Practice Free N10-009 Exam Online Questions
Question #171
A firewall receives traffic on port 80 and forwards it to an internal server on port 88.
Which of the following technologies is being leveraged?
- A . TLS
- B . FHRP
- C . SSL
- D . PAT
Correct Answer: D
D
Explanation:
The correct answer is PAT (Port Address Translation). According to the CompTIA Network+ N10-009 objectives, PAT is a form of Network Address Translation (NAT) that allows multiple internal hosts― or services―to be mapped to a single public IP address using different port numbers. PAT can also translate destination port numbers, which is exactly what is occurring in this scenario.
In this case, the firewall receives incoming traffic on port 80 (commonly used for HTTP) and forwards it to an internal server listening on port 88. This process is often referred to as port forwarding, which is a practical implementation of PAT. The firewall rewrites the destination port and potentially the destination IP address so that external clients can access internal services without exposing internal addressing schemes.
The other options do not apply. TLS and SSL are encryption protocols used to secure data in transit; they do not perform port translation. FHRP (First Hop Redundancy Protocol), such as HSRP or VRRP, provides gateway redundancy and high availability, not traffic forwarding or port remapping.
The Network+ objectives emphasize understanding how firewalls and NAT technologies manipulate IP addresses and ports to enable secure access to internal resources. PAT is the technology that enables this functionality, making it the correct answer.
D
Explanation:
The correct answer is PAT (Port Address Translation). According to the CompTIA Network+ N10-009 objectives, PAT is a form of Network Address Translation (NAT) that allows multiple internal hosts― or services―to be mapped to a single public IP address using different port numbers. PAT can also translate destination port numbers, which is exactly what is occurring in this scenario.
In this case, the firewall receives incoming traffic on port 80 (commonly used for HTTP) and forwards it to an internal server listening on port 88. This process is often referred to as port forwarding, which is a practical implementation of PAT. The firewall rewrites the destination port and potentially the destination IP address so that external clients can access internal services without exposing internal addressing schemes.
The other options do not apply. TLS and SSL are encryption protocols used to secure data in transit; they do not perform port translation. FHRP (First Hop Redundancy Protocol), such as HSRP or VRRP, provides gateway redundancy and high availability, not traffic forwarding or port remapping.
The Network+ objectives emphasize understanding how firewalls and NAT technologies manipulate IP addresses and ports to enable secure access to internal resources. PAT is the technology that enables this functionality, making it the correct answer.
Question #171
A firewall receives traffic on port 80 and forwards it to an internal server on port 88.
Which of the following technologies is being leveraged?
- A . TLS
- B . FHRP
- C . SSL
- D . PAT
Correct Answer: D
D
Explanation:
The correct answer is PAT (Port Address Translation). According to the CompTIA Network+ N10-009 objectives, PAT is a form of Network Address Translation (NAT) that allows multiple internal hosts― or services―to be mapped to a single public IP address using different port numbers. PAT can also translate destination port numbers, which is exactly what is occurring in this scenario.
In this case, the firewall receives incoming traffic on port 80 (commonly used for HTTP) and forwards it to an internal server listening on port 88. This process is often referred to as port forwarding, which is a practical implementation of PAT. The firewall rewrites the destination port and potentially the destination IP address so that external clients can access internal services without exposing internal addressing schemes.
The other options do not apply. TLS and SSL are encryption protocols used to secure data in transit; they do not perform port translation. FHRP (First Hop Redundancy Protocol), such as HSRP or VRRP, provides gateway redundancy and high availability, not traffic forwarding or port remapping.
The Network+ objectives emphasize understanding how firewalls and NAT technologies manipulate IP addresses and ports to enable secure access to internal resources. PAT is the technology that enables this functionality, making it the correct answer.
D
Explanation:
The correct answer is PAT (Port Address Translation). According to the CompTIA Network+ N10-009 objectives, PAT is a form of Network Address Translation (NAT) that allows multiple internal hosts― or services―to be mapped to a single public IP address using different port numbers. PAT can also translate destination port numbers, which is exactly what is occurring in this scenario.
In this case, the firewall receives incoming traffic on port 80 (commonly used for HTTP) and forwards it to an internal server listening on port 88. This process is often referred to as port forwarding, which is a practical implementation of PAT. The firewall rewrites the destination port and potentially the destination IP address so that external clients can access internal services without exposing internal addressing schemes.
The other options do not apply. TLS and SSL are encryption protocols used to secure data in transit; they do not perform port translation. FHRP (First Hop Redundancy Protocol), such as HSRP or VRRP, provides gateway redundancy and high availability, not traffic forwarding or port remapping.
