Network Troubleshooting Quiz

Questions and Answers

What tool should be used to verify connectivity on the management port?

• Ping
• nslookup
• tcping (correct)
• traceroute

What is an essential step in ensuring management traffic can reach network devices?

• Configure firewall rules correctly (correct)
• Reboot the monitoring server
• Disconnect all other devices
• Enable SNMP only

What should be done first when troubleshooting desktop performance issues?

• Reinstall the operating system
• Update all software applications
• Run a full antivirus scan
• Check Task Manager for resource usage (correct)

Which of the following actions can help resolve issues caused by corrupted application files?

Reinstalling the application (C)

What is the purpose of the 'sfc /scannow' command?

To repair corrupted system files (A)

Which step is NOT recommended when troubleshooting Blue Screen of Death (BSOD) errors?

Ignore the error and continue using the computer (D)

What should be done if applications are suspected of causing performance issues?

Clear temporary files used by those applications (B)

Which of the following is NOT a step to take when checking for malware on a desktop?

Disable all installed antivirus software (A)

What should be done first if Defender detects malware but cannot remove it fully?

Run Defender's Offline Scan to try removing persistent threats. (C)

Which step is NOT part of troubleshooting when SentinelOne agent does not connect to the management console?

Reboot the management console server. (C)

What is the first action to take if Webroot fails to update its virus definitions?

Check the internet connection and firewall settings. (D)

When Microsoft Defender is disabled by Group Policy, what is the crucial command to apply policy changes?

gpupdate /force (D)

If real-time protection in Defender is disabled, what action should NOT be taken?

Manually delete all Defender quarantine items. (C)

In which scenario should you consider manually deleting suspicious files or registry entries?

After identifying them during a previous malware assessment. (C)

Which should be done if the SentinelOne agent still cannot connect after basic troubleshooting?

Re-enroll the device in SentinelOne if necessary. (D)

What must you ensure if Group Policy disables Microsoft Defender?

That there are no conflicting settings in Intune. (A)

What is the first step to troubleshoot Kaspersky not initiating scans on external drives?

Open Kaspersky settings and navigate to scan options. (C)

When troubleshooting a user who cannot access Outlook, which step is irrelevant?

Ensure the user has Outlook installed on their device. (A)

What should be verified if a user reports being unable to access a SharePoint site?

The user’s permissions were recently modified on the SharePoint site. (D)

Which troubleshooting step is necessary when a device is not recognized correctly in the operating system while scanning with Kaspersky?

Verify that the external drive is functioning properly with another device. (D)

Which action should be taken if a user is not receiving MFA prompts during sign-in?

Check if the user's account has MFA enabled and properly configured. (B)

What is a potential reason a user may see a "Something went wrong" error when accessing Outlook?

The user's Outlook license is not assigned or is inactive. (D)

What is the correct step to troubleshoot if a user cannot access their SharePoint site?

Ensure the user’s account is still active and licensed for SharePoint. (C)

Which step should be taken last if Kaspersky isn't scanning external drives?

Restart the system if the issue persists and try scanning again. (D)

What is a necessary step to troubleshoot a user's inability to share files with external users in OneDrive or SharePoint?

Verify the organization's sharing settings in SharePoint Admin Center. (D)

Which action should be taken first when a user encounters device compliance issues accessing Microsoft 365 resources?

Review the user's device compliance status in Intune. (D)

If a remote worker cannot sign into Microsoft 365 from a new location, which policy should be reviewed first?

The Conditional Access policy regarding geographic restrictions. (B)

Which troubleshooting step is essential when a user’s account indicates a risky sign-in attempt?

Check for high-risk sign-in flags on the user's account. (A)

What should be confirmed regarding the user's device before accessing Microsoft 365 when compliance issues arise?

The presence of up-to-date security configurations. (A)

When advising a user who cannot share files externally, which consideration should be reviewed last?

User feedback on sharing methods. (C)

What is a recommended action if a user is blocked from signing in due to a Conditional Access policy?

Adjust the policy settings temporarily or include the new location. (C)

When reviewing external sharing settings in SharePoint, what should you primarily focus on?

The organization's sharing settings. (D)

What is the first step to take when a device enrollment fails due to a Conditional Access policy blocking access?

Check the specific requirements of the Conditional Access policy (D)

What should be verified to ensure a device can successfully enroll without conflicts?

Ensure there are no conflicting policies applied to the same device (D)

Which action is NOT recommended when troubleshooting a device enrollment failure due to Conditional Access?

Ignore the device group membership (C)

What should be done after confirming compliance requirements are met for device enrollment?

