Practice Free N10-009 Exam Online Questions
Which of the following is a type of NAC that uses a set of policies to allow or deny access to the network based on the user’s identity?
- A . Standard ACL
- B . MAC filtering
- C . 802.1X
- D . SSO
C
Explanation:
A network technician is working on a PC with a faulty NIC. The host is connected to a switch with secured ports. After testing the connection cables and using a known-good NIC, the host is still unable to connect to the network.
Which of the following is causing the connection issue?
- A . MAC address of the new card
- B . BPDU guard settings
- C . Link aggregation settings
- D . PoE power budget
A
Explanation:
If a switch has port security enabled (such as sticky MAC or a configured allowed MAC), the port will only allow the original NIC’s MAC address. When a new NIC with a different MAC address is installed, the port rejects traffic, preventing network connectivity.
B. BPDU guard protects against rogue switches, not end hosts.
C. Link aggregation applies when bundling multiple uplinks, not a single PC connection.
D. PoE budget applies to powered devices like APs, not PCs.
Reference (CompTIA Network+ N10-009):
Domain: Network Troubleshooting ― Port security, MAC address filtering, switch security features.
A network administrator is implementing security zones for each department.
Which of the following should the administrator use to accomplish this task?
- A . ACLs
- B . Port security
- C . Content filtering
- D . NAC
A
Explanation:
Understanding ACLs:
Access Control Lists (ACLs): A set of rules used to control network traffic and restrict access to network resources by filtering packets based on IP addresses, protocols, or ports.
Implementing Security Zones:
Defining Zones: ACLs can be used to create security zones by applying specific rules to different departments, ensuring that only authorized traffic is allowed between these zones.
Control Traffic: ACLs control inbound and outbound traffic at network boundaries, enforcing security policies and preventing unauthorized access.
Comparison with Other Options:
Port Security: Limits the number of devices that can connect to a switch port, preventing MAC address flooding attacks, but not used for defining security zones.
Content Filtering: Blocks or allows access to specific content based on predefined policies, typically used for web filtering rather than network segmentation.
NAC (Network Access Control): Controls access to the network based on the security posture of devices but does not define security zones.
Implementation Steps:
Define ACL rules based on the requirements of each department.
Apply these rules to the appropriate network interfaces or firewall policies to segment the network into security zones.
Reference: CompTIA Network+ study materials on network security and access control methods.
Which of the following disaster recovery concepts is calculated by dividing the total hours of operation by the total number of units?
- A . MTTR
- B . MTBF
- C . RPO
- D . RTO
B
Explanation:
Introduction to Disaster Recovery Concepts:
Disaster recovery involves strategies and measures to ensure business continuity and data recovery in the event of a disaster.
Mean Time Between Failures (MTBF):
MTBF is a reliability metric used to predict the time between failures of a system during operation. It is calculated by dividing the total operational time by the number of failures.
Formula: MTBF=Total Operational Time Number of Failurestext{MTBF} = frac{text{Total Operational Time}}{text{Number of Failures}}MTBF=Number of Failures Total Operational Time
This metric helps in understanding the reliability and expected lifespan of systems and components.
Example Calculation:
If a server operates for 1000 hours and experiences 2 failures, the MTBF is: MTBF=1000 hours2=500 hourstext{MTBF} = frac{1000 text{ hours}}{2} = 500 text{ hours}MTBF=21000 hours =500 hours
Explanation of the Options:
Which of the following best describes a group of devices that is used to lure unsuspecting attackers and to study the attackers’ activities?
- A . Geofencing
- B . Honeynet
- C . Jumpbox
- D . Screened subnet
B
Explanation:
A honeynet is a network of honeypots designed to attract and study attackers. Honeypots are decoy systems set up to lure cyber attackers and analyze their activities. A honeynet, being a collection of these systems, provides a broader view of attack methods and patterns, helping organizations improve their security measures.
Reference: CompTIA Network+ Exam Objectives and official study guides.
A network engineer is testing a website to ensure it is compatible with IPv6. After attempting to ping the website by its IPv6 address, the engineer determines that the DNS has not been set up properly.
Which of the following should the network engineer complete to resolve this issue?
- A . Enable a PTR record.
- B . Update the existing TXT record.
- C . Add a new AAAA record.
- D . Configure a secondary NS record.
C
Explanation:
• AAAA records map domain names to IPv6 addresses, enabling proper resolution.
• PTR records (A) are for reverse DNS lookups.
• TXT records (B) store text-based information, not IP addresses.
• NS records (D) define authoritative name servers but don’t directly affect IPv6 resolution.
Reference: CompTIA Network+ N10-009 Official Documentation C DNS Configuration & IPv6.
While troubleshooting a VoIP handset connection, a technician’s laptop is able to successfully connect to network resources using the same port. The technician needs to identify the port on the switch.
Which of the following should the technician use to determine the switch and port?
- A . LLDP
- B . IKE
- C . VLAN
- D . netstat
A
Explanation:
Link Layer Discovery Protocol (LLDP) is a network protocol used for discovering devices and their capabilities on a local area network, primarily at the data link layer (Layer 2). It helps in identifying the connected switch and the specific port to which a device is connected. When troubleshooting a VoIP handset connection, the technician can use LLDP to determine the exact switch and port where the handset is connected. This protocol is widely used in network management to facilitate the discovery of network topology and simplify troubleshooting.
Other options such as IKE (Internet Key Exchange), VLAN (Virtual LAN), and netstat (network statistics) are not suitable for identifying the switch and port information. IKE is used in setting up secure IPsec connections, VLAN is used for segmenting networks, and netstat provides information about active connections and listening ports on a host but not for discovering switch port details.
Reference: CompTIA Network+ Certification Exam Objectives – Network Troubleshooting and Tools section.
Which of the following network traffic types is sent to all nodes on the network?
- A . Unicast
- B . Broadcast
- C . Multicast
- D . Anycast
B
Explanation:
Comprehensive and Detailed Explanation (aligned to N10-009):
A broadcast message is delivered to all nodes in a broadcast domain (e.g., ARP requests).
A customer calls the help desk to report issues connection to the internet. The customer can reach a local database server.
A technician goes to the site and examines the configuration:
Which of the following is causing the user’s issue?
- A . Incorrect DNS
- B . Unreachable gateway
- C . Failed root bridge
- D . Poor upstream routing
B
Explanation:
The customer can access local resources (a database server), which means local networking is working. However, the inability to reach the internet suggests an issue with the default gateway. If the default gateway is unreachable, packets will not be routed outside the local network.
Breakdown of Options:
An administrator is configuring a switch that will be placed in an area of the office that is accessible to customers.
Which of the following is the best way for the administrator to mitigate unknown devices from connecting to the network?
- A . SSE
- B . ACL
- C . Perimeter network
- D . 802.1x
D
Explanation: