Lesson 6.

1Transport and Application

Layer Protocols
6.1.1Transport Layer Ports and Connections
The first three layers of the OSI model are primarily concerned with basic
connectivity, address, and forwarding. Protocols at the Transport layer (layer
4) are concerned with delivery of multiplexed application data. Transport
layer headers don't describe how to forward a packet across a network. They
instruct a host what to do with the data in a packet, and optionally, how to
verify that it is complete.

A TCP/IP host may be running multiple services or communicating with

multiple servers, clients, or peers in parallel. This means that incoming
packets must be directed to the appropriate service or application. To
facilitate this, each application protocol is assigned a unique identification
number called a port. A host can operate multiple ports simultaneously.

Port numbers 0 through 1,023 are preassigned by the Internet Assigned

Numbers Authority (IANA) to "well-known" server applications. These port
assignments are documented at iana.org/assignments/service-names-port-
numbers/service-names-port-numbers.xhtml. Other server applications have
been registered in the port range 1,024 through 49,151.

The remaining ports (up to 65,535) are designated for private or dynamic
use. As well as the server application needing a port, each client application
must assign its own port number to track its requests. Client ports are also
referred to as ephemeral ports or source ports.

OS implementations of TCP/IP have not always conformed to these

recommendations. For example, early versions of Windows and UNIX/Linux
used 1,024–5,000 for client ports. Modern Linux kernels often use 32,768–
60,999.

The port number is used in conjunction with the source IP address to form
a socket. Each socket is bound to a software process. Only one process can
operate a socket at any one time. A connection is formed when a client
socket requests a service from the server socket. A connection is uniquely
identified by the combination of server port plus IP address and client port
plus IP address. A server socket can therefore support multiple connections
from a number of client sockets.

Description

Multiplexing application ports as sockets at the Transport layer. (Images ©

123RF.com.)

6.1.2Transmission Control Protocol

The Transmission Control Protocol (TCP) works at the Transport layer to
provide connection-oriented, guaranteed communication using
acknowledgments to ensure that delivery has occurred. If packets are
missing, they can be retransmitted. TCP can be used for unicast transmission
only.

TCP takes data from the Application layer as a stream of bytes and divides it
up into segments, each of which is given a header. The TCP segments
become the payload of the underlying IP datagrams. The use of sequencing,
acknowledgments, and retransmissions means that TCP requires numerous
header fields to maintain state information. The main fields in the header of
a TCP segment are the following:

Field Explanation

Source port TCP port of sending host.

Destination port TCP port of destination host.

Sequence number The ID number of the current segment (the sequence

number of the last byte in the segment). This allows
the receiver to rebuild the message correctly and
deal with out-of-order packets.

Ack number The sequence number of the next segment expected

from the other host (that is, the sequence number of
the last segment received +1). Packets might be out
of order because they are delayed, but they could
also be lost completely or arrive in a damaged state.
In the first case, the lack of acknowledgment results
in the retransmission of data and, in the second
case, a Negative Acknowledgment (NAK or NACK)
forces retransmission.

Data length Length of the TCP segment.

Flags Type of content in the segment (ACK, SYN, FIN, and

so on).

Window The amount of data the host is willing to receive

before sending another acknowledgment. TCP's flow
control mechanism means that if it is getting
overwhelmed with traffic, one side can tell the other
to slow the sending rate.

Checksum Ensures validity of the segment. The checksum is

calculated on the value of not only the TCP header
and payload but also part of the IP header, notably
the source and destination addresses. Consequently,
the mechanism for calculating the checksum is
different for IPv6 (128-bit addresses) than for IPv4
(32-bit addresses).
Field Explanation

Urgent Pointer If urgent data is being sent, this specifies the end of
that data in the segment.

Options Allows further connection parameters to be

configured. The most important of these is the
maximum segment size. This allows the host to
specify how large the segments it receives should
be, minimizing fragmentation as they are
transported over data link frames.

A TCP connection is typically established to transfer a single file, so a client

session for something like a webpage (HTTP) might involve multiple TCP
connections being opened with the server. These connections are managed
using handshake transactions, which make use of a number of TCP flags.

6.1.3TCP Handshake and Teardown

TCP Three-Way Handshake

A connection is established using a three-way handshake:

Description
Observing the three-way handshake with the Wireshark protocol analyzer.
(Screenshot courtesy of Wireshark.)

1. The client sends a segment with the TCP flag SYN set to the server with
a randomly generated sequence number. The client enters the SYN-
SENT state.

2. The server, currently in the LISTEN state (assuming it is online),

responds with a SYN/ACK segment, containing its own randomly
generated sequence number. The server enters the SYN-RECEIVED
state.

3. The client responds with an ACK segment. The client assumes the
connection is ESTABLISHED.

4. The server opens a connection with the client and enters the
ESTABLISHED state.

Servers can (usually) support thousands or even millions of TCP connections

simultaneously.

The sending machine expects regular acknowledgments for segments it

sends and, if a period elapses without an acknowledgment, it assumes the
information did not arrive and automatically resends it. This overhead makes
the system relatively slow. Connection-oriented transmission is suitable when
reliability and data integrity are important.

TCP Connection Teardown

There are also functions for resetting a connection and (in some
implementations) keeping a connection alive if no actual data is being
transmitted (hosts are configured to time out unused connections). To close a
connection, also referred to as teardown, the following basic steps are
performed:

1. The client sends a FIN segment to the server and enters the FIN-WAIT1
state.

2. The server responds with an ACK segment and enters the CLOSE-WAIT
state.

3. The client receives the ACK segment and enters the FIN-WAIT2 state.
The server sends its own FIN segment to the client and goes to the
LAST-ACK state.
 4. The client responds with an ACK and enters the TIME-WAIT state. After
a defined period, the client closes its connection.

5. The server closes the connection when it receives the ACK from the
client.

Some implementations may use one less step by combining the FIN and ACK
responses into a single segment operation.

Description

Observing TCP connections with the netstat tool. (Screenshot used with
permission from Microsoft.)

A host can also end a session abruptly using a reset (RST) segment. This
would not be typical behavior and might need to be investigated. A server or
security appliance might refuse connections using RST, a client or server
application might be faulty, or there could be some sort of suspicious
scanning activity ongoing.

6.1.4User Datagram Protocol

The User Datagram Protocol (UDP) also works at the Transport layer, but
unlike TCP, it is a connectionless, nonguaranteed method of communication
with no acknowledgments or flow control. There is no guarantee regarding
the delivery of messages or mechanism for retransmitting lost or damaged
packets. If an application uses UDP and needs reliability mechanisms, these
must be implemented in the Application layer or software logic.

UDP is suitable for applications that send small amounts of data in each
packet and do not require acknowledgment of receipt. It is used by
Application layer protocols that need to send multicast or broadcast traffic. It
may also be used for applications that transfer time-sensitive data but do not
require complete reliability, such as voice or video. Using small packets
means that if a few are lost or arrive out of order, they only manifest as
minor glitches in playback quality. The reduced overhead means that overall
delivery is faster.

This table shows the structure of a UDP header.

Field Explanation

Source port UDP port of sending host.

Destination port UDP port of destination host.

Message length Size of the UDP packet.

Checksum Ensures validity of the packet.

The header size is 8 bytes, compared to 20 bytes (or more) for TCP.

6.1.5netstat
The netstat command allows you to check the state of ports on the local
host. You can use netstat to check for service misconfigurations, such as a
host running a web or FTP server that a user installed without authorization.
You may also be able to identify suspicious remote connections to services
on the local host or from the host to remote IP addresses.

On Windows, used without switches, the command outputs active TCP

connections, showing the local and foreign addresses and ports. Using the -
a switch displays all open ports, including both active TCP and UDP
connections and ports in the listening state.

On Linux, running netstat without switches shows active connections of any

type. If you want to show different connection types, you can use the
switches for Internet connections for TCP (-t) and UDP (-u), raw connections (-
w), and UNIX sockets/local server ports (-x). Using the -a switch includes
ports in the listening state in the output. -l shows only ports in the listening
state, omitting established connections.
For example, the following command shows listening and established
Internet connections (TCP and UDP) only: netstat -tua.

Description

Linux netstat output showing active and listening TCP and UDP connections.

On both Windows and Linux, -n displays ports and addresses in numerical

format. Skipping name resolution speeds up each query. On Linux, using -
4 or -6 filters sockets by IPv4 or IPv6 addresses respectively. In Windows, use
the -p switch with the protocol type (TCP, TCPv6, UDP, or UDPv6).

Another common task is to identify which software process is bound to a

socket. On Windows, -o shows the process ID (PID) number that has opened
the port, while -b shows the process name. In Linux, use -p to show the PID
and process name.

netstat -s reports per protocol statistics, such as packets received, errors,

discards, unknown requests, port requests, failed connections, and so on.
The tool will report Ethernet statistics using -e (Windows) or -I (Linux). netstat
-r displays the routing table.

Linux netstat interface statistics showing receive and transmit packets

numbers plus errors and dropped packets.
netstat can also be set to run continuously. In Windows, run netstat nn,
where nn is the refresh interval in seconds (press Ctrl+C to stop); in Linux,
run netstat -c.

The Linux netstat command is part of the deprecated net-tools package. The
preferred package iproute2 contains a number of different commands to
replace netstat functionality. Most of the port scanning functions are
performed by ss, while interface statistics are reported by nstat.

6.1.6Common TCP and UDP Ports

The following table lists some of the well-known and registered port numbers.

Port Transport Service or

Description
Number Protocol Application
20 TCP ftp-data File Transfer Protocol—Data
21 TCP ftp File Transfer Protocol—Control
22 TCP ssh/sftp Secure Shell/FTP over SSH
23 TCP telnet Telnet
25 TCP smtp Simple Mail Transfer Protocol
53 TCP/UDP domain Domain Name System
67 UDP bootps BOOTP/DHCP Server
68 UDP bootpc BOOTP/DHCP Client
69 UDP tftp Trivial File Transfer Protocol
80 TCP http HTTP
110 TCP pop Post Office Protocol
123 UDP ntp/sntp Network Time Protocol/Simple NTP
143 TCP imap Internet Message Access Protocol
161 UDP snmp Simple Network Management Protocol
162 UDP snmp-trap Simple Network Management Protocol Trap
389 TCP/UDP ldap Lightweight Directory Access Protocol
443 TCP https HTTP-Secure (Secure Sockets Layer
(SSL)/Transport Layer Security (TLS)
445 TCP smb Server Message Block over TCP/IP
514 UDP syslog Syslog
546 UDP dhcpv6-client DHCPv6 Client
547 TCP dhcpv6-server DHCPv6 Server
587 TCP smtps SMTP-Secure
636 TCP ldaps LDAP-Secure
993 TCP imaps IMAP-Secure
995 TCP pop3s POP3-Secure
1433 TCP sql-server MS Structured Query Language (SQL) Server
1521 TCP sqlnet Oracle SQL*Net
 Port Transport Service or
Description
Number Protocol Application
3306 TCP mysql MySQL/MariaDB
3389 TCP rdp Remote Desktop Protocol
5004 UDP rtp Real-Time Protocol
5005 UDP rtcp Real-Time Control Protocol
5060 TCP/UDP sip Session Initiation Protocol
5061 TCP/UDP sips SIP-Secure

6.1.7Lab: Explore Three-Way Handshake in Wireshark

Candidate: Catalina Adams ()

Time Spent: 07:46

Score: 86%

Task Summary

Required Actions and Questions

Isolate traffic with the tcp and host 192.168.0.45 filter

Q1Which computer (ip address) is the sender of the [SYN] packet?

Your answer:192.168.0.45

Correct answer:192.168.0.45

Q2What is the value of the [SYN] flag in Wireshark?

Your answer:0x002

Correct answer:0x002

Q3Which computer (ip address) is the sender of the [ACK, SYN] packet?

Your answer:192.168.0.16

Correct answer:192.168.0.16

Q4What is the destination port for the [ACK, SYN] packet in Wireshark?

Your answer:5049

Correct answer:5049

Q5Which computer (ip address) is the sender of the [ACK] packet?

Your answer:192.168.0.45

Correct answer:192.168.0.45

Q6What is the Acknowledgement number for the [ACK] packet in Wireshark?

Your answer:2

Correct answer:2

Explanation

Complete this lab as follows:

1. Begin a Wireshark capture.

a. From the Favorites bar, select Wireshark.

b. Maximize the window for easier viewing.

c. Under Capture, select enp2s0.

d. Select the blue fin to begin a Wireshark capture.

e. Wait about 5 seconds, then select the red square to stop the
Wireshark capture.

2. Apply a filter for tcp traffic from the computer at 192.168.0.45 and
examine a [SYN] packet.

a. In the Apply a display filter field, type tcp and host

192.168.0.45 and press Enter.

b. Look at the source and destination addresses of the filtered

packets.

3. Examine a [SYN] packet

a. Select a packet that includes [SYN] in the Info column.

b. In the center pane, expand Internet Protocol Version

4 and Transmission Control Protocol.

c. Select Questions, then answer Questions 1 and 2.

d. Minimize the Lab Questions dialog.

4. Examine an [ACK, SYN] Packet.

a. Select a packet that includes [ACK, SYN] in the Info column.

 b. Select Questions, then answer Questions 3 and 4.

c. Minimize the Lab Questions dialog.

5. Examine an [ACK] Packet.

a. Select a packet that includes [ACK] in the Info column.

b. Select Questions, then answer Questions 5 and 6.

6.1.8 Lab: View Open Ports with netstat

Candidate: Catalina Adams ()

Time Spent: 29:16

Score: 100%

Task Summary

Required Actions

Use Zenmap/nmap to find any machine running VNC

Uninstall VNC

Run netstat to verify the ports for VNC are closed

Explanation

While completing this lab, use the following information:

IP Comput
Address er

192.168.0.
Exec
30

192.168.0.
ITAdmin
31

192.168.0.
Gst-Lap
32
 192.168.0.
Office1
33

192.168.0.
Office2
34

192.168.0.
IT-Laptop
46

192.168.0.
Support
47

Complete this lab as follows:

1. Use Zenmap to scan for open ports running VNC.

a. From the Favorites bar, select Zenmap.

b. In the Command field, type nmap -p 5900 192.168.0.0/24.

c. Select Scan.

d. From the results, find the computer with port 5900 open.

2. Uninstall VNC from the suspect computer.

a. From the top navigation tabs, select Floor 1 Overview.

b. Under Support Office, select Support.

c. From the Favorites bar, select Terminal.

d. At the prompt, type netstat -l and press Enter to confirm the

port is open on the machine.

e. Type dnf list vnc and press Enter to find the package name.

f. Type dnf erase libvncserver and press Enter.

g. Press y and press Enter to uninstall the package.

3. Type netstat -l and press Enter to confirm that the port has been
closed on the machine.

6.1.9 Lesson Review

 print
  close modal

Candidate: Catalina Adams (mar2492014)

Date: 1/18/2025, 7:41:13 PM • Time Spent: 25:25

Score: 93%

Passing Score: 80%

Individual ResponsesObjective Analysis

 Question 1.

Correct

How is a connection uniquely identified in a TCP/IP network?

answer

Correct Answer:

By the combination of server port and IP address and client port and IP
address

By the MAC addresses of the communicating devices

By the client port and IP address only

By the server port and IP address only

Explanation

A connection in a TCP/IP network is uniquely identified by the combination of

both the server's and client's port numbers and IP addresses, ensuring
precise identification of each end of the connection.

By the server port and IP address only or the client port and IP address only
are incorrect because both the server and client port and IP addresses are
needed to uniquely identify a connection.

MAC addresses identify devices at the Data Link layer, not connections at the
Transport layer.

References

o 6.1.2 Transmission Control Protocol

o 6.1.3 TCP Handshake and Teardown

o 6.1.7 Lab: Explore Three-Way Handshake in Wireshark

resources\text\t_transport_n09\
q_transport_connection_identification_n09.question.xml

 Question 2.

Correct

Which statement BEST describes the use of port numbers in TCP/IP

networking?

answer

Correct Answer:

Port numbers are used in conjunction with IP addresses to direct packets to

specific services or applications.

Port numbers are optional and rarely used in modern networking.

Port numbers are used exclusively for encrypting network communications.

Port numbers are used to identify the physical location of devices on a

network.

Explanation

Port numbers, when used with IP addresses, play a crucial role in ensuring
that data packets are directed to the correct service or application on a host,
facilitating the multiplexing of network communications.

Port numbers are essential for identifying services and applications in TCP/IP
networking.

Port numbers do not identify physical locations but logical endpoints.

Port numbers are not used for encryption but for directing traffic to specific
services or applications.

References

o 6.1.2 Transmission Control Protocol

o 6.1.3 TCP Handshake and Teardown

o 6.1.7 Lab: Explore Three-Way Handshake in Wireshark

resources\text\t_transport_n09\
q_transport_port_number_use_n09.question.xml

 Question 3.
Correct

What is the purpose of a socket in the context of network communications?

answer

Correct Answer:

To serve as a unique identifier for a network connection

To encrypt data being sent over the network

To act as a firewall between the client and server

To provide a physical connection between two devices

Explanation

A socket serves as a unique identifier for a network connection, combining

the IP address and port number to uniquely identify each end of a
communication link.

A socket does not encrypt data; it's used for identifying connections.

A socket is not a physical connection but a logical concept used in

networking.

A socket does not act as a firewall; it's used for identifying and managing
connections.

References

o 6.1.2 Transmission Control Protocol

o 6.1.3 TCP Handshake and Teardown

o 6.1.7 Lab: Explore Three-Way Handshake in Wireshark

resources\text\t_transport_n09\
q_transport_socket_purpose_n09.question.xml

 Question 4.

Correct

What does TCP use to divide data from the Application layer?

answer

Packets
Bits

Frames

Correct Answer:

Segments

Explanation

TCP divides the continuous stream of bytes received from the Application
Layer into manageable pieces called segments. Each segment is then given
a header that includes control information.

Frames are used in the Data Link Layer to encapsulate packets for
transmission over physical media. TCP operates at the Transport Layer and
uses segments to encapsulate data.

Packets are the primary unit of data used in the Network Layer. TCP divides
application data into segments, which are encapsulated within IP packets for
transmission.

Bits are the smallest unit of digital data but do not specifically refer to the
method TCP uses to divide application data. TCP segments are composed of
many bits but are a higher-level concept.

References

o 6.1.2 Transmission Control Protocol

o 6.1.3 TCP Handshake and Teardown

o 6.1.7 Lab: Explore Three-Way Handshake in Wireshark

resources\text\t_tcp_n09\q_tcp_segments_n09.question.xml

 Question 5.

Correct

What layer of the OSI model does the Transmission Control Protocol (TCP)
operate at?

answer

Data Link Layer

Network Layer

Application Layer
Correct Answer:

Transport Layer

Explanation

The Transport Layer is responsible for providing end-to-end communication

services and reliable data transfer, which includes the functionalities of TCP
such as connection-oriented communication and acknowledgments.

The Application Layer is where end-user network processes and applications

operate. TCP operates below this layer, providing communication services to
these applications.

The Network Layer is primarily concerned with the routing of packets across
different networks. TCP operates at a higher layer, focusing on the
communication between end systems rather than the routing of packets.

The Data Link Layer is responsible for node-to-node data transfer and error
checking of data between two directly connected nodes. TCP operates at a
higher layer, providing host-to-host communication services.

References

o 6.1.2 Transmission Control Protocol

o 6.1.3 TCP Handshake and Teardown

o 6.1.7 Lab: Explore Three-Way Handshake in Wireshark

resources\text\t_tcp_n09\q_tcp_transport_layer_n09.question.xml

 Question 6.

Correct

What might cause a host to send a reset (RST) segment during a TCP
session?

answer

The host wishes to establish a new TCP connection.

The host receives a segment out of order.

The host receives an ACK for an unexpected segment.

Correct Answer:

The host decides to abruptly end the session.

Explanation

A reset (RST) segment is sent to abruptly end a TCP session, which can be
due to various reasons, such as security measures or application faults.

Establishing a new TCP connection uses the SYN flag, not RST.

TCP is designed to handle out-of-order segments, so receiving a segment out

of order would not typically result in sending an RST.

Receiving an ACK for an unexpected segment might cause confusion, but the
typical response would not be to send an RST segment; the host might
simply ignore the ACK or resend segments as needed.

References

o 6.1.2 Transmission Control Protocol

o 6.1.3 TCP Handshake and Teardown

o 6.1.7 Lab: Explore Three-Way Handshake in Wireshark

resources\text\t_handshake_n09\q_handshake_rst_purpose_n09.question.xml

 Question 7.

Correct

Which TCP flag is used by both the client and server to indicate that they
want to close the connection?

answer

ACK

RST

Correct Answer:

FIN

SYN

Explanation

The FIN flag is used by both the client and server to indicate their intention
to close the connection, initiating the TCP connection teardown process.

The ACK flag is used to acknowledge the receipt of segments, not to indicate
the desire to close the connection.
The SYN flag is used to initiate a connection, not to close it.

The RST flag is used to abruptly reset a connection, not for the orderly
closure of a connection.

References

o 6.1.2 Transmission Control Protocol

o 6.1.3 TCP Handshake and Teardown

o 6.1.7 Lab: Explore Three-Way Handshake in Wireshark

resources\text\t_handshake_n09\q_handshake_tcp_flag_fin_n09.question.xml

 Question 8.

Correct

Which TCP flag is set by the client to initiate the three-way handshake?

answer

Correct Answer:

SYN

RST

FIN

ACK

Explanation

The SYN flag is used by the client to initiate the TCP three-way handshake,
signaling the server that it wants to establish a connection.

The ACK flag is used to acknowledge the receipt of packets, including the
SYN and SYN/ACK packets during the handshake, but it is not used to initiate
the handshake.

The FIN flag is used to initiate the closing of a TCP connection, not to start it.

The RST flag is used to abruptly reset a connection, not to initiate the three-
way handshake.

References

o 6.1.2 Transmission Control Protocol

 o 6.1.3 TCP Handshake and Teardown

o 6.1.7 Lab: Explore Three-Way Handshake in Wireshark

resources\text\t_handshake_n09\q_handshake_three-
way_initiate_syn_n09.question.xml

 Question 9.

Correct

UDP is particularly suitable for which type of applications?

answer

Applications that require extensive error checking and correction

Applications that send large amounts of data in each packet

Correct Answer:

Applications that send small amounts of data and do not require

acknowledgment

Applications that require guaranteed delivery

Explanation

UDP's connectionless nature and lack of acknowledgment make it ideal for

applications that prioritize speed over reliability.

UDP does not guarantee delivery, making it unsuitable for applications that
cannot tolerate data loss.

UDP is better suited for applications that send small amounts of data due to
its simplicity and lower overhead.

UDP does not provide built-in error checking and correction mechanisms,
which are features of TCP.

References

o 6.1.4 User Datagram Protocol

o 6.1.6 Common TCP and UDP Ports

resources\text\t_datagram_n09\
q_datagram_small_amounts_of_data_n09.question.xml

 Question 10.
Correct

Which netstat switch is used to filter sockets by IPv4 or IPv6 addresses on

Linux?

answer

-n

-p

-a

Correct Answer:

-4 or -6

Explanation

On Linux, the -4 and -6 switches with netstat are used to filter the output for
IPv4 and IPv6 addresses respectively, allowing for targeted analysis of
network connections based on IP version.

The -a switch displays all connections and listening ports, without filtering by
IP version.

The -n switch shows numerical addresses but does not filter by IP version.

On Linux, the -p switch shows the PID and process name associated with
each connection, not IP version filtering.

References

o 6.1.5 netstat

o 6.1.8 Lab: View Open Ports with netstat

resources\text\t_netstat_n09\q_netstat_4_or_6_switch_n09.question.xml

 Question 11.

Correct

Which command would you use to show listening and established Internet
connections (TCP and UDP) only?

answer

netstat -o

Correct Answer:
netstat -tua

netstat -e

netstat -s

Explanation

The command netstat -tua is specifically designed to show both listening and
established Internet connections (TCP and UDP), providing a focused view of
network activity.

The -s switch reports detailed statistics for each protocol, not specifically
listening and established connections.

On Windows, the -o switch shows the PID that has opened each port, not the
type of connections.

The -e switch is used for reporting Ethernet statistics on Windows or interface

statistics on Linux.

References

o 6.1.5 netstat

o 6.1.8 Lab: View Open Ports with netstat

resources\text\t_netstat_n09\q_netstat_netstat_tua_n09.question.xml

 Question 12.

Correct

Your computer is sharing information with a remote computer using the

TCP/IP protocol. Suddenly, the connection stops working and appears to
hang.

Which command can you use to check the state of ports on your computer?

answer

arp

ipconfig

Correct Answer:

netstat

ping
Explanation

Use the netstat command to check the status of a TCP connection;

specifically the state of ports on the local host.

ping sends an ICMP echo request/reply packet to a remote host.

Hosts use arp to discover a device's MAC address from its IP address.

Use ipconfig to view network configuration information on Windows systems.

References

o 6.1.5 netstat

o 6.1.8 Lab: View Open Ports with netstat

resources\text\t_netstat_n09\q_netstat_state_of_ports_n09.question.xml

 Question 13.

Correct

You've recently installed a new Windows server. To ensure system time

accuracy, you've loaded an application that synchronizes the hardware clock
on the server with an external time source on the Internet. Now you must
configure your network firewall to allow time synchronization traffic through.

Which of the following ports are you MOST likely to open on the firewall?

answer

80

119

110

Correct Answer:

123

Explanation

TCP/IP port 123 is assigned to Network Time Protocol (NTP). NTP is used to
communicate time synchronization information between systems on a
network.
HyperText Transfer Protocol (HTTP) uses TCP/IP port 80. HTTP is the protocol
used to send requests to a web server and retrieve web pages from the web
server.

