Text preview & study summary

CompTIA Network+ - Network Troubleshooting Tools

A free sample of 5 questions from this quiz, shown in full with answer choices and explanations. No interactivity — everything is visible on this page for study and review.

Want to test your knowledge? Launch the Interactive Exam Simulator

Question 1

?? Multiple Choice (Hard)

When running "netstat -an" and observing a LISTENING TCP port you don't recognize, what is your next troubleshooting step?

Answer choices

  • A. Immediately block the port in the firewall

  • B. Identify the process using the port via "netstat -anb" (Windows) or "ss -tulnp" (Linux), then investigate (Correct)

  • C. Reboot the server to clear all connections

  • D. Disable the network adapter to prevent further activity

Explanation

netstat -anb (Windows admin) or ss -tulnp (Linux) shows the process (PID and name) bound to each port. Then use: Task Manager / ps aux to see full process details; check process hash against VirusTotal; verify with vendor if it's a known legitimate service. If confirmed malicious: isolate the system, document, follow incident response procedures.

Question 2

?? True/False (Hard)

A protocol analyzer (like Wireshark) placed between two network devices can detect a man-in-the-middle attack in progress by revealing unexpected certificate changes.

Answer choices

  • A. True (Correct)

  • B. False

Explanation

A packet capture can reveal MITM indicators: unexpected certificate serial numbers or issuer chains, certificate validity period mismatches, or encrypted traffic using unexpected cipher suites. HTTP traffic shows cleartext credential theft directly. IDS/IPS systems and SIEM tools automate this detection. Certificate pinning in applications prevents MITM even when CAs are compromised.

Question 3

?? True/False (Easy)

The traceroute (tracert in Windows) command shows the path packets take to reach a destination and the delay at each hop.

Answer choices

  • A. True (Correct)

  • B. False

Explanation

Traceroute works by sending packets with increasing TTL values (starting at 1). Each router decrements TTL; when it reaches 0, the router discards the packet and sends an ICMP Time Exceeded message back — revealing that router's IP. Traceroute identifies network bottlenecks, routing loops, and points of packet loss.

Question 4

?? Multiple Choice (Easy)

What does the ping command test?

Answer choices

  • A. DNS resolution of a hostname

  • B. Basic network connectivity and round-trip time to a host using ICMP echo requests (Correct)

  • C. The route packets take to a destination

  • D. Open TCP ports on a remote host

Explanation

Ping sends ICMP Echo Request packets to a target and waits for Echo Reply responses. It reports: round-trip time (RTT), packet loss, and TTL. Useful for verifying basic connectivity. If ping fails, check: host reachability, firewall blocking ICMP, IP routing. Some firewalls block ICMP, causing false failures.

Question 5

?? Multiple Choice (Easy)

Which command displays your computer's IP address, subnet mask, and default gateway in Windows?

Answer choices

  • A. ifconfig

  • B. ipconfig (Correct)

  • C. ip addr

  • D. netstat -i

Explanation

ipconfig (Windows) displays IP configuration for all adapters. ipconfig /all shows full details including MAC address, DNS servers, DHCP status. ipconfig /release and /renew manage DHCP leases. ipconfig /flushdns clears the DNS cache. Linux/macOS equivalents: ifconfig (deprecated) and ip addr (iproute2).