Initiate a sync from Intune to update compliance status (B)

After reviewing a Conditional Access policy, which aspect should also be verified to resolve enrollment issues?

Confirm user and device group membership in the Azure AD (B)

What is the first step to troubleshoot a non-compliant device due to missing BitLocker encryption?

Check the encryption policy compliance requirement. (B)

Which command can be used to manually evaluate compliance on a device?

Invoke-ComplianceEvaluation (B)

What should be checked first if an application fails to deploy through Intune?

Ensure the application is assigned to the correct user or device group. (C)

What action should be taken if using Microsoft Defender for antivirus?

Check for updates manually or schedule them. (D)

What is necessary to confirm device compliance regarding BitLocker?

Confirm that the latest encryption policy is deployed. (B)

When troubleshooting a compliance policy issue, what should be checked regarding the device?

If the device has met compliance policy requirements. (A)

Which of the following is NOT a step in troubleshooting a failed app deployment via Intune?

Reinstall the entire Intune application. (B)

What should be done if the device lacks sufficient storage for an application?

Delete unnecessary files from the device. (C)

Flashcards

Ping Device IP

Verify network reachability by checking if a device's IP address can be reached.

TCPing Management Port

Using tcping to test connectivity to a device's management port (like 22 for SSH).

Check Firewall Rules

Ensure firewall settings allow monitoring server access to the device.

Verify SNMP/SSH

Confirm that SNMP or SSH (if used) are properly activated and configured on the device.

Update Device Firmware

Applying firmware updates to resolve network or management problems.

Check Task Manager (Desktop)

Analyze CPU, memory, and disk usage in Task Manager (Windows) to pinpoint excessive resource consumption

Disable Startup Programs (Desktop)

Reduce background program load by stopping unwanted programs from starting with Windows.

Check for Application Updates (Desktop)

Ensuring the application is up-to-date.

Offline Scan

A scan performed by antivirus software when the system is not actively running, allowing for removal of persistent threats.

SentinelOne Agent Disconnection

The SentinelOne agent fails to connect to the management console.

Webroot Update Failure

Webroot antivirus cannot download or install updated virus definitions.

Defender Disabled by Group Policy

Microsoft Defender is disabled or grayed out due to a Group Policy setting.

Firewall Blocking SentinelOne

Network settings or firewalls prevent communication between the endpoint and the SentinelOne management console.

Remove-MpThreat Cmdlet

A PowerShell cmdlet used to remove identified malware threats.

Group Policy Editor

Tool used to manage and configure Group Policy settings, affecting system and user settings.

Firewall and Network Settings

Security measures that control incoming and outgoing network traffic (e.g., firewall rules, internet access).

Kaspersky scan external drives

Ensuring Kaspersky anti-virus software scans external drives.

Microsoft 365 Outlook access

Troubleshooting user inability to access Outlook, "Something went wrong" error.

SharePoint site access

Troubleshooting user's inability to access a SharePoint site.

MFA prompts

Troubleshooting missing Multi-Factor Authentication prompts during login.

External drive recognition

Verifying that the operating system correctly recognizes external drives

User access issues (Microsoft 365)

Troubleshooting problems with users accessing different Microsoft 365 features and services.

Group Policy Permissions

Checking if changes to Group Policy require additional permissions from the IT administrator

Kaspersky update

Make sure your Kaspersky anti-virus software is up-to-date.

External Sharing Blocked

Users cannot share files with external users in OneDrive or SharePoint.

Device Compliance Policy

A user's inability to access Microsoft 365 due to their device failing to meet security requirements.

Remote Sign-in Issues

A remote worker cannot sign into Microsoft 365 from a new location.

Risky Sign-in Alert

User receives an alert for a potentially suspicious sign-in attempt.

Teams Connectivity Problems

User experiences difficulties connecting to Microsoft Teams.

Conditional Access

Tool for managing access to Microsoft 365 resources based on device and user context.

Sharing Permissions

Ensuring the user has the necessary permissions to share files.

Account Flagged for High Risk

User's account is marked as potentially vulnerable to attack due to past sign-in activity.

Antivirus Installation

Ensuring a protection program (Microsoft Defender or third-party) is installed and up-to-date.

App Deployment Failure

A problem where an app doesn't load on a device via Intune, requiring troubleshooting.

Compliance Policy

Settings that dictate what policies must be met on a device.

BitLocker Encryption

A mandatory hard drive encryption security measure for non-compliant devices.

Device Enrollment

The connection of a device to the Intune management platform.

Conditional Access Policy Conflict

A device enrollment failure caused by a Conditional Access policy preventing access.