TCP/IP port 119 is used by the Network News Transfer Protocol (NNTP). NNTP
is used to access and retrieve messages from newsgroups.

TCP/IP port 110 is used by Post Office Protocol version 3 (POP3). POP3 is used
to download email from mail servers.

References

o 6.1.6 Common TCP and UDP Ports

resources\text\t_common_tcp_n09\q_common_tcp_123_n09.question.xml

 Question 14.

Correct

A network administrator is looking at packet captures from the network and

trying to isolate email traffic.

Which of the following should the network administrator include? (Select

two.)

answer

UDP 161

Correct Answer:

TCP 143

Correct Answer:

TCP 25

TCP 123

Explanation

Transmission Control Protocol (TCP) 25 is Simple Mail Transfer Protocol (SMTP)

traffic which the network administrator should include when searching for
email traffic.

TCP 143 is Internet Message Access Protocol (IMAP) traffic which would also
be email traffic, and the administrator should include it as well.
User Datagram Protocol (UDP) 161 is used for simple network management
protocol (SNMP). UDP 161 is considered to be a common port, but is NOT
used for email traffic.

TCP 123 is not a common protocol. UDP 123 is Network Time Protocol/Simple
NTP. This allows hosts to sync and set a common time, which is especially
important for security.

References

o 6.1.6 Common TCP and UDP Ports

o 7.3.1 Simple Mail Transfer Protocol

o 7.3.2 Internet Message Access Protocol

resources\text\t_common_tcp_n09\q_common_tcp_25_143_n09.question.xml

 Question 15.

Incorrect

Which protocols and port numbers are used by DHCP? (Select two.)

answer

TCP 69

TCP 123

UDP 123

Correct Answer:

UDP 67

Incorrect answer:

UDP 69

Correct Answer:

TCP 67

Explanation

Dynamic Host Configuration Protocol (DHCP) uses port 67 for both TCP and
UDP.

TFTP uses UDP port 69, and NTP uses UDP port 123.
References

o 6.1.6 Common TCP and UDP Ports

o 6.2.1 DHCP Process

o 6.2.2 DHCP Server Configuration

resources\text\t_common_tcp_n09\q_common_tcp_dhcp_n09.question.xml

Dynamic Host Configuration Protocol

6.2.1DHCP Process
The Dynamic Host Configuration Protocol (DHCP) provides an automatic
method for allocating an IP address, subnet mask, and optional parameters,
such as the default gateway and DNS server addresses, when a host joins
the network.

A host is configured to use DHCP by specifying in the TCP/IP configuration

that it should automatically obtain an IP address.

Description

DHCP Discover, Offer, Request, Ack process. (Images © 123RF.com.)

 1. When a DHCP client initializes, it broadcasts a DHCPDISCOVER packet
to find a DHCP server. All communications are sent using UDP, with the
server listening on port 67 and the client on port 68.

2. Presuming it has an IP address available, the DHCP server responds to

the client with a DHCPOFFER packet, containing the address and other
configuration information.

3. The client may choose to accept the offer using a DHCPREQUEST

packet—also broadcast onto the network.

4. Assuming the offer is still available, the server will respond with a
DHCPACK packet. The client broadcasts an ARP message to check that
the address is unused. If so, it will start to use the address and options;
if not, it declines the address and requests a new one.

The IP address is leased by the server for a limited period only. A client can
attempt to renew or rebind the lease before it expires. If the lease cannot be
renewed, the client must release the IP address and start the discovery
process again.

Sometimes, the DHCP lease process is called the DORA process: Discover,
Offer, Request, and Ack(nowledge).

6.2.2DHCP Server Configuration

A DHCP server must be allocated a static IP address and configured with a
range (or pool) of IP addresses and subnet masks plus option values to
allocate.
Description

Configuring DHCP on a TP-LINK wireless access point. (Screenshot courtesy

of TP-Link Technologies Co., Ltd.)

A range of addresses and options configured for a single subnet is referred to

as a scope. To define a scope, you must provide a start and end IP address
along with a subnet mask. The server maintains a one-to-one mapping of
scopes to subnets. That is, no scope can cover more than one subnet, and no
subnet can contain more than one scope.

The multifunction device shown only supports a single scope. The DHCP
server must be placed in the same subnet as its clients. More advanced
DHCP servers might be configured to manage multiple scopes. Where a
server provides IP configuration for multiple subnets/scopes, it must choose
the pool to service each request based on the subnet from which the request
originated.

There is no mechanism for a client to choose between multiple servers.

Therefore, if multiple DHCP servers are deployed—for fault tolerance, for
instance—they must either be configured with non-overlapping split scopes
or use a failover mechanism. DHCP for multiple subnets is usually handled by
configuring relay agents to forward requests to a central DHCP server.
6.2.3DHCP Options
Along with an address scope, you also need to define other parameters, such
as lease time and options.

DHCP Lease Time and Available Leases

The client can renew the lease when at least half the lease's period has
elapsed (T1 timer) so that it keeps the same IP addressing information. If the
original DHCP server does not respond to the request to renew the lease, the
client attempts to rebind the same lease configuration with any available
DHCP server. By default, this happens after 87.5% of the lease duration is up
(T2 timer). If this fails, the client releases the IP address and continues to
broadcast to discover a server.

A long lease time means the client does not have to renew the lease often,
but the DHCP server's available pool of IP addresses is not replenished
frequently. Where IP addresses are in short supply, a short lease period
enables the DHCP server to allocate addresses previously assigned to hosts
that are now not active on the network.

A Windows client can be forced to release a lease by issuing a command

such as ipconfig. In Linux, the utility dhclient is often used for this task,
though modern distributions might use NetworkManager or systemd-
networkd.

DHCP Options

When the DHCP server offers a configuration to a client, at a minimum it

must supply an IP address and subnet mask. Typically, it will also supply
other IP-related settings, known as DHCP options. Each option is identified
by a tag byte or decimal value between 0 and 255 (though neither 0 nor 255
can be used as option values). Some widely used options include the
following:

 The default gateway (IP address of the router).

 The IP address(es) of DNS servers that can act as resolvers for name
queries.

 The DNS suffix (domain name) to be used by the client.

 Other useful server options, such as time synchronization (NTP), file

transfer (TFTP), or VoIP proxy.
A set of default (global) options can be configured on a server-wide basis.
Default options can be overridden by setting scope-specific options.

6.2.4DHCP Reservations and Exclusions

One disadvantage of the standard dynamic assignment method is that it
does not guarantee that any given client will retain the same IP address over
time. There are some cases where it would be advantageous for certain
hosts, such as network printers or wireless access points, to retain their IP
addresses.

One solution is to configure static assignments, using IP addresses outside

the DHCP scope. Alternatively, statically assigned addresses can be assigned
from a specially configured exclusion range if this is supported by the server.
While these solutions are functional, they lose the advantages of centralized
configuration management.

An alternative approach is to create a reservation. A reservation is a

mapping of a MAC address or interface ID to a specific IP address within the
DHCP server's address pool. When the DHCP server receives a request from
the given interface, it always provides the same IP address. This is also
referred to as static or fixed address assignment. An automatically allocated
reservation refers to an address that is leased permanently to a client. This is
distinct from static allocation as the administrator does not predetermine
which specific IP address will be leased.

6.2.5 Lab: Configure a DHCP Server

Candidate: Catalina Adams ()

Time Spent: 10:45

Score: 100%

Task Summary

Required Actions

Configure the IPv4 DHCP scope on the serverShow Details

Activate the IPv4 DHCP scope on the server

Configure the laptop in the support office to obtain IP and DNS addresses
automatically from the DHCP server

Explanation
Complete this lab as follows:

1. Access the CorpDHCP Hyper-V server.

a. From Hyper-V Manager, select CORPSERVER.

b. Resize the window to view all virtual machines.

c. Double-click CorpDHCP to access the server.

d. Maximize the CorpDHCP server for better viewing.

2. Access the DHCP New Scope Wizard.

a. From Server Manager's menu bar, select Tools > DHCP.

b. Expand CorpDHCP.CorpNet.local.

c. Right-click IPv4 and select New Scope.

3. Name the scope and configure the IP address range.

a. From the New Scope Wizard, select Next.

b. In the Name field, enter Subnet1 and then select Next.

c. Enter 192.168.0.20 in the Start IP address field.

d. Enter 192.168.0.200 in the End IP address field.

e. Make sure the length is set to 24.

f. Make sure the subnet mask is 255.255.255.0 and then

select Next.

g. From the Add Exclusions and Delay window, select Next.

h. Use the default lease duration and select Next.

i. Make sure Yes, I want to configure these options now is

selected and then select Next.

4. Configure the default gateway and DNS server.

a. In the IP address field, enter 192.168.0.5 as the default gateway

address.

b. Select Add and then select Next.

c. In the IP address field, enter 163.128.78.93 as the DNS server

address.
 d. Select Add and then select Next.

e. From the WINS Servers window, select Next.

5. Activate the scope just created.

a. Make sure Yes, I want to activate this scope now is selected

and then select Next.

b. Click Finish to close the wizard and create the scope.

6. Configure the laptop in the Lobby to obtain IP and DNS addresses

automatically from the DHCP server.

a. From the top left, select Floor 1 Overview.

b. Under Lobby, select Gst-Lap.

c. In the notification area of the taskbar, right-click the network

icon and select Network and Internet settings.

d. Select Ethernet.

e. Scroll down to IP assignment: and select Edit.

f. Change the top drop down from Manual to Automatic (DHCP),

then click Save.

6.2.6 Lab: Configure DHCP Server Options

Candidate: Catalina Adams ()

Time Spent: 02:07

Score: 67%

Task Summary

Required Actions

Configure the 006 DNS Servers options on the server as 192.168.0.11 and
192.168.10.11

Configure the 015 DNS Domain Name option on the server as CorpNet.local

Configure the 003 Router option on the scope as 192.168.0.5

Explanation

While completing this lab, the 006 DNS Servers options

are 192.168.0.11 and 192.168.10.11 (in that order).
Complete this lab as follows:

1. Access the CorpDHCP virtual server.

a. From Hyper-V Manager, select CORPSERVER.

b. Maximize the Hyper-V Manager window to view the available

server.

c. Right-click CorpDHCP and select Connect.

2. Configure the DHCP server options.

a. From Server Manager, select Tools > DHCP.

b. Maximize the DHCP window for better viewing.

c. Expand CorpDHCP.CorpNet.local > IPv4.

d. Right-click Server Options and select Configure Options.

e. Under Available Options, select the 006 DNS Servers.

f. Enter 192.168.0.11 under IP Address.

g. Select Add to add the IP address to the list.

h. Under IP Address, enter 192.168.10.11 for the second server

and then select Add.

i. From the top pane, scroll down and select 015 DNS Domain
Name.

j. In the String value field, enter CorpNet.local.

k. Select OK to save the options that you have defined.

3. Configure DHCP scope options.

a. Expand Scope [192.168.0.1] Subnet1.

b. Right-click Scope Options and select Configure Options.

c. Under Available Options, select 003 Router.

d. Enter 192.168.0.5 under IP address.

e. Select Add to add the IP address to the list.

f. Select OK to save the options you defined.

6.2.7 Lab: Create DHCP Exclusions

Candidate: Catalina Adams ()

Time Spent: 03:01

Score: 100%

Task Summary

Required Actions

Create an exclusion range from 192.168.0.1 to 192.168.0.29

Explanation

Complete this lab as follows:

1. Access the CorpDHCP Hyper-V server.

a. From Hyper-V Manager, select CORPSERVER.

b. Resize the window to view all virtual machines.

c. Double-click CorpDHCP to access the server.

2. Exclude the IP address range.

a. From Server Manager's menu bar, select Tools > DHCP.

b. Maximize the window for better viewing.

c. Expand CorpDHCP.CorpNet.local > IPv4 > Scope

[192.168.0.1] Subnet1.

d. Right-click the Address Pool node and select New Exclusion

Range.

e. Enter 192.168.0.1 in the Start IP address field.

f. Enter 192.168.0.29 in the End IP address field.

g. Select Add.

h. Select Close to close the Add Exclusion Range dialog.

6.3.1Automatic Private IP Addressing
A host's IP configuration can either be applied statically, or it can use an
autoconfiguration method. Autoconfiguration on an IPv4 network usually
means using a Dynamic Host Configuration Protocol (DHCP) server.

Automatic Private IP Addressing (APIPA) was developed by Microsoft as

a means for clients that could not contact a DHCP server to communicate on
the local network anyway. If a Windows host does not receive a response
from a DHCP server within a given time frame, it selects an address at
random from the range 169.254.1.1 to 169.254.254.254.

These addresses are from one of the address ranges reserved for private
addressing (169.254.0.0/16). The first and last subnets are supposed to be
unused.

This type of addressing is referred to as link local in standards

documentation (RFC 3927).

APIPA has no mechanism for assigning default gateway or DNS server

addresses. Hosts using APIPA are restricted to communicating on the local
network.

6.3.2IPv6 Interface Autoconfiguration and Testing

In IPv6, an interface must always be configured with a link local address. One
or more routable addresses can be assigned to the interface in addition to
the link local address. As with IPv4, you can either assign a routable IPv6
address statically or use an automatic addressing scheme. Static address
configuration would generally be reserved to routers and possibly some
types of servers.

Neighbor Discovery Protocol and Router Advertisements

The Neighbor Discovery (ND) Protocol performs some of the functions on an

IPv6 network that ARP and ICMP perform under IPv4. The main functions of
ND are as follows:

 Address autoconfiguration—Enables a host to configure IPv6

addresses for its interfaces automatically and detect whether an
address is already in use on the local network, by using neighbor
solicitation (NS) and neighbor advertisement (NA) messages.

 Prefix discovery—Enables a host to discover the known network

prefixes that have been allocated to the local segment. This facilitates
 next-hop determination (whether a packet should be addressed to a
local host or a router). Prefix discovery uses router solicitation (RS)
and router advertisement (RA) messages. An RA contains
information about the network prefix(es) served by the router,
information about autoconfiguration options, plus information about
link parameters, such as the MTU and hop limit. Routers send RAs
periodically and in response to a router solicitation initiated by the
host.

 Local address resolution—Allows a host to discover other nodes and

routers on the local network (neighbors). This process also uses
neighbor solicitation (NS) and neighbor advertisement (NA) messages.

 Redirection—Enables a router to inform a host of a better route to a

particular destination.

Stateless Address Autoconfiguration

IPv4 has a system for generating link local addresses, but these are not
routable outside the local network. Consequently, IPv4 depends heavily on
the Dynamic Host Configuration Protocol (DHCP) for address
autoconfiguration. IPv6 uses a more flexible system of address
autoconfiguration called stateless address autoconfiguration (SLAAC):

 The host generates a link local address and uses Neighbor Discovery
(ND) messages to test that it is unique.

 The host listens for a router advertisement (RA) or transmits a router

solicitation (RS) using ND protocol messaging. The router can either
provide a network prefix, direct the host to a DHCPv6 server to perform
stateful autoconfiguration, or perform some combination of stateless
and stateful configuration.

ICMPv6

IPv6 uses an updated version of ICMP. The key new features are the
following:

 Error messaging—ICMPv6 supports the same sort of destination

unreachable and time exceeded messaging as ICMPv4. One change is
the introduction of a Packet Too Big class of error. Under IPv6, routers
are no longer responsible for packet fragmentation and reassembly, so
the host must ensure that they fit in the MTUs of the various links
used.
  Informational messaging—ICMPv6 supports ICMPv4 functions, such
as echo and redirect, plus a whole new class of messages designed to
support ND and MLD, such as router and neighbor advertisements and
solicitations.

6.3.3DHCPv6 Server Configuration

IPv6's Stateless Address Autoconfiguration (SLAAC) process can locate the
default gateway and generate a host address with a suitable network prefix
automatically. In this context, the role of a DHCP server in IPv6 is different.
DHCPv6 is often just used to provide additional option settings, rather than
leases for host IP addresses. The format of messages is different, but the
process of DHCP server discovery and address leasing (if offered) is
fundamentally the same. As IPv6 does not support broadcast, clients use the
multicast address ff02::1:2 to discover a DHCP server. DHCPv6 uses ports
546 (clients) and 547 (servers), rather than ports 68 and 67 as in DHCPv4.

In stateless mode, a client obtains a network prefix from a

router advertisement and uses it with the appropriate interface ID. The
router can also set a combination of flags to tell the client that a DHCP server
is available. If so configured, the client solicits a DHCPv6 server using the
multicast address ff02::1:2 and requests additional configuration information.
Description

DHCPv6 stateless mode. (Images © 123RF.com.)

By contrast, stateful mode means that a host can also obtain a routable IP
address from a DHCPv6 scope. In either mode, a DHCPv6 server can be used
to supply options information, such as DNS server addresses, DNS
suffix/domain lists, time servers, and so on.
Description

DHCPv6 stateful mode. (Images © 123RF.com.)

Configuring the scope requires you to define the network prefix and then any
IP addresses that are to be excluded from being offered. All other addresses
that are not explicitly excluded can be offered. The host must still listen for a
router advertisement to obtain the network prefix and configure a default
gateway. There is no mechanism in DHCPv6 for setting the default route.

When using stateful DHCPv6, it is possible to configure a static reservation.

However, a DHCPv6 reservation doesn't use a MAC address. Instead, each
system generates a host DHCP Unique Identifier (DUID) plus an Identity
Association Identifier (IAID) for each interface.

6.2.11 Lesson Review

 print

 close modal

Candidate: Catalina Adams (mar2492014)

Date: 1/18/2025, 10:03:53 PM • Time Spent: 05:36

Score: 100%

Passing Score: 80%

Individual ResponsesObjective Analysis

 Question 1.

Correct

What does the client do to ensure the offered IP address is not already in
use?

answer

Sends a DHCPREQUEST packet

Correct Answer:

Broadcasts an ARP message

Sends a DHCPOFFER packet

Sends a DHCPDISCOVER packet

Explanation

After receiving a DHCPACK, the client broadcasts an ARP message to ensure

the offered IP address is not already in use.

Sending a DHCPDISCOVER packet is used to find DHCP servers, not to check

for IP address conflicts.

Sending a DHCPOFFER packet is a server action, not a client action.

Sending a DHCPREQUEST packet is used to request an IP address, not to

check for its availability.

References

o 6.2.1 DHCP Process

o 6.2.2 DHCP Server Configuration

o 6.2.3 DHCP Options

o 6.2.4 DHCP Reservations and Exclusions

o 6.2.5 Lab: Configure a DHCP Server

o 6.2.6 Lab: Configure DHCP Server Options

 o 6.2.7 Lab: Create DHCP Exclusions

o 6.2.8 Lab: Create DHCP Client Reservations

o 6.2.9 Configure Client Addressing

o 6.2.10 Lab: Configure Client Addressing for DHCP

o 6.3.2 IPv6 Interface Autoconfiguration and Testing

o 6.3.3 DHCPv6 Server Configuration

o 6.3.6 Set Up Alternate Addressing

o 6.4.1 DHCP Relay and IP Helper

o 6.4.2 DHCP Issues

o 6.4.3 Troubleshooting DHCP Exhaustion

o 6.4.4 Lab: Configure a DHCP Relay Agent

o 6.4.5 Lab: Add a DHCP Server on Another Subnet

o 6.4.6 Lab: Troubleshoot Address Pool Exhaustion

o 6.4.7 Lab: Explore DHCP Troubleshooting

o 6.4.8 Lab: Troubleshoot IP Configuration 1

o 6.4.9 Lab: Troubleshoot IP Configuration 2

o 6.4.10 Lab: Troubleshoot IP Configuration 3

o 6.6.1 Client DNS Issues

resources\text\t_dhcp_overview_n09\
q_dhcp_overview_arp_message_broadcast_n09.question.xml

 Question 2.

Correct

You have a network with 50 workstations. You want to automatically

configure the workstations with the IP address, subnet mask, and default
gateway values.

Which device should you use?

answer

Correct Answer:
DHCP server

Gateway

Router

DNS server

Explanation

Use a DHCP server to deliver configuration information to hosts

automatically. Using DHCP is easier than configuring each host manually.

Use a gateway to provide access to a different network or a network that

uses a different protocol.

Use a router to connect multiple subnets.

Use a DNS server to provide name resolution (for example, to get the IP
address associated with a logical hostname).

References

o 6.2.1 DHCP Process

o 6.2.2 DHCP Server Configuration

o 6.2.3 DHCP Options

o 6.2.4 DHCP Reservations and Exclusions

o 6.2.5 Lab: Configure a DHCP Server

o 6.2.6 Lab: Configure DHCP Server Options

o 6.2.7 Lab: Create DHCP Exclusions

o 6.2.8 Lab: Create DHCP Client Reservations

o 6.2.9 Configure Client Addressing

o 6.2.10 Lab: Configure Client Addressing for DHCP

o 6.3.2 IPv6 Interface Autoconfiguration and Testing

o 6.3.3 DHCPv6 Server Configuration

o 6.3.6 Set Up Alternate Addressing

o 6.4.1 DHCP Relay and IP Helper

o 6.4.2 DHCP Issues

 o 6.4.3 Troubleshooting DHCP Exhaustion

o 6.4.4 Lab: Configure a DHCP Relay Agent

o 6.4.5 Lab: Add a DHCP Server on Another Subnet

o 6.4.6 Lab: Troubleshoot Address Pool Exhaustion

o 6.4.7 Lab: Explore DHCP Troubleshooting

o 6.4.8 Lab: Troubleshoot IP Configuration 1

o 6.4.9 Lab: Troubleshoot IP Configuration 2

o 6.4.10 Lab: Troubleshoot IP Configuration 3

o 6.6.1 Client DNS Issues

resources\text\t_dhcp_overview_n09\
q_dhcp_overview_example_n09.question.xml

 Question 3.

Correct

What is the first step in the DHCP lease process?

answer

DHCPOFFER

Correct Answer:

DHCPDISCOVER

DHCPACK

DHCPREQUEST

Explanation

The first step in the DHCP lease process is the DHCPDISCOVER message,
where the client broadcasts to find a DHCP server.

DHCPOFFER is incorrect because it is the second step, where the server

offers an IP address to the client.

DHCPREQUEST is incorrect because it is the third step, where the client

requests to use the offered IP address.
DHCPACK is incorrect because it is the fourth step, where the server
acknowledges the client's request to use the IP address.

References

o 6.2.1 DHCP Process

o 6.2.2 DHCP Server Configuration

o 6.2.3 DHCP Options

o 6.2.4 DHCP Reservations and Exclusions

o 6.2.5 Lab: Configure a DHCP Server

o 6.2.6 Lab: Configure DHCP Server Options

o 6.2.7 Lab: Create DHCP Exclusions

o 6.2.8 Lab: Create DHCP Client Reservations

o 6.2.9 Configure Client Addressing

o 6.2.10 Lab: Configure Client Addressing for DHCP

o 6.3.2 IPv6 Interface Autoconfiguration and Testing

o 6.3.3 DHCPv6 Server Configuration

o 6.3.6 Set Up Alternate Addressing

o 6.4.1 DHCP Relay and IP Helper

o 6.4.2 DHCP Issues

o 6.4.3 Troubleshooting DHCP Exhaustion

o 6.4.4 Lab: Configure a DHCP Relay Agent

o 6.4.5 Lab: Add a DHCP Server on Another Subnet

o 6.4.6 Lab: Troubleshoot Address Pool Exhaustion

o 6.4.7 Lab: Explore DHCP Troubleshooting

o 6.4.8 Lab: Troubleshoot IP Configuration 1

o 6.4.9 Lab: Troubleshoot IP Configuration 2

o 6.4.10 Lab: Troubleshoot IP Configuration 3

o 6.6.1 Client DNS Issues

resources\text\t_dhcp_overview_n09\
q_dhcp_overview_lease_first_step_n09.question.xml

 Question 4.

Correct

Why must a DHCP server be placed in the same subnet as its clients?

answer

Correct Answer:

To ensure it can assign IP addresses to them

To increase the server's processing speed

To comply with network security policies

To reduce network latency

Explanation

The correct answer is to ensure it can assign IP addresses to them. Being in

the same subnet ensures direct communication between the DHCP server
and its clients, facilitating the assignment of IP addresses.

While important, reducing network latency is not the primary reason for
placing a DHCP server in the same subnet.

Security policies vary and do not dictate DHCP server placement.

The server's processing speed is not affected by its placement in relation to

clients.

References

o 6.2.1 DHCP Process

o 6.2.2 DHCP Server Configuration

o 6.2.3 DHCP Options

o 6.2.4 DHCP Reservations and Exclusions

o 6.2.5 Lab: Configure a DHCP Server

o 6.2.6 Lab: Configure DHCP Server Options

o 6.2.7 Lab: Create DHCP Exclusions

 o 6.2.8 Lab: Create DHCP Client Reservations

o 6.2.9 Configure Client Addressing

o 6.2.10 Lab: Configure Client Addressing for DHCP

o 6.3.2 IPv6 Interface Autoconfiguration and Testing

o 6.3.3 DHCPv6 Server Configuration

o 6.3.6 Set Up Alternate Addressing

o 6.4.1 DHCP Relay and IP Helper

o 6.4.2 DHCP Issues

o 6.4.3 Troubleshooting DHCP Exhaustion

o 6.4.4 Lab: Configure a DHCP Relay Agent

o 6.4.5 Lab: Add a DHCP Server on Another Subnet

o 6.4.6 Lab: Troubleshoot Address Pool Exhaustion

o 6.4.7 Lab: Explore DHCP Troubleshooting

o 6.4.8 Lab: Troubleshoot IP Configuration 1

o 6.4.9 Lab: Troubleshoot IP Configuration 2

o 6.4.10 Lab: Troubleshoot IP Configuration 3

o 6.6.1 Client DNS Issues

resources\text\t_dhcp_config_n09\
q_dhcp_config_same_subnet_n09.question.xml

 Question 5.