The Network+ objectives emphasize understanding how firewalls and NAT technologies manipulate IP addresses and ports to enable secure access to internal resources. PAT is the technology that enables this functionality, making it the correct answer.
Question #173
A network administrator is conducting an assessment and finds network devices that do not meet standards.
Which of the following configurations is considered a set of rules that devices should adhere to?
- A . Production
- B . Backup
- C . Candidate
- D . Golden
Correct Answer: D
D
Explanation:
The correct answer is golden configuration. This is a reference standard or baseline that defines the approved settings and rules devices should follow. Any deviation from the golden configuration indicates drift or misconfiguration that must be remediated.
D
Explanation:
The correct answer is golden configuration. This is a reference standard or baseline that defines the approved settings and rules devices should follow. Any deviation from the golden configuration indicates drift or misconfiguration that must be remediated.
Question #174
A company security policy requires all network traffic from remote employees’ corporate laptops to use the company’s VPN.
Which of the following network access methods best describes this scenario?
- A . Clientless VPN
- B . Full-tunnel
- C . Site-to-site tunnel
- D . Split-tunnel
Correct Answer: B
B
Explanation:
The correct answer is Full-tunnel because the policy requires all network traffic from remote corporate laptops to pass through the company’s VPN. In a full-tunnel VPN configuration, once the VPN connection is established, all traffic―including internet-bound traffic―is routed through the corporate network before reaching its destination. This ensures centralized monitoring, content filtering, logging, and enforcement of security controls such as IDS/IPS and firewalls.
According to CompTIA Network+ (N10-009) security objectives, full-tunnel VPNs enhance security by preventing users from directly accessing the internet from their local connection, thereby reducing exposure to local network threats (e.g., public Wi-Fi attacks).
A split-tunnel VPN (Option D) allows users to access the internet directly while only sending corporate-bound traffic through the VPN, which does not meet the “all traffic” requirement. A site-to-site tunnel (Option C) connects entire networks rather than individual remote users. A clientless VPN (Option A) typically provides web-based access without a full network tunnel and does not necessarily route all traffic.
Therefore, full-tunnel best matches the policy requirement.
B
Explanation:
The correct answer is Full-tunnel because the policy requires all network traffic from remote corporate laptops to pass through the company’s VPN. In a full-tunnel VPN configuration, once the VPN connection is established, all traffic―including internet-bound traffic―is routed through the corporate network before reaching its destination. This ensures centralized monitoring, content filtering, logging, and enforcement of security controls such as IDS/IPS and firewalls.
According to CompTIA Network+ (N10-009) security objectives, full-tunnel VPNs enhance security by preventing users from directly accessing the internet from their local connection, thereby reducing exposure to local network threats (e.g., public Wi-Fi attacks).
A split-tunnel VPN (Option D) allows users to access the internet directly while only sending corporate-bound traffic through the VPN, which does not meet the “all traffic” requirement. A site-to-site tunnel (Option C) connects entire networks rather than individual remote users. A clientless VPN (Option A) typically provides web-based access without a full network tunnel and does not necessarily route all traffic.
Therefore, full-tunnel best matches the policy requirement.
Question #175
A company wants to implement a disaster recovery site or non-critical appliance, which can tolerance a short period of downtime.
Which of the following type of sites should the company impalement to achieve this goal?
- A . Hot
- B . Cold
- C . Warm
- D . Passive
Correct Answer: C
C
Explanation:
A warm site is a compromise between a hot site and a cold site, providing a balance between cost and recovery time. It is partially equipped with the necessary hardware, software, and infrastructure, allowing for a quicker recovery compared to a cold site but at a lower cost than a hot site.
Recovery Time: Warm sites can be operational within hours to a day, making them suitable for non-critical applications that can tolerate short downtimes.
Cost-Effectiveness: Warm sites are more economical than hot sites as they do not require all systems to be fully operational at all times.
Network
Reference: CompTIA Network+ N10-007 Official Certification Guide: Discusses disaster recovery strategies and the different types of recovery sites.
Cisco Networking Academy: Provides training on disaster recovery planning and site selection.
Network+ Certification All-in-One Exam Guide: Explains the characteristics of hot, warm, and cold sites and their use cases in disaster recovery planning.
Warm sites offer a practical solution for maintaining business continuity for non-critical applications, balancing the need for availability with cost considerations.
C
Explanation:
A warm site is a compromise between a hot site and a cold site, providing a balance between cost and recovery time. It is partially equipped with the necessary hardware, software, and infrastructure, allowing for a quicker recovery compared to a cold site but at a lower cost than a hot site.
