Practice Free N10-009 Exam Online Questions
Question #1
Which of the following would most likely be utilized to implement encryption in transit when using HTTPS?
- A . SSH
- B . TLS
- C . SCADA
- D . RADIUS
Correct Answer: B
B
Explanation:
TLS (Transport Layer Security) is the protocol that provides encryption in transit for HTTPS. It ensures data is encrypted between the client (browser) and the web server, protecting it from interception or tampering.
B
Explanation:
TLS (Transport Layer Security) is the protocol that provides encryption in transit for HTTPS. It ensures data is encrypted between the client (browser) and the web server, protecting it from interception or tampering.
Question #2
Which of the following would allow a network administrator to analyze attacks coming from the internet without affecting latency?
- A . IPS
- B . IDS
- C . Load balancer
- D . Firewall
Correct Answer: B
B
Explanation:
An Intrusion Detection System (IDS) monitors and analyzes traffic to detect suspicious activity but does not sit in the traffic path, meaning it doesn’t affect latency. In contrast, an IPS is in-line and can introduce delay.
From Andrew Ramdayal’s guide:
“IDS monitors and alerts on malicious activity but does not block traffic, making it suitable for environments where low latency is critical.”
B
Explanation:
An Intrusion Detection System (IDS) monitors and analyzes traffic to detect suspicious activity but does not sit in the traffic path, meaning it doesn’t affect latency. In contrast, an IPS is in-line and can introduce delay.
From Andrew Ramdayal’s guide:
“IDS monitors and alerts on malicious activity but does not block traffic, making it suitable for environments where low latency is critical.”
Question #3
An administrator is troubleshooting a Layer 3 communication issue between the web server and the database server.
The administrator finds the following information:
Which of the following corrects the communication issue?
- A . Changing the subnet on the database server to 255.255.255.0
- B . Changing the subnet on the firewall to 255.255.255.128
- C . Changing the default gateway on the database server to 1.2.3.4
- D . Changing the IP address on the database server to 192.168.1.150
- E . Changing the gateway on the firewall to 192.168.1.1
Correct Answer: A
A
Explanation:
The problem is a subnet mismatch. The web server is using 255.255.255.0, which places it in the 192.168.1.0/24 network. The database server is using 255.255.255.128, which places 192.168.1.201 in the 192.168.1.128/25 network. So even though both addresses begin with 192.168.1, the two systems are not treating the network boundaries the same way.
That creates a Layer 3 communication issue because one host may believe the other device is local while the other host may treat traffic differently based on its smaller subnet. In a normal server segment like this, both systems should agree on the same mask if they are intended to be on the same network.
Changing the database server’s subnet mask to 255.255.255.0 fixes that inconsistency immediately. Then both servers and the firewall interface are using the same local network definition, and traffic can be handled properly.
The other options do not solve the real issue. Changing the firewall to /25 would break consistency for the rest of the segment. Pointing the database server to 1.2.3.4 is incorrect because that is outside the local subnet and appears to be an upstream route. Changing the IP to 192.168.1.150 still leaves the wrong mask in place. The clean fix is A.
A
Explanation:
The problem is a subnet mismatch. The web server is using 255.255.255.0, which places it in the 192.168.1.0/24 network. The database server is using 255.255.255.128, which places 192.168.1.201 in the 192.168.1.128/25 network. So even though both addresses begin with 192.168.1, the two systems are not treating the network boundaries the same way.
That creates a Layer 3 communication issue because one host may believe the other device is local while the other host may treat traffic differently based on its smaller subnet. In a normal server segment like this, both systems should agree on the same mask if they are intended to be on the same network.
Changing the database server’s subnet mask to 255.255.255.0 fixes that inconsistency immediately. Then both servers and the firewall interface are using the same local network definition, and traffic can be handled properly.
The other options do not solve the real issue. Changing the firewall to /25 would break consistency for the rest of the segment. Pointing the database server to 1.2.3.4 is incorrect because that is outside the local subnet and appears to be an upstream route. Changing the IP to 192.168.1.150 still leaves the wrong mask in place. The clean fix is A.
Question #3
An administrator is troubleshooting a Layer 3 communication issue between the web server and the database server.
The administrator finds the following information:
Which of the following corrects the communication issue?