Correct

What is a scope in the context of DHCP server configuration?

answer

A tool for monitoring network traffic

Correct Answer:

A range of IP addresses and options configured for a single subnet

The physical range a wireless DHCP server can cover

A set of rules for filtering packets

Explanation

A scope is essential for defining the range of IP addresses that the DHCP
server can assign within a specific subnet, along with other configuration
options.

A tool for monitoring network traffic does not relate to DHCP scopes, which
are about IP address allocation.

A set of rules for filtering packets is more akin to firewall functionality, not
DHCP scope configuration.

The physical range a wireless DHCP server can cover refers to the signal
coverage of a wireless access point, not a DHCP scope.

References

o 6.2.1 DHCP Process

o 6.2.2 DHCP Server Configuration

o 6.2.5 Lab: Configure a DHCP Server

o 6.2.10 Lab: Configure Client Addressing for DHCP

o 6.3.2 IPv6 Interface Autoconfiguration and Testing

o 6.3.6 Set Up Alternate Addressing

o 6.4.2 DHCP Issues

o 6.4.4 Lab: Configure a DHCP Relay Agent

o 6.4.5 Lab: Add a DHCP Server on Another Subnet

resources\text\t_dhcp_config_n09\
q_dhcp_config_scope_role_n09.question.xml

 Question 6.

Correct

What is the significance of configuring a DHCP server with a range of IP

addresses and subnet masks?

answer

It allows the server to operate in multiple subnets simultaneously.

It allows the server to function as a router.

It encrypts the data transmitted between the server and clients.

Correct Answer:

It enables the server to assign appropriate IP configurations to clients within

a specific subnet.

Explanation

Configuring a DHCP server with a range of IP addresses and subnet masks

allows it to assign IP configurations that are suitable for the network
segment, ensuring proper communication.

While DHCP servers can serve multiple subnets, this is achieved through
relay agents, not through the configuration of a single range.

DHCP configuration does not involve encryption; it's about IP address

allocation.

DHCP servers assign IP addresses; they do not route traffic between

networks.

References

o 6.2.1 DHCP Process

o 6.2.2 DHCP Server Configuration

o 6.2.5 Lab: Configure a DHCP Server

o 6.2.10 Lab: Configure Client Addressing for DHCP

o 6.3.2 IPv6 Interface Autoconfiguration and Testing

o 6.3.6 Set Up Alternate Addressing

o 6.4.2 DHCP Issues

o 6.4.4 Lab: Configure a DHCP Relay Agent

o 6.4.5 Lab: Add a DHCP Server on Another Subnet

resources\text\t_dhcp_config_n09\
q_dhcp_config_subnet_masks_n09.question.xml

 Question 7.

Correct
Which DHCP option specifies the IP address of the router?

answer

DNS servers

Correct Answer:

Default gateway

DNS suffix

NTP servers

Explanation

The default gateway option in DHCP specifies the router's IP address, guiding
clients on how to send traffic to destinations outside their local network.

DNS servers specify the IP addresses of DNS servers, not the default
gateway.

The DNS suffix provides the domain name for DNS resolution, unrelated to
routing.

NTP servers specify servers for time synchronization, not network routing.

References

o 6.2.1 DHCP Process

o 6.2.3 DHCP Options

o 6.2.5 Lab: Configure a DHCP Server

o 6.2.6 Lab: Configure DHCP Server Options

o 6.2.10 Lab: Configure Client Addressing for DHCP

o 6.3.2 IPv6 Interface Autoconfiguration and Testing

resources\text\t_dhcp_options_n09\
q_dhcp_options_default_gateway_n09.question.xml

 Question 8.

Correct

What is the consequence of a long DHCP lease time?

answer
Decreases network security

Correct Answer:

The DHCP server's available pool of IP addresses is not replenished

frequently

Increases the DHCP server's available pool of IP addresses

Requires frequent renewal of the lease

Explanation

A long lease time reduces the frequency at which IP addresses are returned
to the pool for reallocation, potentially leading to shortages in environments
with limited IP addresses.

Increasing the DHCP server's available pool of IP addresses is incorrect as a

long lease time actually has the opposite effect.

Lease time length does not directly impact network security.

A long lease time means renewals are less frequent, not more.

References

o 6.2.1 DHCP Process

o 6.2.2 DHCP Server Configuration

o 6.2.3 DHCP Options

o 6.2.5 Lab: Configure a DHCP Server

o 6.2.10 Lab: Configure Client Addressing for DHCP

o 6.3.2 IPv6 Interface Autoconfiguration and Testing

resources\text\t_dhcp_options_n09\
q_dhcp_options_long_lease_time_n09.question.xml

 Question 9.

Correct

What is the purpose of the T1 timer in DHCP?

answer

To define the maximum lease time for an IP address

To indicate the expiration time of an IP address lease

Correct Answer:

To signal when a client should start attempting to renew its lease

To set the frequency of DHCP server updates

Explanation

The T1 timer is set to 50% of the lease time. When it expires, it signals the
client to start the process of renewing its lease to maintain its current IP
configuration. This ensures network stability and continuity.

The maximum lease time is defined by the lease duration itself, not the T1
timer.

The lease expiration is determined by the lease duration, not the T1 timer.

The T1 timer is related to lease renewal, not the frequency of server updates.

References

o 6.2.1 DHCP Process

o 6.2.2 DHCP Server Configuration

o 6.2.3 DHCP Options

o 6.2.5 Lab: Configure a DHCP Server

o 6.2.10 Lab: Configure Client Addressing for DHCP

o 6.3.2 IPv6 Interface Autoconfiguration and Testing

resources\text\t_dhcp_options_n09\
q_dhcp_options_t1_timer_n09.question.xml

 Question 10.

Correct

An administrator is using DHCP and wants to retain centralized management

of IP addressing but needs to ensure that specific devices that supply always-
on functionality have static IP address assignments.

What is the BEST solution?

answer

Assign addresses from a specially configured exclusion range.

Configure static assignments on those devices.

Correct Answer:

Create reservations.

Configure scopes.

Explanation

To retain centralized management of IP addressing, the administrator can

create a reservation which is a mapping of a MAC address or interface ID to a
specific IP address within the DHCP server's address pool.

The administrator can configure static assignments using IP addresses

outside the DHCP scope; however, this does not allow the administrator to
retain centralized management.

The administrator can assign IP addresses from a specially configured

exclusion range; however, the administrator must statically assign them, and
this does not allow the administrator to retain centralized management.

A scope is a range of IP addresses and options configured for a single subnet.

Administrators define scopes by providing a start and end IP address along
with a subnet mask.

References

o 6.2.1 DHCP Process

o 6.2.4 DHCP Reservations and Exclusions

o 6.2.5 Lab: Configure a DHCP Server

o 6.2.8 Lab: Create DHCP Client Reservations

o 6.2.10 Lab: Configure Client Addressing for DHCP

o 6.3.2 IPv6 Interface Autoconfiguration and Testing

resources\text\t_dhcp_reserves_n09\
q_dhcp_reserves_example_n09.question.xml

6.3.7 Lesson Review

 print

 close modal
Candidate: Catalina Adams (mar2492014)

Date: 1/18/2025, 10:07:52 PM • Time Spent: 02:13

Score: 100%

Passing Score: 80%

Individual ResponsesObjective Analysis

 Question 1.

Correct

What happens if a Windows host does not receive a response from a DHCP
server within a given time frame?

answer

It will prompt the user to manually enter an IP address.

It will shut down to prevent network conflicts.

Correct Answer:

It will select an address at random from the APIPA range.

It will broadcast a request for manual configuration assistance.

Explanation

If a Windows host does not receive a DHCP offer within a certain time frame,
it will automatically select an IP address from the APIPA range (169.254.1.1
to 169.254.254.254). This allows the host to continue communicating on the
local network despite the absence of DHCP server communication.

The host does not shut down; it seeks an alternative method to configure its
IP address.

While users can manually enter an IP address, this is not the automatic
response when a DHCP server cannot be contacted.

The host does not broadcast for manual configuration assistance; it

automatically selects an APIPA address.

References

o 4.5.5 IPv6 Link Local Addressing

o 6.3.1 Automatic Private IP Addressing

 o 6.3.4 Lab: Explore APIPA Addressing

o 6.3.5 Lab: Explore APIPA Addressing in Network Modeler

o 6.3.6 Set Up Alternate Addressing

resources\text\t_apipa_n09\q_apipa_dhcp_response_n09.question.xml

 Question 2.

Correct

What is the role of Router Advertisements (RAs) in the IPv6 address

configuration process?

answer

To encrypt data packets sent between hosts and routers

To request an IP address from a DHCPv6 server

To assign static IP addresses to devices

Correct Answer:

To inform hosts of network prefixes and autoconfiguration options

Explanation

Router Advertisements (RAs) are sent by routers to inform hosts on the

network about available network prefixes and autoconfiguration options
(stateless or stateful). This information is crucial for hosts to configure their
IPv6 addresses properly.

RAs do not request IP addresses; they provide information necessary for

address configuration.

RAs are not involved in encrypting data packets; they are used for network
configuration.

RAs do not assign static IP addresses; they provide information for automatic
configuration.

References

o 4.5.5 IPv6 Link Local Addressing

o 6.3.1 Automatic Private IP Addressing

o 6.3.4 Lab: Explore APIPA Addressing

 o 6.3.5 Lab: Explore APIPA Addressing in Network Modeler

o 6.3.6 Set Up Alternate Addressing

resources\text\t_apipa6_n09\q_apipa6_ra_role_n09.question.xml

 Question 3.

Correct

Which Neighbor Discovery Protocol function enables a router to inform a host

of a better route to a particular destination in an IPv6 network?

answer

Prefix discovery

Correct Answer:

Redirection

Address autoconfiguration

Local address resolution

Explanation

The redirection function of the Neighbor Discovery Protocol allows a router to

inform a host about a more efficient route to reach a specific destination.
This mechanism helps optimize the routing of packets within an IPv6 network
by directing traffic through paths that are potentially shorter or less
congested.

Address autoconfiguration is a process that allows IPv6 devices to

automatically configure an IP address for their interfaces. It does not involve
informing hosts about better routes to destinations.

Prefix discovery is a function that enables a host to discover the network

prefixes that are available on the local link. While it is crucial for determining
the scope of the network, it does not provide information about routing to
specific destinations.

Local address resolution is used to discover the link-layer addresses (such as

MAC addresses) of other nodes on the same local network. This process is
similar to ARP in IPv4 but does not involve directing traffic or informing hosts
of better routes.

References
 o 4.5.5 IPv6 Link Local Addressing

o 6.3.1 Automatic Private IP Addressing

o 6.3.4 Lab: Explore APIPA Addressing

o 6.3.5 Lab: Explore APIPA Addressing in Network Modeler

o 6.3.6 Set Up Alternate Addressing

resources\text\t_apipa6_n09\q_apipa6_redirection_purpose_n09.question.xml

 Question 4.

Correct

Which IPv6 autoconfiguration method allows a host to generate a link-local

address and verify its uniqueness?

answer

DHCPv6

Manual configuration

ARP

Correct Answer:

SLAAC

Explanation

Stateless Address Autoconfiguration (SLAAC) enables a host to automatically

generate a link-local address and use Neighbor Discovery Protocol messages
to ensure that the address is unique on the network.

DHCPv6 is used for stateful autoconfiguration, not for generating link-local

addresses.

Manual configuration involves manually assigning IP addresses, not

automatically generating them.

ARP is used in IPv4 for address resolution and does not apply to IPv6 link-
local address generation.

References

o 6.3.2 IPv6 Interface Autoconfiguration and Testing

resources\text\t_apipa6_n09\q_apipa6_slaac_definition_n09.question.xml
  Question 5.

Correct

What is the primary role of a DHCPv6 server in an IPv6 network?

answer

To locate the default gateway for clients

To support broadcast messages for IPv6 clients

To generate host addresses with suitable network prefixes

Correct Answer:

To provide additional option settings

Explanation

The correct answer is to provide additional option settings. In an IPv6

network, the Stateless Address Autoconfiguration (SLAAC) process can
automatically locate the default gateway and generate host addresses with
suitable network prefixes. Therefore, the primary role of a DHCPv6 server is
often to provide additional option settings rather than leases for host IP
addresses.

The SLAAC process, not the DHCPv6 server, locates the default gateway.

Host addresses with suitable network prefixes are generated by the SLAAC
process, not the DHCPv6 server.

IPv6 does not support broadcast; it uses multicast for DHCP server discovery.

References

o 6.2.1 DHCP Process

o 6.2.3 DHCP Options

o 6.2.5 Lab: Configure a DHCP Server

o 6.2.6 Lab: Configure DHCP Server Options

o 6.2.10 Lab: Configure Client Addressing for DHCP

o 6.3.2 IPv6 Interface Autoconfiguration and Testing

resources\text\t_dhcpv6_n09\q_dhcpv6_primary_role_n09.question.xml

6.4.1DHCP Relay and IP Helper

Normally, routers do not forward broadcast traffic. This means that each
broadcast domain must be served by its own DHCP server. On a large
network with multiple subnets, this would mean provisioning and configuring
many DHCP servers. To avoid this scenario, a DHCP relay agent can be
configured to provide forwarding of DHCP traffic between subnets. Routers
that can provide this type of forwarding are described as RFC 1542
compliant.

The DHCP relay intercepts broadcast DHCP frames, applies a unicast address
for the appropriate DHCP server, and forwards them over the interface for
the subnet containing the server. The DHCP server can identify the original IP
subnet from the packet and offer a lease from the appropriate scope. The
DHCP relay also performs the reverse process of directing responses from the
server to the appropriate client subnet.

Description

Configuring a DHCP relay agent. (Images © 123RF.com.)

This IP helper functionality can be configured on routers to allow set types

of broadcast traffic (including DHCP) to be forwarded to an interface. The IP
helper function supports the function of the DHCP relay agent. For example,
in the diagram, hosts in the 10.1.20.0/24 and 10.1.10.0/24 subnets need to
use a DHCP server for autoconfiguration, but the DHCP server is located in a
different subnet. The router is configured as a DHCP relay agent, using the
following commands to enable forwarding of DHCP broadcasts on the
interfaces serving the client subnets:

interface eth1

ip helper-address 10.1.0.200

interface eth2

ip helper-address 10.1.0.200

UDP forwarding is a more general application of the same principle. As well

as DHCP, it is used for the Network Time Protocol (NTP) and other broadcast-
based applications.

6.4.2DHCP Issues

A Windows host that is configured to use dynamic addressing but that fails to
obtain a lease will revert to an automatic IP address (APIPA) configuration
and select an address in the 169.254.0.0/16 range. Linux might use link local
addressing, set the address to unknown (0.0.0.0), or leave the interface
unconfigured.

Possible reasons for a client to fail to obtain a lease include the following:

 The DHCP server is offline. If your DHCP servers go offline, users will
continue to connect to the network for a period and thereafter start to
lose contact with network services and servers as they come to try to
renew a lease.

 No more addresses available (DHCP scope exhaustion). Create a new

scope with enough addresses or reduce the lease period. A shorter
lease period can mitigate exhaustion issues in networks with high
client turnover, such as guest Wi-Fi. IP Address Management (IPAM)
software suites can be used to track address usage across a complex
DHCP infrastructure.

 The router between the client and DHCP server doesn't support BOOTP
forwarding. Either install RFC 1542-compliant routers or add another
type of DHCP relay agent to each subnet or VLAN.

If you reconfigure your DHCP servers and their scopes, you will need to plan
for the fact that not all clients' IP configurations will be updated when the
server scopes are edited and could be left with an expired IP, default
gateway, or DNS server address. You can mitigate this by lowering the lease
duration in advance of changes, forcing all clients to renew, or running
parallel settings for a period.

Also be aware that address pool exhaustion might be a symptom of a

malicious attack.

6.4.3Troubleshooting DHCP Exhaustion

6.4.11 Lesson Review

 print

 close modal

Candidate: Catalina Adams (mar2492014)

Date: 1/18/2025, 10:12:18 PM • Time Spent: 01:46

Score: 100%

Passing Score: 80%

Individual ResponsesObjective Analysis

 Question 1.

Correct

What makes a router RFC 1542 compliant?

answer

The feature to encrypt DHCP messages

The ability to assign static IP addresses

The function to block all broadcast traffic

Correct Answer:

The capability to forward DHCP traffic between subnets

Explanation

RFC 1542 compliance means a router can act as a DHCP relay agent,
forwarding DHCP requests and responses between clients and servers in
different subnets, which is crucial for network efficiency and scalability.

Assigning static IP addresses is not related to RFC 1542 compliance.

Blocking all broadcast traffic is not the purpose of RFC 1542; it's about
forwarding DHCP traffic specifically.

Encrypting DHCP messages is a security measure, not a requirement for RFC

1542 compliance.

References

o 6.2.1 DHCP Process

o 6.2.10 Lab: Configure Client Addressing for DHCP

o 6.3.2 IPv6 Interface Autoconfiguration and Testing

o 6.4.1 DHCP Relay and IP Helper

o 6.4.4 Lab: Configure a DHCP Relay Agent

resources\text\t_dhcp_relay_n09\
q_dhcp_relay_1542_compliant_n09.question.xml

 Question 2.

Correct

Why do routers normally not forward broadcast traffic?

answer

Correct Answer:

To prevent network congestion

To ensure network security

Because it can lead to IP address conflicts

Because routers operate at the network layer

Explanation

The correct answer is to prevent network congestion. Broadcasting across

multiple subnets can lead to excessive network traffic, causing congestion
and performance issues. Routers prevent this by not forwarding broadcast
traffic by default.

IP address conflicts are not directly related to forwarding broadcast traffic.

While routers operate at the network layer, the reason they don't forward
broadcast traffic is to prevent congestion, not because of their operational
layer.

Security is a concern in network design, but the primary reason for not
forwarding broadcast traffic is to prevent congestion.

References

o 6.2.1 DHCP Process

o 6.2.2 DHCP Server Configuration

o 6.2.3 DHCP Options

o 6.2.4 DHCP Reservations and Exclusions

o 6.2.5 Lab: Configure a DHCP Server

o 6.2.6 Lab: Configure DHCP Server Options

o 6.2.7 Lab: Create DHCP Exclusions

o 6.2.8 Lab: Create DHCP Client Reservations

o 6.2.9 Configure Client Addressing

o 6.2.10 Lab: Configure Client Addressing for DHCP

o 6.3.2 IPv6 Interface Autoconfiguration and Testing

o 6.3.3 DHCPv6 Server Configuration

o 6.3.6 Set Up Alternate Addressing

o 6.4.1 DHCP Relay and IP Helper

o 6.4.2 DHCP Issues

o 6.4.3 Troubleshooting DHCP Exhaustion

o 6.4.4 Lab: Configure a DHCP Relay Agent

o 6.4.5 Lab: Add a DHCP Server on Another Subnet

o 6.4.6 Lab: Troubleshoot Address Pool Exhaustion

o 6.4.7 Lab: Explore DHCP Troubleshooting

o 6.4.8 Lab: Troubleshoot IP Configuration 1

o 6.4.9 Lab: Troubleshoot IP Configuration 2

 o 6.4.10 Lab: Troubleshoot IP Configuration 3

o 6.6.1 Client DNS Issues

resources\text\t_dhcp_relay_n09\q_dhcp_relay_routers_n09.question.xml

 Question 3.

Correct

What is the purpose of applying a unicast address to DHCP frames by the

DHCP relay?

answer

Correct Answer:

To directly communicate with the DHCP server without broadcasting

To assign IP addresses to the frames

To encrypt the DHCP frames for security

To broadcast the frames across multiple subnets

Explanation

The correct answer is to directly communicate with the DHCP server without
broadcasting. By converting broadcast DHCP requests into unicast frames
directed to the DHCP server's IP address, DHCP relays facilitate efficient
communication between clients and servers across different subnets.

The conversion to unicast is for routing purposes, not encryption.

DHCP frames are not assigned IP addresses; they are forwarded to obtain
them from a DHCP server.

The purpose is to avoid broadcasting across multiple subnets, not to enable

it.

References

o 6.2.1 DHCP Process

o 6.2.10 Lab: Configure Client Addressing for DHCP

o 6.3.2 IPv6 Interface Autoconfiguration and Testing

o 6.4.1 DHCP Relay and IP Helper

o 6.4.4 Lab: Configure a DHCP Relay Agent

resources\text\t_dhcp_relay_n09\
q_dhcp_relay_unicast_address_n09.question.xml

 Question 4.

Correct

What might be a symptom of a malicious attack on a DHCP server?

answer

Frequent IP address changes

Increased network speed

Correct Answer:

Address pool exhaustion

Decreased number of DHCP requests

Explanation

Address pool exhaustion can be a symptom of a malicious attack, such as a

DHCP flood where numerous fake DHCP requests are sent to the server to
deplete its pool of available IP addresses, preventing legitimate clients from
obtaining an IP address.

Increased network speed is not typically a symptom of a malicious attack on

a DHCP server.

Frequent IP address changes are more likely due to short lease times or
network configuration issues, not necessarily a malicious attack.

A decrease in the number of DHCP requests would not indicate an attack; an

attack would likely increase the number of requests to exhaust the address
pool.

References

o 6.4.2 DHCP Issues

o 6.4.3 Troubleshooting DHCP Exhaustion

o 6.4.6 Lab: Troubleshoot Address Pool Exhaustion

resources\text\t_dhcp_issues_n09\
q_dhcp_issues_address_exhaustion_n09.question.xml

 Question 5.
Correct

What is a recommended action before reconfiguring DHCP server scopes?

answer

Increase the lease duration.

Correct Answer:

Lower the lease duration.

Inform all network users about the change.

Disable the DHCP server temporarily.

Explanation

Lowering the lease duration before making changes to DHCP server scopes
forces all clients to renew their leases more frequently. This ensures that
clients' IP configurations are updated more quickly once the changes are
made, minimizing potential connectivity issues.

Increasing the lease duration would delay clients from obtaining updated IP
configurations after the server scopes are edited.

Disabling the DHCP server temporarily would prevent all clients from
obtaining or renewing IP leases, causing network connectivity issues.

While informing users about changes is good practice, it does not technically
facilitate the update of clients' IP configurations in response to DHCP scope
changes.

References

o 6.2.1 DHCP Process

o 6.2.2 DHCP Server Configuration

o 6.2.5 Lab: Configure a DHCP Server

o 6.2.10 Lab: Configure Client Addressing for DHCP

o 6.3.2 IPv6 Interface Autoconfiguration and Testing

o 6.3.6 Set Up Alternate Addressing

o 6.4.2 DHCP Issues

o 6.4.4 Lab: Configure a DHCP Relay Agent

 o 6.4.5 Lab: Add a DHCP Server on Another Subnet

resources\text\t_dhcp_issues_n09\
q_dhcp_issues_lower_lease_duration_n09.question.xml

6.5.1Host Names and Domain Names

The Internet Protocol uses a binary IP address to locate a host on an

internetwork. The dotted decimal (IPv4) or hex (IPv6) representation of this IP
address is used for configuration purposes, but it is not easy for people to
remember. For this reason, a "friendly" name is also typically assigned to
each host. There are two types of names: host names and fully qualified
domain names (FQDNs).

A host name is assigned to a computer by the administrator, usually when

the OS is installed. The host name needs to be unique on the local network.

To avoid the possibility of duplicate host names on the Internet, a fully

qualified domain name (FQDN) is used to provide a unique identity for
the host belonging to a particular network. An example of an FQDN might
be nut.widget.example. An FQDN is made up of the host name and a domain
suffix. In the example, the host name is nut, and the domain suffix
is widget.example. This domain suffix consists of the domain
name widget within the top-level domain (TLD) .example. A domain suffix
could also contain subdomains between the host and domain name. The
trailing dot or period represents the root of the hierarchy.

When you are configuring name records, an FQDN must include the trailing
period to represent the root, but this can be omitted in most other use cases.

A domain name must be registered with a registrar to ensure that it is unique

within a top-level domain. Once a domain name has been registered, it
cannot be used by another organization. The same domain name may be
registered within different top-level domains, however—
widget.example. and widget.example.uk. are distinct domains, for instance.

Numerous hosts may exist within a single domain. For example: nut, bolt,
and washer might all be hosts within the widget.example. domain. Given
that, FQDNs must follow certain rules:

 The host name must be unique within the domain.

 The total length of an FQDN cannot exceed 253 characters, with each
label (part of the name defined by a period) no more than 63
characters (excluding the periods).
  A DNS label should use letter, digit, and hyphen characters only. A
label should not start with a hyphen. Punctuation characters such as
the period (.) or forward slash (/) should not be used.

 DNS labels are not case-sensitive.

Additionally, Internet registries may have their own restrictions.

6.5.2DNS Hierarchy

The Domain Name System (DNS) is a global hierarchy of distributed name

server databases that contain information on domains and hosts within those
domains. At the top of the DNS hierarchy is the root, which is represented by
the null label, consisting of just a period (.). There are 13 root level servers (A
to M).

Immediately below the root lie the top-level domains (TLDs). There are
several types of top-level domains, but the most prevalent are generic (such
as .com, .org, .net, .info, .biz), sponsored (such as .gov, .edu), and country
code (such as .uk, .ca, .de). DNS is operated by ICANN (icann.org), which also
manages the generic TLDs. Country codes are generally managed by an
organization appointed by the relevant government.

Information about a domain is found by tracing records from the root down
through the hierarchy. The root DNS servers have complete information
about the top-level domain servers. In turn, these servers have information
relating to servers for the second level domains. No name server has
complete information about all domains. Records within the DNS tell them
where an authoritative name server for the missing information is found.
Description

DNS hierarchy. (Images © 123RF.com.)