Recovery Time: Warm sites can be operational within hours to a day, making them suitable for non-critical applications that can tolerate short downtimes.
Cost-Effectiveness: Warm sites are more economical than hot sites as they do not require all systems to be fully operational at all times.
Network
Reference: CompTIA Network+ N10-007 Official Certification Guide: Discusses disaster recovery strategies and the different types of recovery sites.
Cisco Networking Academy: Provides training on disaster recovery planning and site selection.
Network+ Certification All-in-One Exam Guide: Explains the characteristics of hot, warm, and cold sites and their use cases in disaster recovery planning.
Warm sites offer a practical solution for maintaining business continuity for non-critical applications, balancing the need for availability with cost considerations.
Question #176
A systems administrator needs to connect two laptops to a printer via Wi-Fi. The office does not have access points and cannot purchase any.
Which of the following wireless network types best fulfills this requirement?
- A . Mesh
- B . Infrastructure
- C . Ad hoc
- D . Point-to-point
Correct Answer: C
C
Explanation:
Comprehensive and Detailed Explanation (aligned to N10-009):
An ad hoc wireless network allows devices to connect directly to each other without an access point.
This is suitable for small, temporary setups like two laptops and a printer.
C
Explanation:
Comprehensive and Detailed Explanation (aligned to N10-009):
An ad hoc wireless network allows devices to connect directly to each other without an access point.
This is suitable for small, temporary setups like two laptops and a printer.
Question #177
A security administrator is creating a new firewall object for a device with IP address 192.168.100.1/25. However, the firewall software only uses dotted decimal notation in configuration fields.
Which of the following is the correct subnet mask to use?
- A . 255.255.254.0
- B . 255.255.255.1
- C . 255.255.255.128
- D . 255.255.255.192
Correct Answer: C
C
Explanation:
A /25 subnet mask means 25 bits are reserved for the network portion, leaving 7 bits for host addresses. In dotted decimal, that is:
C
Explanation:
A /25 subnet mask means 25 bits are reserved for the network portion, leaving 7 bits for host addresses. In dotted decimal, that is:
Question #178
A government entity wants to implement technology that can block websites based on country code.
Which of the following will best enable this requirement?
- A . URL filtering
- B . Content filtering
- C . DNS poisoning
- D . MAC filtering
Correct Answer: A
A
Explanation:
URL filtering can block access to websites based on their domain or country code TLDs (e.g., .cn, .ru).
This is the correct method to block by location identifiers in URLs.
B. Content filtering blocks based on keywords or categories within websites, not country code.
C. DNS poisoning is an attack, not a control mechanism.
D. MAC filtering restricts devices, not websites. Reference (CompTIA Network+ N10-009):
Domain: Network Security ― Filtering technologies, URL vs content filtering.
A
Explanation:
URL filtering can block access to websites based on their domain or country code TLDs (e.g., .cn, .ru).
This is the correct method to block by location identifiers in URLs.
B. Content filtering blocks based on keywords or categories within websites, not country code.
C. DNS poisoning is an attack, not a control mechanism.
D. MAC filtering restricts devices, not websites. Reference (CompTIA Network+ N10-009):
Domain: Network Security ― Filtering technologies, URL vs content filtering.
Question #179
A network administrator wants to increase network security by preventing client devices from communicating directly with each other on the same subnet.
Which of the following technologies should be implemented?
- A . ACL
- B . Trunking
- C . Port security
- D . Private VLAN
Correct Answer: D
D
Explanation:
Private VLANs (PVLANs) are used to segment devices on the same subnet and switch so they cannot
communicate with each other, while still accessing a shared resource like a router or gateway. This is often used in shared hosting or DMZ environments.
D
Explanation:
Private VLANs (PVLANs) are used to segment devices on the same subnet and switch so they cannot
communicate with each other, while still accessing a shared resource like a router or gateway. This is often used in shared hosting or DMZ environments.
Question #180
Three access points have Ethernet that runs through the ceiling. One of the access points cannot reach the internet.
Which of the following tools can help identify the issue?
- A . Network tap
- B . Cable tester
- C . Visual fault locator
- D . Toner and probe
Correct Answer: B
B
Explanation:
A cable tester is a tool that can help identify issues with the physical cabling, such as breaks or improper terminations, which may prevent the access point from reaching the internet.
B
Explanation:
A cable tester is a tool that can help identify issues with the physical cabling, such as breaks or improper terminations, which may prevent the access point from reaching the internet.