Practice Free N10-009 Exam Online Questions
Question #31
A network manager connects two switches together and uses two connecting links.
Which of the following configurations will prevent Layer 2 loops?
- A . 802.1Q tagging
- B . Full duplex
- C . Link aggregation
- D . QoS
Correct Answer: C
C
Explanation:
Link aggregation (also known as port trunking or EtherChannel) combines multiple network connections in parallel to increase throughput and provide redundancy. When two switches are connected with multiple links without any additional configuration, a Layer 2 loop may occur. Link aggregation prevents these loops by treating the multiple connections as a single logical link, using a protocol such as LACP (Link Aggregation Control Protocol).
From Andrew Ramdayal’s guide:
“Link aggregation allows you to combine multiple network connections to increase the bandwidth and provide redundancy. It helps prevent Layer 2 loops when connecting switches with multiple links by making them operate as a single logical interface.”
C
Explanation:
Link aggregation (also known as port trunking or EtherChannel) combines multiple network connections in parallel to increase throughput and provide redundancy. When two switches are connected with multiple links without any additional configuration, a Layer 2 loop may occur. Link aggregation prevents these loops by treating the multiple connections as a single logical link, using a protocol such as LACP (Link Aggregation Control Protocol).
From Andrew Ramdayal’s guide:
“Link aggregation allows you to combine multiple network connections to increase the bandwidth and provide redundancy. It helps prevent Layer 2 loops when connecting switches with multiple links by making them operate as a single logical interface.”
Question #32
Which of the following services runs on port 636?
- A . SMTP
- B . Syslog
- C . TFTP
- D . LDAPS
Correct Answer: D
D
Explanation:
LDAP over SSL (LDAPS) uses port 636 to provide secure, encrypted authentication for directory services.
Breakdown of Options:
D
Explanation:
LDAP over SSL (LDAPS) uses port 636 to provide secure, encrypted authentication for directory services.
Breakdown of Options:
Question #33
Which of the following protocols has a default administrative distance value of 90?
- A . RIP
- B . EIGRP
- C . OSPF
- D . BGP
Correct Answer: B
B
Explanation:
EIGRP (Enhanced Interior Gateway Routing Protocol) has a default administrative distance (AD) value of 90 for internal routes. The administrative distance is used to rate the trustworthiness of routing information received from different routing protocols. EIGRP, developed by Cisco, has an AD of 90, which is lower than that of RIP (120) and OSPF (110), making it more preferred if multiple protocols provide a route to the same destination.
Reference: CompTIA Network+ study materials.
B
Explanation:
EIGRP (Enhanced Interior Gateway Routing Protocol) has a default administrative distance (AD) value of 90 for internal routes. The administrative distance is used to rate the trustworthiness of routing information received from different routing protocols. EIGRP, developed by Cisco, has an AD of 90, which is lower than that of RIP (120) and OSPF (110), making it more preferred if multiple protocols provide a route to the same destination.
Reference: CompTIA Network+ study materials.
Question #34
A network engineer added more APs to improve wireless coverage. However, users now report that the connectivity disconnects and reconnects repeatedly.
Which of the following is causing the issue?
- A . Throughput capacity
- B . Roaming misconfiguration
- C . Channel overlap
- D . Packet loss
Correct Answer: C
C
Explanation:
Adding more access points can improve coverage, but it also increases the risk of co-channel interference if APs are configured on the same or overlapping channels. Channel overlap causes contention and interference, leading to retries, unstable performance, and symptoms that feel like frequent disconnect/reconnect events―especially in dense deployments. Network+ (N10-009) wireless troubleshooting objectives highlight proper channel planning (non-overlapping channels, appropriate channel width) as critical when increasing AP density. If adjacent APs are competing on the same channel (or overlapping channels in 2.4 GHz), clients may experience poor signal-to-noise ratios and repeated reassociations as they struggle to maintain a stable link.
Roaming misconfiguration can cause sticky clients or poor handoffs, but the classic problem introduced immediately after “adding more APs” is interference from bad channel design. Throughput capacity is about available bandwidth and airtime efficiency; it can make things slow, but it doesn’t inherently cause repeated disconnect/reconnect loops like interference does. Packet loss is a symptom that may occur due to interference, but the root cause in the options that best fits the scenario is channel overlap.