An FQDN reflects this hierarchy, from most specific on the left (the host's
resource record with its name:IP address mapping) to least specific on the
right (the TLD followed by the root). An example is pc.corp.515support.com.

6.5.3Name Resolution Using DNS

The signal for the name resolution process to commence occurs when a user
presents an FQDN (often within a web address) to an application program,
such as a web browser. The client application, referred to as a stub resolver,
checks its local cache for the mapping. If no mapping is cached, it forwards
the query to its local name server. The IP addresses of one or more name
servers that can act as resolvers are usually set in the TCP/IP configuration.
The resolution process then takes place as follows:
Description

DNS name resolution process. (Images © 123RF.com.)

Most queries between name servers are performed as iterative lookups.

This means that a name server responds to a query with either the
requested record or the address of a name server at a lower level in the
hierarchy that is authoritative for the namespace. It makes no effort to try to
make additional queries to locate information that it does not have. In the
figure, at steps 4 and 5, the root server and .net name server simply pass
the querying server the address of an authoritative name server. They do not
take on the task of resolving the original query for www.515web.net.

A recursive lookup means that if the queried server is not authoritative, it

does take on the task of querying other name servers until it finds the
requested record or times out. The name servers listed in a client's TCP/IP
configuration accept recursive queries. This is the type of querying
performed by the corp.515support.com name server.

A DNS server may be configured to only perform recursive querying (a

resolver), or it may perform recursive querying and maintain zone records, or
it may only maintain zone records. Usually the roles are split, especially if the
servers are open to the Internet. Most Internet-accessible DNS servers
disable recursive queries. Recursive resolvers are typically only accessible by
authorized clients—subscribers within an ISP's network or clients on a private
LAN, for instance.

6.5.4Resource Record Types

DNS name servers maintain the DNS namespace in zones. A single zone
namespace might host records for multiple domains. Conversely,
subdomains within a domain might be managed as multiple zones, possibly
hosted on multiple servers.

A DNS zone will contain numerous resource records. These records allow a
DNS name server to resolve queries for names and services hosted in the
domain into IP addresses. Resource records can be created and updated
manually (statically), or they can be generated dynamically from information
received from client and server computers on the network.

The Start of Authority (SOA) record identifies the primary authoritative

name server that maintains complete resource records for the zone. The
primary name server can be used to modify resource records. The SOA also
includes contact information for the zone and a serial number for version
control.
 Description

Configuring a Start of Authority record in Windows DNS. (Screenshot

courtesy of Microsoft.)

Name server (NS) records identify authoritative DNS name servers for the
zone. As well as the primary name server, most zones are configured with
secondary name servers for redundancy and load balancing. Secondary
name servers hold read-only copies of resource records but can still be
authoritative for the zone.
Resource records configured on a BIND DNS server.

6.5.5Host Address and Canonical Name Records

An address (A) record is used to resolve a host name to an IPv4 address. An

AAAA record resolves a host name to an IPv6 address.

Description

Both types of host records (A and AAAA) plus a CNAME record in Windows
Server DNS. (Screenshot courtesy of Microsoft.)

DNS uses the UDP transport protocol over port 53 by default, and UDP has a
maximum packet size of 512 bytes. Due to the larger address sizes of IPv6,
AAAA records can exceed this limit. This can result in UDP packets being
fragmented into several smaller packets. This can result in these packets
being blocked by firewalls if they are not configured to expect them. Network
administrators should check that their DNS servers can accept these
transmissions and that intermediary components are not blocking them.

A canonical name (CNAME) (or alias) record is used to configure an alias for
an existing address record (A or AAAA). For example, the IP address of a web
server with the host record lamp could also be resolved by the alias www.
CNAME records are also often used to make DNS administration easier. For
example, an alias can be redirected to a completely different host
temporarily during system maintenance.

Multiple different-named resource records can refer to the same IP address

(and vice versa in the case of load balancing).

There is nothing to stop an administrator configuring multiple address

records to point different host names to the same IP address. Using CNAME
records is usually considered better practice, however. It is also possible to
configure multiple A or AAAA records with the same host name but different
IP addresses. This is usually done as a basic load balancing technique,
referred to as round robin DNS.

A name server can be configured to allow automatic creation, updating, and

deletion of host records using Dynamic DNS (DDNS). DDNS allows a client or
DHCP server to configure records, rather than requiring the DNS server
administrator to create and update them manually. In Windows, running
ipconfig /registerdns causes a client to attempt to use DDNS.

6.5.6Mail Exchange, Service, and Text Records

A mail exchange (MX) record is used to identify an email server for the
domain. In a typical network, multiple servers are installed to provide
redundancy, and each one will be represented with an MX record. Each
server record is given a preference value with the lowest numbered entry
preferred. The host identified in an MX record must have an associated A or
AAAA record. An MX record must not point to a CNAME record.

While most DNS records are used to resolve a name into an IP address, a
Service (SRV) record contains the service name and port on which a
particular application is hosted. SRV records are often used to locate VoIP or
media servers. SRV records are also an essential part of the infrastructure
supporting Microsoft’s Active Directory; they are used by clients to locate
domain controllers, for instance. As with MX, SRV records can be configured
with a priority value.
Description

SRV records in Windows Server DNS. (Screenshot courtesy of Microsoft.)

A TXT record is used to store any free-form text that may be needed to
support other network services. A single domain name may have many TXT
records, but most commonly they are used as part of Sender Policy
Framework (SPF) and DomainKeys Identified Mail (DKIM). An SPF record is
used to list the IP addresses or names of servers that are permitted to send
email from a particular domain and is used to combat the sending of spam.
DKIM records are used to decide whether you should allow received email
from a given source, preventing spam and mail spoofing. DKIM can use
encrypted signatures to prove that a message really originated from the
domain it claims.

6.5.7Pointer Records

A DNS server may have two types of zones: forward lookup and reverse
lookup. Forward lookup zones contain the resource records listed previously.
For example, given a name record, a forward lookup returns an IP address;
an MX record returns a host record associated with the domain's mail
services. Conversely, a reverse DNS query returns the host name
associated with a given IP address. This information is stored in a reverse
lookup zone as a pointer (PTR) record.
Description

Reverse lookup zone and pointer records in Windows Server DNS.

(Screenshot courtesy of Microsoft.)

Reverse DNS querying uses a special domain named by the first three octets
of IP addresses in the zone in reverse order and appended with in-addr.arpa.
The name server is configured with a reverse lookup zone. This zone contains
PTR records consisting of the final octet of each host record. For example,
the reverse lookup for a host record containing the IP address 198.51.100.1
is:

1.100.51.198.in-addr.arpa

IPv6 uses the ip6.arpa domain; each of the 32 hex characters in the IPv6
address is expressed in reverse order as a subdomain. For example, the IPv6
address:

2001:0db8:0000:0000:0bcd:abcd:ef12:1234

is represented by the following pointer record:

4.3.2.1.2.1.f.e.d.c.b.a.d.c.b.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa

6.5.8DNS Server Configuration

DNS is essential to the function of the Internet. Windows Active Directory and
most Linux networks also require a DNS service to be running and correctly
configured. It is important to realize that there are different kinds of DNS
servers however, fulfilling different roles in network architecture.

DNS Server Types

A DNS server is usually configured to listen for queries on UDP port 53. Some
DNS servers are also configured to allow connections over TCP port 53, as
this allows larger record transfers (over 512 bytes). Larger transfers might be
required if IPv6 is deployed on the network or if the DNS servers are using a
security protocol (DNSSEC).

A name server can maintain primary and/or secondary zones:

 Primary means that the zone records held on the server are editable. A
zone can be hosted by multiple primary servers for redundancy. As the
zone records are editable on all primaries, changes must be carefully
replicated and synchronized. It is critically important to update the
serial number for each change.

 Secondary means that the server holds a read-only copy of the zone.
This is maintained through a process of replication known as a zone
transfer from a primary name server. A secondary zone would
typically be provided on two or more separate servers to provide fault
tolerance and load balancing. Again, the serial number is a critical part
of the zone transfer process.

A name server that holds complete records for a domain can be defined as
authoritative. This means that a record in the zone identifies the server as a
name server for that namespace. Both primary and secondary name servers
are authoritative.

Servers that don't maintain a zone (primary or secondary) are referred to as

cache-only servers. A non-authoritative answer from a server is one that
derives from a cached record, rather than directly from the zone records.

DNS Caching

Each resource record can be configured with a default time to live

(TTL) value, measured in seconds. This value instructs resolvers how long a
query result can be kept in cache. Setting a low TTL allows records to be
updated more quickly but increases load on the server and latency on client
connections to services. Some common TTL values include 300 (five
minutes), 3,600 (one hour), 86,400 (one day), and 604,800 (one week).

DNS caching is performed by both servers and client computers. In fact,

each application on a client computer might be configured to manage its
own DNS cache. For example, separate web browser applications typically
maintain their own caches rather than relying on a shared OS cache.
If there is a change to a resource record, server and client caching means
that the updated record can be relatively slow to propagate around the
Internet. These changes need to be managed carefully to avoid causing
outages. Planning for a record change involves reducing the TTL in the period
before the change, waiting for this change to propagate before updating the
record, and then reverting to the original TTL value when the update has
safely propagated.

6.5.9Internal vs External DNS

As well as making sure that resource records for the managed domain(s) are
accurate, administrators should ensure that DNS services are highly
available and secure, to prevent DNS spoofing, where an attacker is able to
supply false name resolutions to clients.

A company will use primary and secondary name servers to maintain

authoritative zone records for the domains that it manages. Internal DNS
zones refer to the domains used on the private network only. These name
records should only be available to internal clients. For example, a company
might run a Windows Active Directory network using the domain name

corp.515support.com

. The zone records for the subdomain

corp.515support.com

would be served from internal name servers. This would allow a client PC (

pc1.corp.515support.com

) to contact a local application server (

crm.corp.515support.com

). The name servers hosting these internal subdomain records must not be
accessible from the Internet.

External DNS zones refer to records that Internet clients must be able to
access. For example, the company might run web and email services on the
domain

515support.com

. In order for Internet hosts to use a web server at

www.515support.com
or send email to an

@515support.com

address, the zone records for 515support.com must be hosted on a name

server that is accessible over the Internet.

Companies must also provide name resolution services to support their

internal clients contacting other domains. The function of a resolver is to
perform recursive queries in response to requests from client systems (stub
resolvers). If a name server is not authoritative for the requested domain, it
can either perform a recursive query to locate an authoritative name server
or it can forward the request to another name server. A recursive resolver
must be configured with a root hints file so that it can query the whole DNS
hierarchy from the root servers down. DNS servers should allow recursive
queries only from authorized internal clients. It is also a good idea to
separate the DNS servers used to host zone records from ones used to
service client requests for nonauthoritative domains.

It is possible for the same DNS server instance to perform in both name
server and resolver roles, but more typically these functions are separated to
different servers for security reasons.

As an alternative to recursion (or to supplement it), name servers can be

configured to resolve queries via forwarding. A forwarder transmits a client
query to another DNS server and routes the replies it gets back to the client.
A conditional forwarder performs this task for certain domains only. For
example, you might configure a DNS server that is authoritative for the local
private network (internal DNS), but that forwards any requests for Internet
domains to an external DNS resolver run by your ISP.

6.5.10DNS Security

DNS is a critical service that should be configured to resist spoofing and

poisoning attacks. These attacks mean that a threat actor changes the
record returned by a DNS query to point to a different IP address, potentially
redirecting the victim machine to connect to a malicious host.

DNS Security Extensions

DNS Security Extensions (DNSSEC) help to mitigate against spoofing and

poisoning attacks on DNS servers by providing a validation process for DNS
responses. With DNSSEC enabled, the authoritative server for the zone
creates a "package" of resource records (called an RRset) signed with a
private key (the Zone Signing Key). When another server requests a secure
record exchange, the authoritative server returns the package along with its
public key, which can be used to verify the signature.

The public Zone Signing Key is itself signed with a separate Key Signing Key.
Separate keys are used so that if there is some sort of compromise of the
Zone Signing Key, the domain can continue to operate securely by revoking
the compromised key and issuing a new one.

Description

Windows Server DNS services with DNSSEC enabled. (Screenshot used with
permission from Microsoft.)

The Key Signing Key for a particular domain is validated by the parent
domain or host ISP. The top-level domain trusts are validated by the Regional
Internet Registries, and the DNS root servers are self-validated, using a type
of M-of-N control group key signing. This establishes a chain of trust from the
root servers down to any particular subdomain.

DNS Client Security

Where DNSSEC validates the records held by a name server, DNS client
security uses transport encryption to prevent an on-path threat actor
tampering with responses to DNS queries. There are two main protocols for
securing DNS queries:

 DNS over transport layer security (DoT)—This uses Transport

Layer Security (TLS) to validate the resolver name server's digital
certificate. This mitigates the risk of a threat actor using a rogue DNS
server to spoof the legitimate one. If the client trusts the certificate,
the subsequent DNS traffic will be encrypted. DoT works over TCP port
853.

 DNS over hypertext transfer protocol secure (DoH)—This also

validates the resolver certificate and encrypts the DNS traffic but does
so by encapsulating it within HTTP Secure packets. This uses the HTTPS
standard port TCP/443, which completely disguises the fact that the
client is making DNS queries. The downside is that the additional HTTP
headers add overhead to each query and response.

As well as protecting against malicious attacks, DoH and DoT provide better
privacy. Plain text queries can be read by anyone operating a network
appliance in the path between the client and resolver. Encrypting the queries
and responses prevents this type of snooping. Conversely, administrators of
a corporate network need to ensure that clients use authorized resolvers and
will often prefer to monitor DNS traffic.

6.5.11 Lab: Configure DNS Addresses

Candidate: Catalina Adams ()

Time Spent: 03:00

Score: 100%

Task Summary

Required Actions

Use static DNS server addresses

Add 208.67.222.222 as a DNS server

Add 208.67.222.220 as a DNS server

Explanation
While completing this lab, use the following DNS information:

 Preferred DNS server: 208.67.222.222

 Alternate DNS server: 208.67.222.220

Complete this lab as follows:

1. Access the Ethernet properties dialog.

a. Under Dorm Room, select Dorm-PC.

b. Right-click the Network icon in the taskbar's notification area

and select Network and Internet settings.

c. From the right pane, select Ethernet.

d. Under DNS server assignment, select Edit.

2. Configure the new DNS addresses.

a. Under Edit DNS settings, select Manual.

b. Select IPv4 to toggle it to On.

c. Enter the Preferred DNS.

d. Enter the Alternate DNS.

e. Select Save.

6.5.12 Lab: Create Standard DNS Zones

Time Spent: 12:58

Score: 100%

Task Summary

Required Actions

Create the acct.CorpNet.local primary forward lookup DNS zone on

CorpDCShow Details

Allow zone transfers to any server

Create the acct.CorpNet.local secondary zone on CorpDC3Show Details

Configure CorpDC (192.168.0.11) as the master server for the zone

Explanation

Complete this lab as follows:

1. Access the CorpDC virtual server.

a. From Hyper-V Manager, select CORPSERVER.

b. Double-click CorpDC to connect to the server.

c. Maximize the window for better viewing.

2. Create a primary forward lookup zone.

a. From Server Manager, select Tools > DNS.

b. Maximize the window for better viewing.

c. Expand CORPDC (the server that will host the zone).

d. Right-click Forward Lookup Zones and select New Zone.

e. In the New Zone wizard, select Next.

f. Make sure Primary zone is selected.

g. Clear Store the zone in Active Directory (this option is only

available for domain controllers) and then select Next.

h. In the Zone name field, enter acct.CorpNet.local for the zone

and then select Next.

i. Verify that Create a new file with this file name is selected and
then click Next.

j. Make sure Do not allow dynamic updates is selected and then

click Next.

k. Select Finish to complete the New Zone wizard.

3. Configure zone transfers.

a. Expand Forward Lookup Zones.

b. Right-click acct.CorpNet.local (the new zone) and

select Properties.

c. Select the Zone Transfers tab.

 d. Verify that Allow zone transfers is selected.

e. Select To any server.

f. Select OK.

4. Create a forward secondary zone.

a. Expand CORPDC3 (the server that will host the new zone).

b. Right-click Forward Lookup Zones and then select New Zone.

c. Select Next.

d. Select Secondary zone as the zone type and then select Next.

e. In the Zone name field, enter acct.CorpNet.local and then

select Next.

f. In the Master Servers box, select Click here.

g. Enter 192.168.0.11 or CorpDC.CorpNet.Local as the server

that hosts a copy of the zone.

h. Press Enter or click away from the IP address to begin validation.

i. After validation is complete, select Next.

j. Click Finish to complete the New Zone wizard.

6.5.13Lab: Create Host Records

1. Access the CorpDC virtual server.

a. From Hyper-V Manager, select CORPSERVER.

b. Double-click CorpDC to connect to the server.

c. Maximize the window for better viewing.

2. Create a primary reverse lookup zone.

a. From Server Manager, select Tool > DNS.

b. Expand CORPDC.

c. Right-click Reverse Lookup Zones and select New Zone.

d. Select Next.

e. Make sure that Primary zone is selected.

 f. Make sure that Store the zone in Active Directory is selected and
then select Next.

g. Keep the default replication scope setting and select Next.

h. Keep the default reverse lookup zone settings and select Next.

i. For Network ID, use 192.168.0 as the network ID.

j. Select Next.

k. Keep the default dynamic update settings and then select Next.

l. Select Finish.

3. Create a host (A) and associated pointer (PTR) record.

a. From DNS Manager, expand Forward Lookup Zones.

b. Right-click CorpNet.local and select New Host (A or AAAA).

c. In the Name field, enter the hostname.

d. In the IP address field, enter the IP address.

e. Select Create associated pointer (PTR) record as needed.

The reverse lookup zone must exist for this record to be created.

f. Select Add Hosts.

g. Select OK for the prompt shown.

h. Repeat steps 3c through 3g to add the additional host records.

i. Select Done.

6.5.14 Lab: Create CNAME Records

Candidate: Catalina Adams ()

Time Spent: 04:23

Score: 100%

Task Summary

Required Actions

Create the ALIAS (CNAME) record with a blank name pointing to

CorpWeb.CorpNet.localShow Details
Create the intranet ALIAS (CNAME) record pointed to
CorpWeb.CorpNet.localShow Details

Create the www ALIAS (CNAME) record pointed to

CorpWeb.CorpNet.localShow Details

Explanation

Complete this lab as follows:

1. Access the CorpDC virtual server.

a. From Hyper-V Manager, select CORPSERVER.

b. Double-click CorpDC to connect to the server.

c. Maximize the window for better viewing.

2. For the sales.private zone, create the ALIAS (CNAME) record with
a blank name pointing to CorpWeb.CorpNet.local.

a. From Server Manager, select Tools > DNS.

b. Maximize the window for better viewing.

c. Expand CORPDC > Forward Lookup Zones.

d. Right-click the sales.private zone and select New Alias

(CNAME).

e. Configure the new record as follows:

 Alias name: Leave blank

 Fully qualified domain name (FQDN) for target

host: CorpWeb.CorpNet.local

f. Select OK.

3. For the sales.private zone, create the intranet ALIAS (CNAME) record
pointed to CorpWeb.CorpNet.local.

a. Right-click the sales.private zone and select New Alias

(CNAME).

b. Configure the new record as follows:

 Alias name: intranet

  Fully qualified domain name (FQDN) for target
host: CorpWeb.CorpNet.local

c. Select OK.

4. For the sales.private zone, create the www ALIAS (CNAME) record
pointed to CorpWeb.CorpNet.local.

a. Right-click the sales.private zone and select New Alias

(CNAME).

b. Configure the new record as follows:

 Alias name: www

 Fully qualified domain name (FQDN) for target

host: CorpWeb.CorpNet.local

c. Select OK.

6.6.1Client DNS Issues

A DNS issue is typically indicated when a host can ping a server by its IP
address, but not by its name.

When a host receives a client request to access a name and it does not have
the IP mapping cached, it asks a name server configured as a resolver to
perform the lookup and return the IP address. As name resolution is a critical
service, most hosts are configured with primary and secondary name server
resolvers for redundancy. The server addresses are entered as IPv4 and IPv6
addresses. In a majority of cases, these addresses are likely to be
autoconfigured via DHCP.

If a single client is unable to resolve names, the issue is likely to lie with that
client's configuration. In Windows, you can view the name servers configured
as resolvers using ipconfig /all. In Linux, the DNS server addresses are
recorded in /etc/resolv.conf. Typically, a package such as NetworkManager or
systemd-networkd would add the entries. Entries added directly will be
overwritten at reboot.

If a host cannot resolve names, check that the correct name server
addresses have been configured and that you can ping them. If there are
configuration errors, either correct them (if the interface is statically
configured) or investigate the automatic addressing server. If there are
connectivity errors, check the network path between the host and its name
servers.

If multiple clients are affected, the issue is likely to lie with the server service
(or the way a subnet accesses the server service). Check that the server
configured as a DNS resolver is online and available (that you can ping the
server from the client). Bear in mind that DHCP might be configuring DNS
server settings incorrectly. Check the server options or scope options
configuration on the DHCP server as well.

While we are focusing on name resolution via DNS here, note that a host can
use multiple methods, especially on Windows workgroup networks. Link Local
Multicast Name Resolution (LLMNR) and Multicast DNS (mDNS) are modified
forms of DNS that allow clients to perform name resolution on a local link
without needing a server.

Hosts have a system DNS configuration, but apps such as browsers might
use separately configured name servers.

6.6.2Name Resolution Issues

If some DNS queries work from the client, but others don't, then the problem
is more complex. When you perform a successful connectivity test by IP
address, and have verified that the host's DNS resolvers are working, and the
target host or service still does not respond to pinging it by name, you need
to check for a fault within the name resolution process.

Name Resolution Methods

To troubleshoot name resolution, you should establish exactly how the

process works on that specific host. A host can use a variety of methods to
resolve a name to an IP address. In very general terms, these will be as
follows:

1. Check local name caches. One complication here is that there are
different types of cache and separate caches for individual
applications, such as web browsers. On Windows, you can
use ipconfig /displaydns and ipconfig /flushdns to monitor and clear the
system's DNS cache.

2. Check HOSTS. The HOSTS file is a static list of host name to IP address
mappings. The local resolver is likely to try to use any HOSTS file
mappings first (or the mappings might be cached automatically). The
 default location under Windows is %SystemRoot%\system32\drivers\
etc\, while under Linux it is usually placed in the /etc directory. In most
cases, HOSTS should not contain any entries (other than the loopback
address). Any static entries in HOSTS could be the cause of a name
resolution issue. The file can also be used for troubleshooting.

Any text preceded by the # symbol in a HOSTS file is a comment and will
not be processed. To verify a name resolution problem, edit the HOSTS file
and place the correct name and IP address record in the file for the test host.
When you ping that name, if that is successful, it suggests a name resolution
service problem.

3. Verify DNS records using the nslookup or dig tools. There might be
some discrepancy between the records returned by the resolver
compared to the records configured on the authoritative DNS server
that maintains the zone.

Use the nslookup or dig utilities to check what records are returned by the
resolver. If trying to connect to an Internet resource, compare these records
to those returned by public resolvers (such as Google's servers at 8.8.8.8).
Consider whether clients have cached a record that has been changed
recently. Reconfiguration of DNS records should be planned and implemented
carefully to avoid caching problems.

6.6.3nslookup

Name resolution troubleshooting typically involves testing multiple clients

and servers. The use of caching and the distributed nature of the system
means that configuration errors can occur in several different places.

You might start investigating a name resolution issue by verifying the name
configured on a host. In Windows, you can use the command ipconfig /all to
display the FQDN of the local host. In Linux, you can use the
command hostname --fqdn.

On a local network, each host is normally configured with a DNS suffix. For
example, PC1 might be configured as part of a Windows network with the
suffix ad.example.local. If this suffix is not set correctly, some name queries
could fail.

You can troubleshoot DNS name resolution with the nslookup command:

nslookup -Option Host DNSServer

Host can be either a host name, domain name, FQDN, or IP
address. DNSServer is the IP address of a server used to resolve the query;
the default DNS server is used if this argument is omitted. Option specifies
an nslookup subcommand. For example, the following command queries
Google's public DNS server (8.8.8.8) for information about 515support.com's
mail records:

nslookup -type=mx 515support.com 8.8.8.8

If nslookup is run without any arguments (or by specifying the server only
with nslookup – DNSServer), the tool is started in interactive mode. You can
perform specific query types and output the result to a text file for analysis.

Description

The first two nslookup commands identify comptia.org's MX and primary

name server records using Google's public DNS resolver (8.8.8.8). Note that
the answers are non-authoritative. The third command queries CompTIA's
name server for the MX record. This answer is authoritative. (Screenshot
courtesy of Microsoft.)

The Windows PowerShell environment provides a more sophisticated scripted

environment that you can use to issue cmdlets to test DNS name resolution
(and change DNS settings as well, if required). PowerShell provides a cmdlet
called Resolve-DnsName, which allows a more flexible method of testing
name resolution than nslookup, as it allows testing of the different methods
of name resolution (HOSTS file, DNS cache, and DNS server).
6.5.17 Lesson Review

 print

 close modal

Candidate: Catalina Adams (mar2492014)

Date: 1/18/2025, 11:12:28 PM • Time Spent: 07:01

Score: 100%

Passing Score: 80%

Individual ResponsesObjective Analysis

 Question 1.

Can the same domain name be registered within different top-level

domains?

Correct

 Question 2.

Correct

An administrator ran a command and determined that the FQDN of a client is

forbes.sales.realty.com.