Intune Logs

Troubleshooting logs for devices managed by Intune for aiding in resolving issues.

Compliance Check

Manually triggering a device compliance assessment.

Compliance Sync

Manually updating the status of a device's compliance with defined standards.

Intune Device Sync

Updating device compliance status by syncing with Intune.

App Assignment

Confirm that an application has been granted access to the assigned users or devices.

Conditional Access Exclusion

Temporarily removing a device from a Conditional Access policy to allow enrollment troubleshooting, during a test.

Azure AD Group Membership

Verifying a user and device are in the correct Azure Active Directory groups.

Study Notes

Network Troubleshooting

• Connectivity issues involve ping tests using tools like Wireshark
• Firewall policies, port blocking, and VPN connectivity issues are also addressed
• Website access problems are diagnosed through ping tests to verify IP connectivity, DNS resolution checks, and firewall checks.
• TCPing tests are used to see if website ports are open.
• Website access is confirmed or issues are identified and resolved with different browsers or by disabling extensions.
• Intermittent connectivity issues are troubleshooted through Gateway ping tests, network cable/Wi-Fi signal checks and IP conflict verification using arp -a

VPN Connectivity Issues

• Internal resource access problems are addressed by checking VPN IP addresses, pinging internal resources verifying firewall policy and DNS settings.
• Route table is checked to see if routes to internal subnets are present.

Network Latency Issues

• High latency issues in network applications are identified by ping tests.
• Traceroutes help pinpoint points of latency in the network path.
• TCPing specific ports is used to identify any delays in connection establishment.
• Bandwidth testing and QoS settings are verified.

File/Folder Permission Issues

• File server reachability is verified through ping tests.
• Port 445 (SMB) is checked for accessibility.
• DNS resolution to hostname is checked.
• User permissions for the network share are confirmed.
• File/folder ownership, permissions and encryption are checked if access to file/folder is restricted.

Slow Network Speeds

• Ping tests to confirm packet loss or high latency are performed.
• Network bandwidth usage is checked for bottlenecks.
• QoS settings and throttling policies are examined.
• Latency is measured using tcping to services/websites.
• Device network adapter settings are verified.

User Can't Connect to Remote Desktop via VPN

• Connectivity to the remote machine’s IP address is checked
• Firewall policy is confirmed to allow RDP (usually on port 3389) through the VPN.
• tcping test on port 3389 is used to confirm that the RDP port is open.
• Correct routing between the VPN subnet and internal network is confirmed.
• User has the correct permission to access remote desktop

Network Device Inaccessibility

• Device IP is confirmed to be reachable on the network.
• TCPing tests are performed on the management port.
• Firewall rules are checked to verify if traffic from the monitoring server to devices is allowed.
• SNMP/SSH settings are checked for enabling.
• Firmware is verified to be up-to-date.

Application Crashes or Freezes

• Application updates are checked for updates.
• Temporary files are cleared.
• Logs in Event viewer are checked for error codes.
• Applications are run in compatibility mode with older OS versions if necessary.
• Corrupted files are replaced by reinstalling the application.

Blue Screen of Death (BSOD)

• BSOD error code is recorded.
• Recent driver, hardware or update installations are checked.
• System files are scanned and repaired using the command sfc /scannow in the command prompt.
• Drivers, especially graphics and chipset drivers, are updated.
• Windows memory diagnostic is run to check for faulty RAM.

Printer Not Responding

• Printer connection is checked
• Print Spooler service is restarted
• Printer drivers are updated.
• Default printer is verified to be correct.
• Printing from a different application is tested.

Network Connectivity Issues

• Physical connections to the network cable or Wi-Fi signal strength are checked.
• Network troubleshooter is run for automatic diagnostics.
• DNS is flushed.
• Firewall is disabled temporarily to see if blocking the connection.
• Testing with another device verifies the network and user's device compatibility for connection problems.

Account Lockout or Login Issues

• Checking password expiry, especially in domain environments.
• Resetting a user’s password if they are locked out
• Checking logs in Event Viewer for login attempts.
• Verifying Network Connection if login requires domain authentication
• Clearing Cached Credentials if there are conflicting credentials

File or Folder Permission Issues

• Checking File Properties and verifying permissions under Security.
• Taking ownership of the files or folders if access is restricted.
• Adjusting permissions to allow user full access if necessary.
• Checking for encryption and ensuring the user has the correct encryption key.
• Checking Network drive permissions.

Firewall and Security Troubleshooting

• Firewall rules, access issues, and threat logs are addressed.
• FortiClient VPN troubleshooting is mentioned.

