Practice Free N10-009 Exam Online Questions
Question #120
A technician needs to set up a wireless connection that utilizes MIMO on non-overlapping channels.
Which of the following would be the best choice?
- A . 802.11a
- B . 802.11b
- C . 802.11g
- D . 802.11n
Correct Answer: D
D
Explanation:
The 802.11n standard supports MIMO (Multiple Input Multiple Output), which allows multiple antennas to increase data throughput and improve reliability. Additionally, it uses non-overlapping channels in the 5 GHz band (and optionally the 2.4 GHz band), making it a good choice for high-speed, interference-resistant wireless connections. (Reference: CompTIA Network+ Study Guide, Chapter on Wireless Technologies)
D
Explanation:
The 802.11n standard supports MIMO (Multiple Input Multiple Output), which allows multiple antennas to increase data throughput and improve reliability. Additionally, it uses non-overlapping channels in the 5 GHz band (and optionally the 2.4 GHz band), making it a good choice for high-speed, interference-resistant wireless connections. (Reference: CompTIA Network+ Study Guide, Chapter on Wireless Technologies)
Question #122
A company is upgrading its wireless network. Currently, each AP broadcasts a wireless LAN name depending on the location in the building.
Which of the following configurations allows a single wireless LAN name to be broadcast across the entire building?
- A . ESSID
- B . Wireless mesh
- C . Band steering
- D . WPA3
Correct Answer: A
A
Explanation:
The correct answer is
A
Explanation:
The correct answer is
Question #123
Which of the following allows a user to authenticate to multiple resources without requiring additional passwords?
- A . SSO
- B . MFA
- C . SAML
- D . RADIUS
Correct Answer: A
A
Explanation:
The correct answer is SSO (Single Sign-On) because it enables a user to authenticate once and gain access to multiple systems or resources without being prompted to log in again. According to CompTIA Network+ (N10-009) security objectives, SSO improves usability and productivity while maintaining centralized authentication control. After the initial authentication, a trust relationship between systems allows the user to access additional applications seamlessly.
MFA (Multi-Factor Authentication) enhances security by requiring two or more authentication factors (something you know, have, or are), but it does not inherently provide access to multiple systems without repeated authentication events.
SAML (Security Assertion Markup Language) is an authentication and authorization protocol commonly used to implement SSO in web-based environments. While SAML supports SSO functionality, it is the underlying protocol rather than the access method itself.
RADIUS is a centralized authentication, authorization, and accounting (AAA) protocol used for network access control but does not specifically provide seamless multi-resource authentication without additional logins.
Therefore, SSO best describes authentication to multiple resources without requiring additional passwords.
A
Explanation:
The correct answer is SSO (Single Sign-On) because it enables a user to authenticate once and gain access to multiple systems or resources without being prompted to log in again. According to CompTIA Network+ (N10-009) security objectives, SSO improves usability and productivity while maintaining centralized authentication control. After the initial authentication, a trust relationship between systems allows the user to access additional applications seamlessly.
MFA (Multi-Factor Authentication) enhances security by requiring two or more authentication factors (something you know, have, or are), but it does not inherently provide access to multiple systems without repeated authentication events.
SAML (Security Assertion Markup Language) is an authentication and authorization protocol commonly used to implement SSO in web-based environments. While SAML supports SSO functionality, it is the underlying protocol rather than the access method itself.
RADIUS is a centralized authentication, authorization, and accounting (AAA) protocol used for network access control but does not specifically provide seamless multi-resource authentication without additional logins.
Therefore, SSO best describes authentication to multiple resources without requiring additional passwords.
Question #124
Which of the following is the best use case of a site-to-site VPN?
- A . Securing access across an untrusted network
- B . Encrypting data at rest
- C . Filtering traffic between two internal subnets
- D . Hosting public-facing applications that contain company resources
Correct Answer: A
A
Explanation:
A site-to-site VPN is used to securely connect two networks over an untrusted network, most commonly the public internet. In Network+ (N10-009) objectives, VPNs are described as providing confidentiality and integrity for data in transit by creating an encrypted tunnel between sites (for example, headquarters and a branch office). This allows systems at both locations to communicate as if on the same private WAN, while preventing eavesdropping or tampering by intermediate networks. Typical implementations use IPsec tunneling and rely on negotiated encryption/authentication parameters to protect traffic end-to-end between VPN gateways.
Encrypting data at rest refers to storage encryption (disk/database), not VPN tunneling. Filtering traffic between two internal subnets is usually handled by ACLs, firewalls, or segmentation controls, not a site-to-site VPN. Hosting public-facing applications is a DMZ / reverse proxy / WAF design concern; a VPN is not the primary control for exposing public services (and generally you would not require the public to use a VPN to reach a public website). Therefore, securing site connectivity across an untrusted network is the best match.