What is the hostname of the client?

answer

com

realty

Correct Answer:

forbes

sales

Explanation

A fully qualified domain name (FQDN) consists of the hostname and a

domain suffix. In this domain, forbes is the hostname and the domain suffix
is sales.realty.com.
A fully qualified domain name (FQDN) consists of the hostname and a
domain suffix. In this domain, the suffix .com is the top-level domain.

A fully qualified domain name (FQDN) consists of the hostname and a

domain suffix. In this domain, sales is a domain name within the top-level
domain .com.

A fully qualified domain name (FQDN) consists of the hostname and a

domain suffix. In this domain, realty is a domain name within the top-level
domain .com.

References

o 6.5.1 Host Names and Domain Names

o 6.5.2 DNS Hierarchy

o 6.5.3 Name Resolution Using DNS

o 6.5.4 Resource Record Types

o 6.5.5 Host Address and Canonical Name Records

o 6.5.6 Mail Exchange, Service, and Text Records

o 6.5.7 Pointer Records

o 6.5.8 DNS Server Configuration

o 6.5.9 Internal vs External DNS

o 6.5.10 DNS Security

o 6.5.11 Lab: Configure DNS Addresses

o 6.5.12 Lab: Create Standard DNS Zones

o 6.5.13 Lab: Create Host Records

o 6.5.14 Lab: Create CNAME Records

o 6.5.15 Lab: Troubleshoot DNS Records

o 6.5.16 Configuring DNS Caching on Linux

o 6.6.1 Client DNS Issues

o 6.6.2 Name Resolution Issues

o 6.6.3 nslookup
 o 6.6.4 dig

o 6.6.5 Lab: Explore nslookup

o 6.6.6 Lab: Use nslookup

resources\text\t_dns_overview_n09\
q_dns_overview_hostname_example_n09.question.xml

 Question 3.

Correct

What type of information does a root DNS server contain?

answer

Complete information about all domains

Only information about second-level domains

Correct Answer:

Complete information about top-level domain servers

Only information about country code domains

Explanation

Root DNS servers contain complete information about top-level domain

servers, enabling the hierarchical and distributed nature of the DNS system.

No single server contains complete information about all domains; the DNS is
distributed.

Root servers contain information about all types of TLDs, not just country
codes.

Root servers contain information about TLD servers, which in turn know
about second-level domains.

References

o 6.5.1 Host Names and Domain Names

o 6.5.2 DNS Hierarchy

o 6.5.3 Name Resolution Using DNS

o 6.5.4 Resource Record Types

 o 6.5.5 Host Address and Canonical Name Records

o 6.5.6 Mail Exchange, Service, and Text Records

o 6.5.7 Pointer Records

o 6.5.8 DNS Server Configuration

o 6.5.9 Internal vs External DNS

o 6.5.10 DNS Security

o 6.5.11 Lab: Configure DNS Addresses

o 6.5.12 Lab: Create Standard DNS Zones

o 6.5.13 Lab: Create Host Records

o 6.5.14 Lab: Create CNAME Records

o 6.5.15 Lab: Troubleshoot DNS Records

o 6.5.16 Configuring DNS Caching on Linux

o 6.6.1 Client DNS Issues

o 6.6.2 Name Resolution Issues

o 6.6.3 nslookup

o 6.6.4 dig

o 6.6.5 Lab: Explore nslookup

o 6.6.6 Lab: Use nslookup

resources\text\t_dns_structure_n09\
q_dns_structure_root_server_info_n09.question.xml

 Question 4.

Correct

An IT support technician receives a call from a user complaining that they

cannot access the website www.examplecorp.com. The user has already
tried clearing their browser cache and restarting their computer but to no
avail.

The technician decides to troubleshoot the issue starting with DNS

resolution.
Which of the following steps should the technician take first to diagnose the
problem?

answer

Immediately escalate the issue to the network administrator without further

diagnosis.

Directly modify the user's hosts file to include the IP address for
www.examplecorp.com.

Instruct the user to bypass their local DNS server by changing their DNS
settings to a public DNS service.

Correct Answer:

Check to see if the user's computer can resolve other domain names.

Explanation

Checking if the user's computer can resolve other domain names is the first
step and helps determine if the issue is isolated to www.examplecorp.com or
if it's a broader DNS resolution problem. If other domain names resolve
correctly, the issue might be specific to the www.examplecorp.com domain,
possibly indicating a problem with the authoritative DNS server for that
domain or a propagation issue.

Modifying the hosts file is a workaround rather than a solution to the

underlying problem. It might temporarily allow the user to access the
website, but it doesn't address the DNS resolution failure. Additionally, this
approach can lead to future connectivity issues if the website's IP address
changes.

Escalating the issue without performing basic troubleshooting steps is

premature. It's essential to gather more information about the problem to
provide the network administrator with useful details if escalation becomes
necessary.

While changing to a public DNS service might resolve the issue, it's a more
invasive first step compared to simply checking if other domain names can
be resolved. It's better to start with less disruptive troubleshooting steps.

References

o 6.5.1 Host Names and Domain Names

o 6.5.2 DNS Hierarchy

 o 6.5.3 Name Resolution Using DNS

o 6.5.4 Resource Record Types

o 6.5.5 Host Address and Canonical Name Records

o 6.5.6 Mail Exchange, Service, and Text Records

o 6.5.7 Pointer Records

o 6.5.8 DNS Server Configuration

o 6.5.9 Internal vs External DNS

o 6.5.10 DNS Security

o 6.5.11 Lab: Configure DNS Addresses

o 6.5.12 Lab: Create Standard DNS Zones

o 6.5.13 Lab: Create Host Records

o 6.5.14 Lab: Create CNAME Records

o 6.5.15 Lab: Troubleshoot DNS Records

o 6.5.16 Configuring DNS Caching on Linux

o 6.6.1 Client DNS Issues

o 6.6.2 Name Resolution Issues

o 6.6.3 nslookup

o 6.6.4 dig

o 6.6.5 Lab: Explore nslookup

o 6.6.6 Lab: Use nslookup

resources\text\t_dns_resolution_n09\
q_dns_resolution_resolve_domain_names_scenario_n09.question.xml

 Question 5.

Correct

What does the Start of Authority (SOA) record identify?

answer

The dynamic resource records in the zone

The most frequently visited domain in the zone

Correct Answer:

The primary authoritative name server for the zone

The secondary name servers in the zone

Explanation

The SOA record identifies the primary authoritative name server that
maintains complete resource records for the zone, including modifications.

The SOA record does not track domain visitation frequency.

The SOA record specifies the primary, not secondary, name servers.

The SOA record does not specifically identify dynamic resource records.

References

o 6.5.3 Name Resolution Using DNS

o 6.5.4 Resource Record Types

o 6.5.6 Mail Exchange, Service, and Text Records

o 6.5.8 DNS Server Configuration

o 6.5.9 Internal vs External DNS

resources\text\t_dns_resource_n09\
q_dns_resource_soa_record_identifry_n09.question.xml

 Question 6.

Correct

What is the primary purpose of an Address (A) record in DNS?

answer

Correct Answer:

To resolve a host name to an IPv4 address

To resolve a host name to an IPv6 address

To redirect traffic to another domain

To resolve a domain name to an email address

Explanation

The correct answer is to resolve a host name to an IPv4 address. An Address

(A) record is specifically used in DNS to map a host name to its
corresponding IPv4 address, allowing internet traffic to find the correct
server.

An A record is used for IP address mapping, not email addresses.

Redirecting traffic to another domain is the function of a CNAME record, not

an A record.

Resolving a host name to an IPv6 address is the purpose of an AAAA record,

not an A record.

References

o 6.5.5 Host Address and Canonical Name Records

o 6.5.13 Lab: Create Host Records

resources\text\t_dns_cname_n09\
q_dns_cname_address_a_purpose_n09.question.xml

 Question 7.

Correct

What is the purpose of using round robin DNS?

answer

To increase DNS security

To decrease DNS lookup times

To create a backup DNS server

Correct Answer:

To distribute network traffic across multiple servers

Explanation

Round robin DNS is a technique used to distribute network traffic evenly

across multiple servers by configuring multiple A or AAAA records with the
same hostname but different IP addresses.

Round robin DNS is used for load balancing, not specifically for increasing
security.
Round robin DNS does not necessarily decrease DNS lookup times; its
primary purpose is load balancing.

Creating a backup DNS server is not the purpose of round robin DNS; it's
about load distribution.

References

o 6.5.5 Host Address and Canonical Name Records

o 6.5.13 Lab: Create Host Records

resources\text\t_dns_cname_n09\
q_dns_cname_round_robin_n09.question.xml

 Question 8.

Correct

What is the significance of the priority value in MX records?

answer

Determines the encryption level

Correct Answer:

Specifies the preferred server in a list of servers

Identifies the email server's IP address

Stores free-form text

Explanation

The correct answer is that it specifies the preferred server in a list of servers.
The priority value in MX records helps in determining the order in which
email servers should be tried, with lower values being tried first.

Priority values are for server selection, not encryption.

MX records point to domains, not directly to IP addresses.

Priority values are numerical and used for ordering, not for storing text.

References

o 6.5.6 Mail Exchange, Service, and Text Records

o 6.6.3 nslookup
 o 6.6.4 dig

resources\text\t_dns_mx_n09\q_dns_mx_priority_value_n09.question.xml

 Question 9.

Correct

What does an MX record require to function correctly?

answer

Correct Answer:

An associated A or AAAA record

Encryption

An associated CNAME record

A priority value of 10

Explanation

An MX record must point to a domain that has an A (IPv4) or AAAA (IPv6)

record to resolve to an IP address, which is essential for routing emails.

MX records should not point to CNAME records as per DNS standards.

The priority value can be any number, not specifically 10.

MX records are concerned with email routing, not encryption.

References

o 6.5.6 Mail Exchange, Service, and Text Records

o 6.6.3 nslookup

o 6.6.4 dig

resources\text\t_dns_mx_n09\
q_dns_mx_record_requirement_n09.question.xml

 Question 10.

Correct

What domain is used for reverse DNS querying of IPv6 addresses?

answer
ipv6.arpa

Correct Answer:

ip6.arpa

reverse.ipv6

in-addr.arpa

Explanation

For IPv6 addresses, reverse DNS queries use the ip6.arpa domain. Each hex
character of the IPv6 address is reversed and used as a subdomain in this
domain.

in-addr.arpa is used for IPv4 addresses, not IPv6.

ipv6.arpa is not the correct domain for reverse DNS querying of IPv6
addresses.

reverse.ipv6 is not a valid domain used in DNS for reverse querying of IPv6
addresses.

References

o 6.5.7 Pointer Records

o 6.5.8 DNS Server Configuration

o 6.5.9 Internal vs External DNS

o 6.5.13 Lab: Create Host Records

resources\text\t_dns_pointer_n09\
q_dns_pointer_ipv6_domain_n09.question.xml

 Question 11.

Correct

What is the purpose of a secondary DNS server?

answer

To edit and update DNS records

To provide authoritative answers only

To serve as the primary source of DNS records

Correct Answer:

To hold a read-only copy of the zone

Explanation

Secondary DNS servers hold a read-only copy of the zone for fault tolerance
and load balancing, which is maintained through replication from a primary
name server. This setup provides fault tolerance and load balancing.

Secondary DNS servers do not edit records, serve as the primary source, or
exclusively provide authoritative answers.

References

o 6.5.8 DNS Server Configuration

resources\text\t_dns_config_n09\
q_dns_config_secondary_server_purpose_n09.question.xml

 Question 12.

Correct

What is the primary function of external DNS zones?

answer

To facilitate security for DNS management

Correct Answer:

To provide name resolution services for Internet clients needing to access

public services

To perform recursive queries for internal DNS servers

To facilitate internal clients' access to internal network resources

Explanation

The correct answer is to provide name resolution services for Internet clients
needing to access public services. External DNS zones are designed to
manage and provide the DNS records that Internet clients require to access
an organization's public-facing services, such as websites and email servers.
This enables users on the Internet to locate these services using domain
names.
While security is a critical aspect of DNS management, the primary function
of external DNS zones is not to secure internal resources but to make certain
services accessible to the Internet. Security measures are implemented to
protect the DNS infrastructure, but they are not the primary function of
external DNS zones.

This describes the function of internal DNS zones, not external DNS zones.
Internal DNS zones are used within a private network to resolve domain
names of internal resources, not for facilitating access to public services by
Internet clients.

Performing recursive queries is a function of DNS resolvers, not a specific

purpose of external DNS zones. External DNS zones are concerned with
hosting DNS records for public access, not querying other servers for DNS
resolution.

References

o 6.5.3 Name Resolution Using DNS

o 6.5.9 Internal vs External DNS

o 6.5.12 Lab: Create Standard DNS Zones

o 6.5.13 Lab: Create Host Records

o 6.5.14 Lab: Create CNAME Records

resources\text\t_dns_internal_n09\
q_dns_internal_external_server_purpose_n09.question.xml

 Question 13.

Correct

What role does a resolver play in DNS?

answer

It hosts zone records for internal and external domains.

Correct Answer:

It performs recursive queries in response to client requests.

It separates internal from external DNS zones.

It supplies false name resolutions to clients.

Explanation

A resolver is responsible for handling DNS queries from clients. If the resolver
does not have the answer in its cache, it performs recursive queries up the
DNS hierarchy to find the authoritative server for the requested domain,
thereby providing the correct IP address to the client.

Hosting zone records is the role of a DNS server acting as an authoritative

name server, not a resolver.

Supplying false name resolutions is a description of DNS spoofing, not a

legitimate function of a resolver.

Separating internal from external DNS zones is a network design and security
consideration, not a function of a resolver.

References

o 6.5.3 Name Resolution Using DNS

o 6.5.9 Internal vs External DNS

resources\text\t_dns_internal_n09\
q_dns_internal_resolver_role_n09.question.xml

 Question 14.

Correct

In DNSSEC, what happens if the Zone Signing Key is compromised?

answer

Correct Answer:

The key is revoked and a new one is issued.

The Key Signing Key must also be replaced.

The entire domain must be taken offline.

DNSSEC becomes ineffective and must be disabled.

Explanation

If the Zone Signing Key is compromised, it can be revoked and a new one
issued, allowing the domain to continue to operate securely. This is a key
feature of DNSSEC's design for resilience.

It is not necessary to take the entire domain offline if a ZSK is compromised.

DNSSEC does not become ineffective; it has mechanisms for key revocation
and replacement.

Only the compromised ZSK needs to be replaced, not necessarily the KSK.

References

o 6.5.10 DNS Security

resources\text\t_dns_security_n09\
q_dns_security_compromised_key_n09.question.xml

 Question 15.

Correct

Which protocol uses Transport Layer Security (TLS) to secure DNS queries?

answer

Correct Answer:

DNS over DoT

DNS over SSL (DoS)

DNS over HTTPS (DoH)

Secure DNS (SDNS)

Explanation

The correct answer is DNS over Transport Layer Security (DoT). DoT uses TLS
to validate the resolver name server's digital certificate and encrypt DNS
traffic, providing security against tampering by threat actors.

DoH uses HTTPS to secure DNS queries, not TLS directly.

DNS over SSL (DoS) is not a recognized standard for securing DNS queries.

Secure DNS (SDNS) is a broad term and not a specific protocol like DoT.

References

o 6.5.10 DNS Security

resources\text\t_dns_security_n09\
q_dns_security_dns_over_dot_n09.question.xml

6.5.15Lab: Troubleshoot DNS Records

6.2.8Lab: Create DHCP Client Reservations

6.2.10Lab: Configure Client Addressing for DHCP

6.2.10Lab: Configure Client Addressing for DHCP

The network at your company is configured to use DHCP. The help desk
received a report about a desktop in Office 2 having connection issues. Your
task is to evaluate and resolve the problem.

Access the Office2 computer and do the following:

6.2.10 Lab: Configure Client Addressing for DHCP

Candidate: Catalina Adams ()

Time Spent: 01:13

Score: 100%

Task Summary

Required Actions and Questions

Q1Does Office2 have internet access?

Your answer:No

Correct answer:No
Q2How is the ip address currently allocated?

Your answer:Manual

Correct answer:Manual

Alter Ethernet to use DHCP for ip assignments.Show Details

Explanation Click to open/close text to speech

Complete the following in order:

1. View the current connection status.

a. From the Floor 1 Overview, under Office 2, select Office2.

b. Perform one of the following:

Hover over the network icon in the system tray or

Select Start > Settings > Network & internet.

c. Select Questions and answer question 1.

d. Minimize the Lab Questions dialog.

2. Determine how the IP address is currently assigned.

1. From Network & internet settings, select Ethernet.

2. Select Questions and answer question 2.

3. Minimize the Lab Questions dialog.

3. Make any necessary changes to fix the connection issues.

1. To the right of the IP assignment, select Edit.

2. In the Edit IP settings dialog, use the dropdown menu and

select Automatic (DHCP).

3. Select Save and notice Office2 has a connection.

6.3.4Lab: Explore APIPA Addressing

6.3.5Lab: Explore APIPA Addressing in Network Modeler

As network technician, you received the assignment to research and resolve

connectivity issues on the first floor. As part of this exercise you will
encounter Automatic Private IP Addressing (APIPA). You will need to learn
about APIPA and apply the appropriate fix.

Automatic Private IP Addressing (APIPA) is a feature of the Windows

operating system. When a Windows device cannot receive an ip address from
a DHCP server, APIPA allows the device to assign an ip address to itself. The
reserved set of addresses for APIPA includes 169.254.0.1 - 169.254.255.254,
using the subnet mask of 255.255.0.0.

To complete this task, do the following:

1. Discover the Exec computer IP address, and explore connectivity to

other computers.
 o From the Executive Office, select Exec.

o Run ipconfig and answer question 1.

o Use the ping command to test connectivity to:

 The default gateway ip address 192.168.0.5

 Office1 computer.

 Office2 computer.

o Answer question 2.

2. Discover the Office1 computer IP address, and explore connectivity to

other computers.

o From Office 1, select Office1.

o Run ipconfig and answer question 3.

o Ping the following devices:

 The default gateway ip address 192.168.0.5.

 Office2 computer.

 Exec computer.

o Answer question 4.

3. Discover the Office2 computer IP address, and explore connectivity to

other computers.

o From Office 2, select Office2.

o Run ipconfig and answer question 5.

o Ping the following devices:

 The default gateway ip address 192.168.0.5.

 Office1 computer.

 Exec computer.

o Answer questions 6 and 7.

4. From CorpServer in Hyper-V Manager, activate CorpDHCP Subnet1.

o From the Networking Closet, select CorpServer.

 o Select CORPSERVER in Hyper-V Manager.

o Open the CorpDHCP virtual machine.

o From the Tools menu, select DHCP.

o Expand CorpDHCP and IPv4.

o Notice that the folder icon for the Subnet1 Scope displays a red
arrow, indicating it is not active.

o Right-click Scope [198.168.0.1] Subnet1 and select Activate.

5. Return to the Office1 computer.

o Run ipconfig and answer question 8.

o Ping the default gateway to verify connectivity.

6.4.4Lab: Configure a DHCP Relay Agent
You just installed DHCP service on the CorpDHCP server. You
configured two scopes. The scope for Building A (Subnet1) is
configured on the 192.168.0.0 network. The scope for Building B
(Subnet2) is configured on the 192.168.10.0 network. After
activating the scopes, you find that clients on Subnet1 receive IP
addressing information from the DHCP server, but clients on
Subnet2 have IP addresses in the 169.254.0.0/16 range. You realize
that DHCP messages are not being forwarded through the router.

In this lab, your task is to:

 Use Routing and Remote Access to configure CorpServer2 as a

DHCP Relay Agent by performing the following:

o Add the DHCP Relay Agent routing protocol.

o Add NetTeam as a DHCP Relay Agent interface.

o Set the boot threshold to 0.

o Configure the DHCP Relay Agent properties to identify

192.168.0.14 as the DHCP server.

 Renew the TCP/IP information on Exec2 (the client machine in

Building B).

 Verify that Exec2 has a network connection.

6.4.5Lab: Add a DHCP Server on Another Subnet

You have just authorized the CorpDHCP server to assign IP addresses to

client workstations on the 192.168.10.0 subnet. You now need to create an
IPv4 scope on the CorpDHCP server for an address range on this subnet.

In this lab, your task is to:

 Create an IPv4 scope on CorpDHCP using the following specifications:

o IPv4 scope name: Sales

 o Address range: 192.168.10.21 to 192.168.10.199

o Default gateway: 192.168.10.5

o DNS servers: 198.28.56.108 and 163.128.78.93

 Activate the new scope upon completion.

6.4.6Lab: Troubleshoot Address Pool Exhaustion

Multiple employees in the marketing department have reported connectivity

issues to the Help Desk. However, they did mention that some employees
are not experiencing problems. The ticket was escalated to you for
resolution. You believe it could be related to some recent DHCP updates that
other team members made.

In this lab, you analyze and correct the configuration problems. Do the
following:

1. Run ipconfig /all on the seven marketing computers.

 o Use the ethernet adapter information to answer questions 1-3.

2. On the first floor, under the Networking Closet, select CorpServer.

o Open the CorpDHCP virtual machine.

o Select Tools and then DHCP.

o Open the properties for the Scope [192.168.0.1] Subnet1.

o Answer question 4.

3. Set the End IP address for the Scope [192.168.0.1]

Subnet1 to 192.168.0.254.

4. Select a computer with a connectivity issue and run ipconfig /renew.

o Answer question 5 and score the lab.

 Start Lab

6.4.7Lab: Explore DHCP Troubleshooting

ccYou are a network technician for a small corporate network. The network is
connected to the internet and uses DHCP to assign addresses. Employees
using the Office1 and Exec computers are reporting problems with their
network connections.

In this lab, your task is to explore, diagnose, and fix the reported TCP/IP
configuration problems.

Use the following troubleshooting tools:

 The ping, ipconfig, or tracert command utility

 Network and internet settings in Windows 11 operating systems

 The Network and Sharing Center in Windows Server 2022 operating

systems

 The DHCP server console in Windows Server 2022 operating systems

 The network diagram and schematic as found in the Exhibits

Select the Hide Notes icon in the toolbar to hide or display notes and labels
as needed.

Complete this lab as follows:

1. From CorpServer, check network connectivity.

a. Right-click CorpServer and select Launch Windows.

b. Mouse over the Network icon in the Notification Area.

Note that the Notification Area appears normal (a computer icon
is shown), which indicates a connection to the local network and
the internet. When you mouse over the Network icon, you see
the details of this status.

2. Access the Network & Internet settings.

a. Right-click Start and then select Settings.

b. Select Network & Internet.

The Network Status diagram confirms that CorpServer is
connected to the local network and the internet.

3. Ping the ISP to verify connectivity through the router and the internet.

a. From the top left, select Network Modeler.

b. Locate the IP address of the ISP Internet Router.

c. From the top right, select Answer Questions.

d. Answer Question 1.

e. On CorpServer, Launch Windows.

f. Right-click Start and select Windows PowerShell (Admin).

g. From the PowerShell prompt, type ping, followed by a space and

the ISP's IP address from Question 1, and press Enter.
Notice that the ping was successful, verifying a valid connection
to the internet.

4. Use the ipconfig and tracert commands to find the devices used to
access the ISP.

a. From the PowerShell prompt, type ipconfig /all and press Enter.

b. Locate and examine the vEthernet (External) configuration

settings and note the following:

 DHCP Enabled: No. This tells us that the server is

configured with a static IP address and is not enabled for
DHCP.
  IPv4 Address: 192.168.0.10

 Subnet Mask: 255.255.255.0. The server is using the

default subnet mask for the Class C IP address range.

 Default Gateway: 192.168.0.5. The router's internal

interface is configured as the default gateway.

c. From the PowerShell prompt, type tracert ISP_IPaddress to see

the path to the ISP.

d. Answer Question 2.

e. From the top left, select Network Modeler.

f. Answer Question 3.

g. Minimize the Lab Questions window.

5. From Exec, check the status of the link and network activity lights.

a. Right-click Exec and select Launch Windows.

b. From the top left, select Executive Office.

c. Above the workstation, select Back to switch to the back view of

the workstation.
The link and network activity lights on the network card are on
and blinking. This indicates that there's a physical connection to
the switch and activity on the connection. This points to a TCP/IP
configuration problem.

6. Verify the connectivity on the Exec workstation.

a. On the Exec monitor, select Click to view Windows 11.

b. In the Notification Area, mouse over the Network icon.

Notice that the pop-up indicates there is no internet access.

c. Right-click Start and then select Settings.

d. Select Network & internet.

The Network & internet status diagram confirms that the Exec
computer has no connection to the internet.

e. Right-click Start and select Terminal (Admin).

 f. From the Terminal prompt, type ping Exec and then
press Enter.
Notice that the ping was successful

g. From the Terminal prompt, type ping CorpServer and then

press Enter.
Notice that the ping to CorpServer failed.

h. From the PowerShell prompt, type ipconfig /all and then

press Enter. From this command, the following is shown for the
Ethernet interface card:

 DHCP Enabled: No

 IPv4 Address: 192.168.0.62

 Subnet Mask: 255.255.255.240

 Default Gateway: 192.168.0.4

This information provides the following clues to the problem:

 The network is using DHCP, but this workstation is not

enabled for DHCP.

 Given the workstation's current subnet mask, the

workstation's IPv4 address and the default gateway are not
on the same network.

 The subnet mask is not the default subnet mask for the
Class C IP address range being used. With 255.255.255.240
as a subnet mask, the network would only include
addresses from 192.168.0.48 to 192.168.0.63.

 In Step 4, you learned that CorpServer (192.168.0.10) had

a default subnet mask for the Class C IP address range
(255.255.255.0), which doesn't match Exec.

