command. Incorrect answers and explanations: A, B, and D. Answer A is incorrect because even though it is possible to utilize nslookup in command mode to verify the hostnames, the nslookup command would need to be repeated for each of the hostnames in the series making it more cumbersome then utilized nslookup in interactive mode. Answer B is incorrect because net- stat doesn’t have a verification mode and it is not used for DNS functions. Answer D is incorrect because ipconfig doesn’t have a display mode and it is not used for verifying records on the DNS server. It can be used to view the local client DNS resolver cache and it can be used to force DNS registration of the local client. You are the administrator for a network who has recently experi-7. enced a failure on one of your Layer 3 devices. Which devices have most likely been impacted? Select all that apply. A. Bridges B. Switches C. Routers D. Hubs E. Repeaters Appendix C 741 Correct answer and explanation: C. Answer C is correct because routers exist at Layer 3 in the OSI model. Layer 3 Switches is a term sometimes used to describe certain devices. This term can be confusing since it seems to imply a switch that functions at Layer 3, but in reality the devices marketed as Layer 3 switches are parallel in functionality to routers. They are special- ized routers that often perform some of the switching functions that are necessary in a network environment as well as support routing protocols. Incorrect answers and explanations: A, B, D, and E. Answer A is incorrect because a bridge resides at Later 2 of the OSI model. Answer B is incorrect because switches reside at Layer 2 of the OSI model. Answer D is incor- rect because hubs reside at Layer 1 of the OSI model. Answer E is incorrect because repeaters reside at Layer 1 of the OSI model. You believe that an electrical panel near one of your network 8. switches may be causing interference in one of the Ethernet cables that connects a workstation to the switch port on the network. Which of the following tools will help you to determine if there is electrical interference on the line? A. Crossover cable B. Oscilloscope C. Vampire tap D. Fox and Hound Correct answers and explanations: B. Answer B is correct because an oscil- loscope is used to measure how electrical signals change over time. This helps you determine the voltage and frequency of an electrical signal, and if anything is distorting the signal. Incorrect answers and explanations: A, C, and D. Answer A is incorrect because a crossover cable is often used to connect devices together that exist at the same layer, such as switch to switch, router to router, or NIC to NIC. Answer C is incorrect because a vampire tap is a device used to connect a piece of equipment, such as a printer or a workstation to a Thicknet back- bone. Answer D is incorrect because Fox and Hound otherwise known as a tone generator, is comprised of two parts. One component, the fox, connects to one end of the cable and sends a single down the wire. The other piece, the hound, connects at the other end. Once the hound has found the fox you know you have determined when a cable starts and ends. You have an environment that has many Linux-based machines on 9. it. Which of the following tasks can be performed on your Linux- based machines with the ifconfig command? Choose all that apply. Appendix C 742 A. Configure a network card with the IP address of 192.168.1.121. B. Set the NWLink Frame type. C. Disable a NIC. D. Display current configurations of a NIC in the Linux machine. Correct answers and explanations: A, C, and D. Answer A is correct because you can use the ifconfig command to configure NIC interfaces. Answer C is correct because you can use ifconfig to disable and enable NIC interfaces. Answer A is correct because you can display the current configurations of your NIC interfaces with ifconfig. Incorrect answer and explanations: D. Answer D is incorrect because NWLink is a protocol that can only be installed on Windows-based machines. You network runs a mixture of IPX/SPX and TCP/IP protocols. You 10. have added three new Windows XP workstations and must config- ure them for both protocols. You utilize the ipconfig/all command on each of the three workstations and verify that they have all set to DHCP for TCP/IP and have received an IP address from the DHCP server and are functioning properly. You must now verify that the IPX/SPX protocol is configured properly on the three work- stations. Which of the following commands will you allow you to verify the IPX/SPX configuration on the workstations? A. Ipxroute all B. Ipxroute config C. Ipconfig config D. Ipxconfig/all Correct answers and explanations: B. Answer B is correct because ipxroute config will allow you to view the network number and frame type for each workstation to validate that they are configured correctly. Incorrect answers and explanations: A, C, and D. Answer A is incorrect because ipxroute all is not a valid command. Answer C is incorrect because ipconfig config is not a valid command, and ipconfig is utilized to view TCP/ IP configurations, not IPX/SPX configurations. Answer D is incorrect because ipxconfig/all is not a valid command. Examine the tracert output shown in Figure 11.24. What is a 11. possible explanation for the “Request timed out” values shown? Choose all that apply. Appendix C 743 A. The router at that hop is down. B. The router at that hop does not respond to ping attempts. C. There has been an incorrect DNS resolution and the wrong router is being contacted. D. The maximum hop count has been reached, so all other hops beyond it will show Request timed out. Correct answers and explanations: A and B. Answer A is correct because if a router is down it is possible that a Request timed out can be the response listed. Answer B is correct because if a router is configured not to respond to