- A . Changing the subnet on the database server to 255.255.255.0
- B . Changing the subnet on the firewall to 255.255.255.128
- C . Changing the default gateway on the database server to 1.2.3.4
- D . Changing the IP address on the database server to 192.168.1.150
- E . Changing the gateway on the firewall to 192.168.1.1
Correct Answer: A
A
Explanation:
The problem is a subnet mismatch. The web server is using 255.255.255.0, which places it in the 192.168.1.0/24 network. The database server is using 255.255.255.128, which places 192.168.1.201 in the 192.168.1.128/25 network. So even though both addresses begin with 192.168.1, the two systems are not treating the network boundaries the same way.
That creates a Layer 3 communication issue because one host may believe the other device is local while the other host may treat traffic differently based on its smaller subnet. In a normal server segment like this, both systems should agree on the same mask if they are intended to be on the same network.
Changing the database server’s subnet mask to 255.255.255.0 fixes that inconsistency immediately. Then both servers and the firewall interface are using the same local network definition, and traffic can be handled properly.
The other options do not solve the real issue. Changing the firewall to /25 would break consistency for the rest of the segment. Pointing the database server to 1.2.3.4 is incorrect because that is outside the local subnet and appears to be an upstream route. Changing the IP to 192.168.1.150 still leaves the wrong mask in place. The clean fix is A.
A
Explanation:
The problem is a subnet mismatch. The web server is using 255.255.255.0, which places it in the 192.168.1.0/24 network. The database server is using 255.255.255.128, which places 192.168.1.201 in the 192.168.1.128/25 network. So even though both addresses begin with 192.168.1, the two systems are not treating the network boundaries the same way.
That creates a Layer 3 communication issue because one host may believe the other device is local while the other host may treat traffic differently based on its smaller subnet. In a normal server segment like this, both systems should agree on the same mask if they are intended to be on the same network.
Changing the database server’s subnet mask to 255.255.255.0 fixes that inconsistency immediately. Then both servers and the firewall interface are using the same local network definition, and traffic can be handled properly.
The other options do not solve the real issue. Changing the firewall to /25 would break consistency for the rest of the segment. Pointing the database server to 1.2.3.4 is incorrect because that is outside the local subnet and appears to be an upstream route. Changing the IP to 192.168.1.150 still leaves the wrong mask in place. The clean fix is A.
Question #5
Which of the following objectives does an evil twin achieve?
- A . DNS poisoning
- B . Login credentials
- C . ARP spoofing
- D . Denial of service
Correct Answer: B
B
Explanation:
An evil twin attack is when an attacker sets up a rogue access point (AP) with the same SSID as a legitimate one to trick users into connecting. Once users connect, attackers often present fake login pages or capture unencrypted session data to steal login credentials.
B
Explanation:
An evil twin attack is when an attacker sets up a rogue access point (AP) with the same SSID as a legitimate one to trick users into connecting. Once users connect, attackers often present fake login pages or capture unencrypted session data to steal login credentials.
Question #6
Which of the following does a router use to determine the preferred route?
- A . Shortest prefix match
- B . Routes learned from EIGRP
- C . Longest prefix match
- D . Routes learned from OSPF
Correct Answer: C
C
Explanation:
Routers determine the best route to a destination using longest prefix match. This means the router chooses the route entry with the most specific matching network prefix for the destination IP address. For example, if a routing table contains 10.1.0.0/16 and 10.1.2.0/24, a packet destined to 10.1.2.50 matches both entries, but the router prefers /24 because it is more specific (longer mask). Network+ (N10-009) routing fundamentals emphasize that route selection begins with prefix length specificity before considering other factors within the same prefix length (such as administrative distance and metric, depending on the platform).
“Shortest prefix match” is the opposite of correct behavior. “Routes learned from EIGRP” and “routes learned from OSPF” describe sources of routes, not the general selection rule routers use when multiple matching routes exist. Even if routes come from different protocols, the router still applies selection logic; the universal rule for matching destination networks is longest prefix match. Hence, option C is correct.
C
Explanation:
Routers determine the best route to a destination using longest prefix match. This means the router chooses the route entry with the most specific matching network prefix for the destination IP address. For example, if a routing table contains 10.1.0.0/16 and 10.1.2.0/24, a packet destined to 10.1.2.50 matches both entries, but the router prefers /24 because it is more specific (longer mask). Network+ (N10-009) routing fundamentals emphasize that route selection begins with prefix length specificity before considering other factors within the same prefix length (such as administrative distance and metric, depending on the platform).
“Shortest prefix match” is the opposite of correct behavior. “Routes learned from EIGRP” and “routes learned from OSPF” describe sources of routes, not the general selection rule routers use when multiple matching routes exist. Even if routes come from different protocols, the router still applies selection logic; the universal rule for matching destination networks is longest prefix match. Hence, option C is correct.