Application Traffic Blocked

• Recent changes to firewall rules are reviewed.
• Logs are analyzed to check if application traffic is denied.
• Application ports are verified to ensure firewall rules permit application usage
• Temporary rules are created to verify if traffic flows correctly.

Unauthorized Access Attempts

• Source IP address is identified.
• Firewall rules are created to block incoming traffic from the suspicious IP.
• Existing vulnerabilities are checked
• Geo-IP blocking is enabled if needed.
• Continued monitoring of logs is performed to identify new access attempts.

FortiClient VPN Problems

• VPN gateway reachability is confirmed through ping tests.
• Required VPN ports are checked (e.g., 443, 500, 4500).
• VPN credentials are confirmed to be correct
• Firewall policy allowing VPN traffic is confirmed.
• tcping tests are performed on the VPN port to confirm connectivity to the gateway.

Remote User Cannot Connect to VPN

• Configurations for VPN server address, username and password are verified.
• User VPN permissions are verified.
• Necessary firewall ports are confirmed to be open (example 443 or 500/4500 for IPsec).
• Logs are reviewed for any errors.
• Latest FortiClient version is verified

Internal Service Unreachable

• Recent rule changes are reviewed to see if they are causing an issue.
• Required ports for the internal service are confirmed to be allowed.
• Network segmentation is confirmed and restrictions, if any, are addressed.
• Internal traffic is tested to check service reachability.

High Traffic from Unusual IP

• Source IP address details are identified and checked for malicious sources.
• Temporary block rule for the IP address is created.
• Traffic patterns are analyzed.
• Internal device compromises and unusual traffic are checked.
• Permanent block of the IP is implemented if necessary.

New Server Failing to Connect to the Internet

• IP and Gateway settings are checked.
• Outbound rules are verified to permit internet access for server's subnet.
• NAT configuration is checked for correct routing of internet-bound traffic.
• Firewall logs are checked for any blocked traffic.
• Connectivity is checked with ping and traceroute to diagnose connection failures.

User Account Locked

• Checking password expiry in domain environments
• Resetting the user’s password if locked out
• Reviewing logs for login attempts.
• Checking network connection if domain authentication is required.
• Checking and clearing cached credentials

Failed Open Ports/Services Audit

• Identified open ports are reviewed in the firewall configuration.
• Validation if ports are essential to applications/services.
• Ports that are not necessary are closed.
• Logging for open ports is enabled.
• Routine port scans are scheduled for future unexpected open ports

Microsoft 365 issues

• OneDrive Sync Issues: Checking user login, disk space, cache clearing and checking the correctness of user account names/passwords.
• OneDrive Permissions Issues: Validating sharing permissions, email addresses, file restrictions and re-sharing files with correct permissions.
• SharePoint Access Denied: Verifying user permissions, validating account activity, clearing cache and checking for compliance policies.
• SharePoint Synchronization Issues: Confirming OneDrive installation, checking SharePoint permissions and clearing cached data.
• Email delivery failure: Checking for email policy restrictions, ensuring the email address is valid, testing with other external domains and checking if external domains are blocked.
• Email Attachment Issues: Checking file size limits, file sharing via other means such as links and confirming that the email client is updated.

Device Management

• Device enrollment failure: Checking user licenses, network connectivity, enrollment status page, enrollment restrictions and compliance policies.
• Autopilot Enrollment Issues: Verifying profile assignment, resetting device, checking internet connectivity, checking logs for errors
• Device non-compliance: Checking antivirus, compliance policy settings, syncing the devices and checking firewall settings
• Application Deployment Failures: Confirming App assignment and checking installation requirements.
• Security compliance policy warnings: Confirming compliance policy requirements and manually triggering a compliance check.
• Autopilot stuck in Identifying phase: Checking Network Access, reviewing Autopilot profile and resetting the device if needed..

Additional Notes

• Best practices and troubleshooting tips for ongoing management are discussed.
• Information is provided on resolving synchronization issues related to specific Microsoft 365 services (OneDrive and SharePoint), network connectivity, and device management.
• Best practices for resolving common email issues, like large file attachments, external domain problems, and bounce-back issues, are noted.
• Using tools like gpupdate /force, sfc /scannow, chkdsk /f, ipconfig /flushdns, netsh int ip reset, arp -a, tcping and others may help with troubleshooting different errors.

Description

Test your knowledge on network troubleshooting techniques, including connectivity issues, VPN connectivity, and network latency problems. This quiz covers various methods and tools such as ping tests, firewall checks, and DNS resolution to diagnose and resolve network problems.