ping attempts, Request timed out will be displayed. When a tracert com- mand is issued, a ping is being sent to each hop along the route. If ping is blocked by a specific router, then no response is received and the request will time out resulting in the Request timed out displayed above. Incorrect answers and explanations: C and D. Answer C is incorrect, because the next hop is not determined by DNS resolution. The next hop is determined by the previous hop. If a router is misconfigured the wrong path can take place, but this would not be attributed to DNS. Answer D is incor- rect because the maximum hop count is 30, and tracert simply ends when it reaches the maximum hop count. It does not display Request timed out when the maximum hop count is reached. FIGurE 11.24 Sample Tracert Output. Appendix C 744 All of the machines in your network are configured to use DHCP. 12. You have made a change to your DHCP settings on some subnets in order to adjust the default gateway to a new value. Some users are complaining that they can no longer connect to the Internet or get to file shares on the network. What command can you use to verify that client computers are configured correctly? A. Ping B. CheckIt C. Ipconfig D. ConfigStats Correct answers and explanations: C. Answer C is correct because ipconfig will allow you to view the current settings of the local adapters on the client machines. This will allow you to verify that they have the correct default gateway from the DHCP server. Incorrect answers and explanations: A, B, and D. Answer A is incorrect, because ping will allow you to verify connectivity from one node to another, but in this case the users are complaining that they cannot connect, so there is already a problem with connectivity. Once any problem with the IP con- figuration of the adapter has been corrected, then a ping command could be used to verify connectivity at that point. Answer B is incorrect because checkIt is a fictional command. Answer D is incorrect because configStats is a fictional command. You have a specialized application that has been home grown and 13. is used to receive orders from various terminals throughout your manufacturing plant. The programmers have come up with a new revision of the application which contains some significant changes. One of the changes is a new module that uses port 4523. You have installed the new module on your test application server, but there is no method built into the application to see if the port is active. Which of the following commands will tell you if the module is active and listening on port 4523? A. Nbstat-an B. Netstat-sho C. Netstat-an D. Nbtstat-show Correct answers and explanations: C. Answer C is correct, because net- stat-a will display all connections and listening ports on a machine; netstat-n will display the ports and addresses in numerical format, so netstat-an will display all connections and listening ports in numerical format which will Appendix C 745 allow you to determine if your custom port has been configured correctly and whether or not it is listening for incoming traffic. Incorrect answers and explanations: A, B, and C. Answer A is incorrect because nbtstat is used to display information about NetBIOS over TCP/IP, not listening ports. Also, -an is not a valid switch combination with nbtstat. Answer B is incorrect because netstat is the correct command to display lis- tening port information. Also, -s and -o are valid switches for netstat, but -h is not a valid switch which makes the switch combination of -sho invalid. Answer D is incorrect because nbtstat is used to display information about NetBIOS over TCP/IP, not listening ports. Also -show is not a valid switch combination with nbtstat. A user calls to complain that when they attempt to use a mapped 14. network drive on their computer, Drive F, they are not able to con- nect. Suddenly many calls are coming in with the same problem. Drive F on the user machines maps to \\Server43\Accounting. From a Windows XP client machine which of the following tools is the most appropriate for you use to attempt to diagnose this problem? A. Ping B. Ipconfig C. Dig D. Netstat Correct answers and explanations: A. Answer A is correct because the ping command can be utilized to test connectivity to the server. Even if something has occurred to prevent users from connecting to the accounting share, the server housing the share should still respond to a ping command if it is online and available. By pinging the server from the Windows XP client machine you can attempt to determine if the server is still online or not. Incorrect answers and explanations: B, C, and D. Answer B is incorrect because an ipconfig from the Windows XP client will show you the local IP information. Since all users with the same mapped network drive are hav- ing the connectivity problem the probability is that the problem is occurring with the server. A local ipconfig will not bring you closer to determining the cause of the issue on the server. Answer C is incorrect because dig is a Linux- based command, and you are using a Windows XP machine to perform your troubleshooting. Answer D is incorrect because netstat will display informa- tion about ports and connections. Netstat cannot be used remotely, so utiliz- ing the Windows XP client will not reveal information as to why the server is not functioning properly. Before digging into ports and connections on the server, it is critical to determine if the server is responsive or not. . a part of configuration management documentation. Incorrect answers and explanations: B, C, and D. Load balancing, cache engines, technical network diagrams, and building schematics are not part. D is incorrect because Fox and Hound otherwise known as a tone generator, is comprised of two parts. One component, the fox, connects to one end of the cable and sends a single down the wire.