Practice Free N10-009 Exam Online Questions
A network administrator is connecting two Layer 2 switches in a network. These switches must transfer data in multiple networks.
Which of the following would fulfill this requirement?
- A . Jumbo frames
- B . 802.1Q tagging
- C . Native VLAN
- D . Link aggregation
B
Explanation:
A network administrator is connecting two Layer 2 switches in a network. These switches must transfer data in multiple networks.
Which of the following would fulfill this requirement?
- A . Jumbo frames
- B . 802.1Q tagging
- C . Native VLAN
- D . Link aggregation
B
Explanation:
Which of the following is the most cost-effective way for a network administrator to establish a persistent, secure connection between two facilities?
- A . Site-to-site VPN
- B . GRE tunnel
- C . VXLAN
- D . Dedicated line
A
Explanation:
A Site-to-site VPN (Virtual Private Network) is the most cost-effective solution for establishing a persistent, secure connection between two facilities. It uses the public internet to create an encrypted tunnel, leveraging existing internet connections without requiring expensive dedicated infrastructure. This makes it ideal for organizations looking to securely connect remote sites while minimizing costs.
Why not GRE tunnel? Generic Routing Encapsulation (GRE) tunnels encapsulate traffic but do not provide encryption natively, requiring additional protocols (e.g., IPsec) for security. This adds complexity and is less cost-effective than a site-to-site VPN, which integrates encryption.
Why not VXLAN? Virtual Extensible LAN (VXLAN) is used for overlay networks in data centers to extend Layer 2 networks, not for secure site-to-site connectivity.
Why not Dedicated line? A dedicated line (e.g., leased line or MPLS) provides high reliability but is significantly more expensive due to the need for dedicated infrastructure.
Reference: CompTIA Network+ N10-009 Objective 1.7: Explain the use cases for virtual private networks (VPNs) and tunneling protocols. The CompTIA Network+ Study Guide (e.g., Chapter 12: Network Security) explains that site-to-site VPNs are a cost-effective, secure method for connecting geographically separate networks over the internet.
A network technician is installing a new switch that does not support STP at the access layer of a network. The technician wants a redundant connection to the distribution switch.
Which of the following should the technician use?
- A . Link aggregation
- B . Sub interfaces
- C . Switch virtual interfaces
- D . Half-duplex connections
A
Explanation:
Link aggregation (also known as port channeling or EtherChannel) allows multiple physical connections to act as one logical connection. This avoids loops that would typically be prevented by STP and provides redundancy and increased bandwidth. It’s ideal when STP is not available or desirable.
Reference: Section 2.2 C Switching Technologies and Features C “Link Aggregation”
A group of users cannot connect to network resources. The technician runs ipconfig from one user’s device and is able to ping the gateway shown from the command.
Which of the following is most likely preventing the users from accessing network resources?
- A . VLAN hopping
- B . Rogue DHCP
- C . Distributed DoS
- D . Evil twin
B
Explanation:
A rogue DHCP server occurs when an unauthorized or misconfigured DHCP server assigns incorrect IP addresses, default gateways, or DNS settings to clients.
• In this scenario:
• The user can ping the gateway, meaning local network communication is working.
• However, they cannot access network resources, which suggests incorrect IP configuration (likely due to a rogue DHCP server assigning the wrong gateway or DNS).
• Why not the other options?
• VLAN hopping (A): This is an attack that exploits VLAN configurations to gain access to unauthorized VLANs. It would not typically cause multiple users to lose network access.
• Distributed DoS (C): A DDoS attack floods a network or service with traffic, but this issue is more likely misconfigured IP settings than an actual attack.
• Evil twin (D): This refers to a fraudulent Wi-Fi network mimicking a legitimate one. Since the users are on a wired network (ipconfig output checked), this is not applicable.
Reference: CompTIA Network+ (N10-009) Official Guide C Chapter 11: Network Security Threats
Which of the following connection methods allows a network engineer to automate configuration deployment for network devices across the environment?
- A . RDP
- B . Telnet
- C . SSH
- D . GUI
C
Explanation:
Comprehensive and Detailed Explanation (paraphrased, aligned to N10-009):
SSH provides secure, scriptable remote access used by automation/orchestration tools (e.g., leveraging CLI, NETCONF over SSH, or Ansible modules) to push configurations at scale.
A network administrator needs to monitor data from recently installed firewalls in multiple locations.
Which of the following solutions would best meet the administrator’s needs?
- A . IDS
- B . IPS
- C . SIEM
- D . SNMPv2
C
Explanation:
SIEM (Security Information and Event Management) systems are used to aggregate and analyze log data from various sources, including firewalls, to detect potential security incidents and assist in regulatory compliance.
The document explains:
“SIEM solutions aggregate and analyze log and event data from multiple devices, including firewalls, across different locations. They help in real-time monitoring, incident response, and ensuring compliance with security policies.”
SIMULATION
Users are unable to access files on their department share located on flle_server 2. The network administrator has been tasked with validating routing between networks hosting workstation A and file server 2.
INSTRUCTIONS
Click on each router to review output, identity any Issues, and configure the appropriate solution
If at any time you would like to bring back the initial state of trie simulation, please click the reset All button;
A network technician is troubleshooting a connectivity issue on a server.
Which of the following commands is the most effective for checking whether the server is receiving network traffic?
- A . traceroute
- B . tcpdump
- C . nslookup
- D . arp
B
Explanation:
The correct answer is B. tcpdump. According to the CompTIA Network+ N10-009 objectives, troubleshooting network connectivity often requires validating whether traffic is actually reaching a device. tcpdump is a command-line packet analyzer that captures and displays packets being transmitted or received on a network interface in real time. This makes it the most effective tool among the options for verifying whether a server is receiving network traffic.
When using tcpdump, a technician can observe incoming packets, identify source and destination IP addresses, check protocols, and determine whether expected traffic (such as HTTP, ICMP, or DNS) is reaching the server. This directly helps isolate issues such as firewall blocking, routing problems, or application-layer failures.
The other options serve different purposes. traceroute is used to identify the path packets take across a network and diagnose routing issues, but it does not confirm packet arrival at the server interface. nslookup is used to query DNS servers for name resolution and is unrelated to packet capture. arp is used to view or manipulate the Address Resolution Protocol table, which maps IP addresses to MAC addresses, but it does not show live traffic flow.
Therefore, tcpdump is the most appropriate tool for confirming whether the server is receiving network traffic.
Which of the following network traffic types is sent to all nodes on the network?
- A . Unicast
- B . Broadcast
- C . Multicast
- D . Anycast
B
Explanation:
Comprehensive and Detailed Explanation (aligned to N10-009):
A broadcast message is delivered to all nodes in a broadcast domain (e.g., ARP requests).