C
Explanation:
Adding more access points can improve coverage, but it also increases the risk of co-channel interference if APs are configured on the same or overlapping channels. Channel overlap causes contention and interference, leading to retries, unstable performance, and symptoms that feel like frequent disconnect/reconnect events―especially in dense deployments. Network+ (N10-009) wireless troubleshooting objectives highlight proper channel planning (non-overlapping channels, appropriate channel width) as critical when increasing AP density. If adjacent APs are competing on the same channel (or overlapping channels in 2.4 GHz), clients may experience poor signal-to-noise ratios and repeated reassociations as they struggle to maintain a stable link.
Roaming misconfiguration can cause sticky clients or poor handoffs, but the classic problem introduced immediately after “adding more APs” is interference from bad channel design. Throughput capacity is about available bandwidth and airtime efficiency; it can make things slow, but it doesn’t inherently cause repeated disconnect/reconnect loops like interference does. Packet loss is a symptom that may occur due to interference, but the root cause in the options that best fits the scenario is channel overlap.
Question #35
After installing a new wireless access point, an engineer tests the device and sees that it is not performing at the rated speeds.
Which of the following should the engineer do to troubleshoot the issue? (Select two.)
- A . Ensure a bottleneck is not coming from other devices on the network.
- B . Install the latest firmware for the device.
- C . Create a new VLAN for the access point.
- D . Make sure the SSID is not longer than 16 characters.
- E . Configure the AP in autonomous mode.
- F . Install a wireless LAN controller.
Correct Answer: A,B
A,B
Explanation:
Troubleshooting poor performance of a newly installed access point involves multiple steps. Checking for network bottlenecks and ensuring the device firmware is up to date are crucial first steps.
The document confirms: “Network bottlenecks can severely limit the performance of even the fastest wireless access points, so it’s essential to verify that no other devices are causing a slowdown. In addition, keeping firmware updated ensures optimal performance and security.”
A,B
Explanation:
Troubleshooting poor performance of a newly installed access point involves multiple steps. Checking for network bottlenecks and ensuring the device firmware is up to date are crucial first steps.
The document confirms: “Network bottlenecks can severely limit the performance of even the fastest wireless access points, so it’s essential to verify that no other devices are causing a slowdown. In addition, keeping firmware updated ensures optimal performance and security.”
Question #36
Which of the following source control features allows an administrator to test a new configuration without changing the primary configuration?
- A . Central repository
- B . Conflict identification
- C . Branching
- D . Version control
Correct Answer: C
C
Explanation:
Branching allows developers and administrators to create an isolated copy of the main configuration so they can test changes independently. This avoids impacting the primary environment and allows for safer testing and development.
Reference: Section 3.5 C Network Access and Management Methods C “Source Control: Branching”
C
Explanation:
Branching allows developers and administrators to create an isolated copy of the main configuration so they can test changes independently. This avoids impacting the primary environment and allows for safer testing and development.
Reference: Section 3.5 C Network Access and Management Methods C “Source Control: Branching”
Question #37
Which of the following is the most secure way to provide site-to-site connectivity?
- A . VXLAN
- B . IKE
- C . GRE
- D . IPsec
Correct Answer: D
D
Explanation:
IPsec (Internet Protocol Security) is the most secure way to provide site-to-site connectivity. It provides robust security services, such as data integrity, authentication, and encryption, ensuring that data sent across the network is protected from interception and tampering. Unlike other options, IPsec operates at the network layer and can secure all traffic that crosses the IP network, making it the most comprehensive and secure choice for site-to-site VPNs.
Reference: CompTIA Network+ study materials and NIST Special Publication 800-77.
D
Explanation:
IPsec (Internet Protocol Security) is the most secure way to provide site-to-site connectivity. It provides robust security services, such as data integrity, authentication, and encryption, ensuring that data sent across the network is protected from interception and tampering. Unlike other options, IPsec operates at the network layer and can secure all traffic that crosses the IP network, making it the most comprehensive and secure choice for site-to-site VPNs.
Reference: CompTIA Network+ study materials and NIST Special Publication 800-77.
Question #38
A company discovers on video surveillance recordings that an unauthorized person installed a rogue access point in its secure facility.
Which of the following allowed the unauthorized person to do this?