A
Explanation:
A site-to-site VPN is used to securely connect two networks over an untrusted network, most commonly the public internet. In Network+ (N10-009) objectives, VPNs are described as providing confidentiality and integrity for data in transit by creating an encrypted tunnel between sites (for example, headquarters and a branch office). This allows systems at both locations to communicate as if on the same private WAN, while preventing eavesdropping or tampering by intermediate networks. Typical implementations use IPsec tunneling and rely on negotiated encryption/authentication parameters to protect traffic end-to-end between VPN gateways.
Encrypting data at rest refers to storage encryption (disk/database), not VPN tunneling. Filtering traffic between two internal subnets is usually handled by ACLs, firewalls, or segmentation controls, not a site-to-site VPN. Hosting public-facing applications is a DMZ / reverse proxy / WAF design concern; a VPN is not the primary control for exposing public services (and generally you would not require the public to use a VPN to reach a public website). Therefore, securing site connectivity across an untrusted network is the best match.
Question #125
A company has been added to an unapproved list because of spam. The network administrator confirmed that a workstation was infected by malware.
Which of the following processes did the administrator use to identify the root cause?
- A . Traffic analysis
- B . Availability monitoring
- C . Baseline metrics
- D . Network discovery
Correct Answer: A
A
Explanation:
Traffic analysis involves monitoring and inspecting network traffic flows to detect unusual patterns, such as a workstation sending large volumes of outbound SMTP (spam). This process enables identification of malware as the root cause.
B. Availability monitoring checks uptime but doesn’t diagnose spam traffic.
C. Baseline metrics show normal usage but don’t pinpoint infected hosts.
D. Network discovery identifies devices, not malicious traffic flows.
Reference (CompTIA Network+ N10-009):
Domain: Network Security ― Traffic analysis, malware detection, identifying compromised hosts.
A
Explanation:
Traffic analysis involves monitoring and inspecting network traffic flows to detect unusual patterns, such as a workstation sending large volumes of outbound SMTP (spam). This process enables identification of malware as the root cause.
B. Availability monitoring checks uptime but doesn’t diagnose spam traffic.
C. Baseline metrics show normal usage but don’t pinpoint infected hosts.
D. Network discovery identifies devices, not malicious traffic flows.
Reference (CompTIA Network+ N10-009):
Domain: Network Security ― Traffic analysis, malware detection, identifying compromised hosts.
Question #126
An ISP provided a company with a pre-configured modem and five public static IP addresses.
Which of the following does the company’s firewall require to access the internet? (Select TWO).
- A . NTP server
- B . Default gateway
- C . The modem’s IP address
- D . One static IP address
- E . DNS servers
- F . DHCP server
Correct Answer: B,D
B,D
Explanation:
To access the internet using static IPs, the firewall (or router) must be configured correctly:
B. Default gateway: This is essential because it tells the firewall where to send outbound traffic destined for outside the local network.
D. One static IP address: The firewall must be assigned one of the static IPs to communicate over the public internet.
The other options are not essential for basic internet connectivity in this context:
B,D
Explanation:
To access the internet using static IPs, the firewall (or router) must be configured correctly:
B. Default gateway: This is essential because it tells the firewall where to send outbound traffic destined for outside the local network.
D. One static IP address: The firewall must be assigned one of the static IPs to communicate over the public internet.
The other options are not essential for basic internet connectivity in this context:
Question #127
A network rack has four servers and four switches with dual power supplies. Only one intelligent PDU is installed in the rack.
Which of the following is the reason to add a second PDU?
- A . Power redundancy
- B . Failed PSU monitoring
- C . Surge protection
- D . Electricity conservation
Correct Answer: A
A
Explanation:
The correct answer is Power redundancy because the devices in the rack are equipped with dual power supplies, which are specifically designed to support redundant power sources. According to CompTIA Network+ (N10-009) objectives under high availability and physical infrastructure concepts, redundancy is a key strategy to eliminate single points of failure.
If only one PDU (Power Distribution Unit) is installed, both power supplies from each device may ultimately rely on the same power source. This creates a single point of failure―if the PDU fails or loses upstream power, all connected equipment will shut down despite having dual power supplies.
By installing a second PDU connected to a separate power circuit (and ideally a separate UPS or power feed), each power supply in the servers and switches can connect to different PDUs. If one PDU fails, the other continues delivering power, ensuring uninterrupted operation.
Option B (Failed PSU monitoring) is not the primary reason for adding another PDU.
Option C (Surge protection) can be provided by a single PDU.