Question #7
During a VoIP call, a user notices inconsistent audio and logs an incident ticket. A network administrator notices inconsistent delays in arrival of the RTP packets.
Which of the following troubleshooting tools should the network administrator use to determine the issue?
- A . Toner and probe
- B . Protocol analyzer
- C . Cable tester
- D . Spectrum reader
Correct Answer: B
B
Explanation:
Inconsistent arrival of RTP (Real-Time Protocol) packets indicates jitter or latency variation. A protocol analyzer (packet sniffer, e.g., Wireshark) can capture and analyze RTP streams, showing delay, jitter, and packet loss statistics.
B
Explanation:
Inconsistent arrival of RTP (Real-Time Protocol) packets indicates jitter or latency variation. A protocol analyzer (packet sniffer, e.g., Wireshark) can capture and analyze RTP streams, showing delay, jitter, and packet loss statistics.
Question #8
A network engineer needs to prioritize traffic over a link with the goal of more effectively utilizing the connection.
Which of the following should the engineer implement?
- A . CDN
- B . VPN
- C . TTL
- D . QoS
Correct Answer: D
D
Explanation:
To prioritize traffic and utilize a constrained link more effectively, the engineer should implement QoS (Quality of Service). QoS is a set of mechanisms that classifies and marks traffic (for example, voice, video, business-critical apps) and then applies queuing and scheduling behaviors to ensure important traffic receives preferential treatment during congestion. Network+ objectives commonly connect QoS to supporting real-time applications (VoIP/video) by reducing latency, jitter, and packet loss, while preventing less critical traffic (bulk transfers, updates) from consuming all available bandwidth. Techniques can include traffic classification, DSCP marking, priority queuing, and traffic shaping/policing.
A CDN improves content delivery by caching closer to users, but it doesn’t provide link-level prioritization for all traffic types. A VPN provides secure tunneling/encryption, not prioritization. TTL (Time To Live) is an IP header value used to prevent routing loops by limiting packet lifespan; it does not manage bandwidth or prioritize flows. QoS is the standard solution when the goal is to control how bandwidth is allocated under load and to ensure critical services remain performant.
D
Explanation:
To prioritize traffic and utilize a constrained link more effectively, the engineer should implement QoS (Quality of Service). QoS is a set of mechanisms that classifies and marks traffic (for example, voice, video, business-critical apps) and then applies queuing and scheduling behaviors to ensure important traffic receives preferential treatment during congestion. Network+ objectives commonly connect QoS to supporting real-time applications (VoIP/video) by reducing latency, jitter, and packet loss, while preventing less critical traffic (bulk transfers, updates) from consuming all available bandwidth. Techniques can include traffic classification, DSCP marking, priority queuing, and traffic shaping/policing.
A CDN improves content delivery by caching closer to users, but it doesn’t provide link-level prioritization for all traffic types. A VPN provides secure tunneling/encryption, not prioritization. TTL (Time To Live) is an IP header value used to prevent routing loops by limiting packet lifespan; it does not manage bandwidth or prioritize flows. QoS is the standard solution when the goal is to control how bandwidth is allocated under load and to ensure critical services remain performant.
Question #9
An organization moved its DNS servers to new IP addresses. After this move, customers are no longer able to access the organization’s website.
Which of the following DNS entries should be updated?
- A . AAAA
- B . CNAME
- C . MX
- D . NS
Correct Answer: D
D
Explanation:
When an organization moves its DNS servers to new IP addresses, the NS (Name Server) records must be updated. The NS record defines which DNS servers are authoritative for a domain. Ifthese records still point to the old IP addresses, clients will continue to query the outdated servers, leading to connectivity issues.
Breakdown of Options:
D
Explanation:
When an organization moves its DNS servers to new IP addresses, the NS (Name Server) records must be updated. The NS record defines which DNS servers are authoritative for a domain. Ifthese records still point to the old IP addresses, clients will continue to query the outdated servers, leading to connectivity issues.
Breakdown of Options:
Question #10
An organizatin is struggling to get effective coverage using the wireless network. The organization wants to implement a solution that will allow for continous connectivity anywhere in the facility.
Which of the following should the network administ rator suggest to ensure the best coverage?
- A . Implementing additional ad hoc access points
- B . Providing more Ethernet drops for user connections
- C . Deploying a mesh network in the building
- D . nl Changing the current frequency of the WI-FI
Correct Answer: C