- A . Evil twin
- B . Honeytrap
- C . Wardriving
- D . Tailgating
Correct Answer: D
D
Explanation:
Tailgating is a physical security breach where someone follows an authorized person into a restricted area without proper credentials. Once inside, the attacker can install rogue devices like unauthorized APs.
D
Explanation:
Tailgating is a physical security breach where someone follows an authorized person into a restricted area without proper credentials. Once inside, the attacker can install rogue devices like unauthorized APs.
Question #39
A network engineer is troubleshooting connectivity for a newly installed server on an existing VLAN.
The engineer reviews the following output:
C:> ipconfig
IP Address: 192.168.100.225
Mask: 255.255.255.224
Gateway: 192.168.100.254
Router# show ip route
C 192.168.100.0/24 is directly connected, GigabitEthernet0/0
Which of the following describes the issue?
- A . The server has an incorrect subnet mask
- B . There is a duplicate IP address on the network
- C . The DHCP address pool is exhausted
- D . The router is missing a default route
Correct Answer: A
A
Explanation:
The server’s subnet mask is 255.255.255.224 (/27), which covers IPs from 192.168.100.224 to 192.168.100.255. However, the router only recognizes 192.168.100.0/24, indicating a mismatch between the server’s subnet and the router’s network.
Correct mask for the /24 network is 255.255.255.0, allowing 256 IPs from 192.168.100.0 to 192.168.100.255.
This mismatch would result in routing issues, especially with the gateway outside of the subnet range.
Reference: CompTIA Network+ N10-009 Official Objectives: 5.2 C Given a scenario, troubleshoot common wired connectivity issues.
A
Explanation:
The server’s subnet mask is 255.255.255.224 (/27), which covers IPs from 192.168.100.224 to 192.168.100.255. However, the router only recognizes 192.168.100.0/24, indicating a mismatch between the server’s subnet and the router’s network.
Correct mask for the /24 network is 255.255.255.0, allowing 256 IPs from 192.168.100.0 to 192.168.100.255.
This mismatch would result in routing issues, especially with the gateway outside of the subnet range.
Reference: CompTIA Network+ N10-009 Official Objectives: 5.2 C Given a scenario, troubleshoot common wired connectivity issues.
Question #40
Which of the following would most likely be used as a replacement for a traditional VPN for remote users?
- A . SD-WAN
- B . SASE
- C . Site-to-site VPN
- D . Reverse proxy
Correct Answer: B
B
Explanation:
A modern replacement for traditional remote-access VPN for users is SASE (Secure Access Service Edge). Network+ highlights trends in remote connectivity and security where organizations move away from backhauling all user traffic through a VPN concentrator and instead use cloud-delivered security and access controls closer to the user. SASE combines networking and security capabilities― commonly including ZTNA (Zero Trust Network Access), secure web gateway (SWG), CASB, firewall-as-a-service (FWaaS), and centralized policy enforcement―so remote users can securely access applications without relying on a classic “connect to the corporate network first” VPN model.
SD-WAN primarily optimizes connectivity between sites and to cloud services, often for branch networks; it’s not typically the direct replacement for remote user VPN access. Site-to-site VPN connects networks (locations) and is not intended for individual remote users. A reverse proxy can publish specific internal web applications externally and provide some security functions, but it does not replace VPN broadly for remote user access to multiple internal resources the way SASE/Zero Trust access solutions do. Therefore, SASE is the best answer as the likely replacement for traditional remote-access VPN.
B
Explanation:
A modern replacement for traditional remote-access VPN for users is SASE (Secure Access Service Edge). Network+ highlights trends in remote connectivity and security where organizations move away from backhauling all user traffic through a VPN concentrator and instead use cloud-delivered security and access controls closer to the user. SASE combines networking and security capabilities― commonly including ZTNA (Zero Trust Network Access), secure web gateway (SWG), CASB, firewall-as-a-service (FWaaS), and centralized policy enforcement―so remote users can securely access applications without relying on a classic “connect to the corporate network first” VPN model.
SD-WAN primarily optimizes connectivity between sites and to cloud services, often for branch networks; it’s not typically the direct replacement for remote user VPN access. Site-to-site VPN connects networks (locations) and is not intended for individual remote users. A reverse proxy can publish specific internal web applications externally and provide some security functions, but it does not replace VPN broadly for remote user access to multiple internal resources the way SASE/Zero Trust access solutions do. Therefore, SASE is the best answer as the likely replacement for traditional remote-access VPN.