7. Fix the subnet mask for the Exec computer.

a. From Settings > Network & Internet, select Ethernet.

b. Under IP assignment, select Edit.

c. Change the Subnet mask to: 255.255.255.0 and then

select Save.
 d. From the Terminal prompt, type ping CorpServer and then
press Enter.
Notice the ping is now successful.

e. Type ping 198.28.2.254 (the ISP) and then press Enter.

Notice the ping is still unsuccessful.

f. Type tracert 198.28.2.254 (the ISP) and then press Enter.

The command times out, indicating that the gateway address on
Exec is not configured correctly. The gateway address (router) on
the network diagram is 192.168.0.5.

8. Fix the default gateway for the Exec computer.

a. From Settings > Network & Internet > Ethernet.

b. Under IP assignment, select Edit.

c. Change the Default gateway to 192.168.0.5 and then

select Save.

d. From the Settings app, select Network & Internet again.

The Status diagram now shows a connection to the internet.

e. Close the Settings app.

f. Notice that the network icon in the Notification Area now shows a
computer, indicating a connection to the internet.

g. From the Terminal prompt, type ping 198.28.2.254.

The ping is now successful.

h. Type tracert 198.28.2.254 and press Enter.

The route taken to get to the ISP is now shown. Since there is
now a valid connection to the internet, leave the static address
for now and begin troubleshooting the Office1 computer.

i. Select Network Modeler to return to the network diagram.

9. From Office1, troubleshoot for network connectivity.

a. Right-click Office1 and select Launch Windows.

b. From the top left, select Office 1.

c. Above the workstation, select Back to switch to the back view of

the workstation.
The link and network activity lights on the back of the
 workstation are on and blinking, indicating a physical connection
to the switch and activity on the connection. Once again, this
points to a TCP/IP configuration problem.

d. On the Office1 monitor, select Click to view Windows 11.

e. In the Notification Area, mouse over the Network icon.

Notice that the pop-up indicates there is no internet access.

f. Right-click Start and select Terminal (Admin).

g. From the Terminal prompt, type ipconfig /all and then

press Enter. Examine the information for the Ethernet network
card and note the following:

 DHCP Enabled: Yes. This tells us that the workstation is

configured to use a DHCP server.

 IPv4 Address: This address is in the APIPA range

(169.254.0.1 to 169.254.255.254). This means the
workstation assigned itself an IP address instead of
receiving one from the DHCP server. The workstation will
only be able to communicate with other hosts on the local
network that have also configured their own IP address
through APIPA.

 Subnet Mask: 255.255.0.0. This is the default subnet mask

for the APIPA address.

 Default Gateway: The address is blank. This means that

communication is limited only to other workstations on the
local network.

 The DHCP Server line is not shown. This means that the
workstation was unable to contact the DHCP server.

 The DNS Servers line is not shown for IPv4.

Since DHCP is enabled, the rest of the information should have come from
the DHCP server. From this, you can conclude that there's an issue with the
DHCP server.

h. Select Network Modeler to return to the network diagram.

10. From CorpDHCP, launch the DHCP console and activate the
scope.
 a. Right-click CorpDHCP and select Launch Windows.

b. From the Server Manager menu bar, select Tools > DHCP.

c. Expand CorpDHCP.CorpNet.local > IPv4.

Notice that the folder icon for Scope [192.168.0.1] Subnet1 has a
down arrow, indicating that the DHCP scope is not active.

d. Right-click Scope [192.168.0.1] Subnet1 and select Activate.

e. Select Network Modeler to return to the network diagram.

11. From Office1, check to see if activating DHCP fixed the issue.

a. Right-click Office1 and select Launch Windows.

b. From the Terminal prompt, type ipconfig /renew and

press Enter. This command will request new IP address
information from the DHCP server.
Notice that the networking icon in the Notification Area still
indicates that Office1 has no connection to the internet.

c. From the Terminal prompt, type ipconfig /all and press Enter.
Notice that the line for the default gateway, DNS server, and
DHCP server (along with the new IP address) is now within the
DHCP scope for the local network.

d. From the Terminal prompt, type ping CorpServer and

press Enter
The ping command is successful.

e. From the Terminal prompt, type ping 198.28.2.254 (the ISP)

and press Enter.
Although you can ping CorpServer, you are still unable to ping
the ISP.

f. Review the output from the ipconfig command.

Notice that the default gateway does not match the default
gateway used by CorpServer or Exec. Since this IP information is
coming from the DHCP server, you need to check the DHCP
scope.

g. Select Network Modeler to return to the network diagram.

12. From CorpDHCP, reconfigure the settings for the DHCP scope.

a. Right-click CorpDHCP and select Launch Windows.

 b. From the DHCP console, expand Scope [192.168.0.1]
Subnet1.

c. Right-click Scope Options and then select Configure Options.

d. Highlight the 003 Router line.

e. Under IP address, select 192.168.0.2 and then click Remove.

f. In the IP address field, change the address to 192.168.0.5 and

click Add.

g. Select OK.

h. Select Network Modeler to return to the network diagram.

13. From Office1, check to see if fixing the DHCP scope resolved the
issue.

a. Right-click Office1 and select Launch Windows.

b. From the Terminal prompt, type ipconfig /renew and

press Enter. This command requests new IP address information
from the DHCP server.
Notice that the networking icon in the Notification Area now
indicates that Office1 has a connection to the internet.

c. From the Terminal prompt, type ipconfig /all and press Enter.
Notice that the line for the default gateway is now set to
192.168.0.5.

d. From the Terminal prompt, type ping 198.28.2.254 (the ISP)

and press Enter.
You can now ping the ISP.

e. Select Network Modeler to return to the network diagram.

14. On Exec, reconfigure the Ethernet connection to use DHCP.

a. Right-click Exec and select Launch Windows.

b. Right-click Start and then select Settings.

c. Select Network & Internet.

d. Select Ethernet.

e. Under IP assignment, select Edit.

 f. Under Edit IP settings, select Automatic (DCHP) and then
select Save.

g. From the Terminal prompt, type ipconfig /all and press Enter.
Notice that the Ethernet card now uses DHCP (DHCP Enable:
Yes).

h. Type tracert 198.28.2.254 and press Enter.

The command returns a path to the ISP through the gateway. The
network is now fully functional, and your troubleshooting is
complete.

15. Score the lab.

a. From the top right, select Questions.

b. Select Score Lab.

erms in this set (10)

Original

Did CorpServer respond to the ping from Office2?

Yes

Did the ISP respond to the ping from Office2?

No

Were the ping requests from Support to the selected computers

successful?

Yes

What is the default gateway on the Support computer?

192.168.0.5

Does the default gateway on Office2 match the default gateway on

Support?

No

In Office 2, configure the network connection to request the IP

address information from the DHCP server

On Office2, begin troubleshooting the problem by verifying the

scope of the connectivity problem.Right-click Start and then select
Windows PowerShell (Admin).Type ping CorpServer and then press
Enter.In the top right, select Answer Questions.Answer Question
1.From Windows PowerShell, type ping 65.86.1.1 and then press
Enter to test your connection with Internet Service Provider
(ISP).Answer Question 2.Minimize the Lab Questions dialog.

On Support, test to see if the same connectivity issues are

happening between it and other computers.

From the top navigation area, select Floor 1 Overview.

Under Support Office, select Support.
Right-click Start and then select Windows PowerShell (Admin).
Run the following ping commands to test your connection to
each:ping CorpServerping Execping 65.86.1.1 (the ISP)
In the top right, select Answer Questions.
Answer Question 3.

From PowerShell, type ipconfig and then press Enter to check the
Ethernet configuration.
Answer Question 4.
Minimize the Lab Questions dialog.
On Office2, use the ipconfig /all command to check the Ethernet
configuration.

From the top navigation tabs, select Floor 1 Overview.

Under Office 2, select Office2.
From Windows PowerShell, type ipconfig /all and then press Enter.
In the top right, select Answer Questions.
Answer Question 5.
Minimize the Lab Questions dialog.

Configure the network connection to request the IP address

information from the DHCP server.

Right-click Start and then select Settings.

Select Network & Internet.Notice that the status indicates no
network connections.
Select Ethernet and then select Change adapter options.
Right-click Ethernet and then select Properties.
Select Internet Protocol Version 4 (TCP/IPv4) and then select
Properties.
Select Obtain an IP address automatically.
Select Obtain DNS server address automatically.
Select OK.
Select Close.
Close the Network Connections window.
Close the Settings window.

Use the ipconfig /all command to verify the changes made and then
verify that the problem is solved.

From Windows PowerShell, type ipconfig /all and then press

Enter.For the Ethernet adapter:The default gateway address is now
192.168.0.5.The DHCP Enabled line shows Yes.
Type ping 65.86.1.1 and then press Enter. The ping request is
successful.
In the top right, select Answer Questions.
Select Score Lab.

6.4.8Lab: Troubleshoot IP Configuration 1

You are a network technician for a small corporate network. The

network is connected to the internet and uses DHCP to assign
addresses. The employees using the ITAdmin and Office2 computers
report that their workstations can communicate with some
computers on the network but cannot access the internet. You need
to diagnose and fix the problem.

Select the Hide Notes icon in the toolbar to hide or display notes
and labels as needed.

In this lab, your task is to troubleshoot and fix the issue using the
following procedures:

 From the Office2 computer, use

the ping and ipconfig commands to test connectivity and
gather information.

o Answer Questions 1 and 2.

 From the ITAdmin computer, use

the ping and ipconfig commands to test connectivity and
gather information.

o Answer Questions 3 and 4.

 From the CorpServer computer, use

the ping and ipconfig commands to test connectivity and
gather information.

o Answer Question 5 and determine which changes need to

be made to correct the issue.

 Fix the problem at the workstation, the DHCP server, or both

as necessary.

 Verify that the ITAdmin and Office2 computers can access the
internet.

IP
Device
Address

CorpServ 192.168.0
er .10

192.168.0
ITAdmin
.31
 192.168.0
Office2
.34

198.28.2.
ISP
254

You manage a Windows system connected to a business network

that uses switches and multiple subnets.
One day you find that the computer is unable to connect to the
internet, but it can communicate with a few other computers on the
local subnet. You enter ipconfig /all in Command Prompt and see the
following output:
Ethernet adapter Local Area Connection:Connection-specific DNS
Suffix . : mydomain.localDescription . . . . . . . . . . : Broadcom
network adapterPhysical Address . . . . . . . . : 00-AA-BB-CC-74-
EFDHCP Enabled . . . . . . . . . . : YesAutoconfiguration Enabled. . . . :
YesIPv4 Address . . . . . . . . . . : 169.254.155.1(Preferred)Subnet
Mask . . . . . . . . . . : 255.255.0.0Default Gateway. . . . . . . . . :DNS
Servers. . . . . . . . . . . :
What should you do?

Verify that the DHCP server is up and functional.

You manage a Windows system connected to a business network

that uses switches and multiple subnets.
You connect a workstation to the 192.168.1.0/24 subnet. The
workstation can communicate with some hosts on the private
network, but it cannot communicate with other hosts.
You enter ipconfig /all in Command Prompt and see the following
output:
Ethernet adapter Local Area Connection:Connection-specific DNS
Suffix . : mydomain.localDescription . . . . . . . . . : Broadcom network
adapterPhysical Address . . . . . . . : 00-AA-BB-CC-74-EFDHCP Enabled
. . . . . . . . . : NoAutoconfiguration Enabled. . . : YesIPv4
Address . . . . . . . . . : 192.168.1.102(Preferred)Subnet
Mask . . . . . . . . . : 255.255.255.0Default Gateway. . . . . . . . :
192.168.2.1DNS Servers. . . . . . . . . . : 192.168.2.20
What should you do?
Edit the IPv4 properties and change the default gateway.

Why: subnet range

You have a computer that runs Windows and is connected to a

domain network with a DHCP server. One day you find that your
computer cannot connect to any network resources. You run the
ipconfig command and find that the network connection has been
assigned the address of 169.254.12.155 with a mask of 255.255.0.0.
Which of the following actions should you take?

Run the ipconfig /release and ipconfig /renew commands.

Why: first step to troubleshoot dhcp

We have an expert-written solution to this problem!

You have a computer running Windows that is connected to a

domain network.
After reconfiguring the static address of an internal web server
named WEB3, your computer can no longer connect to WEB3. But
other users are still able to connect to the same web server. You
need to be able to connect to the website on the WEB3 server.
Which of the following actions should you take?

Run the ipconfig /flushdns command.

Your network has just transitioned from IPv4 to IPv6. IPv6

configuration is performed automatically using stateful DHCPv6. A
DNS server on your network provides name resolution for IPv6.
Your Windows system is having problems communicating on the
network. You would like to receive new configuration information
from the DHCP server as well as remove all old DNS entries in your
local DNS cache.
Which of the following actions should you take? (Select two. Each
answer is part of the complete solution.)

Run the ipconfig /flushdns command.

Run the ipconfig /release6 and ipconfig /renew6 commands.

Match the function description on the left with the appropriate
netstat command option on the right.

-a
Displays all connections and listening ports.
-n
Displays addresses and port numbers in numerical form.
-e
Displays Ethernet statistics.
-o
Displays the owning process ID associated with each connection.
-r
Displays the routing table.
-p
Shows connections for a specific protocol.
-s
Displays per-protocol statistics.

Match the tool or command on the left with its appropriate

description on the right.

Tests connectivity between two devices and displays the path

between them.
tracert
Displays all current TCP/IP network configuration values and
refreshes the DHCP and DNS settings.
ipconfig
Shows the network status and a graphical representation of
network connections.
Network and Sharing Center
Logs significant events on a computer such as when a process
encounters an error.
Event Viewer
Resolves the IP address of a hostname.
nslookup
Verifies IP connectivity between two nodes in a network by sending
ICMP packets and measuring response time in milliseconds.
ping
Attempts to diagnose connection problems and present possible
solutions.
Windows Network Diagnostics
Displays TCP/IP information for both IPv4 and IPv6 addresses.
netsh

Which of the following tools log significant events on a computer,

such as when a process encounters an error?

Event Viewer

Put the network troubleshooting steps in the proper order.

Identify the scope of the problem.Check IP address configuration.

Check IP address configuration.blank
Check hardware configuration.blank
Perform communication tests.

The Windows Network Diagnostics tool analyzes a computer's

network connection and verifies connectivity.
When connected to a domain, what does the Network Map display?

It displays your computer, the domain, and the intern

You are a network technician for a small corporate network. The
network is connected to the Internet and uses DHCP for address
assignments. The company's owner uses the Exec computer, and a
temporary employee in the IT Administration office uses the ITAdmin
computer. Both report that their workstations can communicate with
some computers on the network but cannot access the Internet. You
need to diagnose and fix the problem.

While completing this lab, use the following IP addresses:

Computer IP
Name Address

192.168.0
CorpServer
.10
 198.28.2.
ISP
254

(Unknown
ITAdmin
)

(Unknown
Exec
)

Select the Hide Notes icon in the toolbar to hide or display notes
and labels as needed.

In this lab, your task is to complete the following:

 From the Exec computer, use the ping, ipconfig,

and tracert commands to test connectivity and gather
information.

o Answer Question 1.

 From the ITAdmin computer, use the ping, ipconfig,

and tracert commands to test connectivity and gather
information.

o Answer Question 2.

 From the CorpServer computer, use the ping, ipconfig,

and tracert commands to test connectivity and gather
information.

o Answer Questions 3 and 4.

 Fix the problem at the workstation, the DHCP server, or both

as necessary.

 Verify that the Exec and ITAdmin computers can access the
Internet.

6.6.5Lab: Explore nslookup

You are the administrator for the CorpNet.local domain. The CorpDC and
CorpDC3 servers are the DNS servers for the domain. CorpDC resides in
Building A, and CorpDC3 resides in Building B. Users in Building B report that
they are unable to contact the CorpWeb server.

In this lab, your task is to:

 Use nslookup to query the DNS for the CorpWeb server using its fully
qualified domain name (CorpWeb.CorpNet.local).

o What are your results?

 Use nslookup to query the CorpDC3 DNS server for CorpWeb. Use the
fully qualified domain name for both CorpDC3 and CorpWeb.

o What are your results?

o What is the problem?

o How would you resolve this problem?

o How would you verify that the problem has been fixed?

6.6.6Lab: Use nslookup

You need to ensure that email is routed from the internet to your mail server.
You want to know the mail server address for corpnet.xyz. Complete this lab
from the Terminal.

In this lab, your task is to:

 Query the default DNS server for the primary IP address of the
corpnet.xyz domain.

 Query the default DNS server for the corpnet.xyz mail server and
determine its IP address.

 Confirm the corpnet.xyz mail server information by querying the

external DNS server (ns1.nethost.net).

Explanation

Complete this lab as follows:

1. Use nslookup to find the primary IP address for the corpnet.xyz

domain.

a. From the Favorites bar, select Terminal.

b. At the prompt, type nslookup corpnet.xyz and press Enter.

 c. From the top right, select Questions.

d. Answer Question 1.

2. Use nslookup to find the mail server for corpnet.xyz and its IP
address:

a. At the prompt, type nslookup -type=mx corpnet.xyz and

press Enter.

b. At the prompt, type nslookup www3.corpnet.xyz and

press Enter.

c. Answer Question 2.

3. Use nslookup to confirm the corpnet.xyz mail server information by

querying the external DNS server (ns1.nethost.net).

a. At the prompt, type nslookup -type=mx corpnet.xyz

ns1.nethost.net and press Enter.

b. Answer Question 3.

6.6.7 Lesson Review

 print

 close modal

Candidate: Catalina Adams (mar2492014)

Date: 1/18/2025, 11:58:04 PM • Time Spent: 03:29

Score: 100%

Passing Score: 80%

Individual ResponsesObjective Analysis

 Question 1.

Correct

A user reports that they cannot browse to a specific website on the Internet.

From the user's computer, a computer tech finds that a ping test to the web
server succeeds. A traceroute test shows 17 hops to the destination web
server.
What is the MOST likely cause of the problem?

answer

Duplicate IP addresses

Incorrect default gateway address

Correct Answer:

Incorrect DNS server address

Incorrect subnet mask value

Explanation

In this scenario, a ping test to the website succeeds, while accessing the
website through the browser does not work. Users type hostnames in the
browser to go to websites, but hostnames must be translated into IP
addresses by a DNS server. Either the workstation is using the wrong address
for the DNS server, the DNS server is not available, or the DNS server does
not have an entry for the website.

Because the ping and traceroute tests work, you know that the IP address,
subnet mask, and default gateway values are correct.

References

o 6.5.1 Host Names and Domain Names

o 6.5.2 DNS Hierarchy

o 6.5.3 Name Resolution Using DNS

o 6.5.4 Resource Record Types

o 6.5.5 Host Address and Canonical Name Records

o 6.5.6 Mail Exchange, Service, and Text Records

o 6.5.7 Pointer Records

o 6.5.8 DNS Server Configuration

o 6.5.9 Internal vs External DNS

o 6.5.10 DNS Security

o 6.5.11 Lab: Configure DNS Addresses

o 6.5.12 Lab: Create Standard DNS Zones

 o 6.5.13 Lab: Create Host Records

o 6.5.14 Lab: Create CNAME Records

o 6.5.15 Lab: Troubleshoot DNS Records

o 6.5.16 Configuring DNS Caching on Linux

o 6.6.1 Client DNS Issues

o 6.6.2 Name Resolution Issues

o 6.6.3 nslookup

o 6.6.4 dig

o 6.6.5 Lab: Explore nslookup

o 6.6.6 Lab: Use nslookup

resources\text\t_trouble_dns_n09\q_trouble_dns_incorrect_n09.question.xml

 Question 2.

Correct

What is typically indicated when a host can ping a server by its IP address
but not by its name?

answer

Correct Answer:

Incorrect DNS configuration

Faulty network cable

The server is offline.

Incorrect subnet mask configuration

Explanation

When a host can ping a server by its IP address but not by its name, it
indicates an issue with DNS configuration. DNS is responsible for translating
human-readable domain names into IP addresses. If DNS is not correctly
configured, the host cannot resolve the name to an IP address, though direct
IP connectivity remains unaffected.

The server being offline would prevent both name and IP address pinging.
An incorrect subnet mask would affect all network communications, not just
name resolution.

A faulty network cable would prevent any form of communication, including

pinging by IP address.

References

o 6.5.1 Host Names and Domain Names

o 6.5.2 DNS Hierarchy

o 6.5.3 Name Resolution Using DNS

o 6.5.4 Resource Record Types

o 6.5.5 Host Address and Canonical Name Records

o 6.5.6 Mail Exchange, Service, and Text Records

o 6.5.7 Pointer Records

o 6.5.8 DNS Server Configuration

o 6.5.9 Internal vs External DNS

o 6.5.10 DNS Security

o 6.5.11 Lab: Configure DNS Addresses

o 6.5.12 Lab: Create Standard DNS Zones

o 6.5.13 Lab: Create Host Records

o 6.5.14 Lab: Create CNAME Records

o 6.5.15 Lab: Troubleshoot DNS Records

o 6.5.16 Configuring DNS Caching on Linux

o 6.6.1 Client DNS Issues

o 6.6.2 Name Resolution Issues

o 6.6.3 nslookup

o 6.6.4 dig

o 6.6.5 Lab: Explore nslookup

o 6.6.6 Lab: Use nslookup

resources\text\t_trouble_dns_n09\
q_trouble_dns_ping_ip_address_n09.question.xml

 Question 3.

Correct

What should be checked if a single client cannot resolve names?

answer

The physical network connection of the server

The DHCP server configuration

Correct Answer:

The client's DNS server configuration

The subnet mask of the client

Explanation

If a single client is unable to resolve names, the issue likely lies with that
client's DNS server configuration. Ensuring the correct DNS server addresses
are configured is crucial.

The DHCP server configuration would affect multiple clients, not just one.

The physical network connection of the server would affect all clients, not
just one.

The subnet mask of the client would affect general network connectivity, not
specifically DNS resolution.

References

o 6.5.1 Host Names and Domain Names

o 6.5.2 DNS Hierarchy

o 6.5.3 Name Resolution Using DNS

o 6.5.4 Resource Record Types

o 6.5.5 Host Address and Canonical Name Records

o 6.5.6 Mail Exchange, Service, and Text Records

o 6.5.7 Pointer Records

 o 6.5.8 DNS Server Configuration

o 6.5.9 Internal vs External DNS

o 6.5.10 DNS Security

o 6.5.11 Lab: Configure DNS Addresses

o 6.5.12 Lab: Create Standard DNS Zones

o 6.5.13 Lab: Create Host Records

o 6.5.14 Lab: Create CNAME Records

o 6.5.15 Lab: Troubleshoot DNS Records

o 6.5.16 Configuring DNS Caching on Linux

o 6.6.1 Client DNS Issues

o 6.6.2 Name Resolution Issues

o 6.6.3 nslookup

o 6.6.4 dig

o 6.6.5 Lab: Explore nslookup

o 6.6.6 Lab: Use nslookup

resources\text\t_trouble_dns_n09\
q_trouble_dns_server_configuration_check_n09.question.xml

 Question 4.

Correct

What does editing the HOSTS file to add a correct name and IP address
record test for?

answer

The speed of the DNS server

Correct Answer:

A name resolution service problem

The reliability of the network connection

The accuracy of web browser caches

Explanation

Editing the HOSTS file to manually add a correct name and IP address record
for a test host and then successfully pinging that name suggests a problem
with the name resolution service, as the manual entry bypasses the usual
DNS resolution process.

Editing the HOSTS file to add a correct name and IP address record does not
test the speed of the DNS server.

Editing the HOSTS file to add a correct name and IP address record tests the
DNS resolution process, not the accuracy of web browser caches.

Editing the HOSTS file to add a correct name and IP address record
specifically tests name resolution, not the general reliability of the network
connection.

References

o 6.6.1 Client DNS Issues

o 6.6.2 Name Resolution Issues

o 6.6.3 nslookup

resources\text\t_trouble_name_n09\
q_trouble_name_hosts_edit_testing_n09.question.xml

 Question 5.

Correct

What is the purpose of checking local name caches when troubleshooting

name resolution issues?

answer

Correct Answer:

To identify if the resolution issue is due to cached data

To verify the physical network connection

To update the DNS server's records

To clear outdated entries from the web browser

Explanation
The correct answer is to identify if the resolution issue is due to cached data.
Checking local name caches is important because cached data can
sometimes cause name resolution issues. If a name was resolved incorrectly
in the past and that incorrect resolution is cached, it could lead to the current
resolution issue.

Checking local caches does not update DNS server records.

The primary purpose is not to clear the web browser but to check for cached
DNS data.

It focuses on cached resolution data, not the physical network connection.

References

o 6.5.1 Host Names and Domain Names

o 6.5.2 DNS Hierarchy

o 6.5.3 Name Resolution Using DNS

o 6.5.4 Resource Record Types

o 6.5.5 Host Address and Canonical Name Records

o 6.5.6 Mail Exchange, Service, and Text Records

o 6.5.7 Pointer Records

o 6.5.8 DNS Server Configuration

o 6.5.9 Internal vs External DNS

o 6.5.10 DNS Security

o 6.5.11 Lab: Configure DNS Addresses

o 6.5.12 Lab: Create Standard DNS Zones

o 6.5.13 Lab: Create Host Records

o 6.5.14 Lab: Create CNAME Records

o 6.5.15 Lab: Troubleshoot DNS Records

o 6.5.16 Configuring DNS Caching on Linux

o 6.6.1 Client DNS Issues

o 6.6.2 Name Resolution Issues

 o 6.6.3 nslookup

o 6.6.4 dig

o 6.6.5 Lab: Explore nslookup

o 6.6.6 Lab: Use nslookup

resources\text\t_trouble_name_n09\
q_trouble_name_local_name_cache_n09.question.xml

 Question 6.

