CompTIA Linux+ XK0-006 (V8) Practice Question

The correct answer is to use iptables -L -n. Given the scenario, the administrator has already confirmed that the physical layer (interface is up), IP layer (correct IP address), and application layer (service is listening) are configured correctly on the server. The symptoms of being completely unreachable, even by a ping on the local subnet, strongly suggest that a host-based firewall is blocking the traffic. The iptables -L -n command lists the current firewall rules for the filter table without performing DNS lookups, allowing the administrator to quickly verify if rules are in place that are dropping ICMP (ping) and TCP port 80 packets.

• ip route show is incorrect because routing issues typically affect connectivity between different subnets. Communication between devices on the same subnet does not usually involve a router.
• arp -n is incorrect because while ARP issues or IP conflicts can cause connectivity problems, a firewall is a more likely culprit for blocking all incoming traffic to a new server. This would be a secondary check if the firewall is found to be open.
• ss -s is incorrect because this command shows a summary of socket statistics. The administrator has already confirmed the service is listening, and this summary command will not provide details on why incoming packets are not reaching the socket.