Option D (Electricity conservation) is unrelated to redundancy design.
Therefore, adding a second PDU provides true power redundancy.
A
Explanation:
The correct answer is Power redundancy because the devices in the rack are equipped with dual power supplies, which are specifically designed to support redundant power sources. According to CompTIA Network+ (N10-009) objectives under high availability and physical infrastructure concepts, redundancy is a key strategy to eliminate single points of failure.
If only one PDU (Power Distribution Unit) is installed, both power supplies from each device may ultimately rely on the same power source. This creates a single point of failure―if the PDU fails or loses upstream power, all connected equipment will shut down despite having dual power supplies.
By installing a second PDU connected to a separate power circuit (and ideally a separate UPS or power feed), each power supply in the servers and switches can connect to different PDUs. If one PDU fails, the other continues delivering power, ensuring uninterrupted operation.
Option B (Failed PSU monitoring) is not the primary reason for adding another PDU.
Option C (Surge protection) can be provided by a single PDU.
Option D (Electricity conservation) is unrelated to redundancy design.
Therefore, adding a second PDU provides true power redundancy.
Question #128
A network engineer is completing a new VoIP installation, but the phones cannot find the TFTP server to download the configuration files.
Which of the following DHCP features would help the phone reach the TFTP server?
- A . Exclusions
- B . Lease time
- C . Options
- D . Scope
Correct Answer: C
C
Explanation:
DHCP Options: DHCP options allow additional configuration parameters, such as the address of a TFTP server, to be provided to clients during the DHCP lease process. This is essential for VoIP phones to locate the server for configuration files.
Exclusions (A): Prevents certain IP addresses from being assigned by DHCP but does not direct devices to servers.
Lease time (B): Determines how long an IP address is assigned but does not impact TFTP settings.
Scope (D): Defines a range of IP addresses but does not include additional server information.
Reference: CompTIA Network+ Official Study Guide, Domain 1.3 (DHCP Configuration).
C
Explanation:
DHCP Options: DHCP options allow additional configuration parameters, such as the address of a TFTP server, to be provided to clients during the DHCP lease process. This is essential for VoIP phones to locate the server for configuration files.
Exclusions (A): Prevents certain IP addresses from being assigned by DHCP but does not direct devices to servers.
Lease time (B): Determines how long an IP address is assigned but does not impact TFTP settings.
Scope (D): Defines a range of IP addresses but does not include additional server information.
Reference: CompTIA Network+ Official Study Guide, Domain 1.3 (DHCP Configuration).
Question #129
Which of the following can be implemented to add an additional layer of security between a corporate network and network management interfaces?
- A . Jump box
- B . Console server
- C . API interface
- D . In-band management
Correct Answer: A
A
Explanation:
A jump box is a hardened, isolated system that provides secure access to critical infrastructure devices like routers and firewalls.
Reference: CompTIA Network+ (N10-009) Official Study Guide C Domain 4.3: Explain network security techniques.
A
Explanation:
A jump box is a hardened, isolated system that provides secure access to critical infrastructure devices like routers and firewalls.
Reference: CompTIA Network+ (N10-009) Official Study Guide C Domain 4.3: Explain network security techniques.
Question #130
A network technician is configuring the company’s network of 100 Mbps Layer 2 switches. The technician wants increased throughput for the uplinks between switches. The technician connects multiple redundant links between the switches.
Which of the following should the technician configure?
- A . Spanning Tree Protocol
- B . Switch Virtual Interfaces
- C . Native VLAN
- D . First Hop Redundancy Protocol
Correct Answer: A
A
Explanation:
When multiple redundant links exist between switches, Spanning Tree Protocol (STP) is required to prevent switching loops. STP blocks redundant paths but can allow aggregation if configured with protocols like LACP.
B. SVIs provide Layer 3 interfaces, not loop prevention.
C. Native VLAN defines the untagged VLAN but does not manage loops.
D. FHRP (VRRP, HSRP, GLBP) provides gateway redundancy, not switch uplink management.
Reference (CompTIA Network+ N10-009):
Domain: Network Infrastructure ― STP, redundancy, loop prevention.
A
Explanation:
When multiple redundant links exist between switches, Spanning Tree Protocol (STP) is required to prevent switching loops. STP blocks redundant paths but can allow aggregation if configured with protocols like LACP.
B. SVIs provide Layer 3 interfaces, not loop prevention.
C. Native VLAN defines the untagged VLAN but does not manage loops.
D. FHRP (VRRP, HSRP, GLBP) provides gateway redundancy, not switch uplink management.
Reference (CompTIA Network+ N10-009):
Domain: Network Infrastructure ― STP, redundancy, loop prevention.