Correct

Which command can be used on Windows to display the FQDN of the local
host?

answer

resolve-hostname

nslookup -type=fqdn

hostname --fqdn

Correct Answer:

ipconfig /all

Explanation

On Windows, the command ipconfig /all is used to display detailed

information about the network configuration of the host, including the FQDN
(Fully Qualified Domain Name).

hostname --fqdn is a command used in Linux to display the FQDN of the host,
not Windows.

nslookup -type=fqdn is not a valid command for displaying the FQDN of the
local host. nslookup is used for querying DNS servers.

resolve-hostname is not a valid Windows command for displaying the FQDN

of the local host.

References

o 4.4.1 ipconfig

o 4.4.2 ifconfig and ip

 o 4.4.5 Lab: IPv4 Troubleshooting Tools

o 4.4.6 Lab: IPv4 Troubleshooting tools for Linux

o 4.4.7 Lab: Use IPv4 Test Tools

o 6.4.6 Lab: Troubleshoot Address Pool Exhaustion

o 6.4.8 Lab: Troubleshoot IP Configuration 1

o 6.4.9 Lab: Troubleshoot IP Configuration 2

o 6.4.10 Lab: Troubleshoot IP Configuration 3

o 6.6.1 Client DNS Issues

o 6.6.2 Name Resolution Issues

resources\text\t_nslookup_n09\q_nslookup_local_host_fqdn_n09.question.xml

 Question 7.

Correct

What is the result of running nslookup without any arguments?

answer

Correct Answer:

The tool is started in interactive mode.

The command displays all DNS records for the host.

The command configures the default DNS server.

The command displays the host's IP address.

Explanation

The correct answer is that the tool is started in interactive mode.

Running nslookup without any arguments (or by specifying the server only)
starts the tool in interactive mode, allowing the user to perform specific
query types interactively.

Displaying the host's IP address is not the default behavior

of nslookup without arguments.

Configuring the default DNS server is not a function of nslookup without

arguments.
Displaying all DNS records for the host is not the default behavior
of nslookup without arguments and requires specific query types.

References

o 6.5.16 Configuring DNS Caching on Linux

o 6.6.2 Name Resolution Issues

o 6.6.3 nslookup

o 6.6.5 Lab: Explore nslookup

o 6.6.6 Lab: Use nslookup

o 10.3.5 Lab: Scan for Unsecure Protocols

resources\text\t_nslookup_n09\q_nslookup_no_arguments_n09.question.xml

 Question 8.

Correct

During an audit of external DNS records, you need to verify the mail servers
configured for your public domain example.com.

Which nslookup command would you use to find this information?

answer

nslookup example.com

nslookup -type=a example.com

nslookup -type=ns example.com

Correct Answer:

nslookup -type=mx example.com

Explanation

The nslookup -type=mx example.com command is correct because the -

type=mx option specifically queries for mail exchange (MX) records, which
are used to identify mail servers for a domain.

The -type=a option queries for A records, which map hostnames to IPv4
addresses, not mail servers.

Running nslookup without specifying a type will primarily return A and AAAA
records, which are not directly relevant to finding mail server configurations.
The -type=ns option queries for name server records, which identify DNS
servers for the domain, not mail servers.

References

o 6.5.16 Configuring DNS Caching on Linux

o 6.6.2 Name Resolution Issues

o 6.6.3 nslookup

o 6.6.5 Lab: Explore nslookup

o 6.6.6 Lab: Use nslookup

o 10.3.5 Lab: Scan for Unsecure Protocols

resources\text\t_nslookup_n09\
q_nslookup_type_mx_scenario_n09.question.xml

 Question 9.

Correct

How can you direct a dig query to a specific DNS server?

answer

By using the -s option followed by the server's IP address

By placing the DNS server's IP address at the beginning of the command

Correct Answer:

By using the @ symbol followed by the DNS server's FQDN or IP address

By specifying the DNS server's IP address in the system settings before

running dig

Explanation

To direct a dig query to a specific DNS server, you use the @ symbol followed
by the server's fully qualified domain name (FQDN) or IP address in the
command.

There is no -s option in dig for specifying the DNS server.

The DNS server's IP address is not placed at the beginning of the command
but after the @ symbol.
While you can configure your system's default resolver, dig allows you to
specify a DNS server directly in the command without altering system
settings.

References

o 6.6.4 dig

resources\text\t_dig_n09\q_dig_at_symbol_n09.question.xml

 Question 10.

Correct

What is the primary purpose of the dig command-line tool?

answer

To configure DNS servers

To manage BIND DNS server configurations

To monitor network traffic

Correct Answer:

To query DNS servers

Explanation

The correct answer is to query DNS servers. dig stands for Domain
Information Groper and is specifically designed for querying DNS servers to
obtain domain name or IP address mappings and other DNS records.

dig does not configure DNS servers; it is used for querying them.

dig is not a network traffic monitoring tool; it focuses on DNS queries.

While dig ships with the BIND DNS server software, its role is not to manage
the server configurations but to perform DNS lookups.

References

o 6.6.4 dig

resources\text\t_dig_n09\q_dig_primary_purpose_n09.question.xml

6.7 Module Quiz

 print
  close modal

Candidate: Catalina Adams (mar2492014)

Date: 1/19/2025, 12:31:02 AM • Time Spent: 31:21

Score: 93%

Passing Score: 80%

Individual ResponsesObjective Analysis

 Question 1.

Correct

A network administrator notices that several clients on the network are

unable to access the Internet or any local network resources. Upon
investigation, it is found that these clients have IP addresses in the
169.254.0.0/16 range.

What is the most likely cause of this issue?

answer

The network cable is unplugged from the clients.

The clients are set to use static IP addresses.

The DHCP server has been misconfigured.

Correct Answer:

The DHCP server is offline or unreachable.

Explanation

The correct answer is that the DHCP server is offline or unreachable. When
clients are assigned IP addresses in the 169.254.0.0/16 range, it indicates
they are using APIPA because they failed to obtain an IP address from the
DHCP server. This typically happens when the DHCP server is offline or
unreachable.

A misconfiguration of the DHCP server would more likely result in incorrect IP

configurations, not APIPA addresses.

Clients set to use static IP addresses would not automatically assign

themselves an APIPA address.
While an unplugged network cable would prevent a client from connecting to
the network, it would not cause the client to automatically use an APIPA
address.

References

o 6.2.1 DHCP Process

o 6.2.2 DHCP Server Configuration

o 6.2.3 DHCP Options

o 6.2.4 DHCP Reservations and Exclusions

o 6.2.5 Lab: Configure a DHCP Server

o 6.2.6 Lab: Configure DHCP Server Options

o 6.2.7 Lab: Create DHCP Exclusions

o 6.2.8 Lab: Create DHCP Client Reservations

o 6.2.9 Configure Client Addressing

o 6.2.10 Lab: Configure Client Addressing for DHCP

o 6.3.2 IPv6 Interface Autoconfiguration and Testing

o 6.3.3 DHCPv6 Server Configuration

o 6.3.6 Set Up Alternate Addressing

o 6.4.1 DHCP Relay and IP Helper

o 6.4.2 DHCP Issues

o 6.4.3 Troubleshooting DHCP Exhaustion

o 6.4.4 Lab: Configure a DHCP Relay Agent

o 6.4.5 Lab: Add a DHCP Server on Another Subnet

o 6.4.6 Lab: Troubleshoot Address Pool Exhaustion

o 6.4.7 Lab: Explore DHCP Troubleshooting

o 6.4.8 Lab: Troubleshoot IP Configuration 1

o 6.4.9 Lab: Troubleshoot IP Configuration 2

o 6.4.10 Lab: Troubleshoot IP Configuration 3

 o 6.6.1 Client DNS Issues

resources\text\t_dhcp_issues_n09\
q_dhcp_issues_server_unavailable_scenario_01_n09.question.xml

 Question 2.

Correct

What is the primary role of a DHCPv6 server in an IPv6 network?

answer

To locate the default gateway for clients

To support broadcast messages for IPv6 clients

To generate host addresses with suitable network prefixes

Correct Answer:

To provide additional option settings

Explanation

The correct answer is to provide additional option settings. In an IPv6

network, the Stateless Address Autoconfiguration (SLAAC) process can
automatically locate the default gateway and generate host addresses with
suitable network prefixes. Therefore, the primary role of a DHCPv6 server is
often to provide additional option settings rather than leases for host IP
addresses.

The SLAAC process, not the DHCPv6 server, locates the default gateway.

Host addresses with suitable network prefixes are generated by the SLAAC
process, not the DHCPv6 server.

IPv6 does not support broadcast; it uses multicast for DHCP server discovery.

References

o 6.2.1 DHCP Process

o 6.2.3 DHCP Options

o 6.2.5 Lab: Configure a DHCP Server

o 6.2.6 Lab: Configure DHCP Server Options

o 6.2.10 Lab: Configure Client Addressing for DHCP

 o 6.3.2 IPv6 Interface Autoconfiguration and Testing

resources\text\t_dhcpv6_n09\q_dhcpv6_primary_role_n09.question.xml

 Question 3.

Incorrect

Your organization is planning to deploy Microsoft Active Directory for

centralized domain management. To ensure that client computers and other
domain members can locate the domain controllers efficiently, you need to
configure the DNS appropriately.

Which type of DNS record is essential for clients to locate domain controllers
within Active Directory?

answer

Correct Answer:

SRV Record

Incorrect answer:

MX Record

A Record

TXT Record

Explanation

SRV Record is the correct answer. An SRV (Service) Record is specifically

designed to facilitate service discovery within networks, including locating
services offered by Active Directory. SRV records contain the service name,
port number, and target hostname, allowing clients to automatically discover
and connect to domain controllers. This is crucial for operations such as
logging in, accessing resources, and directory searches within an Active
Directory environment.

An MX Record is used to identify the mail servers for a domain and is

involved in routing email messages. It does not play a role in the discovery of
domain controllers or other Active Directory services.

While an A Record is necessary for mapping domain names to their

corresponding IP addresses, it does not provide the service discovery
functionality required for locating Active Directory domain controllers.
A TXT Record is used for storing free-form text information in DNS, such as
SPF and DKIM records for email security. It does not facilitate the discovery of
services like domain controllers within Active Directory.

References

o 6.5.3 Name Resolution Using DNS

o 6.5.4 Resource Record Types

o 6.5.6 Mail Exchange, Service, and Text Records

o 6.5.8 DNS Server Configuration

o 6.5.9 Internal vs External DNS

resources\text\t_dns_mx_n09\
q_dns_mx_srv_record_scenario_02_n09.question.xml

 Question 4.

Correct

Which of the following characteristics best describes UDP?

answer

Correct Answer:

Connectionless

Guaranteed delivery

Uses flow control

Connection-oriented

Explanation

Connectionless is the correct answer. UDP sends data without establishing a

connection, making it suitable for applications where speed is more critical
than reliability.

UDP is known for being connectionless; it does not establish a connection

before sending data.

UDP does not guarantee the delivery of packets, unlike TCP which provides
mechanisms for ensuring data delivery.
UDP does not use flow control mechanisms. Flow control is a feature of
connection-oriented protocols like TCP to manage data transmission rates.

References

o 6.1.4 User Datagram Protocol

o 6.1.6 Common TCP and UDP Ports

resources\text\t_datagram_n09\
q_datagram_connectionless_n09.question.xml

 Question 5.

Correct

Which IPv6 autoconfiguration method allows a host to generate a link-local

address and verify its uniqueness?

answer

DHCPv6

Manual configuration

ARP

Correct Answer:

SLAAC

Explanation

Stateless Address Autoconfiguration (SLAAC) enables a host to automatically

generate a link-local address and use Neighbor Discovery Protocol messages
to ensure that the address is unique on the network.

DHCPv6 is used for stateful autoconfiguration, not for generating link-local

addresses.

Manual configuration involves manually assigning IP addresses, not

automatically generating them.

ARP is used in IPv4 for address resolution and does not apply to IPv6 link-
local address generation.

References

o 6.3.2 IPv6 Interface Autoconfiguration and Testing

resources\text\t_apipa6_n09\q_apipa6_slaac_definition_n09.question.xml

 Question 6.

Correct

What new class of error messaging does ICMPv6 introduce that is not present
in ICMPv4?

answer

Destination unreachable

Time exceeded

Echo request

Correct Answer:

Packet too big

Explanation

ICMPv6 introduced a "Packet Too Big" class of error messaging, which is

necessary because, under IPv6, routers are no longer responsible for packet
fragmentation and reassembly. This error informs the sender that the packet
size exceeds the MTU of a link.

Destination unreachable, time exceeded, and echo request are error

messages supported by both ICMPv4 and ICMPv6 and are not new to ICMPv6.

References

o 4.1.1 IPv4 Datagram Header

o 6.3.2 IPv6 Interface Autoconfiguration and Testing

o 6.6.1 Client DNS Issues

resources\text\t_apipa6_n09\q_apipa6_packet_too_big_n09.question.xml

 Question 7.

Correct

What type of information does a root DNS server contain?

answer

Complete information about all domains

Only information about second-level domains

Correct Answer:

Complete information about top-level domain servers

Only information about country code domains

Explanation

Root DNS servers contain complete information about top-level domain

servers, enabling the hierarchical and distributed nature of the DNS system.

No single server contains complete information about all domains; the DNS is
distributed.

Root servers contain information about all types of TLDs, not just country
codes.

Root servers contain information about TLD servers, which in turn know
about second-level domains.

References

o 6.5.1 Host Names and Domain Names

o 6.5.2 DNS Hierarchy

o 6.5.3 Name Resolution Using DNS

o 6.5.4 Resource Record Types

o 6.5.5 Host Address and Canonical Name Records

o 6.5.6 Mail Exchange, Service, and Text Records

o 6.5.7 Pointer Records

o 6.5.8 DNS Server Configuration

o 6.5.9 Internal vs External DNS

o 6.5.10 DNS Security

o 6.5.11 Lab: Configure DNS Addresses

o 6.5.12 Lab: Create Standard DNS Zones

o 6.5.13 Lab: Create Host Records

o 6.5.14 Lab: Create CNAME Records

 o 6.5.15 Lab: Troubleshoot DNS Records

o 6.5.16 Configuring DNS Caching on Linux

o 6.6.1 Client DNS Issues

o 6.6.2 Name Resolution Issues

o 6.6.3 nslookup

o 6.6.4 dig

o 6.6.5 Lab: Explore nslookup

o 6.6.6 Lab: Use nslookup

resources\text\t_dns_structure_n09\
q_dns_structure_root_server_info_n09.question.xml

 Question 8.

Correct

During a network performance analysis, you notice that a particular client-

server session is terminated abruptly. You observe that after a period of
normal data exchange, the client suddenly sends a RST packet to the server.

Which of the following could be a reason for the client to send a RST packet?

answer

The client wants to initiate the TCP connection teardown process in an

orderly manner.

Correct Answer:

The client has detected an error condition and wants to abruptly terminate
the connection.

The client is confirming the successful receipt of a FIN packet from the
server.

The client is attempting to restart the three-way handshake process.

Explanation

A RST (reset) packet is used to abruptly terminate a connection, often due to

an error condition or a security policy violation. The RST packet indicates that
the client wishes to immediately close the connection without going through
the normal TCP connection teardown process.
The orderly TCP connection teardown process involves the exchange of FIN
and ACK packets, not a RST packet.

Confirming the successful receipt of a FIN packet from the server is done
with an ACK packet, not a RST packet. The RST packet does not play a role in
the normal connection teardown process.

The three-way handshake process is initiated with a SYN packet, not a RST
packet. Sending a RST packet does not restart the handshake process but
instead abruptly terminates the connection.

References

o 8.2.5 Performance Monitoring

o 8.6.4 Traffic Testing Tools

resources\text\t_handshake_n09\
q_handshake_error_condition_scenario_n09.question.xml

 Question 9.

Correct

What is an authoritative DNS server?

answer

A server that provides authoritative answers

A server that can only cache DNS records

Correct Answer:

A server that holds complete records for a domain

A server that only listens on TCP port 53

Explanation

An authoritative DNS server is one that holds complete and authoritative

records for a domain. This means it can provide definitive answers to queries
about its domain, as it has the most accurate and up-to-date information.
This is the essence of what makes a DNS server authoritative.

A server that only caches DNS records is referred to as a cache-only server,

not an authoritative server. Cache-only servers do not hold their own zone
information but can cache responses from authoritative servers.
A server that provides non-authoritative answers does not have the complete
records for a domain and typically returns answers based on cached
information. This is the opposite of an authoritative server, which has the
definitive records.

The port on which a server listens (TCP or UDP port 53) does not determine
whether it is authoritative. Both authoritative and non-authoritative servers
can listen on these ports. The distinction lies in the type of records the server
holds, not the communication protocol it uses.

References

o 6.5.8 DNS Server Configuration

o 6.5.9 Internal vs External DNS

resources\text\t_dns_config_n09\
q_dns_config_authoritative_dns_server_n09.question.xml

 Question 10.

Correct

What is the role of ephemeral ports in network communication?

answer

To permanently assign services to specific ports

To encrypt data packets

To forward packets across a network

Correct Answer:

To track requests from client applications

Explanation

Ephemeral ports are temporarily used by client applications to track their

requests to server applications, allowing for dynamic allocation of client-side
ports.

Ephemeral ports are temporary and not used for permanent assignments.

Ephemeral ports do not encrypt data packets.

Forwarding packets is not the role of ephemeral ports but of routers and
switches.
References

o 6.1.1 Transport Layer Ports and Connections

resources\text\t_transport_n09\
q_transport_ephemeral_ports_n09.question.xml

 Question 11.

Correct

What is the purpose of Router Solicitations (RS) in IPv6?

answer

To resolve MAC addresses

To encrypt traffic between hosts and routers

Correct Answer:

To request Router Advertisements from routers

To assign static IP addresses

Explanation

Router Solicitations (RS) are messages sent by hosts to request Router

Advertisements (RAs) from routers. This is part of the process for discovering
network prefixes and autoconfiguration options available on the network.

RS messages do not assign static IP addresses; they request information

from routers.

RS messages are not used for encrypting traffic; they are used for network
configuration.

Resolving MAC addresses is not the purpose of RS messages; this is part of

the Neighbor Discovery process.

References

o 4.5.5 IPv6 Link Local Addressing

o 6.3.1 Automatic Private IP Addressing

o 6.3.4 Lab: Explore APIPA Addressing

o 6.3.5 Lab: Explore APIPA Addressing in Network Modeler

o 6.3.6 Set Up Alternate Addressing

resources\text\t_apipa6_n09\q_apipa6_rs_purpose_n09.question.xml

 Question 12.

Correct

Which of the following IPv6 addresses is used by a host to contact a DHCP

server?

answer

Correct Answer:

FF02::1:2

FE80::2

FF02::2

FE80::1:2

Explanation

FF02::1:2 is the IPv6 address used to contact a DHCP server.

All addresses with the FF00::/8 prefix are multicast addresses.

IPv6 uses multicasts instead of broadcasts.

FF02::2 is the multicast address for all routers on the local link; FF02::1 is for
all hosts on the link.

FE80::/10 is the prefix for link-local unicast addresses.

References

o 6.2.1 DHCP Process

o 6.2.2 DHCP Server Configuration

o 6.2.3 DHCP Options

o 6.2.4 DHCP Reservations and Exclusions

o 6.2.5 Lab: Configure a DHCP Server

o 6.2.6 Lab: Configure DHCP Server Options

o 6.2.7 Lab: Create DHCP Exclusions

o 6.2.8 Lab: Create DHCP Client Reservations

 o 6.2.9 Configure Client Addressing

o 6.2.10 Lab: Configure Client Addressing for DHCP

o 6.3.2 IPv6 Interface Autoconfiguration and Testing

o 6.3.3 DHCPv6 Server Configuration

o 6.3.6 Set Up Alternate Addressing

o 6.4.1 DHCP Relay and IP Helper

o 6.4.2 DHCP Issues

o 6.4.3 Troubleshooting DHCP Exhaustion

o 6.4.4 Lab: Configure a DHCP Relay Agent

o 6.4.5 Lab: Add a DHCP Server on Another Subnet

o 6.4.6 Lab: Troubleshoot Address Pool Exhaustion

o 6.4.7 Lab: Explore DHCP Troubleshooting

o 6.4.8 Lab: Troubleshoot IP Configuration 1

o 6.4.9 Lab: Troubleshoot IP Configuration 2

o 6.4.10 Lab: Troubleshoot IP Configuration 3

o 6.6.1 Client DNS Issues

resources\text\t_dhcpv6_n09\
q_dhcpv6_contact_dhcp_server_n09.question.xml

 Question 13.

Correct

In the TCP connection teardown process, what is the first step initiated by the
client?

answer

Sends a SYN segment

Sends a RST segment

Sends an ACK segment

Correct Answer:
Sends a FIN segment

Explanation

The first step in the TCP connection teardown process initiated by the client
is sending a FIN segment, signaling the desire to close the connection.

Sending an ACK segment is part of acknowledging received segments but is

not the initial step in closing the connection.

Sending a SYN segment is related to establishing a connection, not closing it.

Sending a RST segment is used for abruptly resetting a connection, not for
the orderly teardown process.

References

o 6.1.2 Transmission Control Protocol

o 6.1.3 TCP Handshake and Teardown

o 6.1.7 Lab: Explore Three-Way Handshake in Wireshark

resources\text\t_handshake_n09\
q_handshake_fin_segment_n09.question.xml

 Question 14.

Correct

An IT support technician receives a call from a user complaining that they

cannot access the website www.examplecorp.com. The user has already
tried clearing their browser cache and restarting their computer but to no
avail.

The technician decides to troubleshoot the issue starting with DNS

resolution.

Which of the following steps should the technician take first to diagnose the
problem?

answer

Immediately escalate the issue to the network administrator without further

diagnosis.

Directly modify the user's hosts file to include the IP address for
www.examplecorp.com.
Instruct the user to bypass their local DNS server by changing their DNS
settings to a public DNS service.

Correct Answer:

Check to see if the user's computer can resolve other domain names.

Explanation

Checking if the user's computer can resolve other domain names is the first
step and helps determine if the issue is isolated to www.examplecorp.com or
if it's a broader DNS resolution problem. If other domain names resolve
correctly, the issue might be specific to the www.examplecorp.com domain,
possibly indicating a problem with the authoritative DNS server for that
domain or a propagation issue.

Modifying the hosts file is a workaround rather than a solution to the

underlying problem. It might temporarily allow the user to access the
website, but it doesn't address the DNS resolution failure. Additionally, this
approach can lead to future connectivity issues if the website's IP address
changes.

Escalating the issue without performing basic troubleshooting steps is

premature. It's essential to gather more information about the problem to
provide the network administrator with useful details if escalation becomes
necessary.

While changing to a public DNS service might resolve the issue, it's a more
invasive first step compared to simply checking if other domain names can
be resolved. It's better to start with less disruptive troubleshooting steps.

References

o 6.5.1 Host Names and Domain Names

o 6.5.2 DNS Hierarchy

o 6.5.3 Name Resolution Using DNS

o 6.5.4 Resource Record Types

o 6.5.5 Host Address and Canonical Name Records

o 6.5.6 Mail Exchange, Service, and Text Records

o 6.5.7 Pointer Records

o 6.5.8 DNS Server Configuration

 o 6.5.9 Internal vs External DNS

o 6.5.10 DNS Security

o 6.5.11 Lab: Configure DNS Addresses

o 6.5.12 Lab: Create Standard DNS Zones

o 6.5.13 Lab: Create Host Records

o 6.5.14 Lab: Create CNAME Records

o 6.5.15 Lab: Troubleshoot DNS Records

o 6.5.16 Configuring DNS Caching on Linux

o 6.6.1 Client DNS Issues

o 6.6.2 Name Resolution Issues

o 6.6.3 nslookup

o 6.6.4 dig

o 6.6.5 Lab: Explore nslookup

o 6.6.6 Lab: Use nslookup

resources\text\t_dns_resolution_n09\
q_dns_resolution_resolve_domain_names_scenario_n09.question.xml

 Question 15.

Correct

During an audit of external DNS records, you need to verify the mail servers
configured for your public domain example.com.

Which nslookup command would you use to find this information?

answer

nslookup example.com

nslookup -type=a example.com

nslookup -type=ns example.com

Correct Answer:

nslookup -type=mx example.com

Explanation

The nslookup -type=mx example.com command is correct because the -

type=mx option specifically queries for mail exchange (MX) records, which
are used to identify mail servers for a domain.

The -type=a option queries for A records, which map hostnames to IPv4
addresses, not mail servers.

Running nslookup without specifying a type will primarily return A and AAAA
records, which are not directly relevant to finding mail server configurations.

The -type=ns option queries for name server records, which identify DNS
servers for the domain, not mail servers.

References

o 6.5.16 Configuring DNS Caching on Linux

o 6.6.2 Name Resolution Issues

o 6.6.3 nslookup

o 6.6.5 Lab: Explore nslookup

o 6.6.6 Lab: Use nslookup

o 10.3.5 Lab: Scan for Unsecure Protocols

resources\text\t_nslookup_n09\
q_nslookup_type_mx_scenario_n09.question.xml

 Question 16.

Correct

You used the dig command in a Linux terminal window to produce the
following output:

; <<>> DiG 8.2 <<>> westsim111.com

;;res options:init recurs defnam dnsrch
;;got answer:
;;->>HEADER<<-opcode:QUERY, status: NOERROR, id:4
;;flags: qr rd ra; QUERY:1, ANSWER:1, AUTHORITY:2, ADDITIONAL:0
;;QUERY SECTION:
;; westsim111.com, type = A, class = IN

;;ANSWER SECTION:
westsim111.com. 7h33m IN A 76.141.43.129
;;AUTHORITY SECTION:
westsim111.com. 7h33m IN NS dns1.deriatct111.com.
westsim111.com. 7h33m IN NS dns2.deriatct222.com.
;;Total query time: 78 msec
;;FROM: localhost.localdomain to SERVER:default -- 202.64.49.150
;;WHEN: Tue Feb 16 23:21:24 2005
;;MSG SIZE sent: 30 rcvd:103

What is the IP address of the DNS server that performed this name
resolution?

answer

16.23.21.24

192.168.1.100

76.141.43.129

Correct Answer:

202.64.49.150

Explanation

When you use the dig command to perform a manual DNS lookup, a range of
information is provided to you. The IP address of the DNS server that
performed the name resolution is shown at the bottom area of the output on
the end of the ;;FROM line.

The IP address shown in the answer section denotes the resolved IP address
for the domain or host that the resolution was requested for. In this case,
that address is 76.141.43.129.

The other two answers are invalid.

References

o 6.6.4 dig

resources\text\t_dig_n09\q_dig_dns_server_address_n09.question.xml

 Question 17.

Correct
What is the default behavior of dig when no specific DNS server is mentioned
in the command?

answer

Correct Answer:

It uses the default resolver.

It queries the local host's DNS settings.

It fails to execute and returns an error.

It selects a random DNS server from a predefined list.

Explanation

If dig is run without specifying a DNS server, it will use the system's default
resolver to perform the query.

dig does not specifically query the local host's DNS settings unless the local
host is set as the default resolver.

dig does not select a random DNS server; it uses the default resolver
configured on the system.

dig does not fail to execute in the absence of a specified DNS server; it
simply uses the default resolver.

References

o 6.6.4 dig

resources\text\t_dig_n09\q_dig_default_resolver_n09.question.xml

 Question 18.

Correct

What is the general application of UDP forwarding in the context of IP helper

functionality?

answer

Correct Answer:

To forward specific types of broadcast traffic

To block all UDP traffic

To forward only DHCP requests

To encrypt UDP traffic for security purposes

Explanation

UDP forwarding under the IP helper functionality allows for the forwarding of
specific UDP-based broadcast traffic, such as DHCP and NTP, enhancing
network service delivery across subnets.

UDP forwarding is not limited to DHCP requests; it can include other UDP-
based services.

UDP forwarding is about forwarding specific traffic, not blocking it.

The primary purpose of UDP forwarding is not to encrypt traffic but to ensure
it reaches the appropriate services across subnets.

References

o 6.2.1 DHCP Process

o 6.2.10 Lab: Configure Client Addressing for DHCP

o 6.3.2 IPv6 Interface Autoconfiguration and Testing

o 6.4.1 DHCP Relay and IP Helper

o 6.4.4 Lab: Configure a DHCP Relay Agent

resources\text\t_dhcp_relay_n09\
q_dhcp_relay_udp_forwarding_n09.question.xml

 Question 19.

Correct

What layer of the OSI model does the Transmission Control Protocol (TCP)
operate at?

answer

Data Link Layer

Network Layer

Application Layer

Correct Answer:

Transport Layer

Explanation
The Transport Layer is responsible for providing end-to-end communication
services and reliable data transfer, which includes the functionalities of TCP
such as connection-oriented communication and acknowledgments.

The Application Layer is where end-user network processes and applications

operate. TCP operates below this layer, providing communication services to
these applications.

The Network Layer is primarily concerned with the routing of packets across
different networks. TCP operates at a higher layer, focusing on the
communication between end systems rather than the routing of packets.

The Data Link Layer is responsible for node-to-node data transfer and error
checking of data between two directly connected nodes. TCP operates at a
higher layer, providing host-to-host communication services.

References

o 6.1.2 Transmission Control Protocol

o 6.1.3 TCP Handshake and Teardown

o 6.1.7 Lab: Explore Three-Way Handshake in Wireshark

resources\text\t_tcp_n09\q_tcp_transport_layer_n09.question.xml

 Question 20.

Correct

Which of the following would a device use to receive NTP configuration from
a NTP server that's located on a different network?

answer

Static Routing

VLAN Tagging

ARP Broadcasting

Correct Answer:

IP Helper

Explanation

The correct answer is IP Helper. An IP helper is used to forward UDP

broadcasts, including DHCP and NTP, across different networks. When a
device on one network needs to receive NTP configuration from an NTP
server on a different network, the router can be configured with an IP helper
address that points to the server. This allows the router to forward the NTP
requests from the client to the server, even though they are on different
networks, enabling the client to receive the necessary NTP configuration.

VLAN Tagging is a method used to distinguish traffic from different VLANs on

the same physical network. It does not facilitate the forwarding of broadcast
traffic, such as NTP requests, across different networks. VLAN tagging is
primarily used for network segmentation and security within the same
network infrastructure.

Static Routing is a method to manually specify the network path data should
take to reach a particular destination. While static routing can direct traffic
from one network to another, it does not specifically address the forwarding
of broadcast traffic like NTP requests. Static routes are used to establish
known, fixed paths for network traffic but do not convert broadcast requests
into unicast traffic to cross network boundaries.

ARP Broadcasting is used within a single network to resolve IP addresses to

MAC addresses. When a device wants to communicate with another device
on the same local network, it uses ARP broadcasting to find out the MAC
address associated with the target IP address. ARP broadcasting does not
facilitate the forwarding of traffic across different networks and is not
involved in the process of receiving NTP configuration from a server on a
different network.

References

o 6.2.1 DHCP Process

o 6.2.10 Lab: Configure Client Addressing for DHCP

o 6.3.2 IPv6 Interface Autoconfiguration and Testing

o 6.4.1 DHCP Relay and IP Helper

o 6.4.4 Lab: Configure a DHCP Relay Agent

resources\text\t_dhcp_relay_n09\q_dhcp_relay_ip_helper_n09.question.xml

 Question 21.

Incorrect
What is the mechanism for a client to choose between multiple DHCP
servers?

answer

Correct Answer:

There is no mechanism for a client to choose between multiple servers.

The client's MAC address determines the server.

Incorrect answer:

The fastest responding server is automatically selected.

The client can manually select the preferred DHCP server.

Explanation

DHCP clients accept the first offer they receive from any DHCP server. There
is no built-in mechanism for clients to choose between multiple DHCP
servers.

The client can manually select the preferred DHCP server is incorrect. DHCP
does not provide a mechanism for manual server selection by clients.

The MAC address is used for identification, not for selecting between multiple
DHCP servers.

While it is technically true that the first server to respond is used, this is not
a selection mechanism but a consequence of the DHCP protocol's operation.

References

o 6.2.1 DHCP Process

o 6.2.2 DHCP Server Configuration

o 6.2.3 DHCP Options

o 6.2.4 DHCP Reservations and Exclusions

o 6.2.5 Lab: Configure a DHCP Server

o 6.2.6 Lab: Configure DHCP Server Options

o 6.2.7 Lab: Create DHCP Exclusions

o 6.2.8 Lab: Create DHCP Client Reservations

o 6.2.9 Configure Client Addressing

 o 6.2.10 Lab: Configure Client Addressing for DHCP

o 6.3.2 IPv6 Interface Autoconfiguration and Testing

o 6.3.3 DHCPv6 Server Configuration

o 6.3.6 Set Up Alternate Addressing

o 6.4.1 DHCP Relay and IP Helper

o 6.4.2 DHCP Issues

o 6.4.3 Troubleshooting DHCP Exhaustion

o 6.4.4 Lab: Configure a DHCP Relay Agent

o 6.4.5 Lab: Add a DHCP Server on Another Subnet

o 6.4.6 Lab: Troubleshoot Address Pool Exhaustion

o 6.4.7 Lab: Explore DHCP Troubleshooting

o 6.4.8 Lab: Troubleshoot IP Configuration 1

o 6.4.9 Lab: Troubleshoot IP Configuration 2

o 6.4.10 Lab: Troubleshoot IP Configuration 3

o 6.6.1 Client DNS Issues

resources\text\t_dhcp_config_n09\
q_dhcp_config_client_dhcp_selection_n09.question.xml

 Question 22.

Correct

A project manager is visiting a new building and connects to the network.

The manager performs all connectivity tests by IP address but cannot ping by
host name.

What is MOST likely the problem?

answer

UPS issues

Duplicate MACs

DHCP

Correct Answer:
DNS

Explanation

If the project manager can successfully perform all connectivity tests by IP

address but cannot ping by host name, then this suggests a name resolution
problem.

Uninterruptible power supplies (UPSs) can keep servers, switches, and

routers running for a few minutes. This provides time to either switch in a
secondary power source (a generator) or shut down the system.

Dynamic Host Configuration Protocol (DHCP) is not likely the issue since the
project manager could resolve IP addresses. Host name issues usually point
to Domain Name System (DNS) issues.

Duplicate MAC addresses are unlikely to arise unless the network uses locally
administered addressing.

References

o 6.5.1 Host Names and Domain Names

o 6.5.2 DNS Hierarchy

o 6.5.3 Name Resolution Using DNS

o 6.5.4 Resource Record Types

o 6.5.5 Host Address and Canonical Name Records

o 6.5.6 Mail Exchange, Service, and Text Records

o 6.5.7 Pointer Records

o 6.5.8 DNS Server Configuration

o 6.5.9 Internal vs External DNS

o 6.5.10 DNS Security

o 6.5.11 Lab: Configure DNS Addresses

o 6.5.12 Lab: Create Standard DNS Zones

o 6.5.13 Lab: Create Host Records

o 6.5.14 Lab: Create CNAME Records

o 6.5.15 Lab: Troubleshoot DNS Records

 o 6.5.16 Configuring DNS Caching on Linux

o 6.6.1 Client DNS Issues

o 6.6.2 Name Resolution Issues

o 6.6.3 nslookup

o 6.6.4 dig

o 6.6.5 Lab: Explore nslookup

o 6.6.6 Lab: Use nslookup

resources\text\t_trouble_name_n09\
q_trouble_name_no_ping_available_n09.question.xml

 Question 23.

Correct

Which DHCP option is used to specify the DNS suffix?

answer

DNS servers

Default gateway

NTP servers

Correct Answer:

DNS suffix

Explanation

The DNS suffix option allows the DHCP server to specify the domain name
that clients should use for DNS resolution, which is crucial for network name
resolution and domain joining.

The default gateway specifies the router's IP address, not the DNS suffix.

DNS servers provide the IP addresses of DNS servers, not the DNS suffix.

NTP servers specify time synchronization servers, unrelated to the DNS

suffix.

References

o 6.2.1 DHCP Process

 o 6.2.3 DHCP Options

o 6.2.5 Lab: Configure a DHCP Server

o 6.2.6 Lab: Configure DHCP Server Options

o 6.2.10 Lab: Configure Client Addressing for DHCP

o 6.3.2 IPv6 Interface Autoconfiguration and Testing

resources\text\t_dhcp_options_n09\
q_dhcp_options_dns_suffix_n09.question.xml

 Question 24.

Correct

A company is experiencing network issues where client devices frequently

lose connectivity and must obtain new IP addresses more often than desired.

The network administrator discovers that the DHCP lease time is set very
low, causing IP addresses to be released and renewed too frequently. The
administrator decides to adjust the DHCP configuration to alleviate this issue.

To reduce the frequency of IP address renewals and improve network

stability, which DHCP setting should the administrator adjust?

answer

Decrease the T1 timer

Decrease the T2 timer

Increase the number of DHCP options

Correct Answer:

Increase the lease time

Explanation

Increasing the lease time is correct because increasing the lease time will
allow client devices to retain their IP addresses for a longer period, reducing
the frequency of renewals and improving network stability.

Decreasing the T1 timer would cause the client to attempt to renew its lease
even earlier, potentially exacerbating the issue of frequent renewals.
Decreasing the T2 timer would lead to earlier attempts to rebind to any
available DHCP server if the original server does not respond, which does not
address the issue of frequent lease renewals.

Adding more DHCP options does not directly affect the frequency of IP
address renewals. The number of DHCP options configured is unrelated to
lease time settings.

References

o 6.2.1 DHCP Process

o 6.2.2 DHCP Server Configuration

o 6.2.3 DHCP Options

o 6.2.5 Lab: Configure a DHCP Server

o 6.2.10 Lab: Configure Client Addressing for DHCP

o 6.3.2 IPv6 Interface Autoconfiguration and Testing

resources\text\t_dhcp_options_n09\
q_dhcp_options_lease_time_scenario_n09.question.xml

 Question 25.

Correct

Which of the following DHCP scope options assigns a static IP configuration

to a device using that device's MAC address?

answer

IP range

Default gateway

Exclusion

Correct Answer:

Reservation

Explanation

Reservations are static IP addresses that are not dynamically assigned by the
DHCP server. Reservations are assigned by the DHCP server using the
device's MAC address. Whenever the device with the specified MAC address
connects to the network, the DHCP server assigns it the reserved static IP
configuration.

Exclusions are IP addresses that the DHCP server does not assign.

The IP range defines the range of IP addresses that the DHCP server can
assign.

The default gateway defines where data packets that are leaving the network
should go.

References

o 6.2.1 DHCP Process

o 6.2.4 DHCP Reservations and Exclusions

o 6.2.5 Lab: Configure a DHCP Server

o 6.2.8 Lab: Create DHCP Client Reservations

o 6.2.10 Lab: Configure Client Addressing for DHCP

o 6.3.2 IPv6 Interface Autoconfiguration and Testing

resources\text\t_dhcp_reserves_n09\
q_dhcp_reserves_description_n09.question.xml

 Question 26.

Correct

Which utility is often used in Linux to release a DHCP lease?

answer

Correct Answer:

dhclient

ipconfig

dhcp-release

networkmanager

Explanation

dhclient is the standard utility in Linux for managing DHCP leases, including
obtaining and releasing IP addresses.
ipconfig is a Windows command and not used in Linux for DHCP
management.

dhcp-release is not a recognized command in Linux for releasing DHCP

leases.

While NetworkManager manages network connections in Linux, dhclient is

specifically used for DHCP lease management.

References

o 6.2.1 DHCP Process

o 6.2.3 DHCP Options

o 6.2.5 Lab: Configure a DHCP Server

o 6.2.6 Lab: Configure DHCP Server Options

o 6.2.10 Lab: Configure Client Addressing for DHCP

o 6.3.2 IPv6 Interface Autoconfiguration and Testing

resources\text\t_dhcp_options_n09\
q_dhcp_options_dhclinet_n09.question.xml

 Question 27.

Correct

A company experiences intermittent network issues where clients

occasionally lose network connectivity and report IP conflicts. After a quick
review, it's found that the DHCP scope is nearly exhausted, and there are
many temporary devices connecting and disconnecting from the network.

What action should the network administrator take to mitigate these issues?

answer

Increase the DHCP lease time to ensure stability.

Disable DHCP and use static IP addresses for all devices.

Implement MAC address filtering to restrict network access.

Correct Answer:

Create a new scope with enough addresses and reduce the lease period.

Explanation
The correct answer is to create a new scope with enough addresses and
reduce the lease period. Creating a new scope with more addresses and
reducing the lease period can help mitigate issues by ensuring there are
enough IP addresses for all devices and that addresses are quickly recycled
when devices disconnect from the network.

Disabling DHCP and using static IP addresses for all devices would be
impractical, especially with many temporary devices connecting and
disconnecting.

Increasing the DHCP lease time would exacerbate the problem by holding
onto IP addresses for longer periods, potentially leading to more IP conflicts
and exhaustion issues.

Implementing MAC address filtering does not address the root cause of the
issue, which is DHCP scope exhaustion and the need for efficient IP address
management.

References

o 6.2.1 DHCP Process

o 6.2.2 DHCP Server Configuration

o 6.2.5 Lab: Configure a DHCP Server

o 6.2.10 Lab: Configure Client Addressing for DHCP

o 6.3.2 IPv6 Interface Autoconfiguration and Testing

o 6.3.6 Set Up Alternate Addressing

o 6.4.2 DHCP Issues

o 6.4.4 Lab: Configure a DHCP Relay Agent

o 6.4.5 Lab: Add a DHCP Server on Another Subnet

resources\text\t_dhcp_issues_n09\
q_dhcp_issues_new_scope_scenario_n09.question.xml

 Question 28.

Correct

Which protocol uses Transport Layer Security (TLS) to secure DNS queries?

answer
Correct Answer:

DNS over DoT

DNS over SSL (DoS)

DNS over HTTPS (DoH)

Secure DNS (SDNS)

Explanation

The correct answer is DNS over Transport Layer Security (DoT). DoT uses TLS
to validate the resolver name server's digital certificate and encrypt DNS
traffic, providing security against tampering by threat actors.

DoH uses HTTPS to secure DNS queries, not TLS directly.

DNS over SSL (DoS) is not a recognized standard for securing DNS queries.

Secure DNS (SDNS) is a broad term and not a specific protocol like DoT.

References

o 6.5.10 DNS Security

resources\text\t_dns_security_n09\
q_dns_security_dns_over_dot_n09.question.xml

 Question 29.

Correct

Where can you view the name servers configured as resolvers in a Windows
environment?

answer

/etc/resolv.conf

Network settings

Correct Answer:

ipconfig /all

/etc/hosts

Explanation
The correct answer is the ipconfig /all command. The command ipconfig
/all in Windows displays all current TCP/IP network configuration values,
including the DNS servers configured as resolvers.

/etc/resolv.conf is used in Linux, not Windows.

While network settings might show DNS information, the question specifically
asks about viewing this via a command or file.

/etc/hosts is a file used for static host name to IP mappings, not for viewing
DNS resolver configurations.

ReferencesWhich command can be used on Windows to display the

FQDN of the local host?

o 6.5.4 Resource Record Types

o 6.5.9 Internal vs External DNS

resources\text\t_trouble_dns_n09\
q_trouble_dns_ipconfig_all_n09.question.xml

 Question 30.

Correct

What might be a symptom of a malicious attack on a DHCP server?

answer

Frequent IP address changes

Increased network speed

Correct Answer:

Address pool exhaustion

Decreased number of DHCP requests

Explanation

Address pool exhaustion can be a symptom of a malicious attack, such as a

DHCP flood where numerous fake DHCP requests are sent to the server to
deplete its pool of available IP addresses, preventing legitimate clients from
obtaining an IP address.

Increased network speed is not typically a symptom of a malicious attack on

a DHCP server.
Frequent IP address changes are more likely due to short lease times or
network configuration issues, not necessarily a malicious attack.

A decrease in the number of DHCP requests would not indicate an attack; an

attack would likely increase the number of requests to exhaust the address
pool.

References

o 6.4.2 DHCP Issues

o 6.4.3 Troubleshooting DHCP Exhaustion

o 6.4.6 Lab: Troubleshoot Address Pool Exhaustion

resources\text\t_dhcp_issues_n09\
q_dhcp_issues_address_exhaustion_n09.question.xml

6.6.6 Lab: Use nslookup

Candidate: Catalina Adams ()

Time Spent: 06:34

Score: 100%

Task Summary

Required Actions and Questions

Use nslookup -type=mx to query the DNS server.

Q1What is the primary IP address for the corpnet.xyz domain?

Your answer:198.28.1.1

Correct answer:198.28.1.1

Q2What is the IP address of the server that receives mail for corpnet.xyz?

Your answer:198.28.1.3

Correct answer:198.28.1.3

Q3Does the external DNS server match the internal DNS server regarding the
corpnet.xyz mail server?

Your answer:Yes
Correct answer:Yes

Explanation Click to open/close text to speech

Complete this lab as follows:

1. Use nslookup to find the primary IP address for the corpnet.xyz

domain.

a. From the Favorites bar, select Terminal.

b. At the prompt, type nslookup corpnet.xyz and press Enter.

c. From the top right, select Questions.

d. Answer Question 1.

2. Use nslookup to find the mail server for corpnet.xyz and its IP
address:

a. At the prompt, type nslookup -type=mx corpnet.xyz and

press Enter.

b. At the prompt, type nslookup www3.corpnet.xyz and

press Enter.

c. Answer Question 2.

3. Use nslookup to confirm the corpnet.xyz mail server information by

querying the external DNS server (ns1.nethost.net).

a. At the prompt, type nslookup -type=mx corpnet.xyz

ns1.nethost.net and press Enter.

b. Answer Question 3.

6.6.5 Lab: Explore nslookup

Candidate: Catalina Adams ()

Time Spent: 04:01

Score: 100%

Task Summary

Required Actions

Run nslookup on CorpWeb.CorpNet.local

Explore DNS with nslookup

Explanation Click to open/close text to speech

Complete this lab as follows:

1. Use nslookup to query the DNS for the CorpWeb server using its fully
qualified domain name.

a. Right-click Start and select Windows PowerShell (Admin).

b. At the PowerShell prompt, type nslookup

CorpWeb.CorpNet.local and press Enter.
The CorpDC DNS server responds with the name resolution
information for CorpWeb.

2. Use nslookup to query the CorpDC3 DNS server for CorpWeb.

a. Type nslookup
CorpWeb.CorpNet.local CorpDC3.CorpNet.local and
press Enter.
The CorpDC3 DNS server responds that it can't find CorpWeb.
CorpDC3 does not have a DNS record for CorpWeb.

3. Answer the following questions:

What is the Problem?

The information between the DNS databases is not consistent. Since
this DNS zone is an Active Directory-integrated zone, this indicates that
Active Directory is not synchronizing properly.

How would you resolve this problem?

You would likely attempt to force replication between the Active
Directory domain controllers. If CorpDC held a primary zone and
CorpDC3 held a secondary zone, you would likely initiate a zone
transfer to make sure that the DNS records were consistent between
servers.

How would you verify that the problem has been fixed?
After implementing the above solution, you could verify that the
problem was fixed by repeating step 2. The CorpDC3 DNS server
should respond with name resolution information for CorpWeb.

6.5.15 Lab: Troubleshoot DNS Records

Candidate: Catalina Adams ()

Time Spent: 02:02

Score: 100%

Task Summary

Lab Questions

Q1While testing connectivity, which ping commands were successful, if any?

Your answer:ping 192.168.0.15

Correct answer:ping 192.168.0.15

Create an A record for CorpWeb using 192.168.0.15

Q2After implementing your fix, which ping commands were successful?

Your answer:ping CorpWeb.CorpNet.local,ping 192.168.0.15

Correct answer:ping CorpWeb.CorpNet.local, ping 192.168.0.15

Explanation Click to open/close text to speech

Complete this lab as follows:

1. Test the connectivity to CorpWeb using the ping command.

a. Right-click Start and select Windows PowerShell (Admin).

b. At the prompt, type ping CorpWeb.CorpNet.local and

press Enter.

c. At the prompt, type ping 192.168.0.15 (the IP address for

CorpWeb) and press Enter.

d. From the top right, select Questions.

e. Answer Question 1.

f. Close PowerShell.

2. Access the CorpDC virtual server.

a. From Hyper-V Manager, select CORPSERVER.

b. Double-click CorpDC to connect to the server.

 c. Maximize the window for better viewing.

3. Create any DNS records needed to fix the problem.

a. In Server Manager, select Tools > DNS.

b. Expand CORPDC > Forward Lookup Zones.

c. Right-click CorpNet.local and select New Host (A or AAAA).

d. In the Name field, enter CorpWeb.

Notice that the fully qualified domain name (FQDN) is now
CorpWeb.CorpNet.local.

e. Enter 192.168.0.15 in the IP Address field.

f. Select Create associated pointer (PTR) record to

automatically create the PTR record for the new host.

g. Select Add Host.

h. Select OK.

i. Select Done to close the New Host dialog.

4. Test the connectivity to CorpWeb using the ping command.

a. Right-click Start and select Windows PowerShell (Admin).

b. At the prompt, type ping CorpWeb.CorpNet.local and

press Enter.

c. At the prompt, type ping 192.168.0.15 (the IP address for

CorpWeb) and press Enter.

d. Answer Question 2.

6.2.8Lab: Create DHCP Client Reservations

Candidate: Catalina Adams ()

Time Spent: 03:36

Score: 100%

Task Summary

Required Actions

Create a reservation for LaserJet4240-1Show Details

Create a reservation for LaserJet4240-2Show Details

Create a reservation for KonicaColorShow Details

Create a reservation for AcctPrinterShow Details

Create a reservation for SalesPrinterShow Details

Explanation

While completing this lab, use the following information:

Reservation IP MAC
Name Address Address

192.168.0.1 aa:61:82:df:04:
LaserJet4240-1
01 54

192.168.0.1 ce:fd:48:90:06:
LaserJet4240-2
02 23

192.168.0.1 c8:ba:99:cd:80:
KonicaColor
03 12

192.168.0.1 f1:a9:3e:f7:7d:
AcctPrinter
04 3b

192.168.0.1 df:a9:99:cd:80:
SalesPrinter
05 61

Complete this lab as follows:

1. Access the CorpDHCP virtual server.

a. From Hyper-V Manager, select CORPSERVER.

b. Maximize the Hyper-V Manager window to view the available

server.

c. Double-click CorpDHCP to connect to the server.

2. Configure the IP address.

a. From Server Manager, select Tools > DHCP.

b. Maximize the window for better viewing.

c. From the left pane,
expand CorpDHCP.CorpNet.local > IPv4 > Scope
[192.168.0.1] Subnet1.

d. Right-click Reservations and select New Reservation.

e. In the Reservation name field, enter a reservation name.

f. In the IP address field, enter the IP address.

g. In the MAC address field, enter the MAC address.

h. Under Supported types, select DHCP only (as needed).

i. Select Add to create the client reservation.

j. Select Yes to the DHCP prompt.

k. Repeat steps 2e - 2j for additional reservations.